{ "type": "Domain", "indicator": "entry.name", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/entry.name", "alexa": "http://www.alexa.com/siteinfo/entry.name", "indicator": "entry.name", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3032301189, "indicator": "entry.name", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "68d62e5e038c036204e489ba", "name": "Deepsea - Seen in multiple targeting attacks | curse.llc |", "description": "DiabloFans.com redirects to curse.llc a shopify storefront that offering witchcraft related products and/or services. \n\nIt will take time to break down the true intent of the website. Maybe it\u2019s hacked maybe it\u2019s a tool. I think targeting is involved because of the constant appearance of diablofans.com in various types of research over time including a most recent pulse related to a target \n\nThere are multiple checkins, bots, Trojans , worms, etc. This entire pulse will be populated by OTX , I won\u2019t be able to annotate for this pulse,\nLet\u2019s see what happens. \n\n#Lowfi:HSTR:MSIL/Obfuscator.Deepsea.C", "modified": "2025-10-26T05:01:11.780000", "created": "2025-09-26T06:10:38.550000", "tags": [ "handle", "entity", "host name", "rdap database", "iana registrar", "roles", "dnssec", "links", "namecheap", "namecheap inc", "script urls", "united", "unknown ns", "moved", "script domains", "passive dns", "ip address", "body", "gmt content", "type", "title", "date", "meta", "request", "get updates", "common upatre", "p2p zeus", "common header", "struct", "downloader", "exe download", "terse", "regsetvalueexa", "execution", "dock", "write", "next", "win32", "persistence", "malware", "copy", "unknown", "canada unknown", "alfper", "entries", "ipv4", "pulse pulses", "urls", "files", "reverse dns", "location canada", "twitter", "present sep", "cname", "name servers", "search", "creation date", "canada", "certificate", "trojan", "ontario", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "defense evasion", "spawns", "development att", "href", "show technique", "mitre att", "ck matrix", "script", "network related", "input url", "network traffic", "t1204", "copy md5", "copy sha1", "copy sha256", "size", "sha1", "sha256", "flag", "canada canada", "strings", "cloudflar", "google", "googlecl", "facebook", "as autonomous", "system", "hetznera", "detail domain", "domain tree", "links domain", "requested", "url https", "general full", "name value", "resource", "asn13335", "cloudflarenet", "hash", "protocol h3", "express", "value", "please", "automatic", "webgl", "september", "variables", "shopify", "shopifypay", "st boolean", "shopifyforms", "raven", "hstr", "next associated", "mtb may", "ipv4 add", "trojanspy", "trojandropper", "span", "path", "button", "circle", "link", "keychains", "choose", "input", "small", "close", "form", "stop", "anime", "kitty", "iframe", "null", "open", "tarot", "footer", "curse", "first", "back", "error", "config", "contact", "signs", "main", "payment", "window" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 236, "FileHash-MD5": 320, "FileHash-SHA1": 314, "FileHash-SHA256": 2288, "URL": 889, "hostname": 361, "SSLCertFingerprint": 1, "email": 2, "CVE": 1 }, "indicator_count": 4412, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "175 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67f5555b6ce863d998e83e26", "name": "macOS Threat Infrastructure Leveraging Remote Agents via remotewd.com and rtmsprod.net", "description": "This pulse identifies an actively observed macOS-focused remote access infrastructure abusing trusted native Apple agents (ARDAgent.app, SSMenuAgent.app) and communicating with a distributed network of C2-like endpoints under domains such as remotewd.com, idsremoteurlconnectionagent.app, and rtmsprod.net.\n\nThe infrastructure is composed of dynamically generated subdomains \u2014 many in the form of device-.remotewd.com \u2014 indicative of automated deployment, system tracking, or per-host remote access configurations.\n\nAdditional indicators include HTTP/S URLs pointing directly to embedded binary paths within macOS agents, suggesting possible delivery vectors, staging, or persistence techniques.\n\nThis campaign shows signs of structured, programmatic targeting and is highly likely to be pre-operational infrastructure for wide-scale surveillance or access operations. All listed indicators should be considered high-risk. If observed in your environment, initiate a full forensic and IR process immediately.", "modified": "2025-05-11T19:03:59.885000", "created": "2025-04-08T16:56:59.641000", "tags": [ "generated from", "do not", "edit uri", "urls", "edit", "rewriteengine", "rewritecond", "rewriterule", "r301", "xml2encalias", "beralloct", "berbvarrayadd", "berbvarrayfree", "berbvdup", "berbvecadd", "berbvecfree", "berbvfree", "berdump", "berdup", "berdupbv", "laerrordomain", "laerrornoncekey", "lamechanismtree", "lacontext", "ladomainstate", "laenvironment", "lanotification", "laprivatekey", "lapublickey", "laright", "apple swift", "o librarylevel", "combine import", "foundation", "swift import", "mcpeerid", "mcsession", "property", "copyright", "protocol", "class", "bonjour", "ascii lowercase", "abc company", "section", "bonjour txt", "note", "ui element", "utf8 encoding", "nscopying", "nsdictionary", "nsstring", "mcextern", "attribute", "mcextern extern", "mcexternweak", "nsenum", "nsinteger", "mcerrorcode", "mcerrorunknown", "mcerrortimedout", "peer", "example", "bonjour apis", "stop", "tags", "session", "nsprogress", "nserror", "nsurl", "nsarray", "create", "nsuinteger", "notifies", "mcsession api", "interface", "dbictrace", "dbivporth", "dbictracelevel", "dbdtffoo", "dbihseterrchar", "dbicstate", "dbictraceflags", "provides macros", "dbi release", "only", "sqlsuccess", "odbc", "sqlok", "tim bunce", "england", "sql cli", "sql datatype", "sqlguid", "sqlwlongvarchar", "main", "beware", "sv sth", "sv dbh", "impsth", "impdbh", "sv keysv", "sv params", "sv attr", "sv attribs", "sv drh", "void", "fri jul", "mixed", "dbixsrevision", "plsvundef", "license", "spagain", "perlioprintf", "dbiclogpio", "putback", "ireland", "gnu general", "super", "magic", "dbicflags", "dbis", "svrv", "null", "imp2com", "dbicactivekids", "dbicfiadestroy", "sv h", "dbicdbistate", "code", "copy", "refer", "trace", "error", "unknown", "hookopcheckh", "startexternc", "hookopcheckcb", "userdata", "endexternc", "isinternalbuild", "kickmcxdforuid", "loadappkit", "ardconfig", "authenticator", "dsauthenticator", "dsnode", "dsrecord", "group", "hostconfig", "apfsvolumelock", "apfsvolumerole", "aoskgetosinfo", "aoskgetuserinfo", "aosaddappleid", "aosdisablepcs", "aosenablepcs", "aoslog", "aoslogforce", "aosrelaycookie", "didfailcallback", "kaosaccountkey", "kapcsbundle", "kapcspath", "kjsonextension", "apcsbucketid", "apcsreports", "apconfiguration", "apversiondata", "apversionhelper", "systemvolumesvm", "name size", "identifier", "gb disk0s3", "devdisk3", "apfs container", "scheme", "physical store", "macintosh hd", "apfs snapshot", "preboot", "refs address", "size wired", "name", "version", "uuid", "linked against", "renderer", "helper", "chrome helper", "contains", "cloud ui", "macintosh", "khtml", "gecko", "ui helper", "plugin", "service", "good", "battery power", "apfs encryption", "jumpcloud go", "chrome web", "store", "privacy badger", "flowcrypt", "encrypt gmail", "simple", "google", "b2b phone", "number", "apollo", "future", "exccrash", "sigkill", "code signature", "invalid", "sigabrt", "protonvpn", "excguard", "excbreakpoint", "sigtrap", "excbadaccess", "appl", "english", "adobe crash", "adobe", "acrobat dcadobe", "processor", "uninstaller", "assistant", "install", "cloud", "dock", "calendar", "music", "terminal", "tips", "installer", "updater", "proton", "tools", "stub", "python", "clock", "powershell", "team", "rave scout", "cookies", "public folder", "key cert", "sign", "crl sign", "root ca", "authority", "public primary", "global root", "verisign", "academic", "premium", "adaptive", "interactive", "background", "standard", "launchd sandbox", "s mdworker", "agent", "command line", "progress", "yubico", "macos13action", "disableoverride", "disableairdrop", "denyactivation", "enable", "loginwindowtext", "jumpcloud", "autoupdate", "loggingoption", "enablefirewall", "arm64e", "apple m2", "mac142", "kjqqtw7pqt", "daemon", "server", "open directory", "user", "account", "kerberos admin", "kerberos change", "device daemon", "network", "desktop", "screensaver", "bridge", "aesxtsarm", "aesecbarm", "sha512vngarmhw", "sha384vngarmhw", "sha256vngarm", "sha1vngarm", "darwin kernel", "wed mar", "wkarraycreate", "wkbooleancreate", "wkcontextcreate", "wkdatacreate", "wkdatagettypeid", "wkdoublecreate", "wkframecopyurl", "wkgettypeid", "wkimagecreate", "wkpagecandelete", "webview", "notice", "this software", "including", "but not", "limited to", "redistribution", "is provided", "by apple", "direct", "damage", "apiavailable", "webkit", "nsswiftname", "document", "a block", "as is", "hasinclude", "wkdownload", "abstract", "wkerrorcode", "wkerrorunknown", "discussion", "bool", "whether", "wkcontentworld", "wkwebview", "javascript", "nsunavailable", "vaargs", "nsswiftasync", "wkswiftasync", "wkcookiepolicy", "wkswiftuiactor", "nshttpcookie", "targetosiphone", "wknavigation", "decides", "boolean value", "apideprecated", "methodkind", "wkerrordomain", "wkscriptmessage", "promise", "fulfill", "const", "url scheme", "mark", "wkuserscript", "targetosvision", "param", "wkframeinfo", "targetosios", "pass", "window", "mime type", "link", "nsimage", "returns", "nsset", "checks", "matches", "a boolean", "defaults", "wkwebextension", "cgsize", "uiimage", "apis", "nsdate", "wkcontentmode", "wkextern", "possible", "cgfloat", "media", "cgrect", "apiunavailable", "framework", "nsswiftuiactor", "targetoswatch", "confirms", "apple upgrade", "nsstring user", "nsobject", "provider", "apple", "password", "uicontrol", "nscontrol", "asuseragerange", "check", "opaque user", "apple id", "initiate", "asauthorization", "operation", "state", "nserrorenum", "nsdata", "relying party", "asapiavailable", "perform", "realm", "http response", "authorization", "http", "oauth", "saml", "a byte", "nsdata userid", "relying", "a string", "nsdata readdata", "bool didwrite", "a cose", "nsdata first", "nsdata second", "nsstring name", "bool appid", "targetosxr", "nsstring appid", "bluetooth", "mdm profile", "nsurl url", "returns yes", "a state", "a json", "web token", "private seckeys", "enables", "keychain", "asswiftsendable", "cose algorithm", "ecdsa", "sha256", "cose curve", "p256", "nullable", "bool success", "remove", "call", "complete", "initializes", "time code", "extensions", "asextern extern", "asextern", "nsswiftsendable", "prepare", "list", "nsextension", "attempt", "nsstring label", "creates", "nsstring code", "a key", "webauthn", "nssecurecoding", "input", "output", "initialize", "nsinteger rank", "json", "inputs", "hash", "nsstring origin", "settings app", "extension", "https urls", "safari", "cancel", "nsuuid uuid", "r uftpexu", "nsmutabledata", "vnsdate", "mprcjy", "postfix", "domain", "canonical", "tables", "ldap", "post", "replace user", "address", "wietse venema", "bugs", "mail", "aliases", "postfix version", "restrict", "sample", "person", "basic system", "general", "reject empty", "postfix smtp", "ipv6 host", "reject", "reply", "access", "prior", "hold", "info", "mail delivery", "charset", "system", "report", "postfix dsn", "mail returned", "this", "generic", "smtp", "isp mail", "mime", "headerchecks", "readme files", "filters while", "posix", "empty", "body", "write", "date", "smtp server", "specify", "mx host", "unix password", "user unknown", "pathbin", "postfix queue", "unix", "cyrus", "path", "uucp", "shell", "local", "program", "agreement", "contributor", "recipient", "contribution", "the program", "corporation", "contributors", "product x", "as expressly", "arch", "arch x8664", "pipe wall", "wimplicit", "ranlib", "warn", "switch", "start", "systype", "outlook", "postfix master", "begin", "server admin", "mail backend", "modern smtp", "iana", "many", "postfix pipe", "recent cyrus", "amos gouaux", "old example", "or even", "lutz jaenicke", "technology", "cottbus", "germany", "openssl package", "openssl project", "europe", "remember that", "use of", "file", "update", "usrsbin", "file format", "no group", "daemondirectory", "deliver mail", "transport", "description", "result format", "virtual", "virtual alias", "redirect mail", "relocated", "matches user", "synopsis", "lastname", "firstname", "apple computer", "tcpip", "supported", "quantum", "facility", "level", "level info", "broadcast", "ignore", "rules", "sender", "automounter map", "use directory", "get home", "home autohome", "true", "t option", "mount", "force", "environment", "automountdenv", "promptcommand", "shellsessiondir", "histfile", "histfilesize", "myvar", "histtimeformat", "arrange", "bashrematch", "tell", "ps1h", "make bash", "s checkwinsize", "etcbashrc", "termprogram", "inpck", "nnnbaud", "berkeley", "parity", "pc entry", "pass8", "parenb istrip", "fixed speed", "entry", "clocal mode", "maxhistsize", "promptmode", "verbose end", "etcirbrcloaded", "default", "setup", "history file", "kernel", "readline", "jabber", "group database", "dovecot", "postfix scsd", "networkd", "searchpaths", "freebsd", "tmpdir", "fcodes", "prunepaths", "vartmp", "prunedirs", "filesystems", "nroff", "manpath", "uncomment", "manpager", "whatispager", "manlocale", "every", "manpath optman", "maybe", "troff", "status mailfrom", "returnpath via", "pidfile", "flags", "bcgjnuwz", "bin usrsbin", "sbin", "default pf", "care", "audio", "user database", "unix copy", "gate daemon", "bashno", "r etcbashrc", "rfc1323", "m1460", "macos x", "signature", "linux", "opera", "xp sp1", "windows sp1", "nmap syn", "m265", "synack", "mind", "macos", "warp", "ipv6", "internet", "icmp", "cisco", "monitoring", "argus", "chaos", "rsvp", "encapsulation", "aris", "isis", "netbootmount", "netbootshadow", "computername", "localonly", "localnetbootdir", "netboot", "define", "purpose", "networkonly", "waiting", "networkup", "term", "devnull", "common setup", "configure", "set command", "dns hostname", "dns query", "see also", "kame", "sunnet manager", "rpcsrc", "netlicense", "ftpd", "bindash binksh", "binsh bintcsh", "jumpcloud ldap", "smb2", "security", "workgroup", "standalone", "samba server", "enforce", "smb3", "example share", "improper use", "ctrlc", "none", "fax reception", "hardwired", "0007", "must", "visudo", "blocksize", "charset lang", "language lcall", "lines columns", "lscolors", "sshauthsock", "orion", "setup user", "home", "zdotdir", "delete", "beep", "vendor", "kf10", "kf11", "kf12", "kf13", "backspace", "insert", "resume", "termsessionid", "savehist", "sharehistory", "h do", "volume", "de l", "l uuid", "m tra", "n est", "suuid", "prfen", "fusion", "syst", "look", "executant", "alla", "over", "test", "overie", "zapis", "rapid", "disco usa", "de macos", "nie s", "i denne", "adgjmpsvx", "diskgthis disk", "01k8x j", "34disk", "levy kytt", "dict", "array", "plist", "apple root", "code signing", "inode64r", "xofkoxzh", "integer", "doctype", "brain", "abcd", "ogwo", "boaw", "cobwa", "uhawavauatsh", "ip bitmap", "foewdc", "could", "ip block", "funcs", "cogwo", "trash", "double", "hunt", "affa", "carr", "crypto", "docwbac", "q1b0", "q1 0", "h h5", "docwbag", "slice", "format", "zero", "alfa", "hera", "lelei", "hehe", "hisp", "fail", "katy", "zakk", "eodwcbgao", "hhk8di", "alma", "topo", "open", "huhk", "piper", "hehx", "eh ui", "h20hph", "hif h", "hmhhihqhyla hq", "r11b0", "target", "uus10u", "hifh", "loghookfailed", "loghook", "hell", "q1b 0", "f duh", "aqw1", "1160" ], "references": [ "index.html.en", "bind.html", "caching.html", "BUILDING", "configuring.html", "content-negotiation.html", "custom-error.html", "convenience.map", "LDAP.tbd", "lber.h", "ldap.h", "LocalAuthentication.tbd", "arm64e-apple-macos.swiftinterface", "x86_64-apple-ios-macabi.swiftinterface", "arm64e-apple-ios-macabi.swiftinterface", "x86_64-apple-macos.swiftinterface", "MultipeerConnectivity.tbd", "module.modulemap", "MCNearbyServiceAdvertiser.h", "MCPeerID.h", "MCError.h", "MCNearbyServiceBrowser.h", "MCAdvertiserAssistant.h", "MultipeerConnectivity.apinotes", "MultipeerConnectivity.h", "MCSession.h", "MCBrowserViewController.h", "dbivport.h", "dbi_sql.h", "dbd_xsh.h", "dbixs_rev.h", "Driver_xst.h", "DBIXS.h", "hook_op_check.h", "Admin.tbd", "AirPlayReceiver.tbd", "apfs_boot_mount.tbd", "AOSKit.tbd", "APConfigurationSystem.tbd", "AppleFirmwareUpdate.tbd", "launchdaemons.txt", "preboot_archive_errors.log", "mounts.txt", "launchagents.txt", "disk_structure.txt", "user_launchagents.txt", "security_status.txt", "kexts.txt", "process_list.txt", "battery.csv", "diskEncryption.csv", "chromeExtensions.csv", "crashes.csv", "interfaceAddrs.csv", "kernel.csv", "interfaceDetails.csv", "etcHosts.csv", "applications.csv", "mounts.csv", "sharedFolders.csv", "certificates.csv", "sharingPreferences.csv", "launchD.csv", "usbDevices.csv", "managedPolicies.csv", "systemInfo.csv", "users.csv", "sipConfig.csv", "systemControls.csv", "canonical", "aliases", "custom_header_checks", "access", "bounce.cf.default", "generic", "header_checks", "main.cf.default", "LICENSE", "makedefs.out", "main.cf", "master.cf.default", "main.cf.proto", "master.cf.proto", "master.cf", "TLS_LICENSE", "postfix-files", "transport", "virtual", "relocated", "afpovertcp.cfg", "asl.conf", "auto_home", "auto_master", "autofs.conf", "bashrc_Apple_Terminal", "com.apple.screensharing.agent.launchd", "bashrc", "command_args.json", "csh.cshrc", "csh.login", "find.codes", "csh.logout", "ftpusers", "gettytab", "irbrc", "kern_loader.conf", "group", "locate.rc", "man.conf", "mail.rc", "manpaths", "networks", "nfs.conf", "newsyslog.conf", "ntp_opendirectory.conf", "ntp.conf", "notify.conf", "paths", "pf.conf", "passwd", "profile", "pf.os", "protocols", "rc.netboot", "rc.common", "rmtab", "resolv.conf", "rtadvd.conf", "rpc", "shells", "smb.conf", "sudo_lecture", "ttys", "syslog.conf", "xtab", "sudoers", "zprofile", "zshrc", "zshrc_Apple_Terminal", "CodeResources", "version.plist", "Info.plist" ], "public": 1, "adversary": "DragonForce Malaysia Hacker Group", "targeted_countries": [], "malware_families": [ { "id": "Lastname", "display_name": "Lastname", "target": null }, { "id": "Firstname", "display_name": "Firstname", "target": null } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 66, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ilyailya", "id": "298851", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4449, "domain": 3847, "URL": 14263, "FileHash-SHA256": 2356, "FileHash-MD5": 223, "FileHash-SHA1": 523, "email": 223, "CVE": 40, "CIDR": 12, "SSLCertFingerprint": 302 }, "indicator_count": 26238, "is_author": false, "is_subscribing": null, "subscriber_count": 35, "modified_text": "343 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6660c1268a1f430e17236b55", "name": "Python: OVSAgentServer Document (autofilled name)", "description": "Here is the full text of the Vuze-dht-info script, which is written by \"Patrik Karlsson\" and followed by the following:-1-2-3. (Autofilled). This was pulled from a Windows 11 Hidden Folder from UAlberta Sample Device.", "modified": "2024-07-24T20:04:38.074000", "created": "2024-06-05T19:48:54.286000", "tags": [ "vuze", "dht service", "force", "port", "port state", "service version", "transaction id", "connection id", "vendor id", "azureus", "methods", "function", "method", "performs", "uri path", "same", "nmap", "see https", "buffer", "http post", "xdmcp", "session id", "mitmagiccookie1", "authorization", "displayid", "x display", "su p", "service", "patrik karlsson", "x server", "code", "xopendisplay", "checks", "tcp port", "xhost", "list", "host", "null", "retrieves", "wsdiscovery", "framework", "message id", "device wprt", "patrik", "author", "example", "john foo", "athens", "attiki", "domain name", "attempts", "service reason", "support", "active", "error", "false", "t3 protocol", "extrainfo", "weblogicversion", "t3 rmi", "daniel miller", "weblogic", "note", "cvss score", "isc bind", "todo", "cvss", "cpes", "sv output", "limit cves", "dot com", "mark", "elem", "stripnull", "wind debug", "wind river", "systems vxworks", "debug service", "boot line", "wdbprocedure", "agent", "vulnerable", "metasploit", "target", "seqnum", "vtam", "logon", "tn3270", "applid", "ibmtest", "cics", "dominic white", "tn3270 screen", "folder", "soldier", "path", "screen", "server", "cluster", "name", "http port", "admin port", "voldemort", "persistence", "driver", "apple remote", "desktop", "sasl", "aten", "vnc auth", "tries", "vnc server", "libvncserver", "bypass", "tight auth", "security", "mac os", "x security", "daemon", "220 vmware", "pass", "connectionpool", "xmpp", "login", "plain", "jabber", "soap api", "server version", "build", "os type", "product line", "header", "queries", "vmware server", "esxi", "vasto", "this", "body", "problem", "xmlns", "dns name", "tigase", "registration", "tonumber", "mlink", "connects", "citadel", "inside", "administrator", "root path", "database path", "sat mar", "version", "extracts", "versant object", "databases", "urls", "sniffed", "require", "sniffs", "http traffic", "ip address", "script output", "interface", "controls", "upnp service", "thomas buchanan", "table", "thisdb", "iana", "string", "arin", "boolean true", "comp", "meta", "trim", "actions", "openssh", "postfix smtpd", "msrpc", "runs", "comm", "prot", "group", "head", "admin", "phan", "ventrilo udp", "totpck", "totlen", "win32", "ping", "raid", "formats", "idera uptime", "intel", "gets", "domain", "arch", "linux", "smp fri", "x8664 x8664", "gnulinux", "info", "tso user", "user id", "userid", "tso logon", "valid user", "data", "nse object", "fakeuser", "razor", "blade", "plague", "tlvvalue", "ubiquiti", "probev1", "bb i2", "probev2", "tom sellers", "hidden", "zzzzz", "ooooo ssss", "enter", "fortran", "user", "skipped", "zero", "cool", "final", "scriptname", "ticketbleed", "tls session", "high", "tls stack", "hello", "done", "tls npn", "connection", "tls server", "npn extension", "spdy4a4", "spdy3", "hani benhabiles", "alpnname", "tls alpn", "client hello", "alpndone end", "alpn protocol", "filenotfound", "requesterror", "filefound", "enumerates", "tftp", "cisco", "script", "unknown", "kml file", "google earth", "geolocation", "italy", "getvalue", "rtt address", "sweden", "activetelnet", "hosttest2", "negotiate", "ntlm", "ntlmssp message", "netbios", "dnsdomainname", "dnscomputername", "dnstreename", "teamspeak", "udp packet", "cowclans", "service info", "traceroute scan", "hops", "inserts", "nmap scanning", "henri doreau", "nmap xml", "attribute", "loads", "address type", "ipv4", "ipv6", "filename", "telnet server", "freebsd", "option", "determines", "exploit", "linux advisory", "telnet", "default", "nick nikolaou", "make", "status", "driver object", "verdict", "target object", "telnet host", "telnet port", "password", "usersegs", "prefijo", "tablapalabras", "direccion", "prefixaux", "userright", "ipv6bin", "filler", "first", "iface", "ipv6 address", "targetstr", "slaac", "ipv6 host", "icmpv6 router", "advertisement", "nd host", "ipv6 stateless", "david fifield", "cidr notation", "bond", "simplified", "bsd license", "srcmac", "sends", "icmpv6 packet", "weilin", "icmpv6 echo", "svn server", "username", "crammd5", "helper", "result", "ipaux", "ipv6user", "ipv6network", "grantotal", "ipv6 subnet", "ipv4sub", "sslv2", "matthew boyle", "stuxnet", "infected", "stuxnetpaths", "stuxnetuuid", "stuxnetversion", "rpcgetversion", "smb session", "stuxnet service", "stdnse", "check", "secure socket", "https layer", "sstp traffic", "current sstp", "seil", "snippet", "ipmi", "exploitable", "output file", "calderon", "openssl", "heartbleed bug", "eof receiving", "match", "fingerprintfile", "ssl certificate", "littleblackbox", "apt1", "specify", "drown", "cve20160800", "sslv2 protocol", "tls ciphertext", "cve20153197", "cve20160703", "rsa data", "rfc1918", "ssl service", "issuer", "x509v3", "reports", "x509v3 subject", "steve benson", "sslv3", "ccs injection", "timeout", "ccs packet", "ssltls mitm", "protocol", "sweet32 attack", "ciphersuite", "chunksize", "gethellotable", "broken cipher", "find", "compressor", "format", "certificate", "pem return", "public key", "pcall", "delaware", "san jose", "california", "paypal", "accepted public", "keys", "checking key", "found", "connect", "actionend end", "specifies", "devin bjelland", "sshv1", "ssh server", "ssh protocol", "brandon enright", "modp group", "dsa group", "length", "diffiehellman", "ffffffff", "fromhex", "c4c6628b", "f25f1437", "e485b576", "generator", "tls port", "tls host", "tls serverhello", "unix timestamp", "jacob appelbaum", "returns", "poodle", "tlsfallbackscsv", "cve20143566", "ssl poodle", "ssl protocol", "authentication", "authenticated", "output", "privatekeyfile", "passphrase", "command", "ssh2 server", "kris katterjohn", "key comparison", "shows ssh", "md5 fingerprint", "ascii art", "matches", "sven klemm", "piotr olma", "socks proxy", "socks version", "guest", "iusredusrv011", "iwamedusrv011", "support388945a0", "tomcat", "socks", "snmp v1", "jetdirect", "jd117", "cidate", "system uptime", "security update", "windows media", "player", "windows server", "apache tomcat", "domain names", "mitigation apis", "kb911564", "kb924667v2", "kb925398", "explorer", "db2copy1", "lookup service", "application", "cryptographic", "db2das", "db2das00", "apache", "dcom", "launcher", "webapps", "value", "windows shares", "system idle", "process", "users", "system", "mib oids", "huawei", "hph3c locally", "snmp", "enterprisenums", "snmpv3 server", "security model", "snmpv3 get", "enterprise", "snmp community", "nextcommunity", "argument", "add ipv6", "vikas singhal", "serveraddress", "tftp server", "copystatus", "cisco router", "snmp rw", "fail", "config", "layer", "channel", "rfc3635", "ieee", "mac address", "obsolete", "generic", "voice", "prop", "terminal", "team", "test", "request", "joao correa", "mail server", "smtp", "diman todorov", "cyrus sasl", "auth", "postfix smtp", "authvuln", "cve20111720", "digestmd5", "activesmtp", "ehlo", "per rfc", "tls connection", "continue", "smtp ntlm", "ethernet", "macosx", "marek majkowski", "tiger", "rcpt", "vrfy", "expn", "socket", "user name", "mail from", "rcpt to", "duarte silva", "windows", "ron bowes", "vista", "srvsvc function", "wireshark", "p u137", "help", "ntlm login", "arturo buanzo", "busleiman", "lf line", "extended", "turn", "dkim", "exim", "exim server", "mail", "cve20111764", "exim daemon", "dkim format", "exim smtp", "webexservice", "handle", "runcommand", "windows account", "open", "cve20104344", "cve20104345", "sendrecv", "debianexim", "exim version", "could", "remote code", "webexec", "doesnotexist", "patched", "microsoft", "case", "msrc8742", "u137", "t139", "index", "define", "smtp server", "i2 i2", "microsoft smbv1", "reserved", "eternalblue", "wannacry", "ipc tree", "windows xp", "print spooler", "vulnerability", "lanman api", "september", "printer spooler", "stuxnet worm", "shareddocs", "smb server", "xp sp2", "windows vista", "gold", "smb request", "smb packet", "bsod", "dns server", "ms07029", "rpc interface", "rpc service", "notup", "server service", "execution", "ras rpc", "ms06025", "remote access", "rras", "rras memory", "routing", "systemroot", "reggetvalue", "installdate", "csdversion", "currentversion", "identifier", "productname", "model", "smbv1", "nt lm", "smbv3", "smbv2", "groups", "builtin", "account lockout", "samr", "connect4", "enumdomains", "invite", "options", "subscribe", "sip server", "cancel", "refer", "notify", "option request", "entry", "message signing", "smb security", "lmv2", "ntlmv2", "ms08068", "cve20093103", "process id", "advisory", "smbv2 protocol", "vista gold", "high header", "loop", "address", "reply", "ttl64", "comment", "ms08067", "conficker", "printer", "text", "service rpc", "lanman", "later", "service pack", "fqdn", "standard", "computer name", "sql2008", "workgroup", "servertypes", "typenames", "mssql server", "time capsule", "backup browser", "dfs root", "master browser", "sql server", "settings", "inetpub", "size time", "normal user", "description", "close", "bind", "clean", "infected2", "scanner", "namewin32", "read", "current user", "type", "readwrite", "usercanwrite", "current", "default share", "stypeipchidden", "write", "trojan", "changeddate", "names", "sids", "servicepaused", "servicestopped", "servicerunning", "gateway service", "manager", "shadow copy", "provider", "remote desktop", "tools", "spooler", "id process", "bytessec", "operationssec", "bytes", "pid ppid", "daniel", "rids", "homegroupuser", "windows system", "aliases", "lists", "double pulsar", "smb backdoor", "pulsar smb", "backdoor", "b i2", "luke jennings", "valid", "hostinfo", "invalidpassword", "userlist", "userlistindex", "blank", "third", "windows smb", "smb2 protocol", "smb2", "startdate", "starttime", "boot time", "date", "vuln", "securitymode", "smb2smb3", "file system", "leasing", "smbv2 server", "skype", "skype version", "skype author", "probes", "extension value", "number", "register sip", "file", "sip session", "true", "ekiga", "home", "user agent", "sip from", "request source", "request sip", "shodanapi key", "shodan", "shodan api", "sn pn", "apache httpd", "proto", "product parent", "xmltotext", "sunw", "instance urn", "product version", "product urn", "product defined", "instance id", "cpus", "probe", "xport", "samba", "samba heap", "cve20121182", "pidl", "zdican1503", "msrpc call", "szl request", "sendreceive", "offset", "siemens s7", "action", "plcscan", "copyright", "module type", "idle", "user on", "from since", "commondirs", "cve20177494", "payloadx86", "payloadx64", "samba remote", "rtsp", "rtsp urls", "describe", "setup", "play", "teardown", "roca", "detects", "return", "ssltls", "nse library", "pop3", "capa command", "user capa", "respcodes uidl", "pipelining stls", "top sasl", "rpc program", "rpc port", "sendpacket", "receivepacket", "rpc number", "rpc protocol", "host table", "port table", "winpcap", "getinfo", "pro1000 mt", "desktop adapter", "hamachi virtual", "winpcap remote", "capture