{ "type": "Domain", "indicator": "e.store", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/e.store", "alexa": "http://www.alexa.com/siteinfo/e.store", "indicator": "e.store", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3155869946, "indicator": "e.store", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 18, "pulses": [ { "id": "6590412931fa8523e305795e", "name": "System Owner/User Discovery | Automobile CnC | HyunDAITX.COM", "description": "", "modified": "2024-01-29T15:00:34.177000", "created": "2023-12-30T16:11:21.071000", "tags": [ "remote cnc", "no expiration", "filehashsha256", "domain", "filehashsha1", "filehashmd5", "expiration", "iocs", "hostname", "ipv4", "scan endpoints", "next", "url http", "url https", "apple", "appleid", "icloud", "tsara brashears", "all octoseek", "create new", "pulse use", "pdf report", "debugger evasion", "evasive", "who's driving", "yaaa", "xobo", "writes data to a remote process", "widget", "win64", "waaa", "vt report", "ttl value", "uaaa", "united", "unknown", "urls url", "stealthyness", "critical", "accept", "address", "admin country", "baaa", "anti-detection", "as11042", "network ascii text", "network", "back", "black", "body length", "attack", "boolean", "silly", "bundled", "caaa", "caca", "caca4baaa", "cacf", "caea", "click", "close", "cobalt strike", "checkbox", "ck id", "ck matrix", "contacted", "copy", "creation date", "code", "comcast tmobile", "communicating", "contact", "historical ssl", "csc corporate", "date", "desktop", "dns replication", "domain related", "domains dropped", "elf wgetboat", "error", "execution", "factory", "false", "files", "final", "url", "first", "general", "getprocaddress", "green", "group", "headers", "hr rtd", "http response", "hybrid", "iana id", "id", "apple id", "import", "infor", "installation", "january", "kb body", "loader", "localappdata", "love", "major", "malicious", "metro", "mitre att", "model", "netlify", "netlify edge", "next", "trim", "null", "threat roundup", "tech email", "subdomains", "status code", "ssl certificate", "show technique span", "sha256", "serving ip", "open", "server", "override", "path", "pattern match", "payment", "pe resource", "persistence", "phonenumber", "record type", "referrer", "registrar abuse", "rust", "search" ], "references": [ "HyunDAITX.COM | Remote CnC of vehicle systems, connected devices. Critical", "https://www.virustotal.com/gui/domain/hyundaitx.com/summary", "https://hybrid-analysis.com/sample/235ae35db42acacf6bb9dbab1ca6392f67a60680275ec03f86866b7867db651f/65901471e396520cb3032621", "command_and_control 195.208.1.128 | 206.46.232.39", "drvtrd-widget.netlify.app/drivably-widget.js | drvtrd-widget.netlify.app/drivably.js | http://drvtrd-widget.netlify.app/drivably-widget.js", "https://www.virustotal.com/gui/url/87327571bc18df63df91ba61da25389eb32563074ccd640e2b15b2d38cf5b968/summary", "https://hybrid-analysis.com/sample/235ae35db42acacf6bb9dbab1ca6392f67a60680275ec03f86866b7867db651f/65901471e396520cb3032621", "appleid.com, apple.com, icloud.com", "https://blackbook.drivably.com | blackboxpedals.com", "car hacking | phone hacking | remote access & system control of entire system", "http://watchhers.net/index.php - remote attacks", "https://www.virustotal.com/gui/url/105e81bb8b366deb8e6b8849a7c61ebcff181fbc2e48347f5476d9e42b361b37/community", "pornhub.com - contextualizing, malvertizing, tagging, apple password crack", "https://www.virustotal.com/gui/url/105e81bb8b366deb8e6b8849a7c61ebcff181fbc2e48347f5476d9e42b361b37/community", "simple investigation shows Brashears historical family vehicles listed.", "elonmuskisafailure.com - tracker (yt3.ggpht.com tracker)", "www.youtube.com/watch?v=GyuMozsVyYs -tracking Tsara Brashears' SongCulture Youtube", "T1622 - Debugger Evasion", "T1218 - System Binary Proxy Execution", "Creates a process in suspended mode (likely for process injection" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1114.002", "name": "Remote Email Collection", "display_name": "T1114.002 - Remote Email Collection" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1408", "name": "Disguise Root/Jailbreak Indicators", "display_name": "T1408 - Disguise Root/Jailbreak Indicators" }, { "id": "T1428", "name": "Exploit Enterprise Resources", "display_name": "T1428 - Exploit Enterprise Resources" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1427", "name": "Attack PC via USB Connection", "display_name": "T1427 - Attack PC via USB Connection" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "TA0030", "name": "Defense Evasion", "display_name": "TA0030 - Defense Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 184, "FileHash-SHA1": 177, "FileHash-SHA256": 1078, "URL": 318, "domain": 511, "email": 4, "hostname": 520 }, "indicator_count": 2792, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "853 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ef0cdb40fa0e7d239ca", "name": "either emotet or a part of it", "description": "", "modified": "2023-12-06T15:10:40.867000", "created": "2023-12-06T15:10:40.867000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 342, "hostname": 456, "domain": 349, "URL": 1730, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708d0feef4846c00f17bad", "name": "CONSTANT TECHNOLOGIES \u273b Software house in Israel & Armenia", "description": "", "modified": "2023-12-06T15:02:39.062000", "created": "2023-12-06T15:02:39.062000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 243, "URL": 1724, "domain": 516, "hostname": 694 }, "indicator_count": 3177, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c8a9635f156e79238f1", "name": "intel gained from a spam text", "description": "", "modified": "2023-12-06T15:00:26.727000", "created": "2023-12-06T15:00:26.727000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 823, "domain": 717, "URL": 2245, "hostname": 615, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708beba2ba8bcfb1d10237", "name": "hostkey - Industroyer&ReduceRight", "description": "", "modified": "2023-12-06T14:57:47.430000", "created": "2023-12-06T14:57:47.430000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 304, "hostname": 563, "domain": 407, "URL": 1776, "FileHash-SHA1": 2 }, "indicator_count": 3052, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426dda295502d82e6e6ef7f", "name": "v4 - Hybrid scan uploaded + all suggested ioc's - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:18:26.733000", "created": "2023-03-31T13:18:26.733000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 222, "domain": 221, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 1885, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1157 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426dd17695f7673d2dcee65", "name": "v3 Hybrid scan uploaded - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:16:07.144000", "created": "2023-03-31T13:16:07.144000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 43, "domain": 193, "URL": 64, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1157 