{ "type": "Domain", "indicator": "enginecorruptiontrice.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/enginecorruptiontrice.com", "alexa": "http://www.alexa.com/siteinfo/enginecorruptiontrice.com", "indicator": "enginecorruptiontrice.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3856417241, "indicator": "enginecorruptiontrice.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "68c5dfd6efb85eee0d549104", "name": "Lavasoft Blacklist", "description": "", "modified": "2025-10-13T21:18:10.129000", "created": "2025-09-13T21:19:18.990000", "tags": [], "references": [ "https://acscdn.lavasoft.com/urlblacklist.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 3, "URL": 7, "domain": 10938, "hostname": 208 }, "indicator_count": 11162, "is_author": false, "is_subscribing": null, "subscriber_count": 180, "modified_text": "188 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "415 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "678565f0c11937595b52ea3b", "name": "ApateWeb Campaign Infected Sites - Blogspot Redirector", "description": "Additional IOCs gathered from an instance of ApateWeb discovered in the wild, via a Blogspot redirector campaign. These may be intentional adversary-controlled infra or simply infected servers that they have gained control over.\n\nApologies for duplicate IOCs, OTX has no method of filtering these out and makes it impossible to bulk remove them so I can upload a de-duped list instead, so there is no way for me to fix this.", "modified": "2025-01-20T23:31:01.411000", "created": "2025-01-13T19:13:52.391000", "tags": [ "blog", "redirector", "phishing", "malware", "Scareware", "Malvertising", "Ad Fraud", "Blogspot", "ApateWeb", "Cybercrime" ], "references": [ "https://unit42.paloaltonetworks.com/apateweb-scareware-pup-delivery-campaign/", "https://bettylinking.blogspot[.]com/2025/01/tyga.html" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ajmeese7", "id": "218349", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_218349/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 34, "domain": 19039, "hostname": 18 }, "indicator_count": 19091, "is_author": false, "is_subscribing": null, "subscriber_count": 59, "modified_text": "454 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://unit42.paloaltonetworks.com/apateweb-scareware-pup-delivery-campaign/", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List", "AppRegistrationList.csv", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "https://bettylinking.blogspot[.]com/2025/01/tyga.html", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://tria.ge/240521-q4s79agb25/static1", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "All - EnterpriseAppsList.csv", "Thor Scan: S-I9VvMTB6cZU", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://acscdn.lavasoft.com/urlblacklist.json", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Education", "Telecommunications", "Government", "Technology", "Healthcare" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "68c5dfd6efb85eee0d549104", "name": "Lavasoft Blacklist", "description": "", "modified": "2025-10-13T21:18:10.129000", "created": "2025-09-13T21:19:18.990000", "tags": [], "references": [ "https://acscdn.lavasoft.com/urlblacklist.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 3, "URL": 7, "domain": 10938, "hostname": 208 }, "indicator_count": 11162, "is_author": false, "is_subscribing": null, "subscriber_count": 180, "modified_text": "188 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "415 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "678565f0c11937595b52ea3b", "name": "ApateWeb Campaign Infected Sites - Blogspot Redirector", "description": "Additional IOCs gathered from an instance of ApateWeb discovered in the wild, via a Blogspot redirector campaign. These may be intentional adversary-controlled infra or simply infected servers that they have gained control over.\n\nApologies for duplicate IOCs, OTX has no method of filtering these out and makes it impossible to bulk remove them so I can upload a de-duped list instead, so there is no way for me to fix this.", "modified": "2025-01-20T23:31:01.411000", "created": "2025-01-13T19:13:52.391000", "tags": [ "blog", "redirector", "phishing", "malware", "Scareware", "Malvertising", "Ad Fraud", "Blogspot", "ApateWeb", "Cybercrime" ], "references": [ "https://unit42.paloaltonetworks.com/apateweb-scareware-pup-delivery-campaign/", "https://bettylinking.blogspot[.]com/2025/01/tyga.html" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ajmeese7", "id": "218349", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_218349/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 34, "domain": 19039, "hostname": 18 }, "indicator_count": 19091, "is_author": false, "is_subscribing": null, "subscriber_count": 59, "modified_text": "454 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "enginecorruptiontrice.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "enginecorruptiontrice.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776675004.9545536 }