daemon", "password1", "rmi registry", "tcclassdesc", "flags", "field count", "tcnull", "tcblockdata", "oraclesun", "custom data", "classpath", "java management", "custom", "martin holst", "swende", "performs brute", "unix rlogin", "unix", "item", "node name", "crypto version", "skerl version", "os mon", "basho version", "lager version", "cluster info", "luke version", "sasl version", "time", "odd response", "make sure", "diff", "unix rexec", "horizontal", "hostaction", "architecture", "filter", "redis", "realvnc", "cve20062369", "adderlink ip", "send", "cvssv2", "medium", "tpdu", "cve20120002", "ms12020 remote", "risk factor", "w2016", "credssp", "ntlmssp", "w16gasrv01", "success", "security layer", "early user", "rdstls", "rdp encryption", "fips", "rdp protocol", "knownprotocols", "wolfenstein", "enemy territory", "nexuiz", "quake iii", "arena", "openarena", "basic options", "other options", "getstatus", "statusresp", "quake3 game", "toni ruottu", "delay", "tcp packet", "maximum number", "mean", "numtrips", "delta", "qnx qconn", "qconn daemon", "root", "brendan coles", "puppet ca", "puppet naive", "csrs", "dummycsr", "defaultnode", "defaultenv", "paths", "response", "puppet server", "firmware", "pptp", "rt57i author", "activepop3", "pop3 ntlm", "pop3test2", "apop", "pop server", "pop3 account", "printer job", "language", "pjlreadymessage", "aaron leininger", "prev", "rstart", "ssl support", "force protocol", "ssl encryption", "plc type", "model number", "firmware date", "pcworx message", "nse script", "pcworx", "program", "phoenix contact", "pcanywhere", "xorkey", "mtus", "ipprotoudp", "ipprototcp", "pmtu", "pathmtuprobe", "path mtu", "drop", "hash", "key1", "seed", "noise", "oracle virtual", "server agent", "python", "http get", "basehttp", "virtual server", "get request", "oracle tns", "errcodes", "decodevsnnum", "decodes", "vsnnum version", "tns header", "tns packet", "unit size", "oracle", "checkaccount", "count", "oracle user", "october", "critical patch", "maxretries", "defaultaccounts", "dhiru kholia", "authvfrdata", "account", "device type", "uptime", "nack", "kernel version", "device", "mask", "alarm", "bad login", "nson", "openlookup", "arizona", "nson int", "parsefloat", "parses", "paradise", "ofpthello", "openflow", "initial packet", "newer", "jay smith", "mak kolybabi", "size", "memory card", "response code", "omron fins", "system use", "program area", "iom size", "expansion dm", "openvas manager", "target hosts", "firewall", "hosts", "nrpeprotocols", "warning", "nrpestates", "nrpecommands", "crc32constants", "i2 i4", "queries nagios", "remote plugin", "executor", "critical", "nepclientmacid", "serverhslen", "finalhslen", "nping echo", "echo mode", "activenntp", "nntp", "nntptest2", "ohost", "rhost", "job entry", "ohostrhost", "nje server", "nje password", "nje node", "mountpath", "nfsopen", "filesystem", "blocksize", "shows nfs", "showmount", "rpc query", "rpc library", "mount", "read lookup", "getattr", "readdirplus", "lookup", "delete", "loginresponse", "nexpose nsc", "netbuster", "netbus", "extends", "sv p", "defaultfields", "ntp server", "refid", "stratum", "network time", "reference", "applications", "log traffic", "volume", "wave", "synth", "netbus backdoor", "access", "netbus server", "nessus web", "nessus", "network data", "ndmp", "nas device", "amanda", "bacula", "ca arcserve", "commvault", "simpana", "emc networker", "exec", "device0000", "os version", "novell netware", "core protocol", "server name", "tree name", "windows2003", "skullsecurity", "netbios user", "netbios mac", "vmware", "servername", "workstationname", "netbios ns", "hewlett packard", "andrey zhukov", "ussc", "exported block", "readonly", "negotiation", "displays", "network block", "device protocol", "nbd server", "maps", "wan port", "nat port", "natpmp", "successfully", "wan ip", "apple airport", "natpmp protocol", "express", "extreme", "apple time", "capsule", "ddwrt", "mysql", "mariadbmysql", "mysqlmariadb", "mariadb", "cve20122122", "select distinct", "mysql database", "select host", "autocommit", "thread id", "support41auth", "mysql error", "mysql server", "kingcope", "dumps", "john", "ripper", "appropriate db", "review", "adminaccounts", "cis mysql", "skip", "create user", "verify", "super", "shutdown", "reload", "murmur", "udp port", "murmur server", "murmur service", "nmap service", "udp probe", "tcp service", "i4 i4", "igmp traceroute", "query", "source address", "static", "multicast group", "fwdcode", "library", "configuration", "enabled", "dns suffix", "dbcount", "tablecount", "select", "microsoft sql", "activesql", "dbtest2", "disconnect", "rslimit", "host script", "port script", "sql servers", "getname", "servers", "objectid", "select name", "from", "johntheripper", "dump", "dac port", "browser service", "dedicated admin", "dac feature", "sqlserver", "sql mail", "database mail", "dmo xps", "login success", "policy agent", "dhcp client", "lrpc endpoint", "msrpc endpoint", "remote fw", "dvmrp ask", "neighbors", "dvmrp", "neighbor", "igmp", "dvmrp code", "iterate", "major", "publish", "mqtt broker", "sanity", "mqtt", "indicate", "mqtt protocol", "topic", "connack", "mongodb build", "server status", "mongodb", "database", "error message", "httpstorage", "gateway target", "modbus", "to response", "formrsid", "illegal data", "slave device", "scada modbus", "scada", "switchmode", "mobile mouse", "os x", "attempted", "rpa tech", "connected30", "api routeros", "xmlreq", "methodname", "param", "methodcall", "metasploit rpc", "xdax00x20", "ruby version", "api version", "gathers", "api guide", "host name", "reqid", "stat", "nodes", "hostname", "mnesia version", "stdlib version", "auth failure", "agentguid", "didier stevens", "msie", "start", "mcafee epolicy", "eposerver", "instroot", "sap max", "dbmserver", "tn3270e", "unit", "tn3270e server", "logical unit", "macdst", "cadmus computer", "host id", "ipv4 address", "icon image", "repeater ap", "lineage", "printervidpid", "lexmark s302", "hbn3", "lexmark", "dcnet", "dccqure", "cnusers", "ldap", "qfilter", "dcfunctid", "cnconfiguration", "dcfunc", "cnschema", "cnservers", "ocqure", "nmas get", "allow admin", "ldap username", "ldap password", "cnadmin", "cnpaka", "login correct", "openldap", "ldap base", "ad discussion", "kerberos realm", "kerberos", "krb5", "asn1encoder", "realm", "knx address", "knxdibknxmedium", "knx gateway", "knx description", "din en", "http", "niklaus schiess", "java debug", "wire protocol", "jdwp", "java", "internet", "michael schierl", "method run", "java class", "b i8", "sat aug", "daylight time", "portal", "name service", "isns", "auth reason", "collects", "receive", "irc server", "d p6667", "e binsh", "vv localhost", "authenticate", "cap req", "internet relay", "chat", "imap", "imap4rev1", "imap4 literal", "blocked", "nick", "none", "motd", "nquitn", "stats", "lusers", "pingpong", "nmap brutern", "rxbot", "agobot", "slackbot", "mytob", "rbot", "sdbot", "ircbot", "vanbot", "gtbot", "spybot", "storm", "knx search", "device mac", "knxhpaiport", "knxdibdevmac", "discovers", "ipv6 suffix", "cpu usage", "cisco ios", "november", "netscreen", "qtypenodename", "qtypenoop", "qtype", "stringify", "ipv6 node", "qtypestrings", "stevecasner", "ff02000000", "20060921", "19941101", "kanglee", "20070202", "ff0x000000", "discovery", "ssdp", "passauth", "userauth", "conninfo", "channel auth", "claudiu perta", "rakp cipher", "ipmi interface", "cipher zero", "state service", "ipmi rpc", "aggressive mode", "vpngroup", "main mode", "ikeresponse", "ike service", "main", "hybrid", "testfr", "startdt", "asdu address", "getasdu", "cicna1", "iec104", "startdt act", "meeina1", "cicna1broadcast", "ip id", "ip ids", "numprobes", "shortport", "sslcert", "https", "iphttps", "city", "islands", "republic", "united", "startpos", "philadelphia", "recordbuf", "char", "jackson", "download", "dayton", "hill", "terre", "austin", "rouge", "green", "phoenix", "rapid", "diego", "vegas", "albania", "armenia", "belarus", "cuba", "indonesia", "lucia", "mexico", "panama", "paraguay", "slovakia", "chad", "uruguay", "april", "placemark", "point", "nmap registry", "required", "google maps", "api key", "google map", "premium", "google static", "maps api", "png8", "bing maps", "bing map", "road", "rest api", "rest", "jpeg", "fremont", "apikey", "a sting", "new jersey", "icmp echo", "lan host", "icmp", "nmap host", "information", "results", "dbinfo", "ibm informix", "dynamic server", "select first", "dbhostname", "full", "driver class", "client name", "impress version", "remote server", "impress remote", "remote pin", "firefox os", "clientname", "bruteforce", "activeimap", "ntlm challenge", "starttls", "socket receive", "imap ntlm", "istag", "resptbl", "icap service", "icap", "echo", "echo demo", "urlcheck demo", "udp iax2", "revision", "control frame", "poke request", "voip", "ferdy riphagen", "asterisk iax2", "xssedsite", "xssedsearch", "xssedfound", "xssedfixed", "xssedmirror", "xssedurl", "vlc streamer", "developer", "user guides", "increase", "base path", "ange gutek", "peter hill", "search", "wordpressapiurl", "wp root", "wordpress", "defaultwpuri", "initial check", "default uri", "default uservar", "default passvar", "webdav", "propfind", "copy", "move", "post", "proppatch", "trace", "server header", "modsecurity", "webknight", "binarysec", "cloudflare", "bigip", "xml gateway", "airlock", "profense", "netscaler", "idsipswaf", "web application", "attackvectorsn1", "wafidsips", "barracuda", "phpids", "latest", "paul amar", "rob nicholls", "rompager", "andrew orr", "bid71744 cve", "wordpress rest", "injection", "sql injection", "joomla", "regexpsuccess", "sql statement", "mysql user", "python script", "intel active", "params", "cve20175689", "bid98269", "nonce", "apache struts", "cve20175638", "http method", "url path", "ms15034", "http protocol", "system account", "groovy", "elasticsearch", "rce exploit", "java version", "json", "cve20151427", "wordpress cm", "php code", "cm download", "manager plugin", "cve20148877", "php system", "drupal core", "drupal", "auth sql", "title", "formid", "cisco asa", "sip denial", "sip inspection", "cisco adaptive", "software", "bug id", "cscuh44052", "ssl vpn", "clientless ssl", "vpn session", "asdm privilege", "asdm access", "cscuj33496", "minor", "zimbra", "ajxmsg", "zmsg", "zmmsg", "ajxkeys", "zmkeys", "zdmsg", "december", "file inclusion", "concept", "url redirection", "web server", "referer header", "cve20136786", "xss injection", "rails", "ruby", "cve20130156", "cdata", "yaml", "parameter", "denial", "cve20121823", "web development", "html", "phpcgi", "reverse proxy", "apache http", "contextis", "lan ip", "security bypass", "bid49957", "proxy", "apache web", "head request", "pt80443", "bid49303", "coldfusion8", "hmac", "salt", "http server", "sha1 hmac", "traversal", "bid42342", "coldfusion", "cve20100738", "jboss target", "path2", "array", "object", "services", "blazeds", "livecycle data", "adobe xml", "external entity", "livecycle", "webmin", "usermin", "cve20063392", "webmin file", "disclosure", "cve20093733", "vmware path", "vmware esx", "tony flick", "shmoocon", "sha1", "sha256", "eicar test", "resource", "virustotal", "eicartestfile", "readfile", "searches", "http response", "identify", "characters", "spiders", "xfoo", "evoxabout", "trane tracer", "trane", "tracer sc", "hwver12ab", "airhandler", "xxxxx", "normalizepath", "depth", "http1", "http trace", "uri author", "tplink wireless", "wr740n", "wr740nd", "wr2543nd", "confirmed", "wr842nd", "wa901nd", "wr941n", "wr941nd", "scanme", "displaytitle", "wikipedia", "repository uuid", "repository root", "node kind", "elements", "url relative", "author count", "unfiltered", "crawls", "posts", "field", "phase", "crawler", "html escaping", "posted data", "form", "html title", "twitter", "xfwd", "otherwise", "mfctearsample", "phpcrawl", "httplibs", "nmap scripting", "engine", "snoopy", "zendhttpclient", "change", "status code", "eddie bell", "timewith", "bestopt", "slowloris dos", "slowloris", "halfhttp", "dos attack", "timewithout", "threadcount", "timelimit", "dosed", "monitor", "threads", "sendinterval", "servernotice", "stopall", "reason", "ubuntu", "request type", "cookie", "referer", "shellshock", "http shellshock", "http header", "sending", "setcookie", "deny", "hsts", "cachecontrol", "pragma", "xss filter", "will", "uris", "sandbox", "sap netweaver", "sap instance", "km unit", "disabled", "robtex", "robtex service", "add list", "discount", "nwshp news", "relpage", "univ cobrand", "url default", "august", "informs", "qweb server", "ssl port", "photo station", "device model", "firmware build", "force ssl", "v2 web", "network video", "music", "uploads", "http put", "http proxy", "shared", "phpself", "reflected cross", "site scripting", "phpselfprobe", "local file", "inclusion", "exploitquery", "defaultfile", "defaultdir", "remote file", "basepath", "passwd", "etcpasswd", "query string", "printing", "multi", "http redirect", "valid http", "pattern", "joao", "activeweb", "telme", "http ntlm", "android", "khtml", "gecko", "http verb", "vulnerable uri", "allow", "safemethods", "public", "public header", "unsafemethods", "balancer", "jvmroute", "lbgroup", "sticky", "jsessionid", "remove", "stisvc", "looks", "denis", "majordomo2", "cve20110049", "michael brooks", "web page", "pierre lalet", "litespeed web", "cve20102333", "http request", "joomla web", "internal ip", "leaked", "host header", "microsoft iis", "jsonp", "jsonp endpoint", "policy", "vinamra bhatia", "gosingle", "root folder", "iis document", "research paper", "apple id", "apple mobileme", "find my", "iphone", "macbook air", "wifi", "mobileme web", "mac mini", "hp ilo", "productid", "uuid", "xmldata", "xml file", "builtinpatterns", "validate", "azaz09", "email", "group1", "google", "safe browsing", "sign", "git revision", "project author", "span", "git repository", "trunclength", "jboss", "statusok", "rails web", "jboss java", "location", "look", "insert", "michael kohl", "citizen428", "frontpage", "frontpage login", "path prefix", "atm anything", "uservar", "passvar", "stop", "mime", "content", "uploadrequest", "exploits", "mime type", "destination", "separator", "trying path", "maxpagecount", "feeds", "feedsrefs", "please", "atom", "reads", "wd2500js60mhb1", "md5 hash", "element", "socialtext", "http default", "nasl script", "ftp server", "ftp login", "gutek", "tagtable", "gpstagtable", "gpstaglatitude", "tagmake", "tagmodel", "tagdatetime", "taggpsinfo", "gpstaglongitude", "flash", "speed", "error code", "checkdir", "general", "views", "pppoe", "echolife hg530", "huawei hg5xx", "boolean", "hg530x", "direct path", "modules", "themes", "token", "id file", "input", "jim brass", "warrick brown", "martin", "jsfuncpatterns", "jscallspatterns", "xss occur", "javascript", "please note", "dlink", "dir120", "di624s", "di524up", "di604s", "di604up", "di604", "tmg5240", "ascii", "genericlines", "landeskrc", "tlssessionreq", "getrequest", "httpoptions", "lpdstring", "weird", "consumingdetect", "html content", "rapiddetect", "html code", "callback", "django", "missing", "nagios", "cactiez", "logincombos", "httplike", "csrf", "form id", "form action", "cross site", "adobe flash", "adobe reader", "silverlight", "crossdomain", "forgery", "granto", "origin", "sharing", "cors", "get post", "options author", "patch", "examines", "specific url", "specific cookie", "grepphp", "mediawiki", "generic backup", "patterns", "line number", "maximum value", "cf version", "fri mar", "xmltags", "anyconnect", "cisco ssl", "ddos", "pngiconquery", "gificonquery", "stylesheetquery", "vendorsquery", "cakephp version", "cakephp visit", "hostip", "alpha", "bigipserver", "f5 bigip", "seth jackson", "spam", "virus firewall", "barracuda spam", "api password", "mta sasl", "gateway", "dns cache", "shadow", "apache axis2", "axis2services", "defaultpath", "axis2 service", "awstats totals", "defaultcmd", "defaulturi", "sort", "common", "awstats total", "avaya ip", "office", "office user", "listing", "office voip", "basic", "digest", "router", "unauthorized", "debug", "http debug", "debug request", "response body", "apache server", "apache version", "common default", "google adsense", "amazon", "site", "grabs", "adsense", "magicuri", "gethostname", "finds", "sheila berta", "hostmapserver", "vendor", "gatewaywithwifi", "ingraham", "linksys", "linksys e1200", "e1200", "hbase", "hbase version", "hbase compiled", "quorum", "apache hbase", "hadoop database", "wed may", "hadoop", "http status", "logs", "apache hadoop", "hadoop version", "checkpoint size", "checkpoint", "capacity", "non dfs", "datanodes", "live", "dead", "wed sep", "cest", "line", "state", "datanode http", "log directory", "watch", "gps time", "gpsd network", "sat apr", "gopher", "taxf", "tax forms", "load", "network", "transmitted", "mount point", "fs type", "gkrellm service", "size available", "goodbye", "corba naming", "ganglia", "ganglia version", "owner", "proftpd", "proftpd server", "cve20104221", "telnet iac", "telnetiac", "telnetkill", "cmdshellid", "shell command", "cve20112523", "syst", "mode", "no data", "syst error", "logged", "stream", "cmdshell", "send command", "opie", "cve20101938", "ftpd", "arciemowicz", "adam", "zabrocki", "sergey khegay", "ieuser", "freelancer", "rp server", "freelancer game", "niagara fox", "java hotspot", "server vm", "americachicago", "tridium", "systems", "billy rios", "flume", "environment", "se runtime", "target port", "helperport", "ethernet type", "eric leblond", "ip packet", "probetimeout", "icmp time", "icmp payload", "recvtimeout", "ip ttl", "firewalk", "combo", "cups service", "hp laserjet", "print", "documentation", "cups", "cemt", "access denied", "authorized", "cemt inquire", "dfltuser", "db2conn", "gutek ange", "welcome", "linux version", "fcrdns mismatch", "no ptr", "reverse dns", "ptr record", "address book", "safari", "event protocol", "buddy", "erlang port", "mapper daemon", "x00x01n", "gmbh", "corporation", "limited", "company", "automation", "encoder", "inst", "tips", "tech", "life", "pump", "peap", "eapttls", "eaptls", "eapmschapv2", "identity", "ttls", "mschap", "nbstat", "sshhostkey", "ssh host", "p445443", "win2ksrv001", "server platform", "instance name", "apache derby", "drda protocol", "drda excsat", "sample", "ibm db2", "informix", "get dpap", "ibm lotus", "domino", "mjacksson", "lotus domino", "peak", "console", "release", "windows32", "socketpool", "docker", "docker service", "gitcommit", "parsedomain", "cname", "scripttype", "parsetxt", "bulletproof", "sbl123456", "cn online", "ip range", "zeus botnet", "ztdns", "name ip", "dns update", "kerberos kdc", "change service", "catalog", "argfilter", "kerberos passwd", "ldap servers", "canon", "mg5200 series", "canon mg5200", "ivec", "bjnp protocol", "ftp version", "tcp portarg", "portarg", "dns service", "version196609", "version196616", "ossi0x1f6", "felix groebert", "txid", "duane wessels", "authority rrs", "answer rrs", "answer record", "get txt", "txtlen", "dns recursion", "ogjdvm author", "spoofed reply", "cve20081447", "nsid", "ch txt", "dns nameserver", "ssu p", "dnschars", "nsec", "dnscharsinv", "label", "nsec record", "removesuffix", "result name", "bumpdomain", "nsec response", "easy", "nsec3", "dnssec nsec3", "nsec3 walking", "dnsnsecenum", "getprefixmask", "dns lookup", "ipv6 network", "ipv6 prefix", "noerror", "nxdomain result", "peter", "bool", "slowdown", "launches", "david", "victoria", "halifax", "casper", "barry", "soa expire", "soa refresh", "soa retry", "soa mname", "soa record", "dns check", "refresh", "domains", "timedmultiplier", "timednumsamples", "stddev", "alexadomains", "aaaa", "dns bruteforce", "added target", "resolve", "commfile", "argcategory", "dns antispam", "spam received", "daemon command", "allows", "dict protocol", "show server", "index data", "client", "dicom service", "aet check", "dicom", "acceptreject", "dicom server", "titles", "hence", "dhcpinform", "dhcp request", "dhcp server", "dhcpack", "subnet mask", "dhcp option", "strfixedstart", "listfixedstart", "login error", "dictfixedstart", "db2 server", "transaction", "database server", "nodetype1", "db2commtcpip", "db2inst1", "control center", "db2 packet", "wed mar", "getsessionid", "daapitemlimit", "fever ray", "getdatabaseid", "limit", "daap server", "cvs pserver", "repo", "series", "ubu1110", "raw printer", "stopped", "cups printing", "cupspdf printer", "couchdb", "mochiweb", "admin party", "discard", "couchdb http", "testsuitedb", "testsuitedba", "moneyz", "block", "coap endpoint", "reporting", "payload", "coap", "u5683 su", "analyzes", "clamav", "scan", "scan command", "clamav remote", "citrixsrv01", "citrix xml", "citrix", "ica browser", "citrixsrv02", "anonymous", "notepad", "appdata", "settingkey", "xml service", "must change", "nextuser", "citrix pn", "cics user", "cics login", "cesl", "signon", "on to", "cics id", "valid cics", "cesf", "cesn", "cata", "numtrials", "cccam service", "trial", "cccam dvr", "cassandra", "cluster name", "cassinc", "test cluster", "account success", "manager control", "willing", "device pub", "computer", "wpad", "dhcp", "web proxy", "dhcp discovery", "dns discovery", "wpad host", "wpad file", "machex", "sent wol", "wol packet", "wakes", "mac return", "servicerequest", "model name", "bubbatwo dlna", "justin maggard", "model descr", "debian", "activation code", "tellsticknet", "acca12345678", "inet", "ping request", "sybase anywhere", "netmask", "romm", "firmm", "serial", "macserial", "romversion", "firmwareversion", "sonicwall", "ripng", "ripng response", "ripng request", "ripv2", "ripv2 request", "tags", "pppoe discovery", "pppoed", "ipv4 format", "ip header", "bbi2", "pim hello", "i2i2", "helloraw", "multicast", "pim multicast", "pcduo gateway", "pcduo remote", "srvname", "ospfv2 database", "print ospfv2", "ospfv2 hello", "ospfv2 ls", "area id", "destination mac", "captured ospfv2", "callit", "nbname", "broadcastaddr", "mssqldiscover", "yesno", "decoders", "uport", "hsrp", "dropbox", "server id", "slave port", "jenkins", "argaddress", "jenkinspkt", "jenkins auto", "apache jserv", "protocol server", "pathhelloworld", "hid discoveryd", "eigrp", "internal route", "external route", "max amount", "internal", "dropboxport", "key2", "listens", "nmap target", "dhcpoffer", "clientid", "ip pool", "ipid", "dhcpv6 request", "solicit", "message type", "advertise", "ba9876", "domain search", "db2getaddr", "ubu804db2e", "edusrv011", "devtype", "null udp", "cve20111002", "avahi null", "wait time", "header instance", "bbi2bbi4", "config info", "etherbroadcast", "pataoe", "brantley coile", "total", "nse argument", "dht protocol", "torrentfile", "dht discovery", "serviceproxy", "obtains", "bitcoin server", "prior", "node id", "lastblock", "bitcoin", "bacnet", "sdn bhd", "bacnet packet", "titan", "landis", "carrier", "simplex", "notifier", "walker", "aust", "savant", "monitoring", "energy", "starman", "covenant", "king", "etap", "echelon", "arcom", "vanti", "backorifice", "container", "bocrypt", "boversion", "bohostname", "system info", "magicstring", "ping reply", "pong", "pingpacket", "team cymru", "peer", "amqp", "erlangotp", "rabbitmq", "plain amqplain", "dragomir", "allseeing eye", "team death", "novodondo", "blue", "herox", "different ajp", "jsp test", "options request", "ajp service", "public folder", "shows afp", "utf8 server", "uams", "server flags", "flags hex", "password saving", "copy file", "machine type", "afpversion", "afpx03", "apple mac", "dir method", "maxfiles", "cve20100533", "directory", "afp server", "permission uid", "gid size", "time filename", "parameter error", "netatalk", "apple filing", "formatipv4", "isatap", "server ipv4", "client ipv4", "admin email", "parse daemon", "license", "acarsd" ], "references": [ "scripts", "vuze-dht-info.nse", "xmlrpc-methods.nse", "xdmcp-discover.nse", "x11-access.nse", "wsdd-discover.nse", "whois-domain.nse", "weblogic-t3-info.nse", "vulners.nse", "wdb-version.nse", "vtam-enum.nse", "voldemort-info.nse", "vnc-brute.nse", "vnc-title.nse", "vnc-info.nse", "vmauthd-brute.nse", "xmpp-brute.nse", "vmware-version.nse", "xmpp-info.nse", "versant-info.nse", "url-snarf.nse", "upnp-info.nse", "whois-ip.nse", "unusual-port.nse", "unittest.nse", "ventrilo-info.nse", "uptime-agent-info.nse", "tso-enum.nse", "ubiquiti-discovery.nse", "tn3270-screen.nse", "tso-brute.nse", "tls-ticketbleed.nse", "tls-nextprotoneg.nse", "tls-alpn.nse", "tftp-enum.nse", "traceroute-geolocation.nse", "telnet-ntlm-info.nse", "teamspeak2-version.nse", "targets-traceroute.nse", "targets-xml.nse", "telnet-encryption.nse", "targets-sniffer.nse", "telnet-brute.nse", "targets-ipv6-wordlist.nse", "targets-ipv6-multicast-mld.nse", "targets-ipv6-multicast-slaac.nse", "targets-asn.nse", "targets-ipv6-multicast-invalid-dst.nse", "targets-ipv6-multicast-echo.nse", "svn-brute.nse", "stun-version.nse", "targets-ipv6-map4to6.nse", "sslv2.nse", "stuxnet-detect.nse", "sstp-discover.nse", "supermicro-ipmi-conf.nse", "ssl-heartbleed.nse", "stun-info.nse", "ssl-known-key.nse", "sslv2-drown.nse", "ssl-cert-intaddr.nse", "ssl-ccs-injection.nse", "ssl-enum-ciphers.nse", "ssl-cert.nse", "ssh-publickey-acceptance.nse", "sshv1.nse", "ssl-dh-params.nse", "ssl-date.nse", "ssh-auth-methods.nse", "ssl-poodle.nse", "ssh-run.nse", "ssh2-enum-algos.nse", "ssh-hostkey.nse", "socks-auth-info.nse", "snmp-win32-users.nse", "socks-brute.nse", "snmp-sysdescr.nse", "snmp-win32-software.nse", "snmp-win32-services.nse", "snmp-win32-shares.nse", "ssh-brute.nse", "snmp-processes.nse", "snmp-hh3c-logins.nse", "snmp-info.nse", "snmp-brute.nse", "snmp-ios-config.nse", "snmp-interfaces.nse", "socks-open-proxy.nse", "snmp-netstat.nse", "smtp-strangeport.nse", "smtp-vuln-cve2011-1720.nse", "smtp-ntlm-info.nse", "sniffer-detect.nse", "smtp-enum-users.nse", "smb-server-stats.nse", "smtp-commands.nse", "smtp-vuln-cve2011-1764.nse", "smtp-brute.nse", "smb-webexec-exploit.nse", "smtp-vuln-cve2010-4344.nse", "smb-vuln-webexec.nse", "smb-vuln-regsvc-dos.nse", "smtp-open-relay.nse", "smb-vuln-ms17-010.nse", "smb-vuln-ms10-061.nse", "smb-vuln-ms10-054.nse", "smb-vuln-ms07-029.nse", "smb-vuln-ms06-025.nse", "smb-system-info.nse", "smb-protocols.nse", "smb-flood.nse", "smb-enum-domains.nse", "sip-methods.nse", "script.db", "smb-security-mode.nse", "smb-vuln-cve2009-3103.nse", "smb-psexec.nse", "smb-vuln-ms08-067.nse", "smb-print-text.nse", "smb-os-discovery.nse", "smb-mbenum.nse", "smb-ls.nse", "smb-enum-users.nse", "smb-vuln-conficker.nse", "smb-enum-shares.nse", "smb-enum-sessions.nse", "smb-enum-services.nse", "smb-enum-processes.nse", "smb-enum-groups.nse", "rsync-list-modules.nse", "smb-double-pulsar-backdoor.nse", "smb-brute.nse", "smb2-vuln-uptime.nse", "smb2-time.nse", "smb2-security-mode.nse", "smb2-capabilities.nse", "skypev2-version.nse", "sip-enum-users.nse", "sip-call-spoof.nse", "sip-brute.nse", "shodan-api.nse", "servicetags.nse", "samba-vuln-cve-2012-1182.nse", "s7-info.nse", "rusers.nse", "smb-vuln-cve-2017-7494.nse", "rtsp-url-brute.nse", "rtsp-methods.nse", "rsync-brute.nse", "rsa-vuln-roca.nse", "pop3-capabilities.nse", "rpcinfo.nse", "rpc-grind.nse", "rpcap-info.nse", "rpcap-brute.nse", "rmi-vuln-classloader.nse", "rmi-dumpregistry.nse", "rlogin-brute.nse", "riak-http-info.nse", "rfc868-time.nse", "rexec-brute.nse", "reverse-index.nse", "redis-info.nse", "redis-brute.nse", "realvnc-auth-bypass.nse", "rdp-vuln-ms12-020.nse", "rdp-ntlm-info.nse", "rdp-enum-encryption.nse", "quake3-master-getservers.nse", "quake3-info.nse", "qscan.nse", "qconn-exec.nse", "puppet-naivesigning.nse", "pptp-version.nse", "pop3-ntlm-info.nse", "pop3-brute.nse", "pjl-ready-message.nse", "port-states.nse", "pgsql-brute.nse", "pcworx-info.nse", "pcanywhere-brute.nse", "path-mtu.nse", "p2p-conficker.nse", "ovs-agent-version.nse", "oracle-tns-version.nse", "oracle-sid-brute.nse", "oracle-enum-users.nse", "oracle-brute-stealth.nse", "oracle-brute.nse", "openwebnet-discovery.nse", "openvas-otp-brute.nse", "openlookup-info.nse", "openflow-info.nse", "omron-info.nse", "omp2-enum-targets.nse", "omp2-brute.nse", "nrpe-enum.nse", "nping-brute.nse", "nntp-ntlm-info.nse", "nje-pass-brute.nse", "nje-node-brute.nse", "nfs-statfs.nse", "nfs-showmount.nse", "nfs-ls.nse", "nexpose-brute.nse", "netbus-version.nse", "ntp-info.nse", "netbus-info.nse", "netbus-brute.nse", "netbus-auth-bypass.nse", "nessus-xmlrpc-brute.nse", "nessus-brute.nse", "ndmp-version.nse", "ndmp-fs-info.nse", "ncp-serverinfo.nse", "ncp-enum-users.nse", "nbstat.nse", "nbns-interfaces.nse", "nbd-info.nse", "nat-pmp-mapport.nse", "nat-pmp-info.nse", "mysql-vuln-cve2012-2122.nse", "mysql-variables.nse", "mysql-users.nse", "mysql-query.nse", "mysql-info.nse", "mysql-enum.nse", "mysql-empty-password.nse", "mysql-dump-hashes.nse", "mysql-databases.nse", "mysql-brute.nse", "mysql-audit.nse", "murmur-version.nse", "mtrace.nse", "ms-sql-xp-cmdshell.nse", "ms-sql-tables.nse", "ms-sql-query.nse", "ms-sql-ntlm-info.nse", "ms-sql-hasdbaccess.nse", "ms-sql-empty-password.nse", "ms-sql-dump-hashes.nse", "ms-sql-dac.nse", "ms-sql-config.nse", "ms-sql-brute.nse", "msrpc-enum.nse", "mrinfo.nse", "mqtt-subscribe.nse", "ms-sql-info.nse", "mongodb-info.nse", "mongodb-databases.nse", "mongodb-brute.nse", "modbus-discover.nse", "mmouse-exec.nse", "mmouse-brute.nse", "mikrotik-routeros-brute.nse", "metasploit-xmlrpc-brute.nse", "metasploit-msgrpc-brute.nse", "metasploit-info.nse", "memcached-info.nse", "membase-http-info.nse", "membase-brute.nse", "mcafee-epo-agent.nse", "maxdb-info.nse", "lu-enum.nse", "lltd-discovery.nse", "lexmark-config.nse", "ldap-search.nse", "ldap-rootdse.nse", "ldap-novell-getpass.nse", "ldap-brute.nse", "krb5-enum-users.nse", "knx-gateway-info.nse", "jdwp-version.nse", "jdwp-inject.nse", "jdwp-info.nse", "jdwp-exec.nse", "isns-info.nse", "iscsi-info.nse", "iscsi-brute.nse", "irc-unrealircd-backdoor.nse", "irc-sasl-brute.nse", "imap-capabilities.nse", "irc-info.nse", "irc-brute.nse", "irc-botnet-channels.nse", "knx-gateway-discover.nse", "ipv6-ra-flood.nse", "ipv6-node-info.nse", "ipv6-multicast-mld-list.nse", "ipmi-version.nse", "ipmi-cipher-zero.nse", "ipmi-brute.nse", "ike-version.nse", "iec-identify.nse", "ipidseq.nse", "ip-https-discover.nse", "ip-geolocation-maxmind.nse", "ip-geolocation-map-kml.nse", "ip-geolocation-map-google.nse", "ip-geolocation-map-bing.nse", "ip-geolocation-ipinfodb.nse", "ip-geolocation-geoplugin.nse", "ip-forwarding.nse", "informix-tables.nse", "informix-query.nse", "informix-brute.nse", "impress-remote-discover.nse", "imap-ntlm-info.nse", "imap-brute.nse", "icap-info.nse", "iax2-version.nse", "iax2-brute.nse", "http-xssed.nse", "http-vlcstreamer-ls.nse", "http-wordpress-users.nse", "http-wordpress-enum.nse", "http-wordpress-brute.nse", "http-webdav-scan.nse", "http-waf-fingerprint.nse", "http-waf-detect.nse", "http-vuln-wnr1000-creds.nse", "http-vuln-misfortune-cookie.nse", "http-vuln-cve2017-1001000.nse", "http-vuln-cve2017-8917.nse", "http-vuln-cve2017-5689.nse", "http-vuln-cve2017-5638.nse", "http-vuln-cve2015-1635.nse", "http-vuln-cve2015-1427.nse", "http-vuln-cve2014-8877.nse", "http-vuln-cve2014-3704.nse", "http-vuln-cve2014-2129.nse", "http-vuln-cve2014-2128.nse", "http-vuln-cve2014-2127.nse", "http-vuln-cve2014-2126.nse", "http-vuln-cve2013-7091.nse", "http-vuln-cve2013-6786.nse", "http-vuln-cve2013-0156.nse", "http-vuln-cve2012-1823.nse", "http-vuln-cve2011-3368.nse", "http-vuln-cve2011-3192.nse", "http-vuln-cve2010-2861.nse", "http-vuln-cve2010-0738.nse", "http-vuln-cve2009-3960.nse", "http-vuln-cve2006-3392.nse", "http-vmware-path-vuln.nse", "http-virustotal.nse", "http-vhosts.nse", "http-userdir-enum.nse", "http-unsafe-output-escaping.nse", "http-trane-info.nse", "http-sitemap-generator.nse", "http-trace.nse", "http-tplink-dir-traversal.nse", "http-title.nse", "http-svn-info.nse", "http-svn-enum.nse", "http-stored-xss.nse", "http-traceroute.nse", "https-redirect.nse", "http-useragent-tester.nse", "http-sql-injection.nse", "http-slowloris-check.nse", "http-slowloris.nse", "http-headers.nse", "http-shellshock.nse", "http-server-header.nse", "http-security-headers.nse", "http-sap-netweaver-leak.nse", "http-robtex-shared-ns.nse", "http-robots.txt.nse", "http-rfi-spider.nse", "http-referer-checker.nse", "http-qnap-nas-info.nse", "http-put.nse", "http-proxy-brute.nse", "http-robtex-reverse-ip.nse", "http-phpself-xss.nse", "http-phpmyadmin-dir-traversal.nse", "http-passwd.nse", "http-open-redirect.nse", "http-open-proxy.nse", "http-ntlm-info.nse", "http-mobileversion-checker.nse", "http-method-tamper.nse", "http-methods.nse", "http-mcmp.nse", "http-malware-host.nse", "http-majordomo2-dir-traversal.nse", "http-ls.nse", "http-litespeed-sourcecode-download.nse", "http-joomla-brute.nse", "http-internal-ip-disclosure.nse", "http-jsonp-detection.nse", "http-iis-webdav-vuln.nse", "http-iis-short-name-brute.nse", "http-icloud-sendmsg.nse", "http-icloud-findmyiphone.nse", "http-hp-ilo-info.nse", "http-grep.nse", "http-google-malware.nse", "http-gitweb-projects-enum.nse", "http-git.nse", "http-generator.nse", "http-frontpage-login.nse", "http-form-fuzzer.nse", "http-form-brute.nse", "http-fileupload-exploiter.nse", "http-fetch.nse", "http-feed.nse", "hddtemp-info.nse", "http-favicon.nse", "ftp-anon.nse", "http-exif-spider.nse", "http-errors.nse", "http-enum.nse", "http-drupal-enum-users.nse", "http-huawei-hg5xx-vuln.nse", "http-drupal-enum.nse", "http-domino-enum-passwords.nse", "http-dombased-xss.nse", "http-dlink-backdoor.nse", "fingerprint-strings.nse", "http-devframework.nse", "http-default-accounts.nse", "http-date.nse", "http-csrf.nse", "http-cross-domain-policy.nse", "http-cors.nse", "http-cookie-flags.nse", "http-config-backup.nse", "http-comments-displayer.nse", "http-coldfusion-subzero.nse", "http-cisco-anyconnect.nse", "http-chrono.nse", "http-cakephp-version.nse", "http-brute.nse", "http-bigip-cookie.nse", "http-barracuda-dir-traversal.nse", "http-backup-finder.nse", "http-axis2-dir-traversal.nse", "http-awstatstotals-exec.nse", "http-avaya-ipoffice-users.nse", "http-auth-finder.nse", "http-auth.nse", "http-aspnet-debug.nse", "http-apache-server-status.nse", "http-apache-negotiation.nse", "http-affiliate-id.nse", "http-adobe-coldfusion-apsa1301.nse", "hostmap-robtex.nse", "hostmap-crtsh.nse", "hostmap-bfk.nse", "hnap-info.nse", "hbase-region-info.nse", "hbase-master-info.nse", "hadoop-tasktracker-info.nse", "hadoop-secondary-namenode-info.nse", "hadoop-namenode-info.nse", "hadoop-jobtracker-info.nse", "hadoop-datanode-info.nse", "gpsd-info.nse", "gopher-ls.nse", "gkrellm-info.nse", "giop-info.nse", "ganglia-info.nse", "ftp-vuln-cve2010-4221.nse", "ftp-vsftpd-backdoor.nse", "ftp-syst.nse", "ftp-proftpd-backdoor.nse", "ftp-libopie.nse", "ftp-brute.nse", "ftp-bounce.nse", "freelancer-info.nse", "fox-info.nse", "flume-master-info.nse", "firewall-bypass.nse", "firewalk.nse", "cups-queue-info.nse", "cics-info.nse", "finger.nse", "fcrdns.nse", "eppc-enum-processes.nse", "epmd-info.nse", "enip-info.nse", "eap-info.nse", "duplicates.nse", "drda-info.nse", "drda-brute.nse", "dpap-brute.nse", "domino-enum-users.nse", "domcon-cmd.nse", "domcon-brute.nse", "docker-version.nse", "dns-zone-transfer.nse", "dns-zeustracker.nse", "dns-update.nse", "dns-srv-enum.nse", "bjnp-discover.nse", "banner.nse", "dns-service-discovery.nse", "dns-recursion.nse", "dns-random-txid.nse", "auth-spoof.nse", "dns-random-srcport.nse", "dns-nsid.nse", "dns-nsec-enum.nse", "dns-nsec3-enum.nse", "dns-ip6-arpa-scan.nse", "dns-fuzz.nse", "dns-client-subnet-scan.nse", "dns-check-zone.nse", "dns-cache-snoop.nse", "dns-brute.nse", "dns-blacklist.nse", "distcc-cve2004-2687.nse", "dict-info.nse", "dicom-ping.nse", "dicom-brute.nse", "dhcp-discover.nse", "deluge-rpc-brute.nse", "db2-das-info.nse", "daytime.nse", "daap-get-library.nse", "cvs-brute-repository.nse", "cvs-brute.nse", "cups-info.nse", "creds-summary.nse", "couchdb-stats.nse", "couchdb-databases.nse", "coap-resources.nse", "clock-skew.nse", "clamav-exec.nse", "citrix-enum-servers-xml.nse", "citrix-enum-servers.nse", "citrix-enum-apps-xml.nse", "citrix-enum-apps.nse", "citrix-brute-xml.nse", "cics-user-enum.nse", "cics-user-brute.nse", "cics-enum.nse", "cccam-version.nse", "cassandra-info.nse", "cassandra-brute.nse", "broadcast-xdmcp-discover.nse", "broadcast-wsdd-discover.nse", "broadcast-wpad-discover.nse", "broadcast-wake-on-lan.nse", "broadcast-versant-locate.nse", "broadcast-upnp-info.nse", "broadcast-tellstick-discover.nse", "broadcast-sybase-asa-discover.nse", "broadcast-sonicwall-discover.nse", "broadcast-ripng-discover.nse", "broadcast-rip-discover.nse", "broadcast-pppoe-discover.nse", "broadcast-ping.nse", "broadcast-pim-discovery.nse", "broadcast-pc-duo.nse", "broadcast-pc-anywhere.nse", "broadcast-ospf2-discover.nse", "broadcast-novell-locate.nse", "broadcast-networker-discover.nse", "broadcast-netbios-master-browser.nse", "broadcast-ms-sql-discover.nse", "broadcast-listener.nse", "broadcast-jenkins-discover.nse", "ajp-headers.nse", "broadcast-hid-discoveryd.nse", "broadcast-eigrp-discovery.nse", "broadcast-dropbox-listener.nse", "broadcast-dns-service-discovery.nse", "broadcast-dhcp-discover.nse", "broadcast-dhcp6-discover.nse", "broadcast-db2-discover.nse", "broadcast-bjnp-discover.nse", "broadcast-avahi-dos.nse", "broadcast-ataoe-discover.nse", "bittorrent-discovery.nse", "bitcoinrpc-info.nse", "bitcoin-info.nse", "bitcoin-getaddr.nse", "bacnet-info.nse", "backorifice-info.nse", "backorifice-brute.nse", "auth-owners.nse", "asn-query.nse", "amqp-info.nse", "allseeingeye-info.nse", "ajp-request.nse", "ajp-methods.nse", "ajp-brute.nse", "ajp-auth.nse", "afp-showmount.nse", "afp-serverinfo.nse", "afp-path-vuln.nse", "afp-ls.nse", "afp-brute.nse", "address-info.nse", "acarsd-info.nse", "https://seclists.org/nmap-dev/2011/q4/420", "https://viz.greynoise.io/analysis/001f6d4e-555b-49d3-a714-e71deea739d0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1127", "name": "Trusted Developer Utilities Proxy Execution", "display_name": "T1127 - Trusted Developer Utilities Proxy Execution" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 107, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 288, "FileHash-MD5": 52, "URL": 218, "hostname": 180, "email": 33, "CIDR": 14, "CVE": 76, "FileHash-SHA1": 48, "FileHash-SHA256": 841 }, "indicator_count": 1750, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6605781ad51380e5b1c22815", "name": "haul from the last two weeks of wrangling - presumed malware and IOC's found on my personal devices", "description": "nearing the two year mark of the first initial attack - unfortunately OTX was only able to pull domains from the large majority of files uploaded which seems to be a built in anti-debug feature and goes with the theme and \"look & feel\" of this latest iteration being that most of them were somehow someway remote and acting as a net file system on my machine", "modified": "2024-04-27T02:04:29.606000", "created": "2024-03-28T14:00:58.809000", "tags": [ "dddf", "target", "dddj", "path", "base o", "base", "backupfile", "base rw", "exit", "date", "hell", "gnu libtool", "please do", "linker", "lsmime3 lnss3", "lplc4 lnspr4", "ludev", "directory", "lmagic ljansson", "feugiat", "lorem ipsum", "nulla facilisi", "malesuada", "etiam tempor", "suspendisse", "consectetur", "bibendum", "amet", "eget aliquet", "basesectors", "date echo", "default", "label", "kernel", "append rhgb", "clsid", "systemroot", "webbrowser", "ispell", "imagemagick", "flex", "zle c", "whois", "locate", "rubber", "chown", "ruby", "ninja", "pacman", "restart", "kill", "django", "mark", "repl", "service", "term", "mkdir", "borg", "black", "conan", "dolphin", "dotnet", "hello", "john", "generic", "find", "shutdown", "mozilla", "first", "subsystem", "action", "goto", "load", "devtype", "idnetdriver", "drivers", "program", "interface", "nmunmanaged", "ethernet", "mac prefix", "attr", "virtualbox host", "mac address", "interface name", "hello world", "unit", "timer", "onbootsec5min", "install", "wait online", "networkmanager", "edit", "note", "typeoneshot", "cloud", "optin", "helper", "for testing", "only", "restrict", "grant", "enable debug", "trace", "killmodeprocess", "typedbus", "reload", "capdacoverride", "dhcp etc", "include", "yara", "cflags", "libs", "xxx remove", "the author", "this software", "isc license", "copyright", "schlueter", "permission", "software is", "provided", "as is", "disclaims all", "direct", "require", "semver", "comparator", "range", "releasetypes", "simple", "tilde", "09azaz", "prerelease", "same", "beta", "semverrangesgtr", "semverrangesltr", "coerce version", "ranges", "alpha", "standalone", "exits", "null", "false", "reverse", "compare", "a javascript", "copyright isaac", "typeerror", "maxsafeinteger", "maxlength", "break", "error", "number", "drop", "same direction", "symbol", "comp", "const", "caret", "flagloose", "xrange", "parse", "identifier", "object", "match", "string", "walk", "manually", "stop", "highhaspre", "major", "minor", "patch", "istanbul", "preminor", "index", "regexp", "build metadata", "meaning", "replace", "token", "zero", "star", "infinity", "return", "a cache", "build status", "coverage status", "the same", "options", "before", "lrulist", "cache", "length", "dispose", "maxage", "allowstale", "nodisposeonset", "yallist", "node", "array", "head", "function", "tail", "start", "insert", "just", "node object", "barbar", "array method", "default export", "any comparator", "complex range", "simple range", "c1 c2", "outer", "every simple", "ecomp", "must", "clone", "case", "ignore", "setmin", "determine", "version", "typeof", "contribute", "status", "node package", "manager", "benchmark suite", "installation", "direct download", "ql https", "node version", "usage", "project", "calendar", "package", "source", "license", "source form", "perl foundation", "distributor fee", "distribute", "standard", "neither", "module", "basecommand", "lifecyclecmd", "base command", "pacote", "browser", "workspace", "pkgname", "await", "boolean", "base class", "wrapwidth", "chalk", "command", "config", "npmcliconfig", "logfile", "timers", "display", "location", "audit", "arboristcmd", "arborist", "global", "whoami", "async", "json", "view", "pref", "pckmnt", "resolve", "utf8", "libnpmversion", "unstar", "update", "save", "omit", "packagelock", "dryrun", "force", "libnpmaccess", "spec", "uninstall", "todo", "enoent", "enotdir", "test", "scriptshell", "scope", "team", "create", "user", "libnpmteam", "destroy", "table", "list", "cidr", "stars", "eneedauth", "shrinkwrap", "rename", "npmcliarborist", "value", "unicode", "sbom", "cyclonedx", "build", "sbomformats", "response", "software bill", "look", "script", "runscript", "indent", "root", "minipass", "search", "pipeline", "filterstream", "libnpmsearch", "long", "grab", "packageurlcmd", "repo", "info", "repo const", "rebuild", "reifycmd", "publish", "libnpmpack", "npmclirunscript", "prune", "remove", "prefix", "args", "queryable", "packagejson", "pong", "cleanurl", "registry", "pack", "load tarball", "noise", "query", "edge", "etarget", "e403", "e404", "outdated", "homepage", "developer", "admin", "owner", "libnpmorg", "npmfetch", "logout", "getauth", "invalid", "parent", "depth", "type", "filteredby", "dedupe", "problems", "login", "link", "util", "installcitest", "runs", "prop", "password", "profile", "mode", "email", "twitter", "hook", "libnpmhook", "init", "wpath", "installtest", "complete", "globaltop", "help", "viewer", "glob", "pattern", "file", "globify", "explore", "shell", "handle", "fund", "which", "fundingsource", "archy", "explain", "helpsearch", "text", "part", "editor", "editor const", "childprocess", "check", "nodemodules", "docs", "promisify", "doctor", "cacache", "mask", "win32", "disttag", "packagespec", "semver range", "delete", "diff", "workspacepath", "actualtree", "libnpmdiff", "deprecate", "message", "write", "clean", "spawn", "compline", "comppoint", "compcword", "epipe", "completion", "compfish", "os x", "bugs", "report", "adduser", "exec", "libnpmexec", "localprefix", "runpath", "skip", "public key", "npmauditreport", "access", "item", "finddupes", "syntaxerror", "getcli", "eventemitter", "abort", "ssri", "columnify", "bundled", "tarball details", "sha1", "daily", "latest", "check daily", "weekly", "cyclonedxschema", "cyclonedxformat", "proppath", "propbundled", "propdevelopment", "propextraneous", "propprivate", "refvcs", "refwebsite", "crypto", "readpassword", "readusername", "reademail", "enter", "enter otp", "otpprompt", "afaf09", "passwordprompt", "auditerror", "getfundinginfo", "json output", "data", "append", "maybeindex", "ontimeend", "name", "returns", "noassertion", "spdxidentifer", "spdxdatalicense", "reldescribes", "reldep", "reftypepurl", "spdxid", "eotp", "e401", "setinterval", "npmlog", "proclog", "maxlogsperfile", "fsminipass", "open", "colmax", "colmin", "colgutter", "quick help", "convert", "b return", "mb return", "gb return", "sigint", "readline", "prompt", "promise", "eresolve error", "overridden", "peer", "extraneous", "optional", "isworkspace", "maxlen", "code", "unfinished", "notice", "isshellout", "matcherrorcode", "devnull", "npmcompletion", "compwords", "compreply", "o default", "f npmcompletion", "ifs compadd", "fish shell", "l cmd", "taken", "comp stuff", "lx compline", "abbrev", "please", "enyi", "json version", "cygwin", "c1 control", "numbers", "x09 x0a", "10000", "nodemodulesnpm", "builtin", "npmrc", "notsup", "notarget", "nospc", "rofs", "author", "npmclifs", "minimatch", "pathtofoo", "relative", "synopsis", "description", "field", "person", "configuration", "whether", "premajor", "prepatch", "prevents", "run git", "upgrade", "examples", "will", "shareman", "cidr whitelist", "please refer", "tokenid", "eslint", "c eslint", "compatibility", "older", "versions", "nodeoptions", "details", "output", "example", "posix", "unstarring", "lcall", "starring", "lock", "materials", "spdx", "lodash", "nodeenv", "initcwd", "boolean set", "boolean tells", "windows", "unix", "selector", "use cases", "queries", "equivalent", "boolean show", "nocolor environ", "cli look", "boolean force", "dependency", "json object", "production", "files", "cicd system", "property", "change", "url opener", "basic auth", "allow", "description a", "removes", "semvermajor", "ping https", "ping http", "found", "get http", "example add", "json format", "handy", "display prefix", "g usrlocal", "mycorp", "associate", "deprecated", "libnodemodules", "caveat note", "workspace usage", "string override", "tarball", "githubrepo", "initializer", "usrfoo", "forwarding", "suppose", "commandsnpm", "hooks", "url endpoint", "browse", "consider", "ci environment", "string optional", "promzard", "top level", "expect", "javascript", "it staff", "https", "cli team", "ecmascript", "readme", "package current", "latest location", "depended", "git repos", "git dependency", "newest version", "modify package", "description add", "show", "purpose tags", "tags", "keyvalue", "16 16", "boolean ignore", "boolean do", "string source", "treat", "example make", "grep", "travis ci", "details npm", "localappdata", "tab completion", "bulk advisory", "sha256publickey", "endpoint", "quick audit", "set access", "that user", "scoped", "python", "description npm", "node javascript", "important npm", "introduction", "c code", "unix system", "integrity", "provide", "facilitate", "cli tool", "handling old", "lockfiles", "file format", "legacy", "urls", "spdx license", "most", "barney rubble", "specify", "github", "dependencies", "github urls", "node installer", "linux", "overview", "windows node", "prefixetcnpmrc", "variablename", "home", "comments", "peruser config", "global config", "builtin config", "auth", "cycles", "local install", "global install", "appdata", "below", "please note", "stage", "after", "life cycle", "runs after", "post scripts", "scripts", "slate", "synopsis so", "rf usrlocal", "modules", "with", "laf usrlocal", "l npm", "description all", "installing", "myorgmypackage", "requiring", "publishing", "private modules", "scopes", "apis", "auth related", "does", "package name", "aliases", "folders", "os equivalent", "tarballs", "teams", "orgs", "super admin", "team admins", "developer guide", "description so", "be explicit", "blank", "standard glob", "link packages", "syntax", "selectors", "querying", "log file", "location all", "log levels", "information", "headers", "logs", "alias", "certificate", "format", "docext", "content", "descriptions", "shorthands", "keyb", "print", "dir1", "manual", "input", "line", "process", "display help", "dirs", "get contents", "maxdepth", "contents", "u2665 bxe5r", "ud834udf06 baz", "single", "cssesc", "usage arborist", "commands", "options most", "npm install", "npm rm", "time", "silent", "fetch", "conf", "handler", "extract", "additional", "jackspeak", "jack", "glob v", "expand", "drive letter", "never", "true", "rob browning", "gnu library", "general", "public license", "license file", "future import", "adderror", "cdfq", "charles levert", "egrep", "egrepegrep", "fgrepfgrep", "grepgrep", "svr4 grepegrep", "times", "attributeerror", "fixcygwinid", "enhanced", "false try", "false assert", "tsns", "inetaddress", "none", "return value", "unixaddress", "localrepo", "httpserver", "valueerror", "resourcepath", "exception", "eoferror", "c version", "bytesio", "offset", "binary", "ascii", "baseversion", "commit", "throw", "in n", "send", "data end", "if 10", "copy", "send logoutn", "exitatoi", "tmplink", "lcallc binls", "varlogsetup rm", "sf tmp", "slackware", "system console", "entry", "ansi mode", "b007e", "slackware ftp", "cdrom", "miquel van", "smoorenburg", "okay", "minix", "fixme", "overwrite", "connect", "ssh connection", "subcmd", "bbupttywidth", "bupforcetty", "hashsplitter", "b options", "false def", "hack", "kbytesr", "srcpath", "tmptagfiles", "device", "tmpreply", "reply", "including", "but not", "quotesplit", "quoteerror", "not word", "split line", "mainselect", "tpxetcfstab", "select", "slackware linux", "varlogmount", "anything", "tmpswapmsg", "swappart", "ndir", "swaplist", "tmpsetswap", "linux swap", "swap space", "redir", "linux fdisk", "tmptmpscript", "eof fi", "instsets", "gnome", "tmpsetds", "tmpsetseries", "gnu emacs", "gnome desktop", "linux kernel", "k desktop", "uucp", "tmp fi", "tmpsettpx", "tpxetcshadow", "root password", "detected", "internet", "press", "linux native", "partitions", "tmpreturn", "nodes", "nextpartition", "rootdevice", "mtpt", "size", "formatting", "doformat", "main", "done", "sourcemedia", "tmpmedia", "source media", "selection", "slackware cd", "network file", "tmpsetreturn", "maketag", "choice", "mount", "tagext", "tmpsetnewtag", "tmpsettagmake", "sorry", "tmpsetkeymap", "mapname", "moorhead", "keyboard map", "us keyboard", "updown", "copying", "kernel chmod", "kernel rdev", "lilo", "fullerr", "tmpsettestfull", "partition full", "setup", "altf2", "slackware setup", "dospart", "newdir", "tmptempscript", "tmpsetdos", "partition", "ntfs", "doslist", "installscripts", "tpxproc", "atapi cd", "kerberos", "file transfer", "iana", "appletalk", "network", "control", "secure shell", "chat", "contact", "prospero", "outtag", "outshift", "if 30", "conn", "setmode", "dumb", "smart", "clienterror", "rather", "stopiteration", "firstexclusion", "appendcommit", "firstbranchitem", "filterbranch", "origtip", "oldnew", "remoterepo", "group", "prevpath", "sisdir import", "dangerous", "count", "subcount", "ioerror", "oserror", "gitmodetree", "gitmodefile", "gitmodesymlink", "stack", "nonlocal", "revision", "presdir", "admdirpackages", "warn", "tmprequiredlist", "trigger", "arch", "procscsiscsi", "luns", "scsi", "ax1b", "skript", "scsi bus", "kurt garloff", "gnu gpl", "ieee1394", "l found0", "nextrepoid", "repoid", "realpath", "usb keyboard", "d libmodules", "nousb", "procbususb a", "procbususb fi", "load input", "q input", "inet system", "hostname", "attach", "etcmotd", "newdisk", "scan", "slackkernel", "ram disk", "r sbp2", "r ieee1394", "firewire", "noieee1394", "q ieee1394", "attempt", "use f", "none def", "return password", "return none", "passwd", "nametopwdcache", "gidtogrpcache", "nametogrpcache", "tagfile", "prompt mode", "help software", "less", "removepkg", "gnu cc", "linux source", "pkgtool", "proccmdline", "termvt100", "termlinux", "homeroot lessmm", "ps1u", "home path", "display less", "term ps1", "kind", "branch", "period", "tmpsetfdisk", "minor elif", "smashedline", "l dev", "tmpsetfdisk fi", "probe", "mylex", "raid", "disksets", "packagedir", "blurb", "sourcedir", "tmptmpmsg", "tmptagfile", "media", "pcmcia", "umountcdrom", "o ro", "floppy", "pcmcia andor", "cardbus", "usedflopfalse", "libdir", "libdir exedir", "bcmd", "exedir", "openssl set", "packageversion", "versiongreater", "invert", "optdict", "intify", "limited to", "sockets layer", "argv", "normally", "shutwr", "sigexception", "demuxconn", "pipe import", "demultiplex", "openssl", "debug", "opensslversion", "static imported", "target openssl", "cmake", "shared imported", "fatalerror", "obex", "import", "stringio import", "obex service", "bdaddr channeln", "ascii character", "alength", "notfoundreturn", "use nis", "nis version", "name service", "switch config", "legal", "use dns", "domain name", "os2 boot", "os2 fdisk", "partition magic", "boot manager", "tcpip subsystem", "nfs install", "network support", "make", "sample file", "zip disk", "zip drive", "first scsi", "first ide", "atari", "solaris", "drive x", "zip100", "linkdir", "linkdir fi", "tmp directory", "asap", "linkdir tmp", "indexerror", "want", "midxversion", "wrapper", "multiple index", "filename", "desiredhwm", "domidx", "exitstack", "total", "option", "c option", "vmsize", "vmrss", "vmdata", "vmstk", "majflt", "september", "guess object", "longmatch", "raid device", "devrd", "devname", "concord", "applyerror", "metadata", "einval", "macos", "frozen", "fifo", "common code", "faildelay", "faillogenab", "logunkfailenab", "logoklogins", "lastlogenab", "mailcheckenab", "quotasenab", "syslogsuenab", "syslogsgenab", "console console", "ttywidth", "baseexception", "pythonpath", "pipe", "sigismember", "xdropaqueauth", "libcpvalloc", "rtld", "gnu c", "library", "free software", "foundation", "gnu lesser", "general public", "merchantability", "refs", "keyerror", "important", "carefully", "kwargs", "super", "true result", "priority", "pmsg", "crunch", "tmptempmsg", "localnetmask", "localipaddr", "upnrun", "ip address", "localgateway", "kversion", "eof dialog", "tmpmask", "localnetwork", "slackdevice", "fgrep", "ftp site", "tmpsetmount", "reboot machine", "tmpwhichdrv", "tmpsetmount cat", "select floppy", "drive", "tmptempmsg exit", "tmptempmsg mv", "tmpsourcedir", "drivefound", "cddvd", "rdir", "cddvd drive", "tmpsetcddev", "ide bus", "tmperrordo exit", "third", "login binsh", "l ttys0", "l ttys1", "x0 s", "reboot", "stuff", "bupdir", "iterhelper", "next", "none d", "indexhdr", "ixexists", "ixhashvalid", "ixshamissing", "indexsig", "entlen", "footersig", "tmpdir", "experimental", "bdupcache", "brestore", "bindex", "agulbra", "tcpip", "linux box", "hlinkdb", "verify", "maxpertree", "bupblobbits", "buptreeblobbits", "giterror", "mpicount", "bupnormal", "bupchunked", "refresh", "close", "dump", "dest", "commonargs", "ref dest", "pick", "btree", "missingobject", "bloom filter", "existingcount", "idxlivecount", "ram budget", "bupfs", "importerror", "fuse", "verbose", "fakemetadata", "fsdecode", "ptraceerror", "ptracesetregs", "cpu64bits", "ptraceattach", "ptracedetach", "ptracesyscall", "cpuwordsize", "runningbsd", "ext2", "proc proc", "commanderror", "optionerror", "lcctype", "iso88591", "localrepo repo", "sbine2fsck", "bfailed", "elif", "bcanary", "posix acls", "linux partition", "move", "pgdnspace", "olargefile", "onofollow", "xdev", "xdevxdev", "dirlist", "prepend", "cyan", "white", "blue", "dialog box", "yellow", "active button", "inactive button", "search box", "input box", "green", "excluderxs", "doit", "s seed", "this command", "is extremely", "dangerous n", "chunksize", "socket", "return hex", "supports python", "rethrow", "hostrs", "bnone", "bload", "branchpath", "snapshotroot", "snapshot", "tmpidx", "bashsource", "bashlineno", "int dryrun", "importing", "ux f", "sbinbrc", "eof binsync", "unmounting file", "devnull echo", "rest", "first assert", "existing", "restcount", "none path", "maxbloombits", "bloomversion", "maxbitseach", "discussion", "k4 k5", "k6 k7", "k8 k9", "rvatoi", "exitrv", "exit 1", "noblock", "sisdir", "sislnk", "writetree", "rawtreeitem", "splittreeitem", "metadataro", "meta", "builtmodulename", "dkms", "packagename", "autoinstall", "kernelrelease", "kbuild", "kerneluname", "implementation", "murmurhash3", "jens taylor", "gary court", "austin appleby", "typeof h", "later", "tls1", "fbtfr", "fbfr", "apache http", "fbefr", "fbhfr", "fbabfr", "http", "keepalive", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "getprocaddress", "access type", "ck id", "observed ja3", "mitre att", "show technique", "suspicious", "hybrid", "click", "delphi", "strings", "malicious", "february", "middle", "exploit", "gameover", "hybrid analysis", "api key", "vetting process", "ck matrix", "accept", "memoryfile scan", "invalid octet", "falcon sandbox", "tmpp59thrck", "informative", "name tactics" ], "references": [ "itl-logo.txt", "empty.exe", "libnm.la", "libyara.la", "sunjava_map.xml", "lorem.txt", "stage2", "q\u00e9\u00d5?e\u00ac\u00d2\u00b6.