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62e80d56fba248bac0744780", "name": "\ud83e\udd14\ud83d\udea8 Could this be the source of all Evil? \ud83d\udea8\ud83e\udd14 Nubotnet - Team:KU Leuven/test2 - 2021.igem.org", "description": "", "modified": "2022-08-31T00:01:05.509000", "created": "2022-08-01T17:28:54.991000", "tags": [ "apt", "runtime data", "decrypted ssl", "pcap", "windows nt", "tops", "cookie", "typeof t", "element", "error", "matrix", "typeerror", "bmfloor", "frameelement", "null", "skew", "parade" ], "references": [ "https://2021.igem.org/Team:KU_Leuven/test2", "https://hybrid-analysis.com/sample/e126ff94aac3340dc05a27f062c4267cbfeaa998248bef0e72f000bba711aa76/62e6fb475edc950b894aa7b0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1696, "domain": 586, "hostname": 613, "FileHash-SHA256": 533, "FileHash-MD5": 34, "FileHash-SHA1": 33, "email": 1 }, "indicator_count": 3496, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1369 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628e790d414886e18b33c262", "name": "either emotet or a part of it", "description": "var a.tldDomains, AWIN.Tracking.com, has a new name for its basket, but how do you find it in your browser?.. and what does this mean?", "modified": "2022-06-24T00:01:00.706000", "created": "2022-05-25T18:44:29.280000", "tags": [ "tfunction", "cnullvvoid", "wnullgvoid", "bnullhvoid", "gnullcvoid", "guidewrapper", "blog", "lfunction", "hotjar", "iab2", "code", "number", "party", "n strictly", "life spann", "azuren n", "cookie tracking", "tablen n", "n cookies", "cookie", "null", "date", "error", "ffffff", "typeof t", "uint16array", "regexp", "uint8array", "array", "uint32array", "helvetica", "void", "execution", "body", "roboto", "prop", "object", "param", "cookies", "getcookie", "name", "typeof", "uri component", "obj2", "typeof e", "webkit", "component", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "function", "typeof n", "typeof window", "uuidv4", "ajsanonymousid", "suffix", "bill", "viewed", "pavel krayzel", "psd2", "bt prorata", "amex", "squad", "march", "new visitors", "promise", "nthis", "eventprocessor", "typeof define", "info", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "window", "value", "customevent", "image", "samesitelax", "invalid pixel", "snap", "afaf09", "sfunction", "cfunction", "post", "appcuesdeps", "typeerror", "hki3", "ogr1", "typeof self", "full selector", "heatmaps", "sans", "version", "releaseid", "appcues", "dashboard2", "dashboard3", "technology", "selector", "click", "next", "import", "generic", "started", "dismissed", "completed", "contextual help", "symbol", "appcuesfunction", "widget", "iframe", "pnull", "html", "style", "ctnull", "fanull", "license", "ynull", "config", "meta", "accept", "contabo gmbh", "typeof hj", "https", "learn", "surveyv2", "surveyisolated", "safari", "firefox", "chrome", "remove", "edge", "correct", "section", "segoe ui", "emoji", "opera", "path", "span", "this", "typeof document", "small", "blank", "pass", "core", "footer", "close", "form", "main", "direct", "reduceright", "string", "f420", "gyfpnzbgtf3", "copyright", "json", "sesprops", "href", "input", "class", "logger", "target", "push", "awalt", "awinawin", "explorer", "awatp", "ccampid", "impid", "tag1" ], "references": [ "https://www.dwin1.com/13976.js", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://contabo.com/client/client.a529db28.js", "https://contabo.com/client/client-30e55c50.css", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://www.clarity.ms/tag/uet/5739677", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "https://fast.appcues.com/79878.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://sc-static.net/scevent.min.js", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.hotjar.com/ensureSegmentId.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://www.hotjar.com/persistUtmParams.js", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 349, "hostname": 456, "URL": 1730, "FileHash-SHA256": 342, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1437 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62844b9aeadcab773b3eb51a", "name": "DATAHATA - data-xata", "description": "ChunkLoadError, a new type of error, failed to load a chunk of JavaScript, according to the web browser operator, E.noconflict.com, as well as the website itself.", "modified": "2022-06-16T00:01:26.112000", "created": "2022-05-18T01:27:54.809000", "tags": [ "zendesk", "integration", "offline form", "routing website", "acquire", "english", "chatsupport", "livechat", "genesys dx", "drift", "live", "chat", "android", "contact", "twitter", "facebook", "fast", "enterprise", "small", "demo", "leave", "premium", "easy", "robin", "tbody", "span", "jost", "object", "thead", "tfoot", "typecheckbox", "typeradio", "typeof content", "array", "error", "footer", "nuxtlink", "combo", "cookie", "please", "cancel", "email", "zendesk chat", "sorry", "back", "name", "function", "document", "click", "close", "null", "hello", "noraid", "datav57c71c16", "raid0", "raid1", "raid5", "raid6", "raid10", "republic", "islands", "rating", "guinea", "reviewstab", "samoa", "china", "congo", "korea", "united", "albania", "armenia", "belarus", "chad", "cuba", "indonesia", "mexico", "panama", "paraguay", "slovakia", "ukraine", "uruguay", "bitcoin", "script", "date", "scroll", "mousemove", "touchstart", "setaccount", "trackpageview", "textjavascript", "datalayer", "gtmngp6lxc", "number", "string", "trackevent", "click button", "copyright", "host", "path", "order", "typeerror", "typeof symbol", "typeof e", "typeof t", "referenceerror", "promise", "boolean", "typeof n" ], "references": [ "https://www.googletagmanager.com/gtm.js?id=GTM-NGP6LXC", "https://www.data-xata.com/js/zopimlaunch.js", "https://www.data-xata.com/_nuxt/1e8744d.modern.js", "https://www.data-xata.com/_nuxt/65d6cfa.modern.js", "https://www.data-xata.com/_nuxt/b799d37.modern.js", "https://www.data-xata.com/_nuxt/e7424e3.js", "xfe-URL-Data-xata.com-stix2-2.1-export.json", "https://zopim.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [ "E-Commerce" ], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 329, "URL": 968, "FileHash-SHA256": 245, "domain": 241, "FileHash-MD5": 1, "email": 1 }, "indicator_count": 1785, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1445 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626f007fe3e888e68d9a19e9", "name": "CONSTANT TECHNOLOGIES \u273b Software house in Israel & Armenia", "description": "var Cd=function(a,b), Dd-Cd, Zd.matches, E.g.js, T.ic, e.vh, \"G1\".", "modified": "2022-05-31T00:03:47.846000", "created": "2022-05-01T21:49:51.226000", "tags": [ "wall deco", "constant", "armenia", "price city", "israel", "technologies", "software", "portfolio team", "careers blog", "focus focus", "tech", "datasecret", "typeerror", "function", "string", "symbol", "array", "typeof t", "typeof window", "object", "maximum", "typeof symbol", "date", "post", "regexp", "typeof o", "name", "nodetwindow", "typeof c", "void", "iframe", "resizeobserver", "null", "weakmap", "errorevent", "observe", "unobserve", "ajax search", "ajaxsearchlite", "embed", "canvas", "infinity", "typeof n", "typeof s", "error", "generator", "typeof e", "emptyfield", "value", "rferror", "click", "action", "az09", "rfmail", "8000", "input", "textarea", "customevent", "sufeffxa0", "class", "attr", "pseudo", "child", "js foundation", "typeof module", "messagetext", "subscribe", "esaddsubscriber", "success", "typeof define", "html tags", "ox20trnf", "dom element", "number", "copyright", "closure library", "xdfunction", "cdfunction", "ddfunction", "kefunction", "lefunction" ], "references": [ "xfe-IP-207.246.75.55-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=UA-127455369-2", "https://constant-tech.biz/wp-includes/js/jquery/jquery.min.js", "https://constant-tech.biz/wp-includes/js/jquery/jquery-migrate.min.js", "https://constant-tech.biz/wp-content/plugins/email-subscribers/lite/public/js/email-subscribers-public.js", "https://constant-tech.biz/wp-content/plugins/page-loader/script.js", "https://constant-tech.biz/wp-content/themes/Constant-theme/js/compressed.js", "https://constant-tech.biz/wp-content/plugins/cookie-notice/js/front.min.js", "https://constant-tech.biz/wp-content/themes/Constant-theme/js/ajax-filter-posts.js", "https://constant-tech.biz/wp-includes/js/dist/vendor/regenerator-runtime.min.js", "https://constant-tech.biz/wp-includes/js/dist/hooks.min.js", "https://constant-tech.biz/wp-content/plugins/ajax-search-lite/js/min/jquery.ajaxsearchlite.min.js", "https://app.convertful.com/Convertful.js?owner=7346", "https://constant-tech.biz/wp-content/plugins/super-socializer/js/front/social_login/general.js", "https://code.tidio.co/leheh8smhmcxcnxkg3hzomgjoc3xdnfw.js", "https://constant-tech.biz/wp-includes/js/wp-embed.min.js", "https://constant-tech.biz/#mobile-widget", "xfe-URL-tidio.co-stix2-2.1-export.json", "xfe-URL-convertful.com-stix2-2.1-export.json", "xfe-URL-Ovh.net-stix2-2.1-export 2.json", "xfe-URL-j.o-w-o.info-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 694, "domain": 516, "URL": 1725, "FileHash-SHA256": 243 }, "indicator_count": 3178, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1461 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6266f7e0e0264cba210a4e9e", "name": "intel gained from a spam text", "description": "var b[f]=g, if b(f) is not allowed to reach its maximum by the end of a set, then a.b(b) will be able to do so at the same time as a", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T19:34:56.772000", "tags": [ "array", "typeerror", "symbol", "null", "string", "iterator", "object", "error", "boolean", "function", "service", "date", "phonenumber", "facebook", "meta", "typeof e", "typeof u", "typeof window", "es modules", "use esm", "webkit", "component", "typeof", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "typeof n", "promise", "weakmap", "dataview", "typeof t", "webpackrequire", "modulenotfound", "e1342177279", "array int8array", "loanup", "insurance", "group", "health", "solutions", "policy", "site", "america", "company", "life", "plan", "direct", "media", "alliance", "click", "team", "never", "advantage", "general", "light", "february", "april", "june", "august", "footer", "protect", "banker", "explorer", "fast", "martin", "union", "carrier", "next", "colony", "energy", "empire", "gerber", "philadelphia", "hippo", "king", "agent", "mercury", "moss", "premium", "nextgen", "oscar", "phoenix", "loans", "pure", "ramsey", "ranger", "solar", "titan", "tristate", "viking", "easy", "push", "code", "stop", "carriers", "live", "lucky", "moral", "story", "back", "lfunction", "dfunction", "cfunction", "typeof self", "number", "copyright", "closure library", "xdfunction", "cdfunction", "ddfunction", "bded", "kefunction", "reduceright", "gj9pcw0f6jv", "regexp", "r420", "uint8array", "typeof d", "void" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=G-J9PCW0F6JV", "https://www.googletagmanager.com/gtag/js?id=UA-185991747-1", "https://insurancerateusa.com/polyfill-036b4a134d8725752ba0.js", "xfe-URL-insurancerateusa.com-stix2-2.1-export.json", "https://insurancerateusa.com/app-74647f151b541f3098c2.js", "https://insurancerateusa.com/bfcc7b67-0b189ba6da3fc3ae8b88.js", "https://insurancerateusa.com/94297995-69529ad7536f090aa776.js", "https://insurancerateusa.com/3bea8d40-8926f4790c0b3689a361.js", "https://insurancerateusa.com/framework-19eddc0d879a49dfe606.js", "https://insurancerateusa.com/webpack-runtime-f014a3267add02a94afb.js", "https://connect.facebook.net/signals/config/3689470801106673?v=2.9.57&r=stable" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 615, "URL": 2246, "FileHash-SHA256": 823, "domain": 717, "CVE": 1, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4412, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1467 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6263b3b617c33c9a7644a9c6", "name": "psychz.net - malware", "description": "function:function t(t)var e.handleObj, a new type of JavaScript, for all types of window.. and data-api, in the form of \"transition end\".", "modified": "2022-05-23T00:00:56.946000", "created": "2022-04-23T08:07:18.262000", "tags": [ "error", "typeof e", "object", "typeof", "array", "typeof n", "typeof t", "boolean", "typeof r", "uff5c", "null", "date", "meta", "this", "scroll", "backspace", "insert", "unknown", "4096", "void", "copyright", "closure library", "reduceright", "vd", "number", "string", "regexp", "pageview", "uint8array", "gtm5pbn7g", "host", "path", "code", "typeerror", "version", "clickdataapi", "hidden", "show", "bootstrap", "click", "dataspy", "body", "mouseleave" ], "references": [ "xfe-URL-http___psychz.net_-stix2-2.1-export.json", "https://www.psychz.net/assets/js/bootstrap.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5PBN7G", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1046749228/?random=1650700509087&cv=9&fst=1650700509087&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.psychz.net%2F&tiba=DDoS%20Protected%20Data%20Centers%20In%20America%2C%20Europe%2C%20Africa%2C%20Asia&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 120, "URL": 681, "domain": 192, "FileHash-SHA256": 188 }, "indicator_count": 1181, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1469 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f3287d722d8d85700b75d", "name": "Leaseweb.com - malware hosting", "description": "function D(t,e,n), as well as window.com, has been frozen by a single function, as part of a series of \"snoopers' checks\"...", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T22:07:03.024000", "tags": [ "11px center", "html", "typetext", "typeurl", "typeemail", "typetel", "typenumber", "typedate", "color", "marketo forms", "cross domain", "null", "click", "forceclose", "lightbox", "slideshow", "controls", "hide", "safari", "image", "mozilla", "explorer", "entity", "linear", "date", "jquery", "iframe", "close", "loops", "class", "stretch", "false", "function", "abbb", "typeerror", "boolean", "body", "object", "array", "regexp", "bind", "error", "void", "hammer", "form", "this", "views slideshow", "zindex1", "ajax", "href", "default", "thumb", "msgesture", "mspointerdown", "next", "stop", "type", "index", "event", "snapabugcbmbtn", "chat", "hidden", "leaf", "open", "dump", "window", "win32", "footer", "front", "drupal", "command", "implement", "copyright", "route", "foundation", "thecookie", "remove", "example", "backport", "grab", "span", "import", "attr", "string", "invalid json", "domparser", "number", "script", "closure library", "symbol", "array int8array", "caregexp", "legacy", "boardman", "fontface", "typeof d", "promise", "parseint", "marketo", "rangeerror", "uint8array", "typeof b", "buffer", "path", "takk", "kiitos", "buttons};kb(convertedmessage);break;case\"/sys\":var", "acum", "ufunction", "ffunction", "gfunction", "mchtd", "cancel", "thank", "enter", "please", "cobrowsing", "accept", "decline", "back", "comment", "grazie", "klik", "super", "dados", "hello", "vd", "reduceright", "trackevent", "lead", "query", "videos", "leaseweb", "trackpageview", "contact", "download", "metal", "code", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "install", "cookiebot", "iabv2", "jsonversion", "cookie script", "methodstrict", "ticket", "id attribute", "cookiebot setup", "cookieconsent", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "iterator", "service", "phonenumber", "facebook", "meta", "ytconfig", "edge", "swhealthlog", "logsdatabasev2", "trident", "android", "infinity", "pnull", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config" ], "references": [ "https://consent.cookiebot.com/1e27dadb-e278-4c02-aa4f-43f9222c4fbb/cc.js?renew=false&referer=www.leaseweb.com&culture=en&dnt=false", "https://j.clarity.ms/s/0.6.34/clarity.js", "https://www.google-analytics.com/plugins/ua/linkid.js", "https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js", "https://www.youtube.com/iframe_api", "https://connect.facebook.net/signals/config/399164440484826?v=2.9.57&r=stable", "https://bat.bing.com/bat.js", "https://consent.cookiebot.com/uc.js?cbid=1e27dadb-e278-4c02-aa4f-43f9222c4fbb&culture=en", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWPHSS", "https://storage.googleapis.com/snapengage-eu/js/e9219576-8f74-40b5-8b6f-bbad33f6ca57.js", "https://munchkin.marketo.net/161/munchkin.js", "https://app-lon04.marketo.com/js/forms2/js/forms2.min.js", "https://munchkin.marketo.net/munchkin.js", "https://www.leaseweb.com/sites/all/modules/custom/lsw_marketo/js/lsw_marketo_forms.js", "https://use.fortawesome.com/03018d9d.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001847692/?random=1650405011980&cv=9&fst=1650405011980&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952389962/?random=1650405011982&cv=9&fst=1650405011982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://eu.snapengage.com/chatjs/ServiceGetConfig?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://eu.snapengage.com/chatjs/servicegetproactivegeodata?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://bat.bing.com/p/action/5602105.js", "https://eu.snapengage.com/chatjs/servicegetallavailableagents?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57&t=1", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.leaseweb.com/sites/default/files/js/js_kwxcSFD2Y0_BPtdJClYUy5H8THI_5EycUmIgIGWaGYs.js", "https://www.leaseweb.com/sites/default/files/js/js_wcSNEXVJ4Xjhkf8qhMguEPZJTDTMNmPaJM-YWdAOhQE.js", "https://www.leaseweb.com/sites/default/files/js/js_kI_QwKJlaBz9CzQdENdUBFiEl4aehfjf4_-9taiwcCE.js", "https://www.leaseweb.com/sites/default/files/js/js_zoLA7TweXam0kYiqJrXepqBWmyDoP1sLSlHoZcveFnY.js", "https://www.leaseweb.com/sites/default/files/js/js_6FowaFXT9bT78hf9earPdGcdTmvsFiaBzKgFl9P4fSo.js", "https://www.leaseweb.com/sites/default/files/js/js_6lTJ_m6ahwXas7Efbw8ZYEMSaecrGw8ilNALfvIPNUw.js", "https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxsfu&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=511b6f48-2639-478c-a251-b09fcbae76e7&tw_document_href=https%3A%2F%2Fwww.leaseweb.com%2F&tpx_cb=twttr.conversion.loadPixels", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://app-lon04.marketo.com/index.php/form/XDFrame", "https://app-lon04.marketo.com/js/forms2/css/forms2-theme-plain.css", "https://www.leaseweb.com/sites/default/files/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css", "https://www.leaseweb.com/sites/default/files/css/css_7CYF9En6DNp6AojfSKnT8USKR3GvzPwznmTqLTKT9VM.css" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "Ajax", "display_name": "Ajax", "target": null }, { "id": "Kiitos", "display_name": "Kiitos", "target": null }, { "id": "Takk", "display_name": "Takk", "target": null }, { "id": "Acum", "display_name": "Acum", "target": null }, { "id": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "display_name": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 648, "domain": 469, "URL": 2037, "FileHash-SHA256": 705, "email": 7 }, "indicator_count": 3866, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624de05d2c58343224615255", "name": "\u542b\u7f9e\u8349\u7814\u7a76\u6240|Fi11.com", "description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.", "modified": "2022-05-06T18:05:54.002000", "created": "2022-04-06T18:47:57.704000", "tags": [ "date", "cnzzdata", "czuuid", "umdistinctid", "toast", "android", "androidig", "linuxig", "iphoneipodiosig", "ipadig", "windows", "alert", "image", "object", "boolean", "error", "typeof t", "number", "67108863", "string", "typeerror", "array", "promise", "null", "this", "unknown", "write", "iframe", "window", "backspace", "body", "verify", "fullscreen", "copyright", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction" ], "references": [ "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://h5.hxcpp100.com/?id=22929", "https://www.google-analytics.com/analytics.js", "https://h5.hxcpp100.com/js/linkChange.js", "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "http://push.zhanzhang.baidu.com/push.js", "https://js.users.51.la/21185805.js", "https://www.hxcpp100.com/js/linkChange.js", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 981, "hostname": 279, "domain": 202, "FileHash-SHA256": 73, "CVE": 1 }, "indicator_count": 1536, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624de06b6d7b6fb1caada56a", "name": "\u542b\u7f9e\u8349\u7814\u7a76\u6240|Fi11.com", "description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.", "modified": "2022-05-06T18:05:54.002000", "created": "2022-04-06T18:48:11.932000", "tags": [ "date", "cnzzdata", "czuuid", "umdistinctid", "toast", "android", "androidig", "linuxig", "iphoneipodiosig", "ipadig", "windows", "alert", "image", "object", "boolean", "error", "typeof t", "number", "67108863", "string", "typeerror", "array", "promise", "null", "this", "unknown", "write", "iframe", "window", "backspace", "body", "verify", "fullscreen", "copyright", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction" ], "references": [ "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://h5.hxcpp100.com/?id=22929", "https://www.google-analytics.com/analytics.js", "https://h5.hxcpp100.com/js/linkChange.js", "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "http://push.zhanzhang.baidu.com/push.js", "https://js.users.51.la/21185805.js", "https://www.hxcpp100.com/js/linkChange.js", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 981, "hostname": 279, "domain": 202, "FileHash-SHA256": 73, "CVE": 1 }, "indicator_count": 1536, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624de0699b9516c5c53a4c60", "name": "\u542b\u7f9e\u8349\u7814\u7a76\u6240|Fi11.com", "description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.", "modified": "2022-05-06T18:05:54.002000", "created": "2022-04-06T18:48:09.891000", "tags": [ "date", "cnzzdata", "czuuid", "umdistinctid", "toast", "android", "androidig", "linuxig", "iphoneipodiosig", "ipadig", "windows", "alert", "image", "object", "boolean", "error", "typeof t", "number", "67108863", "string", "typeerror", "array", "promise", "null", "this", "unknown", "write", "iframe", "window", "backspace", "body", "verify", "fullscreen", "copyright", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction" ], "references": [ "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://h5.hxcpp100.com/?id=22929", "https://www.google-analytics.com/analytics.js", "https://h5.hxcpp100.com/js/linkChange.js", "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "http://push.zhanzhang.baidu.com/push.js", "https://js.users.51.la/21185805.js", "https://www.hxcpp100.com/js/linkChange.js", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 981, "hostname": 279, "domain": 202, "FileHash-SHA256": 73, "CVE": 1 }, "indicator_count": 1536, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625eecb6fbc4353a109fe71c", "name": "hostkey - Industroyer&ReduceRight", "description": "Fbevents-PostalCodeType:f.exports, f.1, is a new addition to the list of \"signals\" that can be added to phone numbers.", "modified": "2022-04-19T17:09:10.196000", "created": "2022-04-19T17:09:10.196000", "tags": [ "livechat", "sign up", "free", "grow", "policy", "sign", "strong", "sorry", "identify", "increase", "lzutf8", "typeerror", "uint8array", "array", "error", "typeof r", "class", "invalid", "post", "uint32array", "date", "null", "papvisitorid", "string", "regexp", "value", "property", "valuenumber", "activexobject", "postaffparams", "object", "number", "boolean", "typeof e", "math", "first", "raid", "window", "service", "ukraine", "epsilon", "arrow", "target", "keepalive", "void", "shell", "econnaborted", "hkwfunction", "typeof symbol", "function", "promise", "request", "network error", "livechatwidget", "ticket form", "prechat survey", "postchat survey", "typeof n", "chat", "blank", "win32", "iframe", "reduceright", "copyright", "closure library", "xdfunction", "adfunction", "cdfunction", "ddfunction", "bded", "x3e div", "trackevent", "landingpagegpu", "x3e table", "gpudraw", "path", "code", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "symbol", "iterator", "extractor", "pixel", "facebook", "meta", "65535", "counter", "segoe ui", "lucida", "ecommerce", "ext link", "comic", "form", "impact", "light" ], "references": [ "https://mc.yandex.ru/metrika/watch.js", "https://connect.facebook.net/signals/config/785878845108827", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-M9D76H", "https://www.googletagmanager.com/gtag/js?id=UA-73589630-1", "https://cdn.livechatinc.com/tracking.js", "https://rec.smartlook.com/main-20220331074633.js", "https://hostkey.com/hk/widgets/ext/build/stock.bundle.js", "https://hostkey.com/hk/widgets/ext/src/hostkey.js", "https://hostkey.postaffiliatepro.com/scripts/Oy173jux8", "https://hostkey.postaffiliatepro.com/scripts/Oy173rux8?accountld=default1&url=S_hostkey.com%2F&referrer=&isInlframe=false&getParams=&anchor=", "https://widget.trustpilot.com/trustboxes/5613c9cde69ddc09340c6beb/index.html?templateld=5613c9cde69ddc09340c6beb&businessunitld=55e46b640000ff000582c91e#locale=en-GB&styleHeight=100%25&styleWidth=100%25&theme=light", "https://secure.livechatinc.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null }, { "id": "Industroyer - S0604", "display_name": "Industroyer - S0604", "target": null } ], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1778, "hostname": 563, "FileHash-SHA256": 304, "domain": 407, "FileHash-SHA1": 2 }, "indicator_count": 3054, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1502 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://bat.bing.com/p/action/5602105.js", "https://www.google-analytics.com/analytics.js", "https://h5.hxcpp100.com/js/linkChange.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "https://app.convertful.com/Convertful.js?owner=7346", "https://constant-tech.biz/wp-content/plugins/page-loader/script.js", "http://push.zhanzhang.baidu.com/push.js", "https://constant-tech.biz/wp-content/themes/Constant-theme/js/ajax-filter-posts.js", "https://eu.snapengage.com/chatjs/ServiceGetConfig?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://www.data-xata.com/js/zopimlaunch.js", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "https://www.hotjar.com/ensureSegmentId.js", "https://hostkey.com/hk/widgets/ext/build/stock.bundle.js", "https://eu.snapengage.com/chatjs/servicegetproactivegeodata?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://insurancerateusa.com/webpack-runtime-f014a3267add02a94afb.js", "T1218 - System Binary Proxy Execution", "xfe-URL-convertful.com-stix2-2.1-export.json", "elonmuskisafailure.com - tracker (yt3.ggpht.com tracker)", "https://hostkey.postaffiliatepro.com/scripts/Oy173jux8", "https://constant-tech.biz/wp-content/plugins/ajax-search-lite/js/min/jquery.ajaxsearchlite.min.js", "http://watchhers.net/index.php - remote attacks", "https://constant-tech.biz/wp-includes/js/dist/hooks.min.js", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "https://hostkey.postaffiliatepro.com/scripts/Oy173rux8?accountld=default1&url=S_hostkey.com%2F&referrer=&isInlframe=false&getParams=&anchor=", "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "https://munchkin.marketo.net/munchkin.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWPHSS", "xfe-URL-tidio.co-stix2-2.1-export.json", "https://constant-tech.biz/wp-includes/js/jquery/jquery.min.js", "https://secure.livechatinc.com/", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "appleid.com, apple.com, icloud.com", "https://code.tidio.co/leheh8smhmcxcnxkg3hzomgjoc3xdnfw.js", "https://insurancerateusa.com/app-74647f151b541f3098c2.js", "https://www.psychz.net/assets/js/bootstrap.min.js", "https://www.data-xata.com/_nuxt/e7424e3.js", "drvtrd-widget.netlify.app/drivably-widget.js | drvtrd-widget.netlify.app/drivably.js | http://drvtrd-widget.netlify.app/drivably-widget.js", "https://blackbook.drivably.com | blackboxpedals.com", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.hxcpp100.com/js/linkChange.js", "car hacking | phone hacking | remote access & system control of entire system", "https://www.virustotal.com/gui/url/87327571bc18df63df91ba61da25389eb32563074ccd640e2b15b2d38cf5b968/summary", "https://www.data-xata.com/_nuxt/b799d37.modern.js", "https://constant-tech.biz/wp-content/themes/Constant-theme/js/compressed.js", "https://constant-tech.biz/#mobile-widget", "https://www.google-analytics.com/plugins/ua/linkid.js", "xfe-URL-j.o-w-o.info-stix2-2.1-export.json", "https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js", "https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxsfu&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=511b6f48-2639-478c-a251-b09fcbae76e7&tw_document_href=https%3A%2F%2Fwww.leaseweb.com%2F&tpx_cb=twttr.conversion.loadPixels", "https://storage.googleapis.com/snapengage-eu/js/e9219576-8f74-40b5-8b6f-bbad33f6ca57.js", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c", "https://2021.igem.org/Team:KU_Leuven/test2", "https://www.clarity.ms/tag/uet/5739677", "HyunDAITX.COM | Remote CnC of vehicle systems, connected devices. Critical", "https://app-lon04.marketo.com/js/forms2/js/forms2.min.js", "pornhub.com - contextualizing, malvertizing, tagging, apple password crack", "https://insurancerateusa.com/polyfill-036b4a134d8725752ba0.js", "https://constant-tech.biz/wp-includes/js/dist/vendor/regenerator-runtime.min.js", "https://connect.facebook.net/signals/config/785878845108827", "https://www.googletagmanager.com/gtm.js?id=GTM-NGP6LXC", "https://www.virustotal.com/gui/url/105e81bb8b366deb8e6b8849a7c61ebcff181fbc2e48347f5476d9e42b361b37/community", "https://www.virustotal.com/gui/domain/hyundaitx.com/summary", "https://www.leaseweb.com/sites/default/files/js/js_6FowaFXT9bT78hf9earPdGcdTmvsFiaBzKgFl9P4fSo.js", "https://www.googletagmanager.com/gtag/js?id=UA-73589630-1", "https://h5.hxcpp100.com/?id=22929", "https://sc-static.net/scevent.min.js", "xfe-URL-http___psychz.net_-stix2-2.1-export.json", "https://insurancerateusa.com/framework-19eddc0d879a49dfe606.js", "xfe-URL-Ovh.net-stix2-2.1-export 2.json", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://app-lon04.marketo.com/js/forms2/css/forms2-theme-plain.css", "https://constant-tech.biz/wp-includes/js/jquery/jquery-migrate.min.js", "https://www.dwin1.com/13976.js", "https://www.data-xata.com/_nuxt/1e8744d.modern.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1046749228/?random=1650700509087&cv=9&fst=1650700509087&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.psychz.net%2F&tiba=DDoS%20Protected%20Data%20Centers%20In%20America%2C%20Europe%2C%20Africa%2C%20Asia&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://insurancerateusa.com/94297995-69529ad7536f090aa776.js", "https://use.fortawesome.com/03018d9d.js", "https://www.leaseweb.com/sites/default/files/js/js_6lTJ_m6ahwXas7Efbw8ZYEMSaecrGw8ilNALfvIPNUw.js", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://j.clarity.ms/s/0.6.34/clarity.js", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "www.youtube.com/watch?v=GyuMozsVyYs -tracking Tsara Brashears' SongCulture Youtube", "https://constant-tech.biz/wp-content/plugins/cookie-notice/js/front.min.js", "https://www.data-xata.com/_nuxt/65d6cfa.modern.js", "https://contabo.com/client/client.a529db28.js", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "T1622 - Debugger Evasion", "https://hybrid-analysis.com/sample/e126ff94aac3340dc05a27f062c4267cbfeaa998248bef0e72f000bba711aa76/62e6fb475edc950b894aa7b0", "https://bat.bing.com/bat.js", "https://app-lon04.marketo.com/index.php/form/XDFrame", "https://zopim.com", "Creates a process in suspended mode (likely for process injection", "https://constant-tech.biz/wp-includes/js/wp-embed.min.js", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://www.googletagmanager.com/gtag/js?id=G-J9PCW0F6JV", "command_and_control 195.208.1.128 | 206.46.232.39", "https://connect.facebook.net/signals/config/399164440484826?v=2.9.57&r=stable", "https://hybrid-analysis.com/sample/235ae35db42acacf6bb9dbab1ca6392f67a60680275ec03f86866b7867db651f/65901471e396520cb3032621", "https://www.googleadservices.com/pagead/conversion_async.js", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "https://www.leaseweb.com/sites/default/files/js/js_kwxcSFD2Y0_BPtdJClYUy5H8THI_5EycUmIgIGWaGYs.js", "https://www.leaseweb.com/sites/default/files/js/js_wcSNEXVJ4Xjhkf8qhMguEPZJTDTMNmPaJM-YWdAOhQE.js", "https://www.leaseweb.com/sites/all/modules/custom/lsw_marketo/js/lsw_marketo_forms.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5PBN7G", "https://insurancerateusa.com/bfcc7b67-0b189ba6da3fc3ae8b88.js", "xfe-URL-Data-xata.com-stix2-2.1-export.json", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001847692/?random=1650405011980&cv=9&fst=1650405011980&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.hotjar.com/persistUtmParams.js", "https://widget.trustpilot.com/trustboxes/5613c9cde69ddc09340c6beb/index.html?templateld=5613c9cde69ddc09340c6beb&businessunitld=55e46b640000ff000582c91e#locale=en-GB&styleHeight=100%25&styleWidth=100%25&theme=light", "https://js.users.51.la/21185805.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952389962/?random=1650405011982&cv=9&fst=1650405011982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "xfe-URL-insurancerateusa.com-stix2-2.1-export.json", "https://connect.facebook.net/signals/config/3689470801106673?v=2.9.57&r=stable", "https://insurancerateusa.com/3bea8d40-8926f4790c0b3689a361.js", "https://eu.snapengage.com/chatjs/servicegetallavailableagents?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57&t=1", "https://mc.yandex.ru/metrika/watch.js", "https://www.leaseweb.com/sites/default/files/js/js_zoLA7TweXam0kYiqJrXepqBWmyDoP1sLSlHoZcveFnY.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://contabo.com/client/client-30e55c50.css", "https://www.googletagmanager.com/gtm.js?id=GTM-M9D76H", "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://constant-tech.biz/wp-content/plugins/super-socializer/js/front/social_login/general.js", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953", "https://consent.cookiebot.com/1e27dadb-e278-4c02-aa4f-43f9222c4fbb/cc.js?renew=false&referer=www.leaseweb.com&culture=en&dnt=false", "simple investigation shows Brashears historical family vehicles listed.", "https://www.leaseweb.com/sites/default/files/js/js_kI_QwKJlaBz9CzQdENdUBFiEl4aehfjf4_-9taiwcCE.js", "https://consent.cookiebot.com/uc.js?cbid=1e27dadb-e278-4c02-aa4f-43f9222c4fbb&culture=en", "https://www.leaseweb.com/sites/default/files/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css", "https://cdn.livechatinc.com/tracking.js", "https://www.googletagmanager.com/gtag/js?id=UA-127455369-2", "https://munchkin.marketo.net/161/munchkin.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://hostkey.com/hk/widgets/ext/src/hostkey.js", "xfe-IP-207.246.75.55-stix2-2.1-export.json", "https://constant-tech.biz/wp-content/plugins/email-subscribers/lite/public/js/email-subscribers-public.js", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js", "https://rec.smartlook.com/main-20220331074633.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.youtube.com/iframe_api", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://fast.appcues.com/79878.js", "https://www.leaseweb.com/sites/default/files/css/css_7CYF9En6DNp6AojfSKnT8USKR3GvzPwznmTqLTKT9VM.css", "https://www.googletagmanager.com/gtag/js?id=UA-185991747-1" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Reduceright", "Acum", "Industroyer - s0604", "Buttons};kb(convertedmessage);break;case\"/sys\":var", "Kiitos", "Takk", "Vd", "Ajax" ], "industries": [ "E-commerce" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 18, "pulses": [ { "id": "6590412931fa8523e305795e", "name": "System Owner/User Discovery | Automobile CnC | HyunDAITX.COM", "description": "", "modified": "2024-01-29T15:00:34.177000", "created": "2023-12-30T16:11:21.071000", "tags": [ "remote cnc", "no expiration", "filehashsha256", "domain", "filehashsha1", "filehashmd5", "expiration", "iocs", "hostname", "ipv4", "scan endpoints", "next", "url http", "url https", "apple", "appleid", "icloud", "tsara brashears", "all octoseek", "create new", "pulse use", "pdf report", "debugger evasion", "evasive", "who's driving", "yaaa", "xobo", "writes data to a remote process", "widget", "win64", "waaa", "vt report", "ttl value", "uaaa", "united", "unknown", "urls url", "stealthyness", "critical", "accept", "address", "admin country", "baaa", "anti-detection", "as11042", "network ascii text", "network", "back", "black", "body length", "attack", "boolean", "silly", "bundled", "caaa", "caca", "caca4baaa", "cacf", "caea", "click", "close", "cobalt strike", "checkbox", "ck id", "ck matrix", "contacted", "copy", "creation date", "code", "comcast tmobile", "communicating", "contact", "historical ssl", "csc corporate", "date", "desktop", "dns replication", "domain related", "domains dropped", "elf wgetboat", "error", "execution", "factory", "false", "files", "final", "url", "first", "general", "getprocaddress", "green", "group", "headers", "hr rtd", "http response", "hybrid", "iana id", "id", "apple id", "import", "infor", "installation", "january", "kb body", "loader", "localappdata", "love", "major", "malicious", "metro", "mitre att", "model", "netlify", "netlify edge", "next", "trim", "null", "threat roundup", "tech email", "subdomains", "status code", "ssl certificate", "show technique span", "sha256", "serving ip", "open", "server", "override", "path", "pattern match", "payment", "pe resource", "persistence", "phonenumber", "record type", "referrer", "registrar abuse", "rust", "search" ], "references": [ "HyunDAITX.COM | Remote CnC of vehicle systems, connected devices. Critical", "https://www.virustotal.com/gui/domain/hyundaitx.com/summary", "https://hybrid-analysis.com/sample/235ae35db42acacf6bb9dbab1ca6392f67a60680275ec03f86866b7867db651f/65901471e396520cb3032621", "command_and_control 195.208.1.128 | 206.46.232.39", "drvtrd-widget.netlify.app/drivably-widget.js | drvtrd-widget.netlify.app/drivably.js | http://drvtrd-widget.netlify.app/drivably-widget.js", "https://www.virustotal.com/gui/url/87327571bc18df63df91ba61da25389eb32563074ccd640e2b15b2d38cf5b968/summary", "https://hybrid-analysis.com/sample/235ae35db42acacf6bb9dbab1ca6392f67a60680275ec03f86866b7867db651f/65901471e396520cb3032621", "appleid.com, apple.com, icloud.com", "https://blackbook.drivably.com | blackboxpedals.com", "car hacking | phone hacking | remote access & system control of entire system", "http://watchhers.net/index.php - remote attacks", "https://www.virustotal.com/gui/url/105e81bb8b366deb8e6b8849a7c61ebcff181fbc2e48347f5476d9e42b361b37/community", "pornhub.com - contextualizing, malvertizing, tagging, apple password crack", "https://www.virustotal.com/gui/url/105e81bb8b366deb8e6b8849a7c61ebcff181fbc2e48347f5476d9e42b361b37/community", "simple investigation shows Brashears historical family vehicles listed.", "elonmuskisafailure.com - tracker (yt3.ggpht.com tracker)", "www.youtube.com/watch?v=GyuMozsVyYs -tracking Tsara Brashears' SongCulture Youtube", "T1622 - Debugger Evasion", "T1218 - System Binary Proxy Execution", "Creates a process in suspended mode (likely for process injection" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1114.002", "name": "Remote Email Collection", "display_name": "T1114.002 - Remote Email Collection" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1408", "name": "Disguise Root/Jailbreak Indicators", "display_name": "T1408 - Disguise Root/Jailbreak Indicators" }, { "id": "T1428", "name": "Exploit Enterprise Resources", "display_name": "T1428 - Exploit Enterprise Resources" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1427", "name": "Attack PC via USB Connection", "display_name": "T1427 - Attack PC via USB Connection" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "TA0030", "name": "Defense Evasion", "display_name": "TA0030 - Defense Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 184, "FileHash-SHA1": 177, "FileHash-SHA256": 1078, "URL": 318, "domain": 511, "email": 4, "hostname": 520 }, "indicator_count": 2792, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "853 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ef0cdb40fa0e7d239ca", "name": "either emotet or a part of it", "description": "", "modified": "2023-12-06T15:10:40.867000", "created": "2023-12-06T15:10:40.867000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 342, "hostname": 456, "domain": 349, "URL": 1730, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708d0feef4846c00f17bad", "name": "CONSTANT TECHNOLOGIES \u273b Software house in Israel & Armenia", "description": "", "modified": "2023-12-06T15:02:39.062000", "created": "2023-12-06T15:02:39.062000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 243, "URL": 1724, "domain": 516, "hostname": 694 }, "indicator_count": 3177, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c8a9635f156e79238f1", "name": "intel gained from a spam text", "description": "", "modified": "2023-12-06T15:00:26.727000", "created": "2023-12-06T15:00:26.727000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 823, "domain": 717, "URL": 2245, "hostname": 615, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708beba2ba8bcfb1d10237", "name": "hostkey - Industroyer&ReduceRight", "description": "", "modified": "2023-12-06T14:57:47.430000", "created": "2023-12-06T14:57:47.430000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 304, "hostname": 563, "domain": 407, "URL": 1776, "FileHash-SHA1": 2 }, "indicator_count": 3052, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426dda295502d82e6e6ef7f", "name": "v4 - Hybrid scan uploaded + all suggested ioc's - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:18:26.733000", "created": "2023-03-31T13:18:26.733000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 222, "domain": 221, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 1885, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1157 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426dd17695f7673d2dcee65", "name": "v3 Hybrid scan uploaded - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:16:07.144000", "created": "2023-03-31T13:16:07.144000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 43, "domain": 193, "URL": 64, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1157 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62e80d56fba248bac0744780", "name": "\ud83e\udd14\ud83d\udea8 Could this be the source of all Evil? \ud83d\udea8\ud83e\udd14 Nubotnet - Team:KU Leuven/test2 - 2021.igem.org", "description": "", "modified": "2022-08-31T00:01:05.509000", "created": "2022-08-01T17:28:54.991000", "tags": [ "apt", "runtime data", "decrypted ssl", "pcap", "windows nt", "tops", "cookie", "typeof t", "element", "error", "matrix", "typeerror", "bmfloor", "frameelement", "null", "skew", "parade" ], "references": [ "https://2021.igem.org/Team:KU_Leuven/test2", "https://hybrid-analysis.com/sample/e126ff94aac3340dc05a27f062c4267cbfeaa998248bef0e72f000bba711aa76/62e6fb475edc950b894aa7b0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1696, "domain": 586, "hostname": 613, "FileHash-SHA256": 533, "FileHash-MD5": 34, "FileHash-SHA1": 33, "email": 1 }, "indicator_count": 3496, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1369 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628e790d414886e18b33c262", "name": "either emotet or a part of it", "description": "var a.tldDomains, AWIN.Tracking.com, has a new name for its basket, but how do you find it in your browser?.. and what does this mean?", "modified": "2022-06-24T00:01:00.706000", "created": "2022-05-25T18:44:29.280000", "tags": [ "tfunction", "cnullvvoid", "wnullgvoid", "bnullhvoid", "gnullcvoid", "guidewrapper", "blog", "lfunction", "hotjar", "iab2", "code", "number", "party", "n strictly", "life spann", "azuren n", "cookie tracking", "tablen n", "n cookies", "cookie", "null", "date", "error", "ffffff", "typeof t", "uint16array", "regexp", "uint8array", "array", "uint32array", "helvetica", "void", "execution", "body", "roboto", "prop", "object", "param", "cookies", "getcookie", "name", "typeof", "uri component", "obj2", "typeof e", "webkit", "component", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "function", "typeof n", "typeof window", "uuidv4", "ajsanonymousid", "suffix", "bill", "viewed", "pavel krayzel", "psd2", "bt prorata", "amex", "squad", "march", "new visitors", "promise", "nthis", "eventprocessor", "typeof define", "info", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "window", "value", "customevent", "image", "samesitelax", "invalid pixel", "snap", "afaf09", "sfunction", "cfunction", "post", "appcuesdeps", "typeerror", "hki3", "ogr1", "typeof self", "full selector", "heatmaps", "sans", "version", "releaseid", "appcues", "dashboard2", "dashboard3", "technology", "selector", "click", "next", "import", "generic", "started", "dismissed", "completed", "contextual help", "symbol", "appcuesfunction", "widget", "iframe", "pnull", "html", "style", "ctnull", "fanull", "license", "ynull", "config", "meta", "accept", "contabo gmbh", "typeof hj", "https", "learn", "surveyv2", "surveyisolated", "safari", "firefox", "chrome", "remove", "edge", "correct", "section", "segoe ui", "emoji", "opera", "path", "span", "this", "typeof document", "small", "blank", "pass", "core", "footer", "close", "form", "main", "direct", "reduceright", "string", "f420", "gyfpnzbgtf3", "copyright", "json", "sesprops", "href", "input", "class", "logger", "target", "push", "awalt", "awinawin", "explorer", "awatp", "ccampid", "impid", "tag1" ], "references": [ "https://www.dwin1.com/13976.js", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://contabo.com/client/client.a529db28.js", "https://contabo.com/client/client-30e55c50.css", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://www.clarity.ms/tag/uet/5739677", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "https://fast.appcues.com/79878.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://sc-static.net/scevent.min.js", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.hotjar.com/ensureSegmentId.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://www.hotjar.com/persistUtmParams.js", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 349, "hostname": 456, "URL": 1730, "FileHash-SHA256": 342, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1437 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62844b9aeadcab773b3eb51a", "name": "DATAHATA - data-xata", "description": "ChunkLoadError, a new type of error, failed to load a chunk of JavaScript, according to the web browser operator, E.noconflict.com, as well as the website itself.", "modified": "2022-06-16T00:01:26.112000", "created": "2022-05-18T01:27:54.809000", "tags": [ "zendesk", "integration", "offline form", "routing website", "acquire", "english", "chatsupport", "livechat", "genesys dx", "drift", "live", "chat", "android", "contact", "twitter", "facebook", "fast", "enterprise", "small", "demo", "leave", "premium", "easy", "robin", "tbody", "span", "jost", "object", "thead", "tfoot", "typecheckbox", "typeradio", "typeof content", "array", "error", "footer", "nuxtlink", "combo", "cookie", "please", "cancel", "email", "zendesk chat", "sorry", "back", "name", "function", "document", "click", "close", "null", "hello", "noraid", "datav57c71c16", "raid0", "raid1", "raid5", "raid6", "raid10", "republic", "islands", "rating", "guinea", "reviewstab", "samoa", "china", "congo", "korea", "united", "albania", "armenia", "belarus", "chad", "cuba", "indonesia", "mexico", "panama", "paraguay", "slovakia", "ukraine", "uruguay", "bitcoin", "script", "date", "scroll", "mousemove", "touchstart", "setaccount", "trackpageview", "textjavascript", "datalayer", "gtmngp6lxc", "number", "string", "trackevent", "click button", "copyright", "host", "path", "order", "typeerror", "typeof symbol", "typeof e", "typeof t", "referenceerror", "promise", "boolean", "typeof n" ], "references": [ "https://www.googletagmanager.com/gtm.js?id=GTM-NGP6LXC", "https://www.data-xata.com/js/zopimlaunch.js", "https://www.data-xata.com/_nuxt/1e8744d.modern.js", "https://www.data-xata.com/_nuxt/65d6cfa.modern.js", "https://www.data-xata.com/_nuxt/b799d37.modern.js", "https://www.data-xata.com/_nuxt/e7424e3.js", "xfe-URL-Data-xata.com-stix2-2.1-export.json", "https://zopim.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [ "E-Commerce" ], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 329, "URL": 968, "FileHash-SHA256": 245, "domain": 241, "FileHash-MD5": 1, "email": 1 }, "indicator_count": 1785, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1445 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "e.store", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "e.store", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780246748.1092567 }