\u000f\u001c\u00cc", "syslinux.cfg", "x.jnlp", "desktop.ini", "a.txt", "a.txt:ads.txt", "dir:ads.txt", "b.txt:ads.txt", "no_ads.txt", ".:ads.txt", "b.txt", "nm-shared.xml", ".zcompdump-m1904-5.9", ".zcompdump", "90-nm-thunderbolt.rules", "84-nm-drivers.rules", "85-nm-unmanaged.rules", "???? ????????.txt", "notes.txt", "notes.txt:ads", "nm-cloud-setup.timer", "NetworkManager-wait-online.service", "nm-cloud-setup.service", "nm-priv-helper.service", "NetworkManager-dispatcher.service", "NetworkManager.service", "NetworkManager-ovs.conf", "nm-pppd-plugin.la", "yara.pc", "libnm.pc", "preload.js", "LICENSE", "index.js", "range.bnf", "package.json", "README.md", "semver.js", "comparator.js", "range.js", "valid.js", "sort.js", "satisfies.js", "rsort.js", "rcompare.js", "prerelease.js", "patch.js", "neq.js", "minor.js", "major.js", "lt.js", "inc.js", "parse.js", "gt.js", "eq.js", "gte.js", "compare-loose.js", "compare.js", "clean.js", "cmp.js", "coerce.js", "compare-build.js", "diff.js", "lte.js", "parse-options.js", "identifiers.js", "debug.js", "constants.js", "re.js", "yallist.js", "iterator.js", "subset.js", "to-comparators.js", "outside.js", "min-version.js", "min-satisfying.js", "max-satisfying.js", "ltr.js", "simplify.js", "intersects.js", "gtr.js", "npmrc", "cli.js", "lifecycle-cmd.js", "cli-entry.js", "package-url-cmd.js", "base-command.js", "npm.js", "arborist-cmd.js", "whoami.js", "view.js", "version.js", "unstar.js", "update.js", "unpublish.js", "uninstall.js", "test.js", "team.js", "stop.js", "start.js", "token.js", "stars.js", "shrinkwrap.js", "set.js", "star.js", "sbom.js", "run-script.js", "root.js", "search.js", "repo.js", "restart.js", "rebuild.js", "publish.js", "prune.js", "prefix.js", "pkg.js", "ping.js", "pack.js", "query.js", "outdated.js", "org.js", "owner.js", "logout.js", "ls.js", "ll.js", "login.js", "link.js", "install-ci-test.js", "profile.js", "hook.js", "init.js", "install-test.js", "install.js", "help.js", "explore.js", "fund.js", "explain.js", "help-search.js", "get.js", "edit.js", "docs.js", "doctor.js", "dist-tag.js", "dedupe.js", "deprecate.js", "ci.js", "config.js", "completion.js", "bugs.js", "adduser.js", "exec.js", "audit.js", "access.js", "cache.js", "find-dupes.js", "validate-engines.js", "web-auth.js", "tar.js", "update-notifier.js", "sbom-cyclonedx.js", "replace-info.js", "read-user-info.js", "reify-output.js", "queryable.js", "timers.js", "validate-lockfile.js", "sbom-spdx.js", "otplease.js", "pulse-till-done.js", "log-shim.js", "log-file.js", "npm-usage.js", "get-identity.js", "format-bytes.js", "open-url-prompt.js", "explain-eresolve.js", "explain-dep.js", "exit-handler.js", "open-url.js", "did-you-mean.js", "completion.sh", "completion.fish", "cmd-list.js", "auth.js", "audit-error.js", "is-windows.js", "display.js", "reify-finish.js", "error-message.js", "format-search-stream.js", "installed-shallow.js", "installed-deep.js", "update-workspaces.js", "get-workspaces.js", "npm-view.md", "npm-version.md", "npm-uninstall.md", "npm-token.md", "npx.md", "npm-team.md", "npm-stop.md", "npm-unstar.md", "npm-start.md", "npm-star.md", "npm-test.md", "npm-shrinkwrap.md", "npm-stars.md", "npm-sbom.md", "npm-root.md", "npm-run-script.md", "npm-restart.md", "npm-rebuild.md", "npm-query.md", "npm-search.md", "npm-prune.md", "npm-publish.md", "npm-profile.md", "npm-repo.md", "npm-whoami.md", "npm-pkg.md", "npm-pack.md", "npm-ping.md", "npm-org.md", "npm-owner.md", "npm-prefix.md", "npm-login.md", "npm-logout.md", "npm-link.md", "npm-install-ci-test.md", "npm-install.md", "npm-init.md", "npm-update.md", "npm-help-search.md", "npm-hook.md", "npm-help.md", "npm-find-dupes.md", "npm-explore.md", "npm-unpublish.md", "npm-exec.md", "npm-ls.md", "npm-edit.md", "npm-doctor.md", "npm-fund.md", "npm-outdated.md", "npm-docs.md", "npm-dist-tag.md", "npm-config.md", "npm-diff.md", "npm-ci.md", "npm-cache.md", "npm-bugs.md", "npm-completion.md", "npm-audit.md", "npm-access.md", "npm.md", "npm-install-test.md", "npm-adduser.md", "npm-dedupe.md", "package-lock-json.md", "package-json.md", "npm-shrinkwrap-json.md", "install.md", "npmrc.md", "folders.md", "workspaces.md", "scripts.md", "removal.md", "scope.md", "registry.md", "package-spec.md", "orgs.md", "developers.md", "dependency-selectors.md", "logging.md", "config.md", "node-which", "mkdirp", "qrcode-terminal", "installed-package-contents", "cssesc", "color-support", "arborist", "pacote", "glob", "empty", "xstat (2).py", "zgrep", "xstat.py", "wtmp", "web.py", "vt300", "vt300 (2)", "vt100 (3)", "vt100", "vint.py", "version (2).py", "version.py", "vdecmd", "unmigrate (2).sh", "unmigrate.sh", "tick.py", "termcap (2)", "termcap", "tag.py", "syslinux (2).cfg", "syslog.conf", "syslog (2).conf", "styles.css", "stdcrt (2)", "std (2)", "stage2 (3)", "stage2 (2)", "std", "ssh.py", "source_info.py", "split.py", "slackinstall", "stdcrt", "shells", "shells (2)", "shquote.py", "shadow (2)", "shadow", "setup (2)", "SeTswap (2)", "SeTPKG (2)", "setup", "SeTswap", "SeTpasswd (2)", "SeTpasswd", "SeTnopart (2)", "SeTpartitions (2)", "SeTnopart", "SeTPKG", "SeTmedia (2)", "SeTpartitions", "SeTmedia", "SeTmaketag", "slackinstall (2)", "SeTkeymap (2)", "SeTmaketag (2)", "SeTkernel", "SeTfull (2)", "SeTkernel (2)", "SeTfull", "SeTfdHELP", "SeTfdHELP (2)", "SeTkeymap", "SeTDOS (2)", "SeTconfig (2)", "services (2)", "SeTDOS", "SeTconfig", "services", "sendcmd.rc", "securetty (2)", "securetty", "server.py", "rm.py", "restore.py", "rm (2).py", "save.py", "removepkg", "rescan-scsi-bus", "removepkg (2)", "README (2)", "README", "repo.py", "rc.usb", "rc.inet1", "rc.S", "rc.ieee1394", "random.py", "pwdgrp.py", "PROMPThelp (2)", "profile (2)", "prune_older.py", "profile", "probe (2)", "probe", "pkgtool", "pkgtool (2)", "pcmcia", "path.py", "passwd (2)", "passwd", "OpenSSLConfigVersion.cmake", "options.py", "PROMPThelp", "openssl.pc", "openmachine.rc", "on__server.py", "on.py", "OpenSSLConfig.cmake", "obexstress", "nsswitch (2).conf", "nsswitch.conf", "nopartHELP (2)", "nopartHELP", "networks (2)", "networks", "network", "mux.py", "mtools (2).conf", "mtools.conf", "mtab (2)", "mtab", "motd (2)", "motd", "modules.pcimap", "modules.pnpbiosmap", "modules.parportmap", "modules.usbmap", "modules.isapnpmap", "modules.ieee1394map", "modules.generic_string", "modules.dep", "migrate (2).sh", "migrate.sh", "midx.py", "midx (2).py", "meta.py", "memtest.py", "margin.py", "makedevs (2).sh", "makedevs.sh", "metadata.py", "ls (2).py", "ls.py", "login (2).defs", "main.py", "login.defs", "list_idx.py", "libssl.pc", "libnm-wwan.la", "libnm-ppp-plugin.la", "libnm-device-plugin-wwan.la", "libnm-device-plugin-wifi.la", "libnm-device-plugin-team.la", "libnm-device-plugin-bluetooth.la", "libnm-device-plugin-ovs.la", "libnm-device-plugin-adsl.la", "libcrypto.pc", "libc6-i386_2.31-0ubuntu6_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.info", "libc6-i386_2.30-4_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.symbols", "libc6-i386_2.30-4_amd64.info", "libc6-i386_2.30-4_amd64.symbols", "libc6-i386_2.30-0ubuntu2_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.info", "libc6-i386_2.30-0ubuntu2.1_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.symbols", "libc6-i386_2.30-0ubuntu2.1_amd64.info", "libc6-i386_2.29-0ubuntu2_amd64.url", "libc6-i386_2.29-0ubuntu2_amd64.symbols", "libc6-i386_2.29-0ubuntu2_amd64.info", "libc6-i386_2.28-10_amd64.url", "libc6-i386_2.28-10_amd64.info", "libc6-i386_2.28-10_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.info", "libc6-i386_2.27-3ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.url", "libc6-i386_2.26-0ubuntu2_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.url", "libc6-i386_2.26-0ubuntu2.1_amd64.info", "libc6-i386_2.24-11+deb9u4_amd64.url", "libc6-i386_2.30-0ubuntu2.1_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.url", "libc6-i386_2.24-9ubuntu2_amd64.info", "libc6-i386_2.24-9ubuntu2.2_amd64.url", "libc6-i386_2.24-9ubuntu2.2_amd64.symbols", "libc6-i386_2.24-9ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.url", "libc6-i386_2.24-3ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.url", "libc6-i386_2.23-0ubuntu11_amd64.url", "libc6-i386_2.24-3ubuntu1_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.info", "libc6-i386_2.23-0ubuntu11_amd64.symbols", "libc6-i386_2.23-0ubuntu11_amd64.info", "libc6-i386_2.23-0ubuntu10_amd64.url", "libc6-i386_2.23-0ubuntu10_amd64.symbols", "libc6-i386_2.23-0ubuntu10_amd64.info", "libc6-i386_2.23-0ubuntu3_amd64.symbols", "libc6-i386_2.23-0ubuntu3_amd64.info", "libc6-i386_2.21-0ubuntu4_amd64.url", "libc6-i386_2.23-0ubuntu3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.info", "libc6-i386_2.21-0ubuntu4.3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.info", "libc6-i386_2.19-18+deb8u10_amd64.url", "libc6-i386_2.19-18+deb8u10_amd64.symbols", "libc6-i386_2.19-18+deb8u10_amd64.info", "libc6-i386_2.19-10ubuntu2_amd64.url", "libc6-i386_2.19-10ubuntu2_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.symbols", "libc6-i386_2.19-10ubuntu2_amd64.info", "libc6-i386_2.19-10ubuntu2.3_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.symbols", "libc6-i386_2.19-0ubuntu6.15_amd64.info", "libc6-i386_2.19-0ubuntu6.15_amd64.url", "libc6-i386_2.19-0ubuntu6.15_amd64.symbols", "libc6-i386_2.17-93ubuntu4_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.info", "libc6-i386_2.17-0ubuntu5_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.symbols", "libc6-i386_2.17-0ubuntu5_amd64.info", "libc6-i386_2.17-0ubuntu5.1_amd64.url", "libc6-i386_2.17-0ubuntu5_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.info", "libc6-i386_2.15-0ubuntu20_amd64.url", "libc6-i386_2.15-0ubuntu20.2_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.symbols", "libc6-i386_2.15-0ubuntu20.2_amd64.info", "libc6-i386_2.15-0ubuntu20.2_amd64.symbols", "libc6-i386_2.15-0ubuntu10_amd64.info", "libc6-i386_2.15-0ubuntu10_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.info", "libc6-i386_2.15-0ubuntu10.18_amd64.url", "libc6-i386_2.15-0ubuntu10_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.url", "libc6-i386_2.13-20ubuntu5_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.symbols", "libc6-i386_2.13-20ubuntu5.3_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.symbols", "libc6-i386_2.13-20ubuntu5.2_amd64.info", "libc6-i386_2.13-0ubuntu13_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.symbols", "libc6-i386_2.13-0ubuntu13.2_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.url", "libc6-i386_2.13-0ubuntu13.2_amd64.info", "libc6-i386_2.12.1-0ubuntu10.4_amd64.info", "libc6-i386_2.13-0ubuntu13.2_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.info", "libc6-i386_2.11.1-0ubuntu7_amd64.url", "libc6-i386_2.12.1-0ubuntu6_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.url", "libc6-i386_2.11.1-0ubuntu7.21_amd64.url", "libc6-i386_2.11.1-0ubuntu7.12_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.info", "libc6-i386_2.11.1-0ubuntu7.11_amd64.symbols", "libc6-i386_2.10.1-0ubuntu19_amd64.url", "libc6-i386_2.10.1-0ubuntu19_amd64.info", "libc6-i386_2.10.1-0ubuntu19_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.info", "libc6-i386_2.10.1-0ubuntu15_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.url", "libc6-i386_2.9-4ubuntu6_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.symbols", "libc6-i386_2.9-4ubuntu6.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu9_amd64.info", "libc6-i386_2.8~20080505-0ubuntu7_amd64.url", "libc6-i386_2.7-10ubuntu8.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.info", "libc6-i386_2.7-10ubuntu3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.info", "libc6-i386_2.6.1-1ubuntu10_amd64.url", "libc6-i386_2.6.1-1ubuntu10_amd64.symbols", "libc6-i386_2.6.1-1ubuntu10_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.symbols", "libc6-i386_2.6.1-1ubuntu9_amd64.url", "libc6-i386_2.6.1-1ubuntu9_amd64.info", "libc6-i386_2.6.1-1ubuntu9_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.info", "libc6-i386_2.4-1ubuntu12_amd64.url", "libc6-i386_2.4-1ubuntu12_amd64.symbols", "libc6-i386_2.4-1ubuntu12_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.symbols", "libc6-i386_2.4-1ubuntu12.3_amd64.url", "libc6-i386_2.4-1ubuntu12.3_amd64.info", "libc6-i386_2.5-0ubuntu14_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.symbols", "libc6-i386_2.3.6-0ubuntu20_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.url", "libc6-i386_2.3.6-0ubuntu20.6_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.symbols", "ldd", "libc6-i386_2.4-1ubuntu12.3_amd64.symbols", "ld.so (2).conf", "ld.so.conf", "join.py", "itl-logo (3).txt", "itl-logo (2).txt", "issue", "issue (2)", "io.py", "installpkg", "INSNFS (2)", "installpkg (2)", "INSNFS", "INShd", "INShd (2)", "INSfd (2)", "INSfd", "INSdir (2)", "INSdir", "INSCD", "INSCD (2)", "inittab (2)", "inittab", "init.py", "__init__ (2).py", "__init__.py", "index (2).py", "index.py", "import_duplicity.py", "hosts (2)", "hosts", "host (2).conf", "host.conf", "HOSTNAME", "hlinkdb.py", "help.py", "helpers.py", "HOSTNAME (2)", "hashsplit.py", "group (2)", "group", "gc (2).py", "git.py", "get.py", "gc.py", "fuse.py", "func.py", "fstab (2)", "fstab", "ftp.py", "fsck (2).ext2", "fsck (2).ext3", "fsck.ext3", "fsck.ext2", "fsck.py", "filesize", "features.py", "fdisk (2)", "fdisk", "FDhelp (2)", "FDhelp", "empty (3)", "empty (2)", "drecurse.py", "dialogrc", "dialogrc (2)", "disk2 (2)", "drecurse (2).py", "disk2", "damage.py", "daemon.py", "compat.py", "closemachine.rc", "checkout_info.py", "cfdisk (2)", "client.py", "cfdisk", "cat_file.py", "bup-import-rsnapshot", "bup-import-rdiff-backup", "brc (2)", "brc", "bloom (2).py", "bloom.py", "asyncrecv.rc", "90-nm-cloud-setup.sh", "vfs.py", "tree.py", "template-WaR2X6", "a1676298638", "a4033901479", ".X1-lock", ".X0-lock", ".X1024-lock", "b3336837578", "MozillaUpdateLock-7A4D7A8EFFB43502", "imurmurhash.min.js", ".X1025-lock", "murmur2", "b529967783", "empty.lock~", "ab.1", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/65fcd2b1519a5f86d60eed63", "https://hybrid-analysis.com/file-collection/6604df33503d4a306e01c776", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/6604e16b6b94878cbb062194", "https://hybrid-analysis.com/file-collection/6604df4bb797f028b4065601", "https://hybrid-analysis.com/sample/2eaba531c48445e241c116f61653649e403d4b1ef07bfc96390e986e1eeb5b83/6604e230edf88ab15b0d83fc", "https://hybrid-analysis.com/file-collection/66057525d9b81759df06c4b5", "https://hybrid-analysis.com/sample/d714e2a850645f9a0f8f3785dd0eedd47a417417bed470b968e0f6a1a2e746e6/652cf1f4243d9d03b90f74a1", "https://www.virustotal.com/gui/file/ea8490563a229b89f2b779217938f9eb2bcf93dd89de9f7fc5c035632f0934b5/relations" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 297, "email": 8, "hostname": 204, "URL": 382, "FileHash-SHA1": 7, "CVE": 2, "FileHash-MD5": 45, "FileHash-SHA256": 5 }, "indicator_count": 950, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "722 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a823f8dbade2ab32ee77", "name": "Remote Access |Trick Clicks | C2 | False evidence appearing real. Content reputation.", "description": "", "modified": "2023-12-06T16:58:11.569000", "created": "2023-12-06T16:58:11.569000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 7, "FileHash-SHA256": 598, "hostname": 403, "domain": 583, "URL": 1814, "FileHash-MD5": 175, "FileHash-SHA1": 95 }, "indicator_count": 3675, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6522804c01930c8d2f1ad71f", "name": "Remote Access |Trick Clicks | C2 | False evidence appearing real. Content reputation.", "description": "Unrelated websites successfully flood , and dismantle reputations, marketing efforts of targets who has and lost 100% online visibility. Cyber criminals set up malicious websites, that drive down reputation, relevant media of target. The domains are traps popular w/some hackers or malicious red team groups typically hired by attorneys. Clicks, revenue flow to cyber criminals through malicious redirects, AGGRESSIVE social engineering, intellectual property abuse and obnoxious distraction. Contact is often made to trick target into believing their is interested in their product, body of work. Legal docs or funds may be exchange, giving cyber criminal access, email, clouds, Dropbox, forced login abuse, cloud share, phone number, C2, payment methods, banking, privilege to distribute, falsify ad campaigns of target. It's complicated but practices to frustrate , impoverish, profit, track, silence target. Malicious intent. Heavy tracking, core communication service swap.", "modified": "2023-11-07T08:04:06.581000", "created": "2023-10-08T10:11:22.600000", "tags": [ "heur", "cyber threat", "engineering", "covid19", "united", "phishing site", "telefonica peru", "malicious site", "control server", "phishing", "suppobox", "malware", "team", "ransomware", "download", "facebook", "daum", "cobalt strike", "pony", "artemis", "simda", "sodinokibi", "zbot", "bank", "feodo", "laplasclipper", "squirrelwaffle", "binder", "virut", "ramnit", "dropper", "formbook", "azorult", "revil", "matsnu", "service", "generic", "malicious", "emotet", "br", "trojanspy", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware site", "blacklist", "alexa", "malicious url", "detection list", "INDICATOR ROLE TITLE DESCRIPTION EXPIRATION RELATED PULSES URL ", "C2", "command_and_control", "nr-data", "cyber crime", "impersonation", "fraud", "intellectual property", "targets", "kedence", "song culture", "tsara lynn", "k\u00e9dence", "tsara", "tsara brashears", "social engineering", "interface exchange", "abuse", "privilege", "indicator", "file", "pattern match", "ascii text", "appdata", "windows nt", "script", "mitre att", "ck id", "show technique", "hybrid", "general", "local", "forced login", "content reputation", "reputation", "scheme", "crime", "cyber criminals", "arizona", "colorado", "newyork", "british", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "suricata alerts", "event category", "description sid", "suricata", "suricata", "cloud", "device remotwd", "remote attack", "remote controlled devices", "tracking", "spyware", "florida", "united states", "canada", "estonia", "cyber criminal", "alert" ], "references": [ "smartwishlist_1_.js", "https://www.hybrid-analysis.com/sample/ef02a04e1487fd373923ef2aa42b3d9af8d5fd600e5198150283b31aa7ed7558", "CVE-2012-1856", "CVE-2013-1331", "CVE-2017-8570", "CVE-2017-0147", "CVE-2017-11882", "CVE-2017-0199", "CVE-2018-8453", "https://the.sciencebehindecommerce.com/d9core", "https://pixel.tapad.com/idsync/ex/push static-tracking.klaviyo.com u002dtracking.klaviyo.com", "https://www.miraclebrand.co/apps/wonderment/tracking", "remote-access.net", "dev.remote-access.net", "hubspot.remote-access.net", "http://avient.remote-access.net/", "qa.remote-access.net", "http://www.remote-access.net", "https://avient.remote-access.net", "bam.nr-data.net", "appleaccessory.online", "init.ess.apple.com", "tv.apple.com", "http://icloud.ypcdce.com", "dr4qe3ddw9y32.cloudfront.net", "http://45.159.189.105/bot/regex", "http://clipper.guru/bot/regex", "http://45.159.189.105/bot/regex?key=afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34", "cloud.smartwishlist.webmarked.net", "http://dialacake.com/mumbai/yellow-pineapple-cake-2770.html", "https://hubspot.remote-access.net", "icloud.ypcdce.com", "Research and Data analysis" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BR", "display_name": "BR", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "Ramnit", "display_name": "Ramnit", "target": null }, { "id": "Emotet - S0367", "display_name": "Emotet - S0367", "target": null }, { "id": "Squirrelwaffle", "display_name": "Squirrelwaffle", "target": null }, { "id": "LaplasClipper", "display_name": "LaplasClipper", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "Virus:Win32/Daum", "display_name": "Virus:Win32/Daum", "target": "/malware/Virus:Win32/Daum" }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Backdoor:PHP/Artemis", "display_name": "Backdoor:PHP/Artemis", "target": "/malware/Backdoor:PHP/Artemis" }, { "id": "TEL:HackTool:Win32/ArtemisUser", "display_name": "TEL:HackTool:Win32/ArtemisUser", "target": null }, { "id": "Azorult - S0344", "display_name": "Azorult - S0344", "target": null }, { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Backdoor:Win32/Simda", "display_name": "Backdoor:Win32/Simda", "target": "/malware/Backdoor:Win32/Simda" }, { "id": "Ransomware", "display_name": "Ransomware", "target": null }, { "id": "Formbook", "display_name": "Formbook", "target": null }, { "id": "REvil (ELF)", "display_name": "REvil (ELF)", "target": null }, { "id": "Trojan:Win32/Matsnu", "display_name": "Trojan:Win32/Matsnu", "target": "/malware/Trojan:Win32/Matsnu" }, { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "ZeuS", "display_name": "ZeuS", "target": null }, { "id": "Pony - S0453", "display_name": "Pony - S0453", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 41, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 7, "hostname": 403, "domain": 583, "URL": 1814, "FileHash-MD5": 175, "FileHash-SHA1": 95, "FileHash-SHA256": 598 }, "indicator_count": 3675, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f1b570ce3f6227774113b", "name": "Remote Access |Trick Clicks | C2 | False evidence appearing real. ", "description": "", "modified": "2023-11-07T08:04:06.581000", "created": "2023-10-30T02:56:23.462000", "tags": [ "heur", "cyber threat", "engineering", "covid19", "united", "phishing site", "telefonica peru", "malicious site", "control server", "phishing", "suppobox", "malware", "team", "ransomware", "download", "facebook", "daum", "cobalt strike", "pony", "artemis", "simda", "sodinokibi", "zbot", "bank", "feodo", "laplasclipper", "squirrelwaffle", "binder", "virut", "ramnit", "dropper", "formbook", "azorult", "revil", "matsnu", "service", "generic", "malicious", "emotet", "br", "trojanspy", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware site", "blacklist", "alexa", "malicious url", "detection list", "INDICATOR ROLE TITLE DESCRIPTION EXPIRATION RELATED PULSES URL ", "C2", "command_and_control", "nr-data", "cyber crime", "impersonation", "fraud", "intellectual property", "targets", "kedence", "song culture", "tsara lynn", "k\u00e9dence", "tsara", "tsara brashears", "social engineering", "interface exchange", "abuse", "privilege", "indicator", "file", "pattern match", "ascii text", "appdata", "windows nt", "script", "mitre att", "ck id", "show technique", "hybrid", "general", "local", "forced login", "content reputation", "reputation", "scheme", "crime", "cyber criminals", "arizona", "colorado", "newyork", "british", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "suricata alerts", "event category", "description sid", "suricata", "suricata", "cloud", "device remotwd", "remote attack", "remote controlled devices", "tracking", "spyware", "florida", "united states", "canada", "estonia", "cyber criminal", "alert" ], "references": [ "smartwishlist_1_.js", "https://www.hybrid-analysis.com/sample/ef02a04e1487fd373923ef2aa42b3d9af8d5fd600e5198150283b31aa7ed7558", "CVE-2012-1856", "CVE-2013-1331", "CVE-2017-8570", "CVE-2017-0147", "CVE-2017-11882", "CVE-2017-0199", "CVE-2018-8453", "https://the.sciencebehindecommerce.com/d9core", "https://pixel.tapad.com/idsync/ex/push static-tracking.klaviyo.com u002dtracking.klaviyo.com", "https://www.miraclebrand.co/apps/wonderment/tracking", "remote-access.net", "dev.remote-access.net", "hubspot.remote-access.net", "http://avient.remote-access.net/", "qa.remote-access.net", "http://www.remote-access.net", "https://avient.remote-access.net", "bam.nr-data.net", "appleaccessory.online", "init.ess.apple.com", "tv.apple.com", "http://icloud.ypcdce.com", "dr4qe3ddw9y32.cloudfront.net", "http://45.159.189.105/bot/regex", "http://clipper.guru/bot/regex", "http://45.159.189.105/bot/regex?key=afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34", "cloud.smartwishlist.webmarked.net", "http://dialacake.com/mumbai/yellow-pineapple-cake-2770.html", "https://hubspot.remote-access.net", "icloud.ypcdce.com", "Research and Data analysis" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BR", "display_name": "BR", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "Ramnit", "display_name": "Ramnit", "target": null }, { "id": "Emotet - S0367", "display_name": "Emotet - S0367", "target": null }, { "id": "Squirrelwaffle", "display_name": "Squirrelwaffle", "target": null }, { "id": "LaplasClipper", "display_name": "LaplasClipper", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "Virus:Win32/Daum", "display_name": "Virus:Win32/Daum", "target": "/malware/Virus:Win32/Daum" }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Backdoor:PHP/Artemis", "display_name": "Backdoor:PHP/Artemis", "target": "/malware/Backdoor:PHP/Artemis" }, { "id": "TEL:HackTool:Win32/ArtemisUser", "display_name": "TEL:HackTool:Win32/ArtemisUser", "target": null }, { "id": "Azorult - S0344", "display_name": "Azorult - S0344", "target": null }, { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Backdoor:Win32/Simda", "display_name": "Backdoor:Win32/Simda", "target": "/malware/Backdoor:Win32/Simda" }, { "id": "Ransomware", "display_name": "Ransomware", "target": null }, { "id": "Formbook", "display_name": "Formbook", "target": null }, { "id": "REvil (ELF)", "display_name": "REvil (ELF)", "target": null }, { "id": "Trojan:Win32/Matsnu", "display_name": "Trojan:Win32/Matsnu", "target": "/malware/Trojan:Win32/Matsnu" }, { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "ZeuS", "display_name": "ZeuS", "target": null }, { "id": "Pony - S0453", "display_name": "Pony - S0453", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "6522804c01930c8d2f1ad71f", "export_count": 30, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 7, "hostname": 403, "domain": 583, "URL": 1814, "FileHash-MD5": 175, "FileHash-SHA1": 95, "FileHash-SHA256": 598 }, "indicator_count": 3675, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "644b318830af34fc51b096f6", "name": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability CVE-2022-30190", "description": "Here is the full text of the Metasploit module that generates a malicious Microsoft Office document that will be used to launch a cyber-attack on the firm's computer systems, and how to do it.", "modified": "2023-04-28T02:38:00.791000", "created": "2023-04-28T02:38:00.791000", "tags": [ "html", "char", "microsoft", "office word", "srvport", "metasploit", "current source", "rank", "msdtjs", "microsoft word", "powershell" ], "references": [ "word_msdtjs_rce.rb.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HTML", "display_name": "HTML", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OkGamerOfYeet", "id": "233948", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 1, "domain": 1 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 27, "modified_text": "1087 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "satisfies.js", "uninstall.js", "validate-lockfile.js", "cccam-version.nse", "logout.js", "queryable.js", "openssl.pc", "set.js", "targets-ipv6-wordlist.nse", "ipv6-ra-flood.nse", "http-iis-short-name-brute.nse", "rtsp-url-brute.nse", "xmpp-info.nse", "netbus-version.nse", "ssl-cert-intaddr.nse", "http-vuln-cve2010-0738.nse", "cli.js", "MCBrowserViewController.h", "freelancer-info.nse", "launchD.csv", "interfaceAddrs.csv", "lexmark-config.nse", "libc6-i386_2.10.1-0ubuntu19_amd64.url", "smb-psexec.nse", "ms-sql-brute.nse", "http-vuln-cve2013-0156.nse", "git.py", "__init__.py", "broadcast-upnp-info.nse", "http-cookie-flags.nse", "modules.pcimap", "libc6-i386_2.6.1-1ubuntu9_amd64.info", "pcmcia", "libc6-i386_2.24-3ubuntu2.2_amd64.symbols", "address-info.nse", "INSNFS (2)", "firewalk.nse", "uptime-agent-info.nse", "a.txt:ads.txt", "debug.js", "npm-update.md", "yallist.js", ".X1024-lock", "SeTPKG (2)", "libssl.pc", "cvs-brute-repository.nse", "AppleFirmwareUpdate.tbd", "bacnet-info.nse", "http-slowloris.nse", "ll.js", "oracle-brute-stealth.nse", "modules.usbmap", "dbivport.h", "informix-query.nse", "libc6-i386_2.17-93ubuntu4_amd64.url", "libc6-i386_2.30-0ubuntu2.1_amd64.url", "broadcast-wsdd-discover.nse", "compat.py", "bitcoin-info.nse", "dns-zeustracker.nse", "template-WaR2X6", "NetworkManager-dispatcher.service", "NetworkManager-ovs.conf", "sudoers", "http-sql-injection.nse", "stun-version.nse", "broadcast-versant-locate.nse", "libnm-wwan.la", "http-hp-ilo-info.nse", "func.py", "npm-ls.md", "min-version.js", "libc6-i386_2.19-0ubuntu6_amd64.symbols", "jdwp-info.nse", "on__server.py", "APConfigurationSystem.tbd", "server.py", "no_ads.txt", "libc6-i386_2.7-10ubuntu8.3_amd64.url", "smtp-vuln-cve2011-1764.nse", "libc6-i386_2.10.1-0ubuntu15_amd64.url", "informix-tables.nse", "http-drupal-enum.nse", "smb-mbenum.nse", "relocated", "setup (2)", "libc6-i386_2.4-1ubuntu12.3_amd64.symbols", "http-generator.nse", "targets-ipv6-multicast-mld.nse", "daemon.py", "index.html.en", "smb-vuln-cve-2017-7494.nse", "s7-info.nse", "token.js", "syslinux.cfg", "bashrc", "90-nm-thunderbolt.rules", "libc6-i386_2.4-1ubuntu12_amd64.info", "npm-view.md", "sbom-spdx.js", "npm-org.md", "disk2 (2)", "irc-botnet-channels.nse", "libc6-i386_2.15-0ubuntu10_amd64.info", "open-url.js", "npmrc", "managedPolicies.csv", "libc6-i386_2.17-0ubuntu5_amd64.info", "npm-exec.md", "npm-shrinkwrap-json.md", "lifecycle-cmd.js", "http://45.159.189.105/bot/regex?key=afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34", "dialogrc (2)", "afp-path-vuln.nse", "vfs.py", "issue (2)", "libc6-i386_2.21-0ubuntu4_amd64.symbols", "snmp-win32-shares.nse", "http-frontpage-login.nse", "dns-fuzz.nse", "list_idx.py", "rc.S", "http-open-proxy.nse", "lber.h", "broadcast-ataoe-discover.nse", "group", "gte.js", "mysql-enum.nse", "xdmcp-discover.nse", "libc6-i386_2.12.1-0ubuntu10.4_amd64.info", "cics-user-enum.nse", "port-states.nse", "syslog.conf", "pack.js", "imap-brute.nse", "ftp-libopie.nse", "http-xssed.nse", "smtp-vuln-cve2011-1720.nse", "doctor.js", "libc6-i386_2.15-0ubuntu20.2_amd64.symbols", "sniffer-detect.nse", "npm-token.md", "libc6-i386_2.11.1-0ubuntu7_amd64.symbols", "modules.dep", "nping-brute.nse", "termcap (2)", "libc6-i386_2.6.1-1ubuntu9_amd64.url", "login.js", "npm-ping.md", "nat-pmp-mapport.nse", "modules.generic_string", "fcrdns.nse", "registry.md", "https://viz.greynoise.io/analysis/001f6d4e-555b-49d3-a714-e71deea739d0", "smb-ls.nse", "libc6-i386_2.19-10ubuntu2_amd64.info", "https://hybrid-analysis.com/file-collection/66057525d9b81759df06c4b5", "http-trace.nse", "http-vuln-cve2011-3368.nse", "vmauthd-brute.nse", "smb-os-discovery.nse", "oracle-sid-brute.nse", "socks-brute.nse", "MCSession.h", "shrinkwrap.js", "orgs.md", "bitcoinrpc-info.nse", "84-nm-drivers.rules", "http-litespeed-sourcecode-download.nse", "mtab", "mongodb-databases.nse", "libc6-i386_2.7-10ubuntu8.3_amd64.info", "mysql-databases.nse", "dbd_xsh.h", "libc6-i386_2.5-0ubuntu14_amd64.url", "audit-error.js", "syslog (2).conf", "SeTnopart (2)", "libc6-i386_2.13-20ubuntu5.3_amd64.symbols", "npm.js", "libc6-i386_2.15-0ubuntu20.2_amd64.info", "MultipeerConnectivity.tbd", "http-icloud-sendmsg.nse", "__init__ (2).py", "citrix-enum-apps.nse", "libc6-i386_2.6.1-1ubuntu10_amd64.info", "https://pixel.tapad.com/idsync/ex/push static-tracking.klaviyo.com u002dtracking.klaviyo.com", "npm-bugs.md", "http-vuln-cve2006-3392.nse", "libc6-i386_2.5-0ubuntu14_amd64.symbols", "modules.parportmap", "npm-restart.md", "daytime.nse", "mtab (2)", "http-form-fuzzer.nse", "nje-pass-brute.nse", "nje-node-brute.nse", "libnm-ppp-plugin.la", "prefix.js", "patch.js", "http-drupal-enum-users.nse", "tn3270-screen.nse", "rdp-ntlm-info.nse", "libc6-i386_2.26-0ubuntu2.1_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.info", "npm-pkg.md", "aliases", "prune_older.py", "http-icloud-findmyiphone.nse", "nm-priv-helper.service", "http-vuln-cve2011-3192.nse", "package-spec.md", "mikrotik-routeros-brute.nse", "npm-rebuild.md", "help.py", "MCError.h", "rmi-vuln-classloader.nse", "mongodb-info.nse", "http-adobe-coldfusion-apsa1301.nse", "broadcast-xdmcp-discover.nse", "master.cf", "SeTfull", "http-vuln-cve2014-8877.nse", "NetworkManager-wait-online.service", "libc6-i386_2.26-0ubuntu2_amd64.url", "libc6-i386_2.19-0ubuntu6_amd64.url", "paths", "query.js", "split.py", "edit.js", "tag.py", "std (2)", "broadcast-hid-discoveryd.nse", "custom-error.html", "vt300", "major.js", "libc6-i386_2.17-0ubuntu5.1_amd64.symbols", "etcHosts.csv", "coap-resources.nse", "mqtt-subscribe.nse", "redis-info.nse", "docker-version.nse", "sbom-cyclonedx.js", "DBIXS.h", "syslinux (2).cfg", "root.js", "tls-nextprotoneg.nse", "domino-enum-users.nse", "ftp-proftpd-backdoor.nse", "setup", "styles.css", "libc6-i386_2.19-18+deb8u10_amd64.info", "locate.rc", "http-shellshock.nse", "libc6-i386_2.9-4ubuntu6_amd64.info", "smb-vuln-ms08-067.nse", "ovs-agent-version.nse", "yara.pc", "a1676298638", "auth.js", "http-ntlm-info.nse", "get-workspaces.js", "HOSTNAME", "hostmap-crtsh.nse", "smb-brute.nse", "ftp-vuln-cve2010-4221.nse", "zshrc_Apple_Terminal", "client.py", "libc6-i386_2.11.1-0ubuntu7.21_amd64.info", "targets-ipv6-multicast-invalid-dst.nse", "smtp-vuln-cve2010-4344.nse", "libnm-device-plugin-wwan.la", "init.py", "fingerprint-strings.nse", "motd", "npm-ci.md", "bup-import-rdiff-backup", "cfdisk", "rpc-grind.nse", "snmp-processes.nse", "iax2-brute.nse", "unstar.js", "smb-security-mode.nse", "ls.py", "MCPeerID.h", "smb-enum-groups.nse", "interfaceDetails.csv", "maxdb-info.nse", "dns-service-discovery.nse", "jdwp-inject.nse", "xmpp-brute.nse", "dhcp-discover.nse", "nfs.conf", "ms-sql-hasdbaccess.nse", "exit-handler.js", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/65fcd2b1519a5f86d60eed63", "npm-shrinkwrap.md", "omp2-enum-targets.nse", "install.js", "telnet-encryption.nse", "http-mcmp.nse", "SeTkeymap", "stage2 (2)", "mrinfo.nse", "cassandra-brute.nse", "http-dlink-backdoor.nse", "libc6-i386_2.15-0ubuntu10.18_amd64.symbols", "get.js", "targets-asn.nse", "makedefs.out", "libc6-i386_2.19-0ubuntu6.15_amd64.symbols", "vt300 (2)", "http-vuln-cve2014-2129.nse", "iscsi-brute.nse", "flume-master-info.nse", "cfdisk (2)", "libc6-i386_2.11.1-0ubuntu7.11_amd64.symbols", "http-default-accounts.nse", "npm-login.md", "kernel.csv", "smb-print-text.nse", "broadcast-ospf2-discover.nse", "http-put.nse", "stuxnet-detect.nse", "LDAP.tbd", "explore.js", "unpublish.js", "get.py", "SeTkeymap (2)", "???? ????????.txt", "oracle-tns-version.nse", "cmp.js", "shells (2)", "ip-forwarding.nse", "snmp-sysdescr.nse", "hostmap-bfk.nse", "auto_home", "memtest.py", "pacote", "outside.js", "dev.remote-access.net", "npm-hook.md", "npm-whoami.md", "margin.py", "http-trane-info.nse", "networks (2)", "ncp-enum-users.nse", "import_duplicity.py", "http-affiliate-id.nse", "libc6-i386_2.28-10_amd64.url", "INSCD", "ntp_opendirectory.conf", "ip-https-discover.nse", "smb-vuln-ms07-029.nse", "npm-adduser.md", "installpkg", "CVE-2017-11882", "libcrypto.pc", "http-phpself-xss.nse", "targets-xml.nse", "nopartHELP (2)", "probe", "owner.js", "mtools.conf", "informix-brute.nse", "libc6-i386_2.13-20ubuntu5.2_amd64.info", "smb-vuln-webexec.nse", "SeTpartitions (2)", "a.txt", "firewall-bypass.nse", "SeTpartitions", "INSNFS", "npm-outdated.md", "http-auth-finder.nse", "subset.js", "http-google-malware.nse", "LICENSE", "explain.js", "MCAdvertiserAssistant.h", "smb2-security-mode.nse", "brc (2)", "http-vuln-cve2017-5689.nse", "http-avaya-ipoffice-users.nse", "services", "libc6-i386_2.8~20080505-0ubuntu9_amd64.info", "http-chrono.nse", "sort.js", "http-gitweb-projects-enum.nse", "range.bnf", "smtp-strangeport.nse", "metadata.py", "metasploit-info.nse", "user_launchagents.txt", "libc6-i386_2.7-10ubuntu3_amd64.url", "teamspeak2-version.nse", "http-date.nse", "ip-geolocation-map-bing.nse", "config.js", "libc6-i386_2.24-3ubuntu2.2_amd64.info", "validate-engines.js", "lte.js", "ftp-vsftpd-backdoor.nse", "smb-server-stats.nse", "mux.py", "pkgtool (2)", "removal.md", "snmp-brute.nse", "on.py", "libc6-i386_2.13-20ubuntu5_amd64.info", "versant-info.nse", "libc6-i386_2.3.6-0ubuntu20.6_amd64.info", "pop3-capabilities.nse", "web.py", "rescan-scsi-bus", "dicom-ping.nse", "smartwishlist_1_.js", "b529967783", "rcompare.js", "libc6-i386_2.24-11+deb9u4_amd64.info", "http-form-brute.nse", "wdb-version.nse", "dbi_sql.h", "dns-check-zone.nse", "npm-dist-tag.md", "libc6-i386_2.29-0ubuntu2_amd64.info", "http-svn-info.nse", "rpcinfo.nse", "b3336837578", "cat_file.py", "npm-query.md", "http-apache-negotiation.nse", "display.js", "inittab", ".X0-lock", "libc6-i386_2.24-9ubuntu2.2_amd64.symbols", "libc6-i386_2.13-0ubuntu13_amd64.url", "http-joomla-brute.nse", "ftp-bounce.nse", "http-webdav-scan.nse", "http-errors.nse", "libc6-i386_2.12.1-0ubuntu6_amd64.symbols", "nsswitch.conf", "obexstress", "Research and Data analysis", "nntp-ntlm-info.nse", "securetty", "libc6-i386_2.17-93ubuntu4_amd64.symbols", "fsck.py", "range.js", "afp-showmount.nse", "afpovertcp.cfg", "libc6-i386_2.13-20ubuntu5_amd64.url", "SeTkernel (2)", "https://hybrid-analysis.com/sample/2eaba531c48445e241c116f61653649e403d4b1ef07bfc96390e986e1eeb5b83/6604e230edf88ab15b0d83fc", "Info.plist", "hnap-info.nse", "cics-user-brute.nse", "SeTfdHELP", "tftp-enum.nse", "nm-cloud-setup.service", "compare.js", "sharedFolders.csv", "libc6-i386_2.19-10ubuntu2_amd64.url", "http-malware-host.nse", "unmigrate (2).sh", "telnet-brute.nse", "itl-logo (3).txt", "modules.isapnpmap", "libc6-i386_2.11.1-0ubuntu7.12_amd64.url", "master.cf.proto", "ganglia-info.nse", "bloom (2).py", "ldap-brute.nse", "update-notifier.js", "MCNearbyServiceAdvertiser.h", "domcon-cmd.nse", "init.js", ".:ads.txt", "citrix-brute-xml.nse", "ms-sql-tables.nse", "libc6-i386_2.12.1-0ubuntu6_amd64.info", "whois-domain.nse", "http-awstatstotals-exec.nse", "sshv1.nse", "http-cors.nse", "libc6-i386_2.28-10_amd64.info", "pf.os", "libc6-i386_2.23-0ubuntu3_amd64.url", "http-apache-server-status.nse", "Admin.tbd", "http-robtex-shared-ns.nse", "stun-info.nse", "cmd-list.js", "ssh.py", "libc6-i386_2.15-0ubuntu20_amd64.symbols", "error-message.js", "http-config-backup.nse", "path.py", "http-aspnet-debug.nse", "asyncrecv.rc", "broadcast-tellstick-discover.nse", "fuse.py", "npm-install-ci-test.md", "socks-open-proxy.nse", "dns-random-srcport.nse", "snmp-win32-software.nse", "broadcast-pppoe-discover.nse", "main.cf", "mysql-audit.nse", "deprecate.js", "rmtab", "ftp.py", "npx.md", "http-auth.nse", "npm-link.md", "libc6-i386_2.13-0ubuntu13_amd64.symbols", "explain-eresolve.js", "SeTmaketag (2)", "http-headers.nse", "broadcast-avahi-dos.nse", "unusual-port.nse", "version.js", "otplease.js", "libnm-device-plugin-ovs.la", "nbstat.nse", "knx-gateway-discover.nse", "csh.logout", "iterator.js", "libc6-i386_2.23-0ubuntu11_amd64.url", "auto_master", "https://seclists.org/nmap-dev/2011/q4/420", "login.defs", "http-phpmyadmin-dir-traversal.nse", "metasploit-msgrpc-brute.nse", "smb-vuln-ms10-061.nse", "irc-brute.nse", "slackinstall (2)", "http-rfi-spider.nse", "xmlrpc-methods.nse", "fund.js", "broadcast-pc-duo.nse", "nfs-statfs.nse", "test.js", "couchdb-stats.nse", "gc.py", "empty.exe", "clean.js", "supermicro-ipmi-conf.nse", "cvs-brute.nse", "libc6-i386_2.8~20080505-0ubuntu9_amd64.symbols", "smb-vuln-cve2009-3103.nse", "unmigrate.sh", "vnc-title.nse", "q\u00e9\u00d5?e\u00ac\u00d2\u00b6.\u000f\u001c\u00cc", "npm-find-dupes.md", "broadcast-netbios-master-browser.nse", "icap-info.nse", "broadcast-pc-anywhere.nse", "SeTnopart", "INSfd (2)", "vmware-version.nse", "makedevs.sh", "libc6-i386_2.3.6-0ubuntu20_amd64.info", "dns-nsec-enum.nse", "help.js", "csh.cshrc", "applications.csv", "pkg.js", "http-virustotal.nse", "broadcast-sonicwall-discover.nse", "smb2-vuln-uptime.nse", "smb.conf", "libc6-i386_2.30-4_amd64.symbols", "libc6-i386_2.23-0ubuntu11_amd64.info", "npm-run-script.md", "FDhelp", "npm-pack.md", "libc6-i386_2.10.1-0ubuntu19_amd64.symbols", "source_info.py", "ssl-dh-params.nse", "bam.nr-data.net", "smb-enum-services.nse", "view.js", "resolv.conf", "libc6-i386_2.13-20ubuntu5.3_amd64.url", "vnc-info.nse", "npm-search.md", "libyara.la", "fox-info.nse", "damage.py", "nessus-xmlrpc-brute.nse", "http-method-tamper.nse", "chromeExtensions.csv", "csh.login", "http-vuln-cve2012-1823.nse", "libc6-i386_2.8~20080505-0ubuntu7_amd64.url", "bup-import-rsnapshot", "libc6-i386_2.9-4ubuntu6_amd64.symbols", "libc6-i386_2.13-0ubuntu13_amd64.info", "http-git.nse", "hook.js", "libc6-i386_2.15-0ubuntu10.18_amd64.info", "libc6-i386_2.3.6-0ubuntu20_amd64.url", "dns-ip6-arpa-scan.nse", "iax2-version.nse", "modules.pnpbiosmap", "https://hybrid-analysis.com/file-collection/6604df33503d4a306e01c776", "docs.js", "sunjava_map.xml", "package.json", "domcon-brute.nse", "random.py", "libc6-i386_2.30-0ubuntu2_amd64.info", "modbus-discover.nse", "dns-nsid.nse", "http://45.159.189.105/bot/regex", "enip-info.nse", "broadcast-rip-discover.nse", "tar.js", "http-proxy-brute.nse", "path-mtu.nse", "PROMPThelp", "omron-info.nse", "repo.js", "backorifice-brute.nse", "network", "crashes.csv", "metasploit-xmlrpc-brute.nse", "rusers.nse", "main.cf.default", "isns-info.nse", "preload.js", "libc6-i386_2.3.6-0ubuntu20.6_amd64.url", "nfs-showmount.nse", "libc6-i386_2.31-0ubuntu6_amd64.symbols", "http-ls.nse", "broadcast-dropbox-listener.nse", "b.txt", "xstat (2).py", "glob", "removepkg", "hbase-region-info.nse", "qconn-exec.nse", "shadow", "reverse-index.nse", "MCNearbyServiceBrowser.h", "http-fetch.nse", "targets-ipv6-multicast-slaac.nse", "http-axis2-dir-traversal.nse", "fsck (2).ext3", "realvnc-auth-bypass.nse", "ajp-methods.nse", "read-user-info.js", "libc6-i386_2.17-0ubuntu5.1_amd64.info", "npm-usage.js", "INSdir", "url-snarf.nse", "web-auth.js", "libc6-i386_2.11.1-0ubuntu7.12_amd64.info", "ajp-headers.nse", "libc6-i386_2.24-3ubuntu1_amd64.symbols", "host (2).conf", "ip-geolocation-ipinfodb.nse", "ldap-novell-getpass.nse", "libc6-i386_2.28-0ubuntu1_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.url", "apfs_boot_mount.tbd", "mysql-vuln-cve2012-2122.nse", "header_checks", "http-traceroute.nse", "npm.md", "AirPlayReceiver.tbd", "snmp-win32-services.nse", "certificates.csv", "index.js", "ls (2).py", "libc6-i386_2.19-0ubuntu6.15_amd64.info", "libc6-i386_2.9-4ubuntu6.3_amd64.url", "redis-brute.nse", "citrix-enum-apps-xml.nse", "notes.txt", ".zcompdump-m1904-5.9", "prune.js", "rpc", "re.js", "http-dombased-xss.nse", "fstab", "impress-remote-discover.nse", "gettytab", "http-svn-enum.nse", "b.txt:ads.txt", "group (2)", "targets-traceroute.nse", "libc6-i386_2.6.1-1ubuntu10_amd64.symbols", "npm-owner.md", "restore.py", "targets-sniffer.nse", "SeTkernel", "wtmp", "http-title.nse", "libc6-i386_2.30-4_amd64.url", "minor.js", "libc6-i386_2.13-20ubuntu5.3_amd64.info", "ms-sql-empty-password.nse", "hosts", "openvas-otp-brute.nse", "libc6-i386_2.3.6-0ubuntu20_amd64.symbols", "hadoop-datanode-info.nse", "membase-http-info.nse", "npm-install-test.md", "ftpusers", "smb-webexec-exploit.nse", "http-referer-checker.nse", "rpcap-info.nse", "pgsql-brute.nse", "http-cisco-anyconnect.nse", "adduser.js", "85-nm-unmanaged.rules", "citrix-enum-servers-xml.nse", "npm-stop.md", "npm-stars.md", "autofs.conf", "traceroute-geolocation.nse", "http-vlcstreamer-ls.nse", "vtam-enum.nse", "empty (2)", "http-enum.nse", "libc6-i386_2.26-0ubuntu2.1_amd64.url", "rfc868-time.nse", "brc", "broadcast-novell-locate.nse", "clamav-exec.nse", "iscsi-info.nse", "run-script.js", "libc6-i386_2.10.1-0ubuntu19_amd64.info", "mysql-query.nse", "rdp-vuln-ms12-020.nse", "coerce.js", "openlookup-info.nse", "smb-enum-users.nse", "broadcast-dhcp6-discover.nse", "dicom-brute.nse", "snmp-win32-users.nse", "quake3-master-getservers.nse", "sip-brute.nse", "INShd (2)", "MultipeerConnectivity.h", "ipv6-node-info.nse", "MultipeerConnectivity.apinotes", "SeTconfig", "dns-recursion.nse", "bittorrent-discovery.nse", "arm64e-apple-macos.swiftinterface", "ajp-request.nse", "package-lock-json.md", "hubspot.remote-access.net", "qa.remote-access.net", "rc.ieee1394", "smb-vuln-ms10-054.nse", "smtp-brute.nse", "libc6-i386_2.4-1ubuntu12_amd64.url", "sstp-discover.nse", "rpcap-brute.nse", "broadcast-eigrp-discovery.nse", "http-unsafe-output-escaping.nse", "ubiquiti-discovery.nse", "bloom.py", "min-satisfying.js", "snmp-ios-config.nse", "http-devframework.nse", "exec.js", "unittest.nse", "libc6-i386_2.23-0ubuntu3_amd64.info", "npm-uninstall.md", "libc6-i386_2.23-0ubuntu3_amd64.symbols", "postfix-files", "ssl-enum-ciphers.nse", "install-test.js", "libc6-i386_2.24-9ubuntu2.2_amd64.info", "INShd", "http://dialacake.com/mumbai/yellow-pineapple-cake-2770.html", "sip-call-spoof.nse", "deluge-rpc-brute.nse", "SeTmaketag", "ping.js", "ms-sql-config.nse", "imurmurhash.min.js", "jdwp-exec.nse", "libc6-i386_2.27-3ubuntu1_amd64.info", "rdp-enum-encryption.nse", "npm-prefix.md", "installed-shallow.js", "mtrace.nse", "smb-vuln-regsvc-dos.nse", "http-comments-displayer.nse", "pkgtool", "libc6-i386_2.19-18+deb8u10_amd64.url", "timers.js", "vuze-dht-info.nse", "rc.usb", "libc6-i386_2.9-4ubuntu6_amd64.url", "p2p-conficker.nse", "ipv6-multicast-mld-list.nse", "https://www.hybrid-analysis.com/sample/ef02a04e1487fd373923ef2aa42b3d9af8d5fd600e5198150283b31aa7ed7558", "dedupe.js", "whois-ip.nse", "ldap.h", "http-vuln-cve2013-6786.nse", "README.md", "libc6-i386_2.15-0ubuntu20.2_amd64.url", "cics-enum.nse", "reify-finish.js", "vnc-brute.nse", "ajp-brute.nse", "npm-cache.md", "http-methods.nse", "launchagents.txt", "join.py", "libc6-i386_2.6.1-1ubuntu9_amd64.symbols", "find-dupes.js", "arm64e-apple-ios-macabi.swiftinterface", "tls-alpn.nse", "vt100", "libc6-i386_2.28-0ubuntu1_amd64.url", "citrix-enum-servers.nse", "simplify.js", "a4033901479", "content-negotiation.html", "stdcrt (2)", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/6604e16b6b94878cbb062194", "pcworx-info.nse", "http-slowloris-check.nse", "midx (2).py", "https://hybrid-analysis.com/sample/d714e2a850645f9a0f8f3785dd0eedd47a417417bed470b968e0f6a1a2e746e6/652cf1f4243d9d03b90f74a1", "afp-ls.nse", "mongodb-brute.nse", "access.js", "broadcast-dns-service-discovery.nse", "npm-dedupe.md", "couchdb-databases.nse", "snmp-interfaces.nse", "murmur-version.nse", "ld.so (2).conf", "clock-skew.nse", "OpenSSLConfig.cmake", "newsyslog.conf", "sslv2-drown.nse", "bugs.js", "http-vuln-misfortune-cookie.nse", "libnm-device-plugin-wifi.la", "openwebnet-discovery.nse", "netbus-info.nse", "bashrc_Apple_Terminal", "smb-vuln-ms17-010.nse", "itl-logo.txt", "snmp-info.nse", "weblogic-t3-info.nse", "libc6-i386_2.11.1-0ubuntu7.11_amd64.info", "http-vuln-cve2013-7091.nse", "caching.html", "drda-brute.nse", "rc.netboot", "http-wordpress-brute.nse", "comparator.js", "hbase-master-info.nse", "smb-enum-shares.nse", "http://www.remote-access.net", "http-security-headers.nse", "ssh-publickey-acceptance.nse", "http-feed.nse", "ipmi-cipher-zero.nse", "manpaths", "libc6-i386_2.15-0ubuntu10.18_amd64.url", "npm-edit.md", "libc6-i386_2.19-18+deb8u10_amd64.symbols", "init.ess.apple.com", "installed-deep.js", "libc6-i386_2.7-10ubuntu3_amd64.symbols", "passwd", "libc6-i386_2.19-10ubuntu2.3_amd64.info", "vt100 (3)", "hook_op_check.h", "empty", "ssl-poodle.nse", "developers.md", "man.conf", "completion.fish", "rsort.js", "identifiers.js", "dist-tag.js", "broadcast-ms-sql-discover.nse", "http-csrf.nse", "npm-audit.md", "sudo_lecture", "pptp-version.nse", "link.js", "npm-sbom.md", "stdcrt", "pjl-ready-message.nse", "npm-star.md", "http-vuln-cve2014-2128.nse", "libc6-i386_2.27-3ubuntu1_amd64.url", "SeTmedia (2)", "parse.js", "pop3-ntlm-info.nse", "ike-version.nse", "kern_loader.conf", "remote-access.net", "shquote.py", "npm-docs.md", "lltd-discovery.nse", "libc6-i386_2.13-0ubuntu13.2_amd64.url", "save.py", "http-sap-netweaver-leak.nse", "script.db", "CodeResources", "broadcast-listener.nse", "dns-update.nse", "bind.html", "tick.py", "dr4qe3ddw9y32.cloudfront.net", "knx-gateway-info.nse", "openflow-info.nse", "http-passwd.nse", "libc6-i386_2.11.1-0ubuntu7.21_amd64.url", "dns-zone-transfer.nse", "sharingPreferences.csv", "http-majordomo2-dir-traversal.nse", "http-wordpress-users.nse", "https://www.miraclebrand.co/apps/wonderment/tracking", "host.conf", "asl.conf", "daap-get-library.nse", "npm-unpublish.md", "install-ci-test.js", "package-json.md", "smb-enum-domains.nse", "http-cross-domain-policy.nse", "update-workspaces.js", "ndmp-version.nse", "systemInfo.csv", "npm-config.md", "preboot_archive_errors.log", "sbom.js", "libc6-i386_2.30-4_amd64.info", "npm-doctor.md", "closemachine.rc", "libc6-i386_2.19-0ubuntu6.15_amd64.url", "npm-version.md", "libc6-i386_2.23-0ubuntu10_amd64.url", "npm-repo.md", "http-vuln-cve2017-1001000.nse", "irbrc", "smb-protocols.nse", "smb-vuln-ms06-025.nse", "creds-summary.nse", "libc6-i386_2.19-0ubuntu6_amd64.info", "scripts", "libc6-i386_2.26-0ubuntu2_amd64.symbols", "empty.lock~", "ssh-brute.nse", "launchdaemons.txt", "tree.py", "libc6-i386_2.7-10ubuntu8.3_amd64.symbols", "ftp-brute.nse", "ci.js", "http-vuln-cve2015-1635.nse", "libc6-i386_2.26-0ubuntu2_amd64.info", "neq.js", "vulners.nse", "omp2-brute.nse", "http-vhosts.nse", "libc6-i386_2.6.1-1ubuntu10_amd64.url", "vdecmd", "mtools (2).conf", "SeTswap", "https://hubspot.remote-access.net", "eq.js", "profile (2)", "mysql-info.nse", "libc6-i386_2.26-0ubuntu2.1_amd64.info", "libc6-i386_2.24-9ubuntu2.2_amd64.url", "libc6-i386_2.24-11+deb9u4_amd64.url", "io.py", "wsdd-discover.nse", "configuring.html", "http-useragent-tester.nse", "libc6-i386_2.13-20ubuntu5.2_amd64.symbols", "OpenSSLConfigVersion.cmake", "nm-pppd-plugin.la", "SeTDOS (2)", "rlogin-brute.nse", "broadcast-pim-discovery.nse", "libc6-i386_2.21-0ubuntu4.3_amd64.url", "murmur2", "usbDevices.csv", "ip-geolocation-maxmind.nse", "FDhelp (2)", "main.py", "hosts (2)", "nm-shared.xml", "INSfd", "smtp-commands.nse", "hddtemp-info.nse", "ventrilo-info.nse", "libc6-i386_2.24-9ubuntu2_amd64.info", "http-vmware-path-vuln.nse", "libc6-i386_2.13-20ubuntu5_amd64.symbols", "version.plist", "ms-sql-xp-cmdshell.nse", "format-bytes.js", "motd (2)", "ms-sql-info.nse", "quake3-info.nse", "ntp-info.nse", "libnm-device-plugin-team.la", "tso-enum.nse", "broadcast-ripng-discover.nse", "issue", "http-server-header.nse", "mounts.txt", "log-file.js", "netbus-auth-bypass.nse", "rtsp-methods.nse", "finger.nse", "nbns-interfaces.nse", "libc6-i386_2.4-1ubuntu12_amd64.symbols", "irc-info.nse", "sipConfig.csv", "valid.js", "ssh-auth-methods.nse", "http-internal-ip-disclosure.nse", "mcafee-epo-agent.nse", "passwd (2)", "smb2-time.nse", "http-qnap-nas-info.nse", "openmachine.rc", "http://icloud.ypcdce.com", "hadoop-tasktracker-info.nse", "publish.js", "libc6-i386_2.12.1-0ubuntu10.4_amd64.url", "riak-http-info.nse", "INSCD (2)", "rexec-brute.nse", "libc6-i386_2.17-0ubuntu5_amd64.symbols", "http-domino-enum-passwords.nse", "smb-enum-sessions.nse", "dns-nsec3-enum.nse", "rsa-vuln-roca.nse", "virtual", "broadcast-db2-discover.nse", "libnm-device-plugin-bluetooth.la", "makedevs (2).sh", "drecurse.py", "libnm.pc", "http-bigip-cookie.nse", "dbixs_rev.h", "MozillaUpdateLock-7A4D7A8EFFB43502", "ttys", "cups-queue-info.nse", "workspaces.md", "constants.js", "Driver_xst.h", "mysql-users.nse", "sip-enum-users.nse", "lt.js", "stage2 (3)", "whoami.js", "index (2).py", "ssl-date.nse", "cssesc", "gt.js", "http-waf-detect.nse", "max-satisfying.js", "login (2).defs", "acarsd-info.nse", "command_args.json", "voldemort-info.nse", "smtp-enum-users.nse", "fsck (2).ext2", "http-vuln-cve2014-2127.nse", "midx.py", "http-vuln-cve2009-3960.nse", "targets-ipv6-map4to6.nse", "is-windows.js", "http-mobileversion-checker.nse", "npm-team.md", "drda-info.nse", "afp-brute.nse", "hadoop-namenode-info.nse", "rc.common", "gopher-ls.nse", "svn-brute.nse", "semver.js", "upnp-info.nse", "ip-geolocation-geoplugin.nse", "libc6-i386_2.24-11+deb9u4_amd64.symbols", "skypev2-version.nse", "libc6-i386_2.31-0ubuntu6_amd64.info", "convenience.map", "generic", "x.jnlp", "nessus-brute.nse", "http-robots.txt.nse", "mysql-empty-password.nse", "shells", "users.csv", "desktop.ini", "libc6-i386_2.23-0ubuntu10_amd64.symbols", "npm-completion.md", "npmrc.md", "SeTpasswd (2)", "fstab (2)", "format-search-stream.js", "migrate.sh", "README", "ssl-heartbleed.nse", "install.md", "pf.conf", "bitcoin-getaddr.nse", "cics-info.nse", "shodan-api.nse", "tls-ticketbleed.nse", "imap-ntlm-info.nse", "libc6-i386_2.17-0ubuntu5_amd64.url", "qscan.nse", "npm-install.md", "hostmap-robtex.nse", "libnm.la", "npm-logout.md", "libnm-device-plugin-adsl.la", "libc6-i386_2.19-10ubuntu2_amd64.symbols", "libc6-i386_2.30-0ubuntu2_amd64.symbols", "nat-pmp-info.nse", "zgrep", "SeTDOS", "libc6-i386_2.13-0ubuntu13.2_amd64.info", "ftp-anon.nse", "completion.sh", "cups-info.nse", "mail.rc", "start.js", "ab.1", "SeTswap (2)", "libc6-i386_2.11.1-0ubuntu7_amd64.info", "sslv2.nse", "explain-dep.js", "libc6-i386_2.8~20080505-0ubuntu7_amd64.info", "libc6-i386_2.10.1-0ubuntu15_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.info", "http-open-redirect.nse", "open-url-prompt.js", "broadcast-networker-discover.nse", "org.js", "gc (2).py", "star.js", "ms-sql-dac.nse", "libc6-i386_2.21-0ubuntu4_amd64.url", "AOSKit.tbd", "cache.js", "libc6-i386_2.8~20080505-0ubuntu7_amd64.symbols", "telnet-ntlm-info.nse", "itl-logo (2).txt", "amqp-info.nse", "http-sitemap-generator.nse", "http-favicon.nse", "folders.md", "helpers.py", "ssl-ccs-injection.nse", "libc6-i386_2.8~20080505-0ubuntu9_amd64.url", "sip-methods.nse", "HOSTNAME (2)", "libc6-i386_2.15-0ubuntu10_amd64.symbols", "irc-sasl-brute.nse", "libc6-i386_2.21-0ubuntu4_amd64.info", ".X1-lock", "dns-random-txid.nse", "nopartHELP", ".X1025-lock", "word_msdtjs_rce.rb.txt", "http-grep.nse", "mysql-brute.nse", "CVE-2018-8453", "libc6-i386_2.11.1-0ubuntu7.12_amd64.symbols", "afp-serverinfo.nse", "allseeingeye-info.nse", "libc6-i386_2.11.1-0ubuntu7_amd64.url", "90-nm-cloud-setup.sh", "nm-cloud-setup.timer", "color-support", "version (2).py", "libc6-i386_2.28-10_amd64.symbols", "lu-enum.nse", "https://www.virustotal.com/gui/file/ea8490563a229b89f2b779217938f9eb2bcf93dd89de9f7fc5c035632f0934b5/relations", "oracle-brute.nse", "ftp-syst.nse", "termcap", "broadcast-wpad-discover.nse", "libc6-i386_2.29-0ubuntu2_amd64.symbols", "compare-build.js", "libc6-i386_2.4-1ubuntu12.3_amd64.url", "npm-init.md", "libc6-i386_2.9-4ubuntu6.3_amd64.info", "http-fileupload-exploiter.nse", "mysql-variables.nse", "npm-publish.md", "SeTfull (2)", "duplicates.nse", "log-shim.js", "gkrellm-info.nse", "index.py", "hlinkdb.py", "x11-access.nse", "servicetags.nse", "netbus-brute.nse", "ssh-run.nse", "arborist-cmd.js", "http-exif-spider.nse", "npm-fund.md", "pop3-brute.nse", "securetty (2)", "ls.js", "irc-unrealircd-backdoor.nse", "compare-loose.js", "npm-profile.md", "SeTfdHELP (2)", "shadow (2)", "samba-vuln-cve-2012-1182.nse", "logging.md", "libc6-i386_2.12.1-0ubuntu6_amd64.url", "CVE-2017-8570", "SeTpasswd", "canonical", "libc6-i386_2.23-0ubuntu10_amd64.info", "profile.js", "npm-test.md", "broadcast-wake-on-lan.nse", "npm-prune.md", "targets-ipv6-multicast-echo.nse", "smb-vuln-conficker.nse", "https-redirect.nse", "ldap-search.nse", "x86_64-apple-macos.swiftinterface", "find.codes", "mmouse-brute.nse", "zshrc", "update.js", "rtadvd.conf", "README (2)", "restart.js", "removepkg (2)", "services (2)", "icloud.ypcdce.com", "socks-auth-info.nse", "bjnp-discover.nse", "npm-diff.md", "SeTmedia", "libc6-i386_2.31-0ubuntu6_amd64.url", "asn-query.nse", "npm-explore.md", "node-which", "auth-spoof.nse", "fsck.ext2", "rsync-brute.nse", "ndmp-fs-info.nse", "master.cf.default", "team.js", "iec-identify.nse", "ssl-known-key.nse", "auth-owners.nse", "http-huawei-hg5xx-vuln.nse", "http-robtex-reverse-ip.nse", "empty (3)", "libc6-i386_2.15-0ubuntu20_amd64.info", "http-vuln-cve2010-2861.nse", "rebuild.js", "nbd-info.nse", "libc6-i386_2.9-4ubuntu6.3_amd64.symbols", "npm-start.md", "libc6-i386_2.23-0ubuntu11_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.url", "dns-cache-snoop.nse", "http-vuln-cve2015-1427.nse", "libc6-i386_2.28-0ubuntu1_amd64.info", "notify.conf", "http-vuln-cve2014-3704.nse", "db2-das-info.nse", "smb-flood.nse", "dns-client-subnet-scan.nse", "krb5-enum-users.nse", "http-vuln-cve2017-8917.nse", "http-coldfusion-subzero.nse", "profile", "base-command.js", "battery.csv", "protocols", "sendcmd.rc", "eap-info.nse", "CVE-2013-1331", "snmp-netstat.nse", "membase-brute.nse", "main.cf.proto", "CVE-2017-0147", "http-iis-webdav-vuln.nse", "disk_structure.txt", "scope.md", "npm-root.md", "libc6-i386_2.30-0ubuntu2_amd64.url", "vint.py", "smb-double-pulsar-backdoor.nse", "inc.js", "ipmi-version.nse", "broadcast-jenkins-discover.nse", "zprofile", "migrate (2).sh", "drecurse (2).py", "libc6-i386_2.24-3ubuntu1_amd64.info", "probe (2)", "ssh-hostkey.nse", "intersects.js", "libc6-i386_2.19-10ubuntu2.3_amd64.url", "rm.py", "libc6-i386_2.30-0ubuntu2.1_amd64.info", "ltr.js", "kexts.txt", "nrpe-enum.nse", "http-cakephp-version.nse", "custom_header_checks", "smb-enum-processes.nse", "outdated.js", "prerelease.js", "ld.so.conf", "std", "tso-brute.nse", "nexpose-brute.nse", "libc6-i386_2.3.6-0ubuntu20.6_amd64.symbols", "backorifice-info.nse", "npm-access.md", "libc6-i386_2.13-0ubuntu13.2_amd64.symbols", "CVE-2012-1856", "CVE-2017-0199", "libc6-i386_2.7-10ubuntu3_amd64.info", "ms-sql-ntlm-info.nse", "imap-capabilities.nse", "npm-unstar.md", "mysql-dump-hashes.nse", "dialogrc", "hashsplit.py", ".zcompdump", "https://the.sciencebehindecommerce.com/d9core", "ldd", "mounts.csv", "disk2", "filesize", "http-barracuda-dir-traversal.nse", "libc6-i386_2.4-1ubuntu12.3_amd64.info", "broadcast-dhcp-discover.nse", "libc6-i386_2.19-10ubuntu2.3_amd64.symbols", "installpkg (2)", "cassandra-info.nse", "dpap-brute.nse", "dir:ads.txt", "http-waf-fingerprint.nse", "ssh2-enum-algos.nse", "libc6-i386_2.24-3ubuntu2.2_amd64.url", "com.apple.screensharing.agent.launchd", "banner.nse", "libc6-i386_2.17-93ubuntu4_amd64.info", "giop-info.nse", "rc.inet1", "options.py", "reify-output.js", "ip-geolocation-map-google.nse", "package-url-cmd.js", "rm (2).py", "libc6-i386_2.24-9ubuntu2_amd64.symbols", "ncp-serverinfo.nse", "module.modulemap", "broadcast-ping.nse", "completion.js", "ntp.conf", "bounce.cf.default", "http-backup-finder.nse", "oracle-enum-users.nse", "networks", "epmd-info.nse", "http://clipper.guru/bot/regex", "pulse-till-done.js", "stars.js", "http-stored-xss.nse", "http-brute.nse", "access", "ldap-rootdse.nse", "transport", "to-comparators.js", "npm-help-search.md", "qrcode-terminal", "diskEncryption.csv", "ipmi-brute.nse", "libc6-i386_2.11.1-0ubuntu7.11_amd64.url", "checkout_info.py", "smb2-capabilities.nse", "ipidseq.nse", "ssl-cert.nse", "libc6-i386_2.27-3ubuntu1_amd64.symbols", "systemControls.csv", "http-userdir-enum.nse", "hadoop-secondary-namenode-info.nse", "dns-blacklist.nse", "libc6-i386_2.24-9ubuntu2_amd64.url", "BUILDING", "libc6-i386_2.30-0ubuntu2.1_amd64.symbols", "smtp-open-relay.nse", "snmp-hh3c-logins.nse", "SeTconfig (2)", "parse-options.js", "http-vuln-wnr1000-creds.nse", "inittab (2)", "mmouse-exec.nse", "pcanywhere-brute.nse", "arborist", "scripts.md", "installed-package-contents", "distcc-cve2004-2687.nse", "ms-sql-dump-hashes.nse", "mkdirp", "memcached-info.nse", "stage2", "broadcast-sybase-asa-discover.nse", "npm-help.md", "NetworkManager.service", "smtp-ntlm-info.nse", "slackinstall", "puppet-naivesigning.nse", "gtr.js", "xstat.py", "pwdgrp.py", "http-tplink-dir-traversal.nse", "dict-info.nse", "fdisk", "notes.txt:ads", "libc6-i386_2.15-0ubuntu10_amd64.url", "rsync-list-modules.nse", "stop.js", "x86_64-apple-ios-macabi.swiftinterface", "fsck.ext3", "libc6-i386_2.12.1-0ubuntu10.4_amd64.symbols", "http-jsonp-detection.nse", "TLS_LICENSE", "dns-srv-enum.nse", "msrpc-enum.nse", "libc6-i386_2.13-20ubuntu5.2_amd64.url", "broadcast-bjnp-discover.nse", "get-identity.js", "dns-brute.nse", "libc6-i386_2.29-0ubuntu2_amd64.url", "http-vuln-cve2014-2126.nse", "http-vuln-cve2017-5638.nse", "nfs-ls.nse", "gpsd-info.nse", "audit.js", "PROMPThelp (2)", "smb-system-info.nse", "rmi-dumpregistry.nse", "https://avient.remote-access.net", "process_list.txt", "security_status.txt", "meta.py", "libc6-i386_2.15-0ubuntu20_amd64.url", "ajp-auth.nse", "libc6-i386_2.11.1-0ubuntu7.21_amd64.symbols", "dependency-selectors.md", "eppc-enum-processes.nse", "features.py", "ip-geolocation-map-kml.nse", "did-you-mean.js", "cli-entry.js", "lorem.txt", "SeTPKG", "cloud.smartwishlist.webmarked.net", "diff.js", "fdisk (2)", "replace-info.js", "xtab", "modules.ieee1394map", "ms-sql-query.nse", "INSdir (2)", "tv.apple.com", "libc6-i386_2.5-0ubuntu14_amd64.info", "hadoop-jobtracker-info.nse", "help-search.js", "version.py", "http-wordpress-enum.nse", "LocalAuthentication.tbd", "http://avient.remote-access.net/", "search.js", "jdwp-version.nse", "config.md", "appleaccessory.online", "libc6-i386_2.21-0ubuntu4.3_amd64.symbols", "https://hybrid-analysis.com/file-collection/6604df4bb797f028b4065601", "repo.py", "nsswitch (2).conf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "DragonForce Malaysia Hacker Group" ], "malware_families": [ "Zeus", "Formbook", "Firstname", "Html", "Ransomware", "Suppobox", "Azorult - s0344", "Cobalt strike", "Br", "Maltiverse", "Tel:hacktool:win32/artemisuser", "Trojan:win32/matsnu", "Trojanspy", "Backdoor:php/artemis", "Feodo", "Virut", "Backdoor:win32/simda", "Laplasclipper", "Virus:win32/daum", "Emotet - s0367", "Pony - s0453", "Squirrelwaffle", "Revil (elf)", "Lastname", "Backdoor:win32/zbot", "Ramnit" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "68d62e5e038c036204e489ba", "name": "Deepsea - Seen in multiple targeting attacks | curse.llc |", "description": "DiabloFans.com redirects to curse.llc a shopify storefront that offering witchcraft related products and/or services. \n\nIt will take time to break down the true intent of the website. Maybe it\u2019s hacked maybe it\u2019s a tool. I think targeting is involved because of the constant appearance of diablofans.com in various types of research over time including a most recent pulse related to a target \n\nThere are multiple checkins, bots, Trojans , worms, etc. This entire pulse will be populated by OTX , I won\u2019t be able to annotate for this pulse,\nLet\u2019s see what happens. \n\n#Lowfi:HSTR:MSIL/Obfuscator.Deepsea.C", "modified": "2025-10-26T05:01:11.780000", "created": "2025-09-26T06:10:38.550000", "tags": [ "handle", "entity", "host name", "rdap database", "iana registrar", "roles", "dnssec", "links", "namecheap", "namecheap inc", "script urls", "united", "unknown ns", "moved", "script domains", "passive dns", "ip address", "body", "gmt content", "type", "title", "date", "meta", "request", "get updates", "common upatre", "p2p zeus", "common header", "struct", "downloader", "exe download", "terse", "regsetvalueexa", "execution", "dock", "write", "next", "win32", "persistence", "malware", "copy", "unknown", "canada unknown", "alfper", "entries", "ipv4", "pulse pulses", "urls", "files", "reverse dns", "location canada", "twitter", "present sep", "cname", "name servers", "search", "creation date", "canada", "certificate", "trojan", "ontario", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "defense evasion", "spawns", "development att", "href", "show technique", "mitre att", "ck matrix", "script", "network related", "input url", "network traffic", "t1204", "copy md5", "copy sha1", "copy sha256", "size", "sha1", "sha256", "flag", "canada canada", "strings", "cloudflar", "google", "googlecl", "facebook", "as autonomous", "system", "hetznera", "detail domain", "domain tree", "links domain", "requested", "url https", "general full", "name value", "resource", "asn13335", "cloudflarenet", "hash", "protocol h3", "express", "value", "please", "automatic", "webgl", "september", "variables", "shopify", "shopifypay", "st boolean", "shopifyforms", "raven", "hstr", "next associated", "mtb may", "ipv4 add", "trojanspy", "trojandropper", "span", "path", "button", "circle", "link", "keychains", "choose", "input", "small", "close", "form", "stop", "anime", "kitty", "iframe", "null", "open", "tarot", "footer", "curse", "first", "back", "error", "config", "contact", "signs", "main", "payment", "window" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 236, "FileHash-MD5": 320, "FileHash-SHA1": 314, "FileHash-SHA256": 2288, "URL": 889, "hostname": 361, "SSLCertFingerprint": 1, "email": 2, "CVE": 1 }, "indicator_count": 4412, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "175 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67f5555b6ce863d998e83e26", "name": "macOS Threat Infrastructure Leveraging Remote Agents via remotewd.com and rtmsprod.net", "description": "This pulse identifies an actively observed macOS-focused remote access infrastructure abusing trusted native Apple agents (ARDAgent.app, SSMenuAgent.app) and communicating with a distributed network of C2-like endpoints under domains such as remotewd.com, idsremoteurlconnectionagent.app, and rtmsprod.net.\n\nThe infrastructure is composed of dynamically generated subdomains \u2014 many in the form of device-.remotewd.com \u2014 indicative of automated deployment, system tracking, or per-host remote access configurations.\n\nAdditional indicators include HTTP/S URLs pointing directly to embedded binary paths within macOS agents, suggesting possible delivery vectors, staging, or persistence techniques.\n\nThis campaign shows signs of structured, programmatic targeting and is highly likely to be pre-operational infrastructure for wide-scale surveillance or access operations. All listed indicators should be considered high-risk. If observed in your environment, initiate a full forensic and IR process immediately.", "modified": "2025-05-11T19:03:59.885000", "created": "2025-04-08T16:56:59.641000", "tags": [ "generated from", "do not", "edit uri", "urls", "edit", "rewriteengine", "rewritecond", "rewriterule", "r301", "xml2encalias", "beralloct", "berbvarrayadd", "berbvarrayfree", "berbvdup", "berbvecadd", "berbvecfree", "berbvfree", "berdump", "berdup", "berdupbv", "laerrordomain", "laerrornoncekey", "lamechanismtree", "lacontext", "ladomainstate", "laenvironment", "lanotification", "laprivatekey", "lapublickey", "laright", "apple swift", "o librarylevel", "combine import", "foundation", "swift import", "mcpeerid", "mcsession", "property", "copyright", "protocol", "class", "bonjour", "ascii lowercase", "abc company", "section", "bonjour txt", "note", "ui element", "utf8 encoding", "nscopying", "nsdictionary", "nsstring", "mcextern", "attribute", "mcextern extern", "mcexternweak", "nsenum", "nsinteger", "mcerrorcode", "mcerrorunknown", "mcerrortimedout", "peer", "example", "bonjour apis", "stop", "tags", "session", "nsprogress", "nserror", "nsurl", "nsarray", "create", "nsuinteger", "notifies", "mcsession api", "interface", "dbictrace", "dbivporth", "dbictracelevel", "dbdtffoo", "dbihseterrchar", "dbicstate", "dbictraceflags", "provides macros", "dbi release", "only", "sqlsuccess", "odbc", "sqlok", "tim bunce", "england", "sql cli", "sql datatype", "sqlguid", "sqlwlongvarchar", "main", "beware", "sv sth", "sv dbh", "impsth", "impdbh", "sv keysv", "sv params", "sv attr", "sv attribs", "sv drh", "void", "fri jul", "mixed", "dbixsrevision", "plsvundef", "license", "spagain", "perlioprintf", "dbiclogpio", "putback", "ireland", "gnu general", "super", "magic", "dbicflags", "dbis", "svrv", "null", "imp2com", "dbicactivekids", "dbicfiadestroy", "sv h", "dbicdbistate", "code", "copy", "refer", "trace", "error", "unknown", "hookopcheckh", "startexternc", "hookopcheckcb", "userdata", "endexternc", "isinternalbuild", "kickmcxdforuid", "loadappkit", "ardconfig", "authenticator", "dsauthenticator", "dsnode", "dsrecord", "group", "hostconfig", "apfsvolumelock", "apfsvolumerole", "aoskgetosinfo", "aoskgetuserinfo", "aosaddappleid", "aosdisablepcs", "aosenablepcs", "aoslog", "aoslogforce", "aosrelaycookie", "didfailcallback", "kaosaccountkey", "kapcsbundle", "kapcspath", "kjsonextension", "apcsbucketid", "apcsreports", "apconfiguration", "apversiondata", "apversionhelper", "systemvolumesvm", "name size", "identifier", "gb disk0s3", "devdisk3", "apfs container", "scheme", "physical store", "macintosh hd", "apfs snapshot", "preboot", "refs address", "size wired", "name", "version", "uuid", "linked against", "renderer", "helper", "chrome helper", "contains", "cloud ui", "macintosh", "khtml", "gecko", "ui helper", "plugin", "service", "good", "battery power", "apfs encryption", "jumpcloud go", "chrome web", "store", "privacy badger", "flowcrypt", "encrypt gmail", "simple", "google", "b2b phone", "number", "apollo", "future", "exccrash", "sigkill", "code signature", "invalid", "sigabrt", "protonvpn", "excguard", "excbreakpoint", "sigtrap", "excbadaccess", "appl", "english", "adobe crash", "adobe", "acrobat dcadobe", "processor", "uninstaller", "assistant", "install", "cloud", "dock", "calendar", "music", "terminal", "tips", "installer", "updater", "proton", "tools", "stub", "python", "clock", "powershell", "team", "rave scout", "cookies", "public folder", "key cert", "sign", "crl sign", "root ca", "authority", "public primary", "global root", "verisign", "academic", "premium", "adaptive", "interactive", "background", "standard", "launchd sandbox", "s mdworker", "agent", "command line", "progress", "yubico", "macos13action", "disableoverride", "disableairdrop", "denyactivation", "enable", "loginwindowtext", "jumpcloud", "autoupdate", "loggingoption", "enablefirewall", "arm64e", "apple m2", "mac142", "kjqqtw7pqt", "daemon", "server", "open directory", "user", "account", "kerberos admin", "kerberos change", "device daemon", "network", "desktop", "screensaver", "bridge", "aesxtsarm", "aesecbarm", "sha512vngarmhw", "sha384vngarmhw", "sha256vngarm", "sha1vngarm", "darwin kernel", "wed mar", "wkarraycreate", "wkbooleancreate", "wkcontextcreate", "wkdatacreate", "wkdatagettypeid", "wkdoublecreate", "wkframecopyurl", "wkgettypeid", "wkimagecreate", "wkpagecandelete", "webview", "notice", "this software", "including", "but not", "limited to", "redistribution", "is provided", "by apple", "direct", "damage", "apiavailable", "webkit", "nsswiftname", "document", "a block", "as is", "hasinclude", "wkdownload", "abstract", "wkerrorcode", "wkerrorunknown", "discussion", "bool", "whether", "wkcontentworld", "wkwebview", "javascript", "nsunavailable", "vaargs", "nsswiftasync", "wkswiftasync", "wkcookiepolicy", "wkswiftuiactor", "nshttpcookie", "targetosiphone", "wknavigation", "decides", "boolean value", "apideprecated", "methodkind", "wkerrordomain", "wkscriptmessage", "promise", "fulfill", "const", "url scheme", "mark", "wkuserscript", "targetosvision", "param", "wkframeinfo", "targetosios", "pass", "window", "mime type", "link", "nsimage", "returns", "nsset", "checks", "matches", "a boolean", "defaults", "wkwebextension", "cgsize", "uiimage", "apis", "nsdate", "wkcontentmode", "wkextern", "possible", "cgfloat", "media", "cgrect", "apiunavailable", "framework", "nsswiftuiactor", "targetoswatch", "confirms", "apple upgrade", "nsstring user", "nsobject", "provider", "apple", "password", "uicontrol", "nscontrol", "asuseragerange", "check", "opaque user", "apple id", "initiate", "asauthorization", "operation", "state", "nserrorenum", "nsdata", "relying party", "asapiavailable", "perform", "realm", "http response", "authorization", "http", "oauth", "saml", "a byte", "nsdata userid", "relying", "a string", "nsdata readdata", "bool didwrite", "a cose", "nsdata first", "nsdata second", "nsstring name", "bool appid", "targetosxr", "nsstring appid", "bluetooth", "mdm profile", "nsurl url", "returns yes", "a state", "a json", "web token", "private seckeys", "enables", "keychain", "asswiftsendable", "cose algorithm", "ecdsa", "sha256", "cose curve", "p256", "nullable", "bool success", "remove", "call", "complete", "initializes", "time code", "extensions", "asextern extern", "asextern", "nsswiftsendable", "prepare", "list", "nsextension", "attempt", "nsstring label", "creates", "nsstring code", "a key", "webauthn", "nssecurecoding", "input", "output", "initialize", "nsinteger rank", "json", "inputs", "hash", "nsstring origin", "settings app", "extension", "https urls", "safari", "cancel", "nsuuid uuid", "r uftpexu", "nsmutabledata", "vnsdate", "mprcjy", "postfix", "domain", "canonical", "tables", "ldap", "post", "replace user", "address", "wietse venema", "bugs", "mail", "aliases", "postfix version", "restrict", "sample", "person", "basic system", "general", "reject empty", "postfix smtp", "ipv6 host", "reject", "reply", "access", "prior", "hold", "info", "mail delivery", "charset", "system", "report", "postfix dsn", "mail returned", "this", "generic", "smtp", "isp mail", "mime", "headerchecks", "readme files", "filters while", "posix", "empty", "body", "write", "date", "smtp server", "specify", "mx host", "unix password", "user unknown", "pathbin", "postfix queue", "unix", "cyrus", "path", "uucp", "shell", "local", "program", "agreement", "contributor", "recipient", "contribution", "the program", "corporation", "contributors", "product x", "as expressly", "arch", "arch x8664", "pipe wall", "wimplicit", "ranlib", "warn", "switch", "start", "systype", "outlook", "postfix master", "begin", "server admin", "mail backend", "modern smtp", "iana", "many", "postfix pipe", "recent cyrus", "amos gouaux", "old example", "or even", "lutz jaenicke", "technology", "cottbus", "germany", "openssl package", "openssl project", "europe", "remember that", "use of", "file", "update", "usrsbin", "file format", "no group", "daemondirectory", "deliver mail", "transport", "description", "result format", "virtual", "virtual alias", "redirect mail", "relocated", "matches user", "synopsis", "lastname", "firstname", "apple computer", "tcpip", "supported", "quantum", "facility", "level", "level info", "broadcast", "ignore", "rules", "sender", "automounter map", "use directory", "get home", "home autohome", "true", "t option", "mount", "force", "environment", "automountdenv", "promptcommand", "shellsessiondir", "histfile", "histfilesize", "myvar", "histtimeformat", "arrange", "bashrematch", "tell", "ps1h", "make bash", "s checkwinsize", "etcbashrc", "termprogram", "inpck", "nnnbaud", "berkeley", "parity", "pc entry", "pass8", "parenb istrip", "fixed speed", "entry", "clocal mode", "maxhistsize", "promptmode", "verbose end", "etcirbrcloaded", "default", "setup", "history file", "kernel", "readline", "jabber", "group database", "dovecot", "postfix scsd", "networkd", "searchpaths", "freebsd", "tmpdir", "fcodes", "prunepaths", "vartmp", "prunedirs", "filesystems", "nroff", "manpath", "uncomment", "manpager", "whatispager", "manlocale", "every", "manpath optman", "maybe", "troff", "status mailfrom", "returnpath via", "pidfile", "flags", "bcgjnuwz", "bin usrsbin", "sbin", "default pf", "care", "audio", "user database", "unix copy", "gate daemon", "bashno", "r etcbashrc", "rfc1323", "m1460", "macos x", "signature", "linux", "opera", "xp sp1", "windows sp1", "nmap syn", "m265", "synack", "mind", "macos", "warp", "ipv6", "internet", "icmp", "cisco", "monitoring", "argus", "chaos", "rsvp", "encapsulation", "aris", "isis", "netbootmount", "netbootshadow", "computername", "localonly", "localnetbootdir", "netboot", "define", "purpose", "networkonly", "waiting", "networkup", "term", "devnull", "common setup", "configure", "set command", "dns hostname", "dns query", "see also", "kame", "sunnet manager", "rpcsrc", "netlicense", "ftpd", "bindash binksh", "binsh bintcsh", "jumpcloud ldap", "smb2", "security", "workgroup", "standalone", "samba server", "enforce", "smb3", "example share", "improper use", "ctrlc", "none", "fax reception", "hardwired", "0007", "must", "visudo", "blocksize", "charset lang", "language lcall", "lines columns", "lscolors", "sshauthsock", "orion", "setup user", "home", "zdotdir", "delete", "beep", "vendor", "kf10", "kf11", "kf12", "kf13", "backspace", "insert", "resume", "termsessionid", "savehist", "sharehistory", "h do", "volume", "de l", "l uuid", "m tra", "n est", "suuid", "prfen", "fusion", "syst", "look", "executant", "alla", "over", "test", "overie", "zapis", "rapid", "disco usa", "de macos", "nie s", "i denne", "adgjmpsvx", "diskgthis disk", "01k8x j", "34disk", "levy kytt", "dict", "array", "plist", "apple root", "code signing", "inode64r", "xofkoxzh", "integer", "doctype", "brain", "abcd", "ogwo", "boaw", "cobwa", "uhawavauatsh", "ip bitmap", "foewdc", "could", "ip block", "funcs", "cogwo", "trash", "double", "hunt", "affa", "carr", "crypto", "docwbac", "q1b0", "q1 0", "h h5", "docwbag", "slice", "format", "zero", "alfa", "hera", "lelei", "hehe", "hisp", "fail", "katy", "zakk", "eodwcbgao", "hhk8di", "alma", "topo", "open", "huhk", "piper", "hehx", "eh ui", "h20hph", "hif h", "hmhhihqhyla hq", "r11b0", "target", "uus10u", "hifh", "loghookfailed", "loghook", "hell", "q1b 0", "f duh", "aqw1", "1160" ], "references": [ "index.html.en", "bind.html", "caching.html", "BUILDING", "configuring.html", "content-negotiation.html", "custom-error.html", "convenience.map", "LDAP.tbd", "lber.h", "ldap.h", "LocalAuthentication.tbd", "arm64e-apple-macos.swiftinterface", "x86_64-apple-ios-macabi.swiftinterface", "arm64e-apple-ios-macabi.swiftinterface", "x86_64-apple-macos.swiftinterface", "MultipeerConnectivity.tbd", "module.modulemap", "MCNearbyServiceAdvertiser.h", "MCPeerID.h", "MCError.h", "MCNearbyServiceBrowser.h", "MCAdvertiserAssistant.h", "MultipeerConnectivity.apinotes", "MultipeerConnectivity.h", "MCSession.h", "MCBrowserViewController.h", "dbivport.h", "dbi_sql.h", "dbd_xsh.h", "dbixs_rev.h", "Driver_xst.h", "DBIXS.h", "hook_op_check.h", "Admin.tbd", "AirPlayReceiver.tbd", "apfs_boot_mount.tbd", "AOSKit.tbd", "APConfigurationSystem.tbd", "AppleFirmwareUpdate.tbd", "launchdaemons.txt", "preboot_archive_errors.log", "mounts.txt", "launchagents.txt", "disk_structure.txt", "user_launchagents.txt", "security_status.txt", "kexts.txt", "process_list.txt", "battery.csv", "diskEncryption.csv", "chromeExtensions.csv", "crashes.csv", "interfaceAddrs.csv", "kernel.csv", "interfaceDetails.csv", "etcHosts.csv", "applications.csv", "mounts.csv", "sharedFolders.csv", "certificates.csv", "sharingPreferences.csv", "launchD.csv", "usbDevices.csv", "managedPolicies.csv", "systemInfo.csv", "users.csv", "sipConfig.csv", "systemControls.csv", "canonical", "aliases", "custom_header_checks", "access", "bounce.cf.default", "generic", "header_checks", "main.cf.default", "LICENSE", "makedefs.out", "main.cf", "master.cf.default", "main.cf.proto", "master.cf.proto", "master.cf", "TLS_LICENSE", "postfix-files", "transport", "virtual", "relocated", "afpovertcp.cfg", "asl.conf", "auto_home", "auto_master", "autofs.conf", "bashrc_Apple_Terminal", "com.apple.screensharing.agent.launchd", "bashrc", "command_args.json", "csh.cshrc", "csh.login", "find.codes", "csh.logout", "ftpusers", "gettytab", "irbrc", "kern_loader.conf", "group", "locate.rc", "man.conf", "mail.rc", "manpaths", "networks", "nfs.conf", "newsyslog.conf", "ntp_opendirectory.conf", "ntp.conf", "notify.conf", "paths", "pf.conf", "passwd", "profile", "pf.os", "protocols", "rc.netboot", "rc.common", "rmtab", "resolv.conf", "rtadvd.conf", "rpc", "shells", "smb.conf", "sudo_lecture", "ttys", "syslog.conf", "xtab", "sudoers", "zprofile", "zshrc", "zshrc_Apple_Terminal", "CodeResources", "version.plist", "Info.plist" ], "public": 1, "adversary": "DragonForce Malaysia Hacker Group", "targeted_countries": [], "malware_families": [ { "id": "Lastname", "display_name": "Lastname", "target": null }, { "id": "Firstname", "display_name": "Firstname", "target": null } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 66, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ilyailya", "id": "298851", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4449, "domain": 3847, "URL": 14263, "FileHash-SHA256": 2356, "FileHash-MD5": 223, "FileHash-SHA1": 523, "email": 223, "CVE": 40, "CIDR": 12, "SSLCertFingerprint": 302 }, "indicator_count": 26238, "is_author": false, "is_subscribing": null, "subscriber_count": 35, "modified_text": "343 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6660c1268a1f430e17236b55", "name": "Python: OVSAgentServer Document (autofilled name)", "description": "Here is the full text of the Vuze-dht-info script, which is written by \"Patrik Karlsson\" and followed by the following:-1-2-3. (Autofilled). This was pulled from a Windows 11 Hidden Folder from UAlberta Sample Device.", "modified": "2024-07-24T20:04:38.074000", "created": "2024-06-05T19:48:54.286000", "tags": [ "vuze", "dht service", "force", "port", "port state", "service version", "transaction id", "connection id", "vendor id", "azureus", "methods", "function", "method", "performs", "uri path", "same", "nmap", "see https", "buffer", "http post", "xdmcp", "session id", "mitmagiccookie1", "authorization", "displayid", "x display", "su p", "service", "patrik karlsson", "x server", "code", "xopendisplay", "checks", "tcp port", "xhost", "list", "host", "null", "retrieves", "wsdiscovery", "framework", "message id", "device wprt", "patrik", "author", "example", "john foo", "athens", "attiki", "domain name", "attempts", "service reason", "support", "active", "error", "false", "t3 protocol", "extrainfo", "weblogicversion", "t3 rmi", "daniel miller", "weblogic", "note", "cvss score", "isc bind", "todo", "cvss", "cpes", "sv output", "limit cves", "dot com", "mark", "elem", "stripnull", "wind debug", "wind river", "systems vxworks", "debug service", "boot line", "wdbprocedure", "agent", "vulnerable", "metasploit", "target", "seqnum", "vtam", "logon", "tn3270", "applid", "ibmtest", "cics", "dominic white", "tn3270 screen", "folder", "soldier", "path", "screen", "server", "cluster", "name", "http port", "admin port", "voldemort", "persistence", "driver", "apple remote", "desktop", "sasl", "aten", "vnc auth", "tries", "vnc server", "libvncserver", "bypass", "tight auth", "security", "mac os", "x security", "daemon", "220 vmware", "pass", "connectionpool", "xmpp", "login", "plain", "jabber", "soap api", "server version", "build", "os type", "product line", "header", "queries", "vmware server", "esxi", "vasto", "this", "body", "problem", "xmlns", "dns name", "tigase", "registration", "tonumber", "mlink", "connects", "citadel", "inside", "administrator", "root path", "database path", "sat mar", "version", "extracts", "versant object", "databases", "urls", "sniffed", "require", "sniffs", "http traffic", "ip address", "script output", "interface", "controls", "upnp service", "thomas buchanan", "table", "thisdb", "iana", "string", "arin", "boolean true", "comp", "meta", "trim", "actions", "openssh", "postfix smtpd", "msrpc", "runs", "comm", "prot", "group", "head", "admin", "phan", "ventrilo udp", "totpck", "totlen", "win32", "ping", "raid", "formats", "idera uptime", "intel", "gets", "domain", "arch", "linux", "smp fri", "x8664 x8664", "gnulinux", "info", "tso user", "user id", "userid", "tso logon", "valid user", "data", "nse object", "fakeuser", "razor", "blade", "plague", "tlvvalue", "ubiquiti", "probev1", "bb i2", "probev2", "tom sellers", "hidden", "zzzzz", "ooooo ssss", "enter", "fortran", "user", "skipped", "zero", "cool", "final", "scriptname", "ticketbleed", "tls session", "high", "tls stack", "hello", "done", "tls npn", "connection", "tls server", "npn extension", "spdy4a4", "spdy3", "hani benhabiles", "alpnname", "tls alpn", "client hello", "alpndone end", "alpn protocol", "filenotfound", "requesterror", "filefound", "enumerates", "tftp", "cisco", "script", "unknown", "kml file", "google earth", "geolocation", "italy", "getvalue", "rtt address", "sweden", "activetelnet", "hosttest2", "negotiate", "ntlm", "ntlmssp message", "netbios", "dnsdomainname", "dnscomputername", "dnstreename", "teamspeak", "udp packet", "cowclans", "service info", "traceroute scan", "hops", "inserts", "nmap scanning", "henri doreau", "nmap xml", "attribute", "loads", "address type", "ipv4", "ipv6", "filename", "telnet server", "freebsd", "option", "determines", "exploit", "linux advisory", "telnet", "default", "nick nikolaou", "make", "status", "driver object", "verdict", "target object", "telnet host", "telnet port", "password", "usersegs", "prefijo", "tablapalabras", "direccion", "prefixaux", "userright", "ipv6bin", "filler", "first", "iface", "ipv6 address", "targetstr", "slaac", "ipv6 host", "icmpv6 router", "advertisement", "nd host", "ipv6 stateless", "david fifield", "cidr notation", "bond", "simplified", "bsd license", "srcmac", "sends", "icmpv6 packet", "weilin", "icmpv6 echo", "svn server", "username", "crammd5", "helper", "result", "ipaux", "ipv6user", "ipv6network", "grantotal", "ipv6 subnet", "ipv4sub", "sslv2", "matthew boyle", "stuxnet", "infected", "stuxnetpaths", "stuxnetuuid", "stuxnetversion", "rpcgetversion", "smb session", "stuxnet service", "stdnse", "check", "secure socket", "https layer", "sstp traffic", "current sstp", "seil", "snippet", "ipmi", "exploitable", "output file", "calderon", "openssl", "heartbleed bug", "eof receiving", "match", "fingerprintfile", "ssl certificate", "littleblackbox", "apt1", "specify", "drown", "cve20160800", "sslv2 protocol", "tls ciphertext", "cve20153197", "cve20160703", "rsa data", "rfc1918", "ssl service", "issuer", "x509v3", "reports", "x509v3 subject", "steve benson", "sslv3", "ccs injection", "timeout", "ccs packet", "ssltls mitm", "protocol", "sweet32 attack", "ciphersuite", "chunksize", "gethellotable", "broken cipher", "find", "compressor", "format", "certificate", "pem return", "public key", "pcall", "delaware", "san jose", "california", "paypal", "accepted public", "keys", "checking key", "found", "connect", "actionend end", "specifies", "devin bjelland", "sshv1", "ssh server", "ssh protocol", "brandon enright", "modp group", "dsa group", "length", "diffiehellman", "ffffffff", "fromhex", "c4c6628b", "f25f1437", "e485b576", "generator", "tls port", "tls host", "tls serverhello", "unix timestamp", "jacob appelbaum", "returns", "poodle", "tlsfallbackscsv", "cve20143566", "ssl poodle", "ssl protocol", "authentication", "authenticated", "output", "privatekeyfile", "passphrase", "command", "ssh2 server", "kris katterjohn", "key comparison", "shows ssh", "md5 fingerprint", "ascii art", "matches", "sven klemm", "piotr olma", "socks proxy", "socks version", "guest", "iusredusrv011", "iwamedusrv011", "support388945a0", "tomcat", "socks", "snmp v1", "jetdirect", "jd117", "cidate", "system uptime", "security update", "windows media", "player", "windows server", "apache tomcat", "domain names", "mitigation apis", "kb911564", "kb924667v2", "kb925398", "explorer", "db2copy1", "lookup service", "application", "cryptographic", "db2das", "db2das00", "apache", "dcom", "launcher", "webapps", "value", "windows shares", "system idle", "process", "users", "system", "mib oids", "huawei", "hph3c locally", "snmp", "enterprisenums", "snmpv3 server", "security model", "snmpv3 get", "enterprise", "snmp community", "nextcommunity", "argument", "add ipv6", "vikas singhal", "serveraddress", "tftp server", "copystatus", "cisco router", "snmp rw", "fail", "config", "layer", "channel", "rfc3635", "ieee", "mac address", "obsolete", "generic", "voice", "prop", "terminal", "team", "test", "request", "joao correa", "mail server", "smtp", "diman todorov", "cyrus sasl", "auth", "postfix smtp", "authvuln", "cve20111720", "digestmd5", "activesmtp", "ehlo", "per rfc", "tls connection", "continue", "smtp ntlm", "ethernet", "macosx", "marek majkowski", "tiger", "rcpt", "vrfy", "expn", "socket", "user name", "mail from", "rcpt to", "duarte silva", "windows", "ron bowes", "vista", "srvsvc function", "wireshark", "p u137", "help", "ntlm login", "arturo buanzo", "busleiman", "lf line", "extended", "turn", "dkim", "exim", "exim server", "mail", "cve20111764", "exim daemon", "dkim format", "exim smtp", "webexservice", "handle", "runcommand", "windows account", "open", "cve20104344", "cve20104345", "sendrecv", "debianexim", "exim version", "could", "remote code", "webexec", "doesnotexist", "patched", "microsoft", "case", "msrc8742", "u137", "t139", "index", "define", "smtp server", "i2 i2", "microsoft smbv1", "reserved", "eternalblue", "wannacry", "ipc tree", "windows xp", "print spooler", "vulnerability", "lanman api", "september", "printer spooler", "stuxnet worm", "shareddocs", "smb server", "xp sp2", "windows vista", "gold", "smb request", "smb packet", "bsod", "dns server", "ms07029", "rpc interface", "rpc service", "notup", "server service", "execution", "ras rpc", "ms06025", "remote access", "rras", "rras memory", "routing", "systemroot", "reggetvalue", "installdate", "csdversion", "currentversion", "identifier", "productname", "model", "smbv1", "nt lm", "smbv3", "smbv2", "groups", "builtin", "account lockout", "samr", "connect4", "enumdomains", "invite", "options", "subscribe", "sip server", "cancel", "refer", "notify", "option request", "entry", "message signing", "smb security", "lmv2", "ntlmv2", "ms08068", "cve20093103", "process id", "advisory", "smbv2 protocol", "vista gold", "high header", "loop", "address", "reply", "ttl64", "comment", "ms08067", "conficker", "printer", "text", "service rpc", "lanman", "later", "service pack", "fqdn", "standard", "computer name", "sql2008", "workgroup", "servertypes", "typenames", "mssql server", "time capsule", "backup browser", "dfs root", "master browser", "sql server", "settings", "inetpub", "size time", "normal user", "description", "close", "bind", "clean", "infected2", "scanner", "namewin32", "read", "current user", "type", "readwrite", "usercanwrite", "current", "default share", "stypeipchidden", "write", "trojan", "changeddate", "names", "sids", "servicepaused", "servicestopped", "servicerunning", "gateway service", "manager", "shadow copy", "provider", "remote desktop", "tools", "spooler", "id process", "bytessec", "operationssec", "bytes", "pid ppid", "daniel", "rids", "homegroupuser", "windows system", "aliases", "lists", "double pulsar", "smb backdoor", "pulsar smb", "backdoor", "b i2", "luke jennings", "valid", "hostinfo", "invalidpassword", "userlist", "userlistindex", "blank", "third", "windows smb", "smb2 protocol", "smb2", "startdate", "starttime", "boot time", "date", "vuln", "securitymode", "smb2smb3", "file system", "leasing", "smbv2 server", "skype", "skype version", "skype author", "probes", "extension value", "number", "register sip", "file", "sip session", "true", "ekiga", "home", "user agent", "sip from", "request source", "request sip", "shodanapi key", "shodan", "shodan api", "sn pn", "apache httpd", "proto", "product parent", "xmltotext", "sunw", "instance urn", "product version", "product urn", "product defined", "instance id", "cpus", "probe", "xport", "samba", "samba heap", "cve20121182", "pidl", "zdican1503", "msrpc call", "szl request", "sendreceive", "offset", "siemens s7", "action", "plcscan", "copyright", "module type", "idle", "user on", "from since", "commondirs", "cve20177494", "payloadx86", "payloadx64", "samba remote", "rtsp", "rtsp urls", "describe", "setup", "play", "teardown", "roca", "detects", "return", "ssltls", "nse library", "pop3", "capa command", "user capa", "respcodes uidl", "pipelining stls", "top sasl", "rpc program", "rpc port", "sendpacket", "receivepacket", "rpc number", "rpc protocol", "host table", "port table", "winpcap", "getinfo", "pro1000 mt", "desktop adapter", "hamachi virtual", "winpcap remote", "capture daemon", "password1", "rmi registry", "tcclassdesc", "flags", "field count", "tcnull", "tcblockdata", "oraclesun", "custom data", "classpath", "java management", "custom", "martin holst", "swende", "performs brute", "unix rlogin", "unix", "item", "node name", "crypto version", "skerl version", "os mon", "basho version", "lager version", "cluster info", "luke version", "sasl version", "time", "odd response", "make sure", "diff", "unix rexec", "horizontal", "hostaction", "architecture", "filter", "redis", "realvnc", "cve20062369", "adderlink ip", "send", "cvssv2", "medium", "tpdu", "cve20120002", "ms12020 remote", "risk factor", "w2016", "credssp", "ntlmssp", "w16gasrv01", "success", "security layer", "early user", "rdstls", "rdp encryption", "fips", "rdp protocol", "knownprotocols", "wolfenstein", "enemy territory", "nexuiz", "quake iii", "arena", "openarena", "basic options", "other options", "getstatus", "statusresp", "quake3 game", "toni ruottu", "delay", "tcp packet", "maximum number", "mean", "numtrips", "delta", "qnx qconn", "qconn daemon", "root", "brendan coles", "puppet ca", "puppet naive", "csrs", "dummycsr", "defaultnode", "defaultenv", "paths", "response", "puppet server", "firmware", "pptp", "rt57i author", "activepop3", "pop3 ntlm", "pop3test2", "apop", "pop server", "pop3 account", "printer job", "language", "pjlreadymessage", "aaron leininger", "prev", "rstart", "ssl support", "force protocol", "ssl encryption", "plc type", "model number", "firmware date", "pcworx message", "nse script", "pcworx", "program", "phoenix contact", "pcanywhere", "xorkey", "mtus", "ipprotoudp", "ipprototcp", "pmtu", "pathmtuprobe", "path mtu", "drop", "hash", "key1", "seed", "noise", "oracle virtual", "server agent", "python", "http get", "basehttp", "virtual server", "get request", "oracle tns", "errcodes", "decodevsnnum", "decodes", "vsnnum version", "tns header", "tns packet", "unit size", "oracle", "checkaccount", "count", "oracle user", "october", "critical patch", "maxretries", "defaultaccounts", "dhiru kholia", "authvfrdata", "account", "device type", "uptime", "nack", "kernel version", "device", "mask", "alarm", "bad login", "nson", "openlookup", "arizona", "nson int", "parsefloat", "parses", "paradise", "ofpthello", "openflow", "initial packet", "newer", "jay smith", "mak kolybabi", "size", "memory card", "response code", "omron fins", "system use", "program area", "iom size", "expansion dm", "openvas manager", "target hosts", "firewall", "hosts", "nrpeprotocols", "warning", "nrpestates", "nrpecommands", "crc32constants", "i2 i4", "queries nagios", "remote plugin", "executor", "critical", "nepclientmacid", "serverhslen", "finalhslen", "nping echo", "echo mode", "activenntp", "nntp", "nntptest2", "ohost", "rhost", "job entry", "ohostrhost", "nje server", "nje password", "nje node", "mountpath", "nfsopen", "filesystem", "blocksize", "shows nfs", "showmount", "rpc query", "rpc library", "mount", "read lookup", "getattr", "readdirplus", "lookup", "delete", "loginresponse", "nexpose nsc", "netbuster", "netbus", "extends", "sv p", "defaultfields", "ntp server", "refid", "stratum", "network time", "reference", "applications", "log traffic", "volume", "wave", "synth", "netbus backdoor", "access", "netbus server", "nessus web", "nessus", "network data", "ndmp", "nas device", "amanda", "bacula", "ca arcserve", "commvault", "simpana", "emc networker", "exec", "device0000", "os version", "novell netware", "core protocol", "server name", "tree name", "windows2003", "skullsecurity", "netbios user", "netbios mac", "vmware", "servername", "workstationname", "netbios ns", "hewlett packard", "andrey zhukov", "ussc", "exported block", "readonly", "negotiation", "displays", "network block", "device protocol", "nbd server", "maps", "wan port", "nat port", "natpmp", "successfully", "wan ip", "apple airport", "natpmp protocol", "express", "extreme", "apple time", "capsule", "ddwrt", "mysql", "mariadbmysql", "mysqlmariadb", "mariadb", "cve20122122", "select distinct", "mysql database", "select host", "autocommit", "thread id", "support41auth", "mysql error", "mysql server", "kingcope", "dumps", "john", "ripper", "appropriate db", "review", "adminaccounts", "cis mysql", "skip", "create user", "verify", "super", "shutdown", "reload", "murmur", "udp port", "murmur server", "murmur service", "nmap service", "udp probe", "tcp service", "i4 i4", "igmp traceroute", "query", "source address", "static", "multicast group", "fwdcode", "library", "configuration", "enabled", "dns suffix", "dbcount", "tablecount", "select", "microsoft sql", "activesql", "dbtest2", "disconnect", "rslimit", "host script", "port script", "sql servers", "getname", "servers", "objectid", "select name", "from", "johntheripper", "dump", "dac port", "browser service", "dedicated admin", "dac feature", "sqlserver", "sql mail", "database mail", "dmo xps", "login success", "policy agent", "dhcp client", "lrpc endpoint", "msrpc endpoint", "remote fw", "dvmrp ask", "neighbors", "dvmrp", "neighbor", "igmp", "dvmrp code", "iterate", "major", "publish", "mqtt broker", "sanity", "mqtt", "indicate", "mqtt protocol", "topic", "connack", "mongodb build", "server status", "mongodb", "database", "error message", "httpstorage", "gateway target", "modbus", "to response", "formrsid", "illegal data", "slave device", "scada modbus", "scada", "switchmode", "mobile mouse", "os x", "attempted", "rpa tech", "connected30", "api routeros", "xmlreq", "methodname", "param", "methodcall", "metasploit rpc", "xdax00x20", "ruby version", "api version", "gathers", "api guide", "host name", "reqid", "stat", "nodes", "hostname", "mnesia version", "stdlib version", "auth failure", "agentguid", "didier stevens", "msie", "start", "mcafee epolicy", "eposerver", "instroot", "sap max", "dbmserver", "tn3270e", "unit", "tn3270e server", "logical unit", "macdst", "cadmus computer", "host id", "ipv4 address", "icon image", "repeater ap", "lineage", "printervidpid", "lexmark s302", "hbn3", "lexmark", "dcnet", "dccqure", "cnusers", "ldap", "qfilter", "dcfunctid", "cnconfiguration", "dcfunc", "cnschema", "cnservers", "ocqure", "nmas get", "allow admin", "ldap username", "ldap password", "cnadmin", "cnpaka", "login correct", "openldap", "ldap base", "ad discussion", "kerberos realm", "kerberos", "krb5", "asn1encoder", "realm", "knx address", "knxdibknxmedium", "knx gateway", "knx description", "din en", "http", "niklaus schiess", "java debug", "wire protocol", "jdwp", "java", "internet", "michael schierl", "method run", "java class", "b i8", "sat aug", "daylight time", "portal", "name service", "isns", "auth reason", "collects", "receive", "irc server", "d p6667", "e binsh", "vv localhost", "authenticate", "cap req", "internet relay", "chat", "imap", "imap4rev1", "imap4 literal", "blocked", "nick", "none", "motd", "nquitn", "stats", "lusers", "pingpong", "nmap brutern", "rxbot", "agobot", "slackbot", "mytob", "rbot", "sdbot", "ircbot", "vanbot", "gtbot", "spybot", "storm", "knx search", "device mac", "knxhpaiport", "knxdibdevmac", "discovers", "ipv6 suffix", "cpu usage", "cisco ios", "november", "netscreen", "qtypenodename", "qtypenoop", "qtype", "stringify", "ipv6 node", "qtypestrings", "stevecasner", "ff02000000", "20060921", "19941101", "kanglee", "20070202", "ff0x000000", "discovery", "ssdp", "passauth", "userauth", "conninfo", "channel auth", "claudiu perta", "rakp cipher", "ipmi interface", "cipher zero", "state service", "ipmi rpc", "aggressive mode", "vpngroup", "main mode", "ikeresponse", "ike service", "main", "hybrid", "testfr", "startdt", "asdu address", "getasdu", "cicna1", "iec104", "startdt act", "meeina1", "cicna1broadcast", "ip id", "ip ids", "numprobes", "shortport", "sslcert", "https", "iphttps", "city", "islands", "republic", "united", "startpos", "philadelphia", "recordbuf", "char", "jackson", "download", "dayton", "hill", "terre", "austin", "rouge", "green", "phoenix", "rapid", "diego", "vegas", "albania", "armenia", "belarus", "cuba", "indonesia", "lucia", "mexico", "panama", "paraguay", "slovakia", "chad", "uruguay", "april", "placemark", "point", "nmap registry", "required", "google maps", "api key", "google map", "premium", "google static", "maps api", "png8", "bing maps", "bing map", "road", "rest api", "rest", "jpeg", "fremont", "apikey", "a sting", "new jersey", "icmp echo", "lan host", "icmp", "nmap host", "information", "results", "dbinfo", "ibm informix", "dynamic server", "select first", "dbhostname", "full", "driver class", "client name", "impress version", "remote server", "impress remote", "remote pin", "firefox os", "clientname", "bruteforce", "activeimap", "ntlm challenge", "starttls", "socket receive", "imap ntlm", "istag", "resptbl", "icap service", "icap", "echo", "echo demo", "urlcheck demo", "udp iax2", "revision", "control frame", "poke request", "voip", "ferdy riphagen", "asterisk iax2", "xssedsite", "xssedsearch", "xssedfound", "xssedfixed", "xssedmirror", "xssedurl", "vlc streamer", "developer", "user guides", "increase", "base path", "ange gutek", "peter hill", "search", "wordpressapiurl", "wp root", "wordpress", "defaultwpuri", "initial check", "default uri", "default uservar", "default passvar", "webdav", "propfind", "copy", "move", "post", "proppatch", "trace", "server header", "modsecurity", "webknight", "binarysec", "cloudflare", "bigip", "xml gateway", "airlock", "profense", "netscaler", "idsipswaf", "web application", "attackvectorsn1", "wafidsips", "barracuda", "phpids", "latest", "paul amar", "rob nicholls", "rompager", "andrew orr", "bid71744 cve", "wordpress rest", "injection", "sql injection", "joomla", "regexpsuccess", "sql statement", "mysql user", "python script", "intel active", "params", "cve20175689", "bid98269", "nonce", "apache struts", "cve20175638", "http method", "url path", "ms15034", "http protocol", "system account", "groovy", "elasticsearch", "rce exploit", "java version", "json", "cve20151427", "wordpress cm", "php code", "cm download", "manager plugin", "cve20148877", "php system", "drupal core", "drupal", "auth sql", "title", "formid", "cisco asa", "sip denial", "sip inspection", "cisco adaptive", "software", "bug id", "cscuh44052", "ssl vpn", "clientless ssl", "vpn session", "asdm privilege", "asdm access", "cscuj33496", "minor", "zimbra", "ajxmsg", "zmsg", "zmmsg", "ajxkeys", "zmkeys", "zdmsg", "december", "file inclusion", "concept", "url redirection", "web server", "referer header", "cve20136786", "xss injection", "rails", "ruby", "cve20130156", "cdata", "yaml", "parameter", "denial", "cve20121823", "web development", "html", "phpcgi", "reverse proxy", "apache http", "contextis", "lan ip", "security bypass", "bid49957", "proxy", "apache web", "head request", "pt80443", "bid49303", "coldfusion8", "hmac", "salt", "http server", "sha1 hmac", "traversal", "bid42342", "coldfusion", "cve20100738", "jboss target", "path2", "array", "object", "services", "blazeds", "livecycle data", "adobe xml", "external entity", "livecycle", "webmin", "usermin", "cve20063392", "webmin file", "disclosure", "cve20093733", "vmware path", "vmware esx", "tony flick", "shmoocon", "sha1", "sha256", "eicar test", "resource", "virustotal", "eicartestfile", "readfile", "searches", "http response", "identify", "characters", "spiders", "xfoo", "evoxabout", "trane tracer", "trane", "tracer sc", "hwver12ab", "airhandler", "xxxxx", "normalizepath", "depth", "http1", "http trace", "uri author", "tplink wireless", "wr740n", "wr740nd", "wr2543nd", "confirmed", "wr842nd", "wa901nd", "wr941n", "wr941nd", "scanme", "displaytitle", "wikipedia", "repository uuid", "repository root", "node kind", "elements", "url relative", "author count", "unfiltered", "crawls", "posts", "field", "phase", "crawler", "html escaping", "posted data", "form", "html title", "twitter", "xfwd", "otherwise", "mfctearsample", "phpcrawl", "httplibs", "nmap scripting", "engine", "snoopy", "zendhttpclient", "change", "status code", "eddie bell", "timewith", "bestopt", "slowloris dos", "slowloris", "halfhttp", "dos attack", "timewithout", "threadcount", "timelimit", "dosed", "monitor", "threads", "sendinterval", "servernotice", "stopall", "reason", "ubuntu", "request type", "cookie", "referer", "shellshock", "http shellshock", "http header", "sending", "setcookie", "deny", "hsts", "cachecontrol", "pragma", "xss filter", "will", "uris", "sandbox", "sap netweaver", "sap instance", "km unit", "disabled", "robtex", "robtex service", "add list", "discount", "nwshp news", "relpage", "univ cobrand", "url default", "august", "informs", "qweb server", "ssl port", "photo station", "device model", "firmware build", "force ssl", "v2 web", "network video", "music", "uploads", "http put", "http proxy", "shared", "phpself", "reflected cross", "site scripting", "phpselfprobe", "local file", "inclusion", "exploitquery", "defaultfile", "defaultdir", "remote file", "basepath", "passwd", "etcpasswd", "query string", "printing", "multi", "http redirect", "valid http", "pattern", "joao", "activeweb", "telme", "http ntlm", "android", "khtml", "gecko", "http verb", "vulnerable uri", "allow", "safemethods", "public", "public header", "unsafemethods", "balancer", "jvmroute", "lbgroup", "sticky", "jsessionid", "remove", "stisvc", "looks", "denis", "majordomo2", "cve20110049", "michael brooks", "web page", "pierre lalet", "litespeed web", "cve20102333", "http request", "joomla web", "internal ip", "leaked", "host header", "microsoft iis", "jsonp", "jsonp endpoint", "policy", "vinamra bhatia", "gosingle", "root folder", "iis document", "research paper", "apple id", "apple mobileme", "find my", "iphone", "macbook air", "wifi", "mobileme web", "mac mini", "hp ilo", "productid", "uuid", "xmldata", "xml file", "builtinpatterns", "validate", "azaz09", "email", "group1", "google", "safe browsing", "sign", "git revision", "project author", "span", "git repository", "trunclength", "jboss", "statusok", "rails web", "jboss java", "location", "look", "insert", "michael kohl", "citizen428", "frontpage", "frontpage login", "path prefix", "atm anything", "uservar", "passvar", "stop", "mime", "content", "uploadrequest", "exploits", "mime type", "destination", "separator", "trying path", "maxpagecount", "feeds", "feedsrefs", "please", "atom", "reads", "wd2500js60mhb1", "md5 hash", "element", "socialtext", "http default", "nasl script", "ftp server", "ftp login", "gutek", "tagtable", "gpstagtable", "gpstaglatitude", "tagmake", "tagmodel", "tagdatetime", "taggpsinfo", "gpstaglongitude", "flash", "speed", "error code", "checkdir", "general", "views", "pppoe", "echolife hg530", "huawei hg5xx", "boolean", "hg530x", "direct path", "modules", "themes", "token", "id file", "input", "jim brass", "warrick brown", "martin", "jsfuncpatterns", "jscallspatterns", "xss occur", "javascript", "please note", "dlink", "dir120", "di624s", "di524up", "di604s", "di604up", "di604", "tmg5240", "ascii", "genericlines", "landeskrc", "tlssessionreq", "getrequest", "httpoptions", "lpdstring", "weird", "consumingdetect", "html content", "rapiddetect", "html code", "callback", "django", "missing", "nagios", "cactiez", "logincombos", "httplike", "csrf", "form id", "form action", "cross site", "adobe flash", "adobe reader", "silverlight", "crossdomain", "forgery", "granto", "origin", "sharing", "cors", "get post", "options author", "patch", "examines", "specific url", "specific cookie", "grepphp", "mediawiki", "generic backup", "patterns", "line number", "maximum value", "cf version", "fri mar", "xmltags", "anyconnect", "cisco ssl", "ddos", "pngiconquery", "gificonquery", "stylesheetquery", "vendorsquery", "cakephp version", "cakephp visit", "hostip", "alpha", "bigipserver", "f5 bigip", "seth jackson", "spam", "virus firewall", "barracuda spam", "api password", "mta sasl", "gateway", "dns cache", "shadow", "apache axis2", "axis2services", "defaultpath", "axis2 service", "awstats totals", "defaultcmd", "defaulturi", "sort", "common", "awstats total", "avaya ip", "office", "office user", "listing", "office voip", "basic", "digest", "router", "unauthorized", "debug", "http debug", "debug request", "response body", "apache server", "apache version", "common default", "google adsense", "amazon", "site", "grabs", "adsense", "magicuri", "gethostname", "finds", "sheila berta", "hostmapserver", "vendor", "gatewaywithwifi", "ingraham", "linksys", "linksys e1200", "e1200", "hbase", "hbase version", "hbase compiled", "quorum", "apache hbase", "hadoop database", "wed may", "hadoop", "http status", "logs", "apache hadoop", "hadoop version", "checkpoint size", "checkpoint", "capacity", "non dfs", "datanodes", "live", "dead", "wed sep", "cest", "line", "state", "datanode http", "log directory", "watch", "gps time", "gpsd network", "sat apr", "gopher", "taxf", "tax forms", "load", "network", "transmitted", "mount point", "fs type", "gkrellm service", "size available", "goodbye", "corba naming", "ganglia", "ganglia version", "owner", "proftpd", "proftpd server", "cve20104221", "telnet iac", "telnetiac", "telnetkill", "cmdshellid", "shell command", "cve20112523", "syst", "mode", "no data", "syst error", "logged", "stream", "cmdshell", "send command", "opie", "cve20101938", "ftpd", "arciemowicz", "adam", "zabrocki", "sergey khegay", "ieuser", "freelancer", "rp server", "freelancer game", "niagara fox", "java hotspot", "server vm", "americachicago", "tridium", "systems", "billy rios", "flume", "environment", "se runtime", "target port", "helperport", "ethernet type", "eric leblond", "ip packet", "probetimeout", "icmp time", "icmp payload", "recvtimeout", "ip ttl", "firewalk", "combo", "cups service", "hp laserjet", "print", "documentation", "cups", "cemt", "access denied", "authorized", "cemt inquire", "dfltuser", "db2conn", "gutek ange", "welcome", "linux version", "fcrdns mismatch", "no ptr", "reverse dns", "ptr record", "address book", "safari", "event protocol", "buddy", "erlang port", "mapper daemon", "x00x01n", "gmbh", "corporation", "limited", "company", "automation", "encoder", "inst", "tips", "tech", "life", "pump", "peap", "eapttls", "eaptls", "eapmschapv2", "identity", "ttls", "mschap", "nbstat", "sshhostkey", "ssh host", "p445443", "win2ksrv001", "server platform", "instance name", "apache derby", "drda protocol", "drda excsat", "sample", "ibm db2", "informix", "get dpap", "ibm lotus", "domino", "mjacksson", "lotus domino", "peak", "console", "release", "windows32", "socketpool", "docker", "docker service", "gitcommit", "parsedomain", "cname", "scripttype", "parsetxt", "bulletproof", "sbl123456", "cn online", "ip range", "zeus botnet", "ztdns", "name ip", "dns update", "kerberos kdc", "change service", "catalog", "argfilter", "kerberos passwd", "ldap servers", "canon", "mg5200 series", "canon mg5200", "ivec", "bjnp protocol", "ftp version", "tcp portarg", "portarg", "dns service", "version196609", "version196616", "ossi0x1f6", "felix groebert", "txid", "duane wessels", "authority rrs", "answer rrs", "answer record", "get txt", "txtlen", "dns recursion", "ogjdvm author", "spoofed reply", "cve20081447", "nsid", "ch txt", "dns nameserver", "ssu p", "dnschars", "nsec", "dnscharsinv", "label", "nsec record", "removesuffix", "result name", "bumpdomain", "nsec response", "easy", "nsec3", "dnssec nsec3", "nsec3 walking", "dnsnsecenum", "getprefixmask", "dns lookup", "ipv6 network", "ipv6 prefix", "noerror", "nxdomain result", "peter", "bool", "slowdown", "launches", "david", "victoria", "halifax", "casper", "barry", "soa expire", "soa refresh", "soa retry", "soa mname", "soa record", "dns check", "refresh", "domains", "timedmultiplier", "timednumsamples", "stddev", "alexadomains", "aaaa", "dns bruteforce", "added target", "resolve", "commfile", "argcategory", "dns antispam", "spam received", "daemon command", "allows", "dict protocol", "show server", "index data", "client", "dicom service", "aet check", "dicom", "acceptreject", "dicom server", "titles", "hence", "dhcpinform", "dhcp request", "dhcp server", "dhcpack", "subnet mask", "dhcp option", "strfixedstart", "listfixedstart", "login error", "dictfixedstart", "db2 server", "transaction", "database server", "nodetype1", "db2commtcpip", "db2inst1", "control center", "db2 packet", "wed mar", "getsessionid", "daapitemlimit", "fever ray", "getdatabaseid", "limit", "daap server", "cvs pserver", "repo", "series", "ubu1110", "raw printer", "stopped", "cups printing", "cupspdf printer", "couchdb", "mochiweb", "admin party", "discard", "couchdb http", "testsuitedb", "testsuitedba", "moneyz", "block", "coap endpoint", "reporting", "payload", "coap", "u5683 su", "analyzes", "clamav", "scan", "scan command", "clamav remote", "citrixsrv01", "citrix xml", "citrix", "ica browser", "citrixsrv02", "anonymous", "notepad", "appdata", "settingkey", "xml service", "must change", "nextuser", "citrix pn", "cics user", "cics login", "cesl", "signon", "on to", "cics id", "valid cics", "cesf", "cesn", "cata", "numtrials", "cccam service", "trial", "cccam dvr", "cassandra", "cluster name", "cassinc", "test cluster", "account success", "manager control", "willing", "device pub", "computer", "wpad", "dhcp", "web proxy", "dhcp discovery", "dns discovery", "wpad host", "wpad file", "machex", "sent wol", "wol packet", "wakes", "mac return", "servicerequest", "model name", "bubbatwo dlna", "justin maggard", "model descr", "debian", "activation code", "tellsticknet", "acca12345678", "inet", "ping request", "sybase anywhere", "netmask", "romm", "firmm", "serial", "macserial", "romversion", "firmwareversion", "sonicwall", "ripng", "ripng response", "ripng request", "ripv2", "ripv2 request", "tags", "pppoe discovery", "pppoed", "ipv4 format", "ip header", "bbi2", "pim hello", "i2i2", "helloraw", "multicast", "pim multicast", "pcduo gateway", "pcduo remote", "srvname", "ospfv2 database", "print ospfv2", "ospfv2 hello", "ospfv2 ls", "area id", "destination mac", "captured ospfv2", "callit", "nbname", "broadcastaddr", "mssqldiscover", "yesno", "decoders", "uport", "hsrp", "dropbox", "server id", "slave port", "jenkins", "argaddress", "jenkinspkt", "jenkins auto", "apache jserv", "protocol server", "pathhelloworld", "hid discoveryd", "eigrp", "internal route", "external route", "max amount", "internal", "dropboxport", "key2", "listens", "nmap target", "dhcpoffer", "clientid", "ip pool", "ipid", "dhcpv6 request", "solicit", "message type", "advertise", "ba9876", "domain search", "db2getaddr", "ubu804db2e", "edusrv011", "devtype", "null udp", "cve20111002", "avahi null", "wait time", "header instance", "bbi2bbi4", "config info", "etherbroadcast", "pataoe", "brantley coile", "total", "nse argument", "dht protocol", "torrentfile", "dht discovery", "serviceproxy", "obtains", "bitcoin server", "prior", "node id", "lastblock", "bitcoin", "bacnet", "sdn bhd", "bacnet packet", "titan", "landis", "carrier", "simplex", "notifier", "walker", "aust", "savant", "monitoring", "energy", "starman", "covenant", "king", "etap", "echelon", "arcom", "vanti", "backorifice", "container", "bocrypt", "boversion", "bohostname", "system info", "magicstring", "ping reply", "pong", "pingpacket", "team cymru", "peer", "amqp", "erlangotp", "rabbitmq", "plain amqplain", "dragomir", "allseeing eye", "team death", "novodondo", "blue", "herox", "different ajp", "jsp test", "options request", "ajp service", "public folder", "shows afp", "utf8 server", "uams", "server flags", "flags hex", "password saving", "copy file", "machine type", "afpversion", "afpx03", "apple mac", "dir method", "maxfiles", "cve20100533", "directory", "afp server", "permission uid", "gid size", "time filename", "parameter error", "netatalk", "apple filing", "formatipv4", "isatap", "server ipv4", "client ipv4", "admin email", "parse daemon", "license", "acarsd" ], "references": [ "scripts", "vuze-dht-info.nse", "xmlrpc-methods.nse", "xdmcp-discover.nse", "x11-access.nse", "wsdd-discover.nse", "whois-domain.nse", "weblogic-t3-info.nse", "vulners.nse", "wdb-version.nse", "vtam-enum.nse", "voldemort-info.nse", "vnc-brute.nse", "vnc-title.nse", "vnc-info.nse", "vmauthd-brute.nse", "xmpp-brute.nse", "vmware-version.nse", "xmpp-info.nse", "versant-info.nse", "url-snarf.nse", "upnp-info.nse", "whois-ip.nse", "unusual-port.nse", "unittest.nse", "ventrilo-info.nse", "uptime-agent-info.nse", "tso-enum.nse", "ubiquiti-discovery.nse", "tn3270-screen.nse", "tso-brute.nse", "tls-ticketbleed.nse", "tls-nextprotoneg.nse", "tls-alpn.nse", "tftp-enum.nse", "traceroute-geolocation.nse", "telnet-ntlm-info.nse", "teamspeak2-version.nse", "targets-traceroute.nse", "targets-xml.nse", "telnet-encryption.nse", "targets-sniffer.nse", "telnet-brute.nse", "targets-ipv6-wordlist.nse", "targets-ipv6-multicast-mld.nse", "targets-ipv6-multicast-slaac.nse", "targets-asn.nse", "targets-ipv6-multicast-invalid-dst.nse", "targets-ipv6-multicast-echo.nse", "svn-brute.nse", "stun-version.nse", "targets-ipv6-map4to6.nse", "sslv2.nse", "stuxnet-detect.nse", "sstp-discover.nse", "supermicro-ipmi-conf.nse", "ssl-heartbleed.nse", "stun-info.nse", "ssl-known-key.nse", "sslv2-drown.nse", "ssl-cert-intaddr.nse", "ssl-ccs-injection.nse", "ssl-enum-ciphers.nse", "ssl-cert.nse", "ssh-publickey-acceptance.nse", "sshv1.nse", "ssl-dh-params.nse", "ssl-date.nse", "ssh-auth-methods.nse", "ssl-poodle.nse", "ssh-run.nse", "ssh2-enum-algos.nse", "ssh-hostkey.nse", "socks-auth-info.nse", "snmp-win32-users.nse", "socks-brute.nse", "snmp-sysdescr.nse", "snmp-win32-software.nse", "snmp-win32-services.nse", "snmp-win32-shares.nse", "ssh-brute.nse", "snmp-processes.nse", "snmp-hh3c-logins.nse", "snmp-info.nse", "snmp-brute.nse", "snmp-ios-config.nse", "snmp-interfaces.nse", "socks-open-proxy.nse", "snmp-netstat.nse", "smtp-strangeport.nse", "smtp-vuln-cve2011-1720.nse", "smtp-ntlm-info.nse", "sniffer-detect.nse", "smtp-enum-users.nse", "smb-server-stats.nse", "smtp-commands.nse", "smtp-vuln-cve2011-1764.nse", "smtp-brute.nse", "smb-webexec-exploit.nse", "smtp-vuln-cve2010-4344.nse", "smb-vuln-webexec.nse", "smb-vuln-regsvc-dos.nse", "smtp-open-relay.nse", "smb-vuln-ms17-010.nse", "smb-vuln-ms10-061.nse", "smb-vuln-ms10-054.nse", "smb-vuln-ms07-029.nse", "smb-vuln-ms06-025.nse", "smb-system-info.nse", "smb-protocols.nse", "smb-flood.nse", "smb-enum-domains.nse", "sip-methods.nse", "script.db", "smb-security-mode.nse", "smb-vuln-cve2009-3103.nse", "smb-psexec.nse", "smb-vuln-ms08-067.nse", "smb-print-text.nse", "smb-os-discovery.nse", "smb-mbenum.nse", "smb-ls.nse", "smb-enum-users.nse", "smb-vuln-conficker.nse", "smb-enum-shares.nse", "smb-enum-sessions.nse", "smb-enum-services.nse", "smb-enum-processes.nse", "smb-enum-groups.nse", "rsync-list-modules.nse", "smb-double-pulsar-backdoor.nse", "smb-brute.nse", "smb2-vuln-uptime.nse", "smb2-time.nse", "smb2-security-mode.nse", "smb2-capabilities.nse", "skypev2-version.nse", "sip-enum-users.nse", "sip-call-spoof.nse", "sip-brute.nse", "shodan-api.nse", "servicetags.nse", "samba-vuln-cve-2012-1182.nse", "s7-info.nse", "rusers.nse", "smb-vuln-cve-2017-7494.nse", "rtsp-url-brute.nse", "rtsp-methods.nse", "rsync-brute.nse", "rsa-vuln-roca.nse", "pop3-capabilities.nse", "rpcinfo.nse", "rpc-grind.nse", "rpcap-info.nse", "rpcap-brute.nse", "rmi-vuln-classloader.nse", "rmi-dumpregistry.nse", "rlogin-brute.nse", "riak-http-info.nse", "rfc868-time.nse", "rexec-brute.nse", "reverse-index.nse", "redis-info.nse", "redis-brute.nse", "realvnc-auth-bypass.nse", "rdp-vuln-ms12-020.nse", "rdp-ntlm-info.nse", "rdp-enum-encryption.nse", "quake3-master-getservers.nse", "quake3-info.nse", "qscan.nse", "qconn-exec.nse", "puppet-naivesigning.nse", "pptp-version.nse", "pop3-ntlm-info.nse", "pop3-brute.nse", "pjl-ready-message.nse", "port-states.nse", "pgsql-brute.nse", "pcworx-info.nse", "pcanywhere-brute.nse", "path-mtu.nse", "p2p-conficker.nse", "ovs-agent-version.nse", "oracle-tns-version.nse", "oracle-sid-brute.nse", "oracle-enum-users.nse", "oracle-brute-stealth.nse", "oracle-brute.nse", "openwebnet-discovery.nse", "openvas-otp-brute.nse", "openlookup-info.nse", "openflow-info.nse", "omron-info.nse", "omp2-enum-targets.nse", "omp2-brute.nse", "nrpe-enum.nse", "nping-brute.nse", "nntp-ntlm-info.nse", "nje-pass-brute.nse", "nje-node-brute.nse", "nfs-statfs.nse", "nfs-showmount.nse", "nfs-ls.nse", "nexpose-brute.nse", "netbus-version.nse", "ntp-info.nse", "netbus-info.nse", "netbus-brute.nse", "netbus-auth-bypass.nse", "nessus-xmlrpc-brute.nse", "nessus-brute.nse", "ndmp-version.nse", "ndmp-fs-info.nse", "ncp-serverinfo.nse", "ncp-enum-users.nse", "nbstat.nse", "nbns-interfaces.nse", "nbd-info.nse", "nat-pmp-mapport.nse", "nat-pmp-info.nse", "mysql-vuln-cve2012-2122.nse", "mysql-variables.nse", "mysql-users.nse", "mysql-query.nse", "mysql-info.nse", "mysql-enum.nse", "mysql-empty-password.nse", "mysql-dump-hashes.nse", "mysql-databases.nse", "mysql-brute.nse", "mysql-audit.nse", "murmur-version.nse", "mtrace.nse", "ms-sql-xp-cmdshell.nse", "ms-sql-tables.nse", "ms-sql-query.nse", "ms-sql-ntlm-info.nse", "ms-sql-hasdbaccess.nse", "ms-sql-empty-password.nse", "ms-sql-dump-hashes.nse", "ms-sql-dac.nse", "ms-sql-config.nse", "ms-sql-brute.nse", "msrpc-enum.nse", "mrinfo.nse", "mqtt-subscribe.nse", "ms-sql-info.nse", "mongodb-info.nse", "mongodb-databases.nse", "mongodb-brute.nse", "modbus-discover.nse", "mmouse-exec.nse", "mmouse-brute.nse", "mikrotik-routeros-brute.nse", "metasploit-xmlrpc-brute.nse", "metasploit-msgrpc-brute.nse", "metasploit-info.nse", "memcached-info.nse", "membase-http-info.nse", "membase-brute.nse", "mcafee-epo-agent.nse", "maxdb-info.nse", "lu-enum.nse", "lltd-discovery.nse", "lexmark-config.nse", "ldap-search.nse", "ldap-rootdse.nse", "ldap-novell-getpass.nse", "ldap-brute.nse", "krb5-enum-users.nse", "knx-gateway-info.nse", "jdwp-version.nse", "jdwp-inject.nse", "jdwp-info.nse", "jdwp-exec.nse", "isns-info.nse", "iscsi-info.nse", "iscsi-brute.nse", "irc-unrealircd-backdoor.nse", "irc-sasl-brute.nse", "imap-capabilities.nse", "irc-info.nse", "irc-brute.nse", "irc-botnet-channels.nse", "knx-gateway-discover.nse", "ipv6-ra-flood.nse", "ipv6-node-info.nse", "ipv6-multicast-mld-list.nse", "ipmi-version.nse", "ipmi-cipher-zero.nse", "ipmi-brute.nse", "ike-version.nse", "iec-identify.nse", "ipidseq.nse", "ip-https-discover.nse", "ip-geolocation-maxmind.nse", "ip-geolocation-map-kml.nse", "ip-geolocation-map-google.nse", "ip-geolocation-map-bing.nse", "ip-geolocation-ipinfodb.nse", "ip-geolocation-geoplugin.nse", "ip-forwarding.nse", "informix-tables.nse", "informix-query.nse", "informix-brute.nse", "impress-remote-discover.nse", "imap-ntlm-info.nse", "imap-brute.nse", "icap-info.nse", "iax2-version.nse", "iax2-brute.nse", "http-xssed.nse", "http-vlcstreamer-ls.nse", "http-wordpress-users.nse", "http-wordpress-enum.nse", "http-wordpress-brute.nse", "http-webdav-scan.nse", "http-waf-fingerprint.nse", "http-waf-detect.nse", "http-vuln-wnr1000-creds.nse", "http-vuln-misfortune-cookie.nse", "http-vuln-cve2017-1001000.nse", "http-vuln-cve2017-8917.nse", "http-vuln-cve2017-5689.nse", "http-vuln-cve2017-5638.nse", "http-vuln-cve2015-1635.nse", "http-vuln-cve2015-1427.nse", "http-vuln-cve2014-8877.nse", "http-vuln-cve2014-3704.nse", "http-vuln-cve2014-2129.nse", "http-vuln-cve2014-2128.nse", "http-vuln-cve2014-2127.nse", "http-vuln-cve2014-2126.nse", "http-vuln-cve2013-7091.nse", "http-vuln-cve2013-6786.nse", "http-vuln-cve2013-0156.nse", "http-vuln-cve2012-1823.nse", "http-vuln-cve2011-3368.nse", "http-vuln-cve2011-3192.nse", "http-vuln-cve2010-2861.nse", "http-vuln-cve2010-0738.nse", "http-vuln-cve2009-3960.nse", "http-vuln-cve2006-3392.nse", "http-vmware-path-vuln.nse", "http-virustotal.nse", "http-vhosts.nse", "http-userdir-enum.nse", "http-unsafe-output-escaping.nse", "http-trane-info.nse", "http-sitemap-generator.nse", "http-trace.nse", "http-tplink-dir-traversal.nse", "http-title.nse", "http-svn-info.nse", "http-svn-enum.nse", "http-stored-xss.nse", "http-traceroute.nse", "https-redirect.nse", "http-useragent-tester.nse", "http-sql-injection.nse", "http-slowloris-check.nse", "http-slowloris.nse", "http-headers.nse", "http-shellshock.nse", "http-server-header.nse", "http-security-headers.nse", "http-sap-netweaver-leak.nse", "http-robtex-shared-ns.nse", "http-robots.txt.nse", "http-rfi-spider.nse", "http-referer-checker.nse", "http-qnap-nas-info.nse", "http-put.nse", "http-proxy-brute.nse", "http-robtex-reverse-ip.nse", "http-phpself-xss.nse", "http-phpmyadmin-dir-traversal.nse", "http-passwd.nse", "http-open-redirect.nse", "http-open-proxy.nse", "http-ntlm-info.nse", "http-mobileversion-checker.nse", "http-method-tamper.nse", "http-methods.nse", "http-mcmp.nse", "http-malware-host.nse", "http-majordomo2-dir-traversal.nse", "http-ls.nse", "http-litespeed-sourcecode-download.nse", "http-joomla-brute.nse", "http-internal-ip-disclosure.nse", "http-jsonp-detection.nse", "http-iis-webdav-vuln.nse", "http-iis-short-name-brute.nse", "http-icloud-sendmsg.nse", "http-icloud-findmyiphone.nse", "http-hp-ilo-info.nse", "http-grep.nse", "http-google-malware.nse", "http-gitweb-projects-enum.nse", "http-git.nse", "http-generator.nse", "http-frontpage-login.nse", "http-form-fuzzer.nse", "http-form-brute.nse", "http-fileupload-exploiter.nse", "http-fetch.nse", "http-feed.nse", "hddtemp-info.nse", "http-favicon.nse", "ftp-anon.nse", "http-exif-spider.nse", "http-errors.nse", "http-enum.nse", "http-drupal-enum-users.nse", "http-huawei-hg5xx-vuln.nse", "http-drupal-enum.nse", "http-domino-enum-passwords.nse", "http-dombased-xss.nse", "http-dlink-backdoor.nse", "fingerprint-strings.nse", "http-devframework.nse", "http-default-accounts.nse", "http-date.nse", "http-csrf.nse", "http-cross-domain-policy.nse", "http-cors.nse", "http-cookie-flags.nse", "http-config-backup.nse", "http-comments-displayer.nse", "http-coldfusion-subzero.nse", "http-cisco-anyconnect.nse", "http-chrono.nse", "http-cakephp-version.nse", "http-brute.nse", "http-bigip-cookie.nse", "http-barracuda-dir-traversal.nse", "http-backup-finder.nse", "http-axis2-dir-traversal.nse", "http-awstatstotals-exec.nse", "http-avaya-ipoffice-users.nse", "http-auth-finder.nse", "http-auth.nse", "http-aspnet-debug.nse", "http-apache-server-status.nse", "http-apache-negotiation.nse", "http-affiliate-id.nse", "http-adobe-coldfusion-apsa1301.nse", "hostmap-robtex.nse", "hostmap-crtsh.nse", "hostmap-bfk.nse", "hnap-info.nse", "hbase-region-info.nse", "hbase-master-info.nse", "hadoop-tasktracker-info.nse", "hadoop-secondary-namenode-info.nse", "hadoop-namenode-info.nse", "hadoop-jobtracker-info.nse", "hadoop-datanode-info.nse", "gpsd-info.nse", "gopher-ls.nse", "gkrellm-info.nse", "giop-info.nse", "ganglia-info.nse", "ftp-vuln-cve2010-4221.nse", "ftp-vsftpd-backdoor.nse", "ftp-syst.nse", "ftp-proftpd-backdoor.nse", "ftp-libopie.nse", "ftp-brute.nse", "ftp-bounce.nse", "freelancer-info.nse", "fox-info.nse", "flume-master-info.nse", "firewall-bypass.nse", "firewalk.nse", "cups-queue-info.nse", "cics-info.nse", "finger.nse", "fcrdns.nse", "eppc-enum-processes.nse", "epmd-info.nse", "enip-info.nse", "eap-info.nse", "duplicates.nse", "drda-info.nse", "drda-brute.nse", "dpap-brute.nse", "domino-enum-users.nse", "domcon-cmd.nse", "domcon-brute.nse", "docker-version.nse", "dns-zone-transfer.nse", "dns-zeustracker.nse", "dns-update.nse", "dns-srv-enum.nse", "bjnp-discover.nse", "banner.nse", "dns-service-discovery.nse", "dns-recursion.nse", "dns-random-txid.nse", "auth-spoof.nse", "dns-random-srcport.nse", "dns-nsid.nse", "dns-nsec-enum.nse", "dns-nsec3-enum.nse", "dns-ip6-arpa-scan.nse", "dns-fuzz.nse", "dns-client-subnet-scan.nse", "dns-check-zone.nse", "dns-cache-snoop.nse", "dns-brute.nse", "dns-blacklist.nse", "distcc-cve2004-2687.nse", "dict-info.nse", "dicom-ping.nse", "dicom-brute.nse", "dhcp-discover.nse", "deluge-rpc-brute.nse", "db2-das-info.nse", "daytime.nse", "daap-get-library.nse", "cvs-brute-repository.nse", "cvs-brute.nse", "cups-info.nse", "creds-summary.nse", "couchdb-stats.nse", "couchdb-databases.nse", "coap-resources.nse", "clock-skew.nse", "clamav-exec.nse", "citrix-enum-servers-xml.nse", "citrix-enum-servers.nse", "citrix-enum-apps-xml.nse", "citrix-enum-apps.nse", "citrix-brute-xml.nse", "cics-user-enum.nse", "cics-user-brute.nse", "cics-enum.nse", "cccam-version.nse", "cassandra-info.nse", "cassandra-brute.nse", "broadcast-xdmcp-discover.nse", "broadcast-wsdd-discover.nse", "broadcast-wpad-discover.nse", "broadcast-wake-on-lan.nse", "broadcast-versant-locate.nse", "broadcast-upnp-info.nse", "broadcast-tellstick-discover.nse", "broadcast-sybase-asa-discover.nse", "broadcast-sonicwall-discover.nse", "broadcast-ripng-discover.nse", "broadcast-rip-discover.nse", "broadcast-pppoe-discover.nse", "broadcast-ping.nse", "broadcast-pim-discovery.nse", "broadcast-pc-duo.nse", "broadcast-pc-anywhere.nse", "broadcast-ospf2-discover.nse", "broadcast-novell-locate.nse", "broadcast-networker-discover.nse", "broadcast-netbios-master-browser.nse", "broadcast-ms-sql-discover.nse", "broadcast-listener.nse", "broadcast-jenkins-discover.nse", "ajp-headers.nse", "broadcast-hid-discoveryd.nse", "broadcast-eigrp-discovery.nse", "broadcast-dropbox-listener.nse", "broadcast-dns-service-discovery.nse", "broadcast-dhcp-discover.nse", "broadcast-dhcp6-discover.nse", "broadcast-db2-discover.nse", "broadcast-bjnp-discover.nse", "broadcast-avahi-dos.nse", "broadcast-ataoe-discover.nse", "bittorrent-discovery.nse", "bitcoinrpc-info.nse", "bitcoin-info.nse", "bitcoin-getaddr.nse", "bacnet-info.nse", "backorifice-info.nse", "backorifice-brute.nse", "auth-owners.nse", "asn-query.nse", "amqp-info.nse", "allseeingeye-info.nse", "ajp-request.nse", "ajp-methods.nse", "ajp-brute.nse", "ajp-auth.nse", "afp-showmount.nse", "afp-serverinfo.nse", "afp-path-vuln.nse", "afp-ls.nse", "afp-brute.nse", "address-info.nse", "acarsd-info.nse", "https://seclists.org/nmap-dev/2011/q4/420", "https://viz.greynoise.io/analysis/001f6d4e-555b-49d3-a714-e71deea739d0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1127", "name": "Trusted Developer Utilities Proxy Execution", "display_name": "T1127 - Trusted Developer Utilities Proxy Execution" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 107, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 288, "FileHash-MD5": 52, "URL": 218, "hostname": 180, "email": 33, "CIDR": 14, "CVE": 76, "FileHash-SHA1": 48, "FileHash-SHA256": 841 }, "indicator_count": 1750, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6605781ad51380e5b1c22815", "name": "haul from the last two weeks of wrangling - presumed malware and IOC's found on my personal devices", "description": "nearing the two year mark of the first initial attack - unfortunately OTX was only able to pull domains from the large majority of files uploaded which seems to be a built in anti-debug feature and goes with the theme and \"look & feel\" of this latest iteration being that most of them were somehow someway remote and acting as a net file system on my machine", "modified": "2024-04-27T02:04:29.606000", "created": "2024-03-28T14:00:58.809000", "tags": [ "dddf", "target", "dddj", "path", "base o", "base", "backupfile", "base rw", "exit", "date", "hell", "gnu libtool", "please do", "linker", "lsmime3 lnss3", "lplc4 lnspr4", "ludev", "directory", "lmagic ljansson", "feugiat", "lorem ipsum", "nulla facilisi", "malesuada", "etiam tempor", "suspendisse", "consectetur", "bibendum", "amet", "eget aliquet", "basesectors", "date echo", "default", "label", "kernel", "append rhgb", "clsid", "systemroot", "webbrowser", "ispell", "imagemagick", "flex", "zle c", "whois", "locate", "rubber", "chown", "ruby", "ninja", "pacman", "restart", "kill", "django", "mark", "repl", "service", "term", "mkdir", "borg", "black", "conan", "dolphin", "dotnet", "hello", "john", "generic", "find", "shutdown", "mozilla", "first", "subsystem", "action", "goto", "load", "devtype", "idnetdriver", "drivers", "program", "interface", "nmunmanaged", "ethernet", "mac prefix", "attr", "virtualbox host", "mac address", "interface name", "hello world", "unit", "timer", "onbootsec5min", "install", "wait online", "networkmanager", "edit", "note", "typeoneshot", "cloud", "optin", "helper", "for testing", "only", "restrict", "grant", "enable debug", "trace", "killmodeprocess", "typedbus", "reload", "capdacoverride", "dhcp etc", "include", "yara", "cflags", "libs", "xxx remove", "the author", "this software", "isc license", "copyright", "schlueter", "permission", "software is", "provided", "as is", "disclaims all", "direct", "require", "semver", "comparator", "range", "releasetypes", "simple", "tilde", "09azaz", "prerelease", "same", "beta", "semverrangesgtr", "semverrangesltr", "coerce version", "ranges", "alpha", "standalone", "exits", "null", "false", "reverse", "compare", "a javascript", "copyright isaac", "typeerror", "maxsafeinteger", "maxlength", "break", "error", "number", "drop", "same direction", "symbol", "comp", "const", "caret", "flagloose", "xrange", "parse", "identifier", "object", "match", "string", "walk", "manually", "stop", "highhaspre", "major", "minor", "patch", "istanbul", "preminor", "index", "regexp", "build metadata", "meaning", "replace", "token", "zero", "star", "infinity", "return", "a cache", "build status", "coverage status", "the same", "options", "before", "lrulist", "cache", "length", "dispose", "maxage", "allowstale", "nodisposeonset", "yallist", "node", "array", "head", "function", "tail", "start", "insert", "just", "node object", "barbar", "array method", "default export", "any comparator", "complex range", "simple range", "c1 c2", "outer", "every simple", "ecomp", "must", "clone", "case", "ignore", "setmin", "determine", "version", "typeof", "contribute", "status", "node package", "manager", "benchmark suite", "installation", "direct download", "ql https", "node version", "usage", "project", "calendar", "package", "source", "license", "source form", "perl foundation", "distributor fee", "distribute", "standard", "neither", "module", "basecommand", "lifecyclecmd", "base command", "pacote", "browser", "workspace", "pkgname", "await", "boolean", "base class", "wrapwidth", "chalk", "command", "config", "npmcliconfig", "logfile", "timers", "display", "location", "audit", "arboristcmd", "arborist", "global", "whoami", "async", "json", "view", "pref", "pckmnt", "resolve", "utf8", "libnpmversion", "unstar", "update", "save", "omit", "packagelock", "dryrun", "force", "libnpmaccess", "spec", "uninstall", "todo", "enoent", "enotdir", "test", "scriptshell", "scope", "team", "create", "user", "libnpmteam", "destroy", "table", "list", "cidr", "stars", "eneedauth", "shrinkwrap", "rename", "npmcliarborist", "value", "unicode", "sbom", "cyclonedx", "build", "sbomformats", "response", "software bill", "look", "script", "runscript", "indent", "root", "minipass", "search", "pipeline", "filterstream", "libnpmsearch", "long", "grab", "packageurlcmd", "repo", "info", "repo const", "rebuild", "reifycmd", "publish", "libnpmpack", "npmclirunscript", "prune", "remove", "prefix", "args", "queryable", "packagejson", "pong", "cleanurl", "registry", "pack", "load tarball", "noise", "query", "edge", "etarget", "e403", "e404", "outdated", "homepage", "developer", "admin", "owner", "libnpmorg", "npmfetch", "logout", "getauth", "invalid", "parent", "depth", "type", "filteredby", "dedupe", "problems", "login", "link", "util", "installcitest", "runs", "prop", "password", "profile", "mode", "email", "twitter", "hook", "libnpmhook", "init", "wpath", "installtest", "complete", "globaltop", "help", "viewer", "glob", "pattern", "file", "globify", "explore", "shell", "handle", "fund", "which", "fundingsource", "archy", "explain", "helpsearch", "text", "part", "editor", "editor const", "childprocess", "check", "nodemodules", "docs", "promisify", "doctor", "cacache", "mask", "win32", "disttag", "packagespec", "semver range", "delete", "diff", "workspacepath", "actualtree", "libnpmdiff", "deprecate", "message", "write", "clean", "spawn", "compline", "comppoint", "compcword", "epipe", "completion", "compfish", "os x", "bugs", "report", "adduser", "exec", "libnpmexec", "localprefix", "runpath", "skip", "public key", "npmauditreport", "access", "item", "finddupes", "syntaxerror", "getcli", "eventemitter", "abort", "ssri", "columnify", "bundled", "tarball details", "sha1", "daily", "latest", "check daily", "weekly", "cyclonedxschema", "cyclonedxformat", "proppath", "propbundled", "propdevelopment", "propextraneous", "propprivate", "refvcs", "refwebsite", "crypto", "readpassword", "readusername", "reademail", "enter", "enter otp", "otpprompt", "afaf09", "passwordprompt", "auditerror", "getfundinginfo", "json output", "data", "append", "maybeindex", "ontimeend", "name", "returns", "noassertion", "spdxidentifer", "spdxdatalicense", "reldescribes", "reldep", "reftypepurl", "spdxid", "eotp", "e401", "setinterval", "npmlog", "proclog", "maxlogsperfile", "fsminipass", "open", "colmax", "colmin", "colgutter", "quick help", "convert", "b return", "mb return", "gb return", "sigint", "readline", "prompt", "promise", "eresolve error", "overridden", "peer", "extraneous", "optional", "isworkspace", "maxlen", "code", "unfinished", "notice", "isshellout", "matcherrorcode", "devnull", "npmcompletion", "compwords", "compreply", "o default", "f npmcompletion", "ifs compadd", "fish shell", "l cmd", "taken", "comp stuff", "lx compline", "abbrev", "please", "enyi", "json version", "cygwin", "c1 control", "numbers", "x09 x0a", "10000", "nodemodulesnpm", "builtin", "npmrc", "notsup", "notarget", "nospc", "rofs", "author", "npmclifs", "minimatch", "pathtofoo", "relative", "synopsis", "description", "field", "person", "configuration", "whether", "premajor", "prepatch", "prevents", "run git", "upgrade", "examples", "will", "shareman", "cidr whitelist", "please refer", "tokenid", "eslint", "c eslint", "compatibility", "older", "versions", "nodeoptions", "details", "output", "example", "posix", "unstarring", "lcall", "starring", "lock", "materials", "spdx", "lodash", "nodeenv", "initcwd", "boolean set", "boolean tells", "windows", "unix", "selector", "use cases", "queries", "equivalent", "boolean show", "nocolor environ", "cli look", "boolean force", "dependency", "json object", "production", "files", "cicd system", "property", "change", "url opener", "basic auth", "allow", "description a", "removes", "semvermajor", "ping https", "ping http", "found", "get http", "example add", "json format", "handy", "display prefix", "g usrlocal", "mycorp", "associate", "deprecated", "libnodemodules", "caveat note", "workspace usage", "string override", "tarball", "githubrepo", "initializer", "usrfoo", "forwarding", "suppose", "commandsnpm", "hooks", "url endpoint", "browse", "consider", "ci environment", "string optional", "promzard", "top level", "expect", "javascript", "it staff", "https", "cli team", "ecmascript", "readme", "package current", "latest location", "depended", "git repos", "git dependency", "newest version", "modify package", "description add", "show", "purpose tags", "tags", "keyvalue", "16 16", "boolean ignore", "boolean do", "string source", "treat", "example make", "grep", "travis ci", "details npm", "localappdata", "tab completion", "bulk advisory", "sha256publickey", "endpoint", "quick audit", "set access", "that user", "scoped", "python", "description npm", "node javascript", "important npm", "introduction", "c code", "unix system", "integrity", "provide", "facilitate", "cli tool", "handling old", "lockfiles", "file format", "legacy", "urls", "spdx license", "most", "barney rubble", "specify", "github", "dependencies", "github urls", "node installer", "linux", "overview", "windows node", "prefixetcnpmrc", "variablename", "home", "comments", "peruser config", "global config", "builtin config", "auth", "cycles", "local install", "global install", "appdata", "below", "please note", "stage", "after", "life cycle", "runs after", "post scripts", "scripts", "slate", "synopsis so", "rf usrlocal", "modules", "with", "laf usrlocal", "l npm", "description all", "installing", "myorgmypackage", "requiring", "publishing", "private modules", "scopes", "apis", "auth related", "does", "package name", "aliases", "folders", "os equivalent", "tarballs", "teams", "orgs", "super admin", "team admins", "developer guide", "description so", "be explicit", "blank", "standard glob", "link packages", "syntax", "selectors", "querying", "log file", "location all", "log levels", "information", "headers", "logs", "alias", "certificate", "format", "docext", "content", "descriptions", "shorthands", "keyb", "print", "dir1", "manual", "input", "line", "process", "display help", "dirs", "get contents", "maxdepth", "contents", "u2665 bxe5r", "ud834udf06 baz", "single", "cssesc", "usage arborist", "commands", "options most", "npm install", "npm rm", "time", "silent", "fetch", "conf", "handler", "extract", "additional", "jackspeak", "jack", "glob v", "expand", "drive letter", "never", "true", "rob browning", "gnu library", "general", "public license", "license file", "future import", "adderror", "cdfq", "charles levert", "egrep", "egrepegrep", "fgrepfgrep", "grepgrep", "svr4 grepegrep", "times", "attributeerror", "fixcygwinid", "enhanced", "false try", "false assert", "tsns", "inetaddress", "none", "return value", "unixaddress", "localrepo", "httpserver", "valueerror", "resourcepath", "exception", "eoferror", "c version", "bytesio", "offset", "binary", "ascii", "baseversion", "commit", "throw", "in n", "send", "data end", "if 10", "copy", "send logoutn", "exitatoi", "tmplink", "lcallc binls", "varlogsetup rm", "sf tmp", "slackware", "system console", "entry", "ansi mode", "b007e", "slackware ftp", "cdrom", "miquel van", "smoorenburg", "okay", "minix", "fixme", "overwrite", "connect", "ssh connection", "subcmd", "bbupttywidth", "bupforcetty", "hashsplitter", "b options", "false def", "hack", "kbytesr", "srcpath", "tmptagfiles", "device", "tmpreply", "reply", "including", "but not", "quotesplit", "quoteerror", "not word", "split line", "mainselect", "tpxetcfstab", "select", "slackware linux", "varlogmount", "anything", "tmpswapmsg", "swappart", "ndir", "swaplist", "tmpsetswap", "linux swap", "swap space", "redir", "linux fdisk", "tmptmpscript", "eof fi", "instsets", "gnome", "tmpsetds", "tmpsetseries", "gnu emacs", "gnome desktop", "linux kernel", "k desktop", "uucp", "tmp fi", "tmpsettpx", "tpxetcshadow", "root password", "detected", "internet", "press", "linux native", "partitions", "tmpreturn", "nodes", "nextpartition", "rootdevice", "mtpt", "size", "formatting", "doformat", "main", "done", "sourcemedia", "tmpmedia", "source media", "selection", "slackware cd", "network file", "tmpsetreturn", "maketag", "choice", "mount", "tagext", "tmpsetnewtag", "tmpsettagmake", "sorry", "tmpsetkeymap", "mapname", "moorhead", "keyboard map", "us keyboard", "updown", "copying", "kernel chmod", "kernel rdev", "lilo", "fullerr", "tmpsettestfull", "partition full", "setup", "altf2", "slackware setup", "dospart", "newdir", "tmptempscript", "tmpsetdos", "partition", "ntfs", "doslist", "installscripts", "tpxproc", "atapi cd", "kerberos", "file transfer", "iana", "appletalk", "network", "control", "secure shell", "chat", "contact", "prospero", "outtag", "outshift", "if 30", "conn", "setmode", "dumb", "smart", "clienterror", "rather", "stopiteration", "firstexclusion", "appendcommit", "firstbranchitem", "filterbranch", "origtip", "oldnew", "remoterepo", "group", "prevpath", "sisdir import", "dangerous", "count", "subcount", "ioerror", "oserror", "gitmodetree", "gitmodefile", "gitmodesymlink", "stack", "nonlocal", "revision", "presdir", "admdirpackages", "warn", "tmprequiredlist", "trigger", "arch", "procscsiscsi", "luns", "scsi", "ax1b", "skript", "scsi bus", "kurt garloff", "gnu gpl", "ieee1394", "l found0", "nextrepoid", "repoid", "realpath", "usb keyboard", "d libmodules", "nousb", "procbususb a", "procbususb fi", "load input", "q input", "inet system", "hostname", "attach", "etcmotd", "newdisk", "scan", "slackkernel", "ram disk", "r sbp2", "r ieee1394", "firewire", "noieee1394", "q ieee1394", "attempt", "use f", "none def", "return password", "return none", "passwd", "nametopwdcache", "gidtogrpcache", "nametogrpcache", "tagfile", "prompt mode", "help software", "less", "removepkg", "gnu cc", "linux source", "pkgtool", "proccmdline", "termvt100", "termlinux", "homeroot lessmm", "ps1u", "home path", "display less", "term ps1", "kind", "branch", "period", "tmpsetfdisk", "minor elif", "smashedline", "l dev", "tmpsetfdisk fi", "probe", "mylex", "raid", "disksets", "packagedir", "blurb", "sourcedir", "tmptmpmsg", "tmptagfile", "media", "pcmcia", "umountcdrom", "o ro", "floppy", "pcmcia andor", "cardbus", "usedflopfalse", "libdir", "libdir exedir", "bcmd", "exedir", "openssl set", "packageversion", "versiongreater", "invert", "optdict", "intify", "limited to", "sockets layer", "argv", "normally", "shutwr", "sigexception", "demuxconn", "pipe import", "demultiplex", "openssl", "debug", "opensslversion", "static imported", "target openssl", "cmake", "shared imported", "fatalerror", "obex", "import", "stringio import", "obex service", "bdaddr channeln", "ascii character", "alength", "notfoundreturn", "use nis", "nis version", "name service", "switch config", "legal", "use dns", "domain name", "os2 boot", "os2 fdisk", "partition magic", "boot manager", "tcpip subsystem", "nfs install", "network support", "make", "sample file", "zip disk", "zip drive", "first scsi", "first ide", "atari", "solaris", "drive x", "zip100", "linkdir", "linkdir fi", "tmp directory", "asap", "linkdir tmp", "indexerror", "want", "midxversion", "wrapper", "multiple index", "filename", "desiredhwm", "domidx", "exitstack", "total", "option", "c option", "vmsize", "vmrss", "vmdata", "vmstk", "majflt", "september", "guess object", "longmatch", "raid device", "devrd", "devname", "concord", "applyerror", "metadata", "einval", "macos", "frozen", "fifo", "common code", "faildelay", "faillogenab", "logunkfailenab", "logoklogins", "lastlogenab", "mailcheckenab", "quotasenab", "syslogsuenab", "syslogsgenab", "console console", "ttywidth", "baseexception", "pythonpath", "pipe", "sigismember", "xdropaqueauth", "libcpvalloc", "rtld", "gnu c", "library", "free software", "foundation", "gnu lesser", "general public", "merchantability", "refs", "keyerror", "important", "carefully", "kwargs", "super", "true result", "priority", "pmsg", "crunch", "tmptempmsg", "localnetmask", "localipaddr", "upnrun", "ip address", "localgateway", "kversion", "eof dialog", "tmpmask", "localnetwork", "slackdevice", "fgrep", "ftp site", "tmpsetmount", "reboot machine", "tmpwhichdrv", "tmpsetmount cat", "select floppy", "drive", "tmptempmsg exit", "tmptempmsg mv", "tmpsourcedir", "drivefound", "cddvd", "rdir", "cddvd drive", "tmpsetcddev", "ide bus", "tmperrordo exit", "third", "login binsh", "l ttys0", "l ttys1", "x0 s", "reboot", "stuff", "bupdir", "iterhelper", "next", "none d", "indexhdr", "ixexists", "ixhashvalid", "ixshamissing", "indexsig", "entlen", "footersig", "tmpdir", "experimental", "bdupcache", "brestore", "bindex", "agulbra", "tcpip", "linux box", "hlinkdb", "verify", "maxpertree", "bupblobbits", "buptreeblobbits", "giterror", "mpicount", "bupnormal", "bupchunked", "refresh", "close", "dump", "dest", "commonargs", "ref dest", "pick", "btree", "missingobject", "bloom filter", "existingcount", "idxlivecount", "ram budget", "bupfs", "importerror", "fuse", "verbose", "fakemetadata", "fsdecode", "ptraceerror", "ptracesetregs", "cpu64bits", "ptraceattach", "ptracedetach", "ptracesyscall", "cpuwordsize", "runningbsd", "ext2", "proc proc", "commanderror", "optionerror", "lcctype", "iso88591", "localrepo repo", "sbine2fsck", "bfailed", "elif", "bcanary", "posix acls", "linux partition", "move", "pgdnspace", "olargefile", "onofollow", "xdev", "xdevxdev", "dirlist", "prepend", "cyan", "white", "blue", "dialog box", "yellow", "active button", "inactive button", "search box", "input box", "green", "excluderxs", "doit", "s seed", "this command", "is extremely", "dangerous n", "chunksize", "socket", "return hex", "supports python", "rethrow", "hostrs", "bnone", "bload", "branchpath", "snapshotroot", "snapshot", "tmpidx", "bashsource", "bashlineno", "int dryrun", "importing", "ux f", "sbinbrc", "eof binsync", "unmounting file", "devnull echo", "rest", "first assert", "existing", "restcount", "none path", "maxbloombits", "bloomversion", "maxbitseach", "discussion", "k4 k5", "k6 k7", "k8 k9", "rvatoi", "exitrv", "exit 1", "noblock", "sisdir", "sislnk", "writetree", "rawtreeitem", "splittreeitem", "metadataro", "meta", "builtmodulename", "dkms", "packagename", "autoinstall", "kernelrelease", "kbuild", "kerneluname", "implementation", "murmurhash3", "jens taylor", "gary court", "austin appleby", "typeof h", "later", "tls1", "fbtfr", "fbfr", "apache http", "fbefr", "fbhfr", "fbabfr", "http", "keepalive", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "getprocaddress", "access type", "ck id", "observed ja3", "mitre att", "show technique", "suspicious", "hybrid", "click", "delphi", "strings", "malicious", "february", "middle", "exploit", "gameover", "hybrid analysis", "api key", "vetting process", "ck matrix", "accept", "memoryfile scan", "invalid octet", "falcon sandbox", "tmpp59thrck", "informative", "name tactics" ], "references": [ "itl-logo.txt", "empty.exe", "libnm.la", "libyara.la", "sunjava_map.xml", "lorem.txt", "stage2", "q\u00e9\u00d5?e\u00ac\u00d2\u00b6.\u000f\u001c\u00cc", "syslinux.cfg", "x.jnlp", "desktop.ini", "a.txt", "a.txt:ads.txt", "dir:ads.txt", "b.txt:ads.txt", "no_ads.txt", ".:ads.txt", "b.txt", "nm-shared.xml", ".zcompdump-m1904-5.9", ".zcompdump", "90-nm-thunderbolt.rules", "84-nm-drivers.rules", "85-nm-unmanaged.rules", "???? ????????.txt", "notes.txt", "notes.txt:ads", "nm-cloud-setup.timer", "NetworkManager-wait-online.service", "nm-cloud-setup.service", "nm-priv-helper.service", "NetworkManager-dispatcher.service", "NetworkManager.service", "NetworkManager-ovs.conf", "nm-pppd-plugin.la", "yara.pc", "libnm.pc", "preload.js", "LICENSE", "index.js", "range.bnf", "package.json", "README.md", "semver.js", "comparator.js", "range.js", "valid.js", "sort.js", "satisfies.js", "rsort.js", "rcompare.js", "prerelease.js", "patch.js", "neq.js", "minor.js", "major.js", "lt.js", "inc.js", "parse.js", "gt.js", "eq.js", "gte.js", "compare-loose.js", "compare.js", "clean.js", "cmp.js", "coerce.js", "compare-build.js", "diff.js", "lte.js", "parse-options.js", "identifiers.js", "debug.js", "constants.js", "re.js", "yallist.js", "iterator.js", "subset.js", "to-comparators.js", "outside.js", "min-version.js", "min-satisfying.js", "max-satisfying.js", "ltr.js", "simplify.js", "intersects.js", "gtr.js", "npmrc", "cli.js", "lifecycle-cmd.js", "cli-entry.js", "package-url-cmd.js", "base-command.js", "npm.js", "arborist-cmd.js", "whoami.js", "view.js", "version.js", "unstar.js", "update.js", "unpublish.js", "uninstall.js", "test.js", "team.js", "stop.js", "start.js", "token.js", "stars.js", "shrinkwrap.js", "set.js", "star.js", "sbom.js", "run-script.js", "root.js", "search.js", "repo.js", "restart.js", "rebuild.js", "publish.js", "prune.js", "prefix.js", "pkg.js", "ping.js", "pack.js", "query.js", "outdated.js", "org.js", "owner.js", "logout.js", "ls.js", "ll.js", "login.js", "link.js", "install-ci-test.js", "profile.js", "hook.js", "init.js", "install-test.js", "install.js", "help.js", "explore.js", "fund.js", "explain.js", "help-search.js", "get.js", "edit.js", "docs.js", "doctor.js", "dist-tag.js", "dedupe.js", "deprecate.js", "ci.js", "config.js", "completion.js", "bugs.js", "adduser.js", "exec.js", "audit.js", "access.js", "cache.js", "find-dupes.js", "validate-engines.js", "web-auth.js", "tar.js", "update-notifier.js", "sbom-cyclonedx.js", "replace-info.js", "read-user-info.js", "reify-output.js", "queryable.js", "timers.js", "validate-lockfile.js", "sbom-spdx.js", "otplease.js", "pulse-till-done.js", "log-shim.js", "log-file.js", "npm-usage.js", "get-identity.js", "format-bytes.js", "open-url-prompt.js", "explain-eresolve.js", "explain-dep.js", "exit-handler.js", "open-url.js", "did-you-mean.js", "completion.sh", "completion.fish", "cmd-list.js", "auth.js", "audit-error.js", "is-windows.js", "display.js", "reify-finish.js", "error-message.js", "format-search-stream.js", "installed-shallow.js", "installed-deep.js", "update-workspaces.js", "get-workspaces.js", "npm-view.md", "npm-version.md", "npm-uninstall.md", "npm-token.md", "npx.md", "npm-team.md", "npm-stop.md", "npm-unstar.md", "npm-start.md", "npm-star.md", "npm-test.md", "npm-shrinkwrap.md", "npm-stars.md", "npm-sbom.md", "npm-root.md", "npm-run-script.md", "npm-restart.md", "npm-rebuild.md", "npm-query.md", "npm-search.md", "npm-prune.md", "npm-publish.md", "npm-profile.md", "npm-repo.md", "npm-whoami.md", "npm-pkg.md", "npm-pack.md", "npm-ping.md", "npm-org.md", "npm-owner.md", "npm-prefix.md", "npm-login.md", "npm-logout.md", "npm-link.md", "npm-install-ci-test.md", "npm-install.md", "npm-init.md", "npm-update.md", "npm-help-search.md", "npm-hook.md", "npm-help.md", "npm-find-dupes.md", "npm-explore.md", "npm-unpublish.md", "npm-exec.md", "npm-ls.md", "npm-edit.md", "npm-doctor.md", "npm-fund.md", "npm-outdated.md", "npm-docs.md", "npm-dist-tag.md", "npm-config.md", "npm-diff.md", "npm-ci.md", "npm-cache.md", "npm-bugs.md", "npm-completion.md", "npm-audit.md", "npm-access.md", "npm.md", "npm-install-test.md", "npm-adduser.md", "npm-dedupe.md", "package-lock-json.md", "package-json.md", "npm-shrinkwrap-json.md", "install.md", "npmrc.md", "folders.md", "workspaces.md", "scripts.md", "removal.md", "scope.md", "registry.md", "package-spec.md", "orgs.md", "developers.md", "dependency-selectors.md", "logging.md", "config.md", "node-which", "mkdirp", "qrcode-terminal", "installed-package-contents", "cssesc", "color-support", "arborist", "pacote", "glob", "empty", "xstat (2).py", "zgrep", "xstat.py", "wtmp", "web.py", "vt300", "vt300 (2)", "vt100 (3)", "vt100", "vint.py", "version (2).py", "version.py", "vdecmd", "unmigrate (2).sh", "unmigrate.sh", "tick.py", "termcap (2)", "termcap", "tag.py", "syslinux (2).cfg", "syslog.conf", "syslog (2).conf", "styles.css", "stdcrt (2)", "std (2)", "stage2 (3)", "stage2 (2)", "std", "ssh.py", "source_info.py", "split.py", "slackinstall", "stdcrt", "shells", "shells (2)", "shquote.py", "shadow (2)", "shadow", "setup (2)", "SeTswap (2)", "SeTPKG (2)", "setup", "SeTswap", "SeTpasswd (2)", "SeTpasswd", "SeTnopart (2)", "SeTpartitions (2)", "SeTnopart", "SeTPKG", "SeTmedia (2)", "SeTpartitions", "SeTmedia", "SeTmaketag", "slackinstall (2)", "SeTkeymap (2)", "SeTmaketag (2)", "SeTkernel", "SeTfull (2)", "SeTkernel (2)", "SeTfull", "SeTfdHELP", "SeTfdHELP (2)", "SeTkeymap", "SeTDOS (2)", "SeTconfig (2)", "services (2)", "SeTDOS", "SeTconfig", "services", "sendcmd.rc", "securetty (2)", "securetty", "server.py", "rm.py", "restore.py", "rm (2).py", "save.py", "removepkg", "rescan-scsi-bus", "removepkg (2)", "README (2)", "README", "repo.py", "rc.usb", "rc.inet1", "rc.S", "rc.ieee1394", "random.py", "pwdgrp.py", "PROMPThelp (2)", "profile (2)", "prune_older.py", "profile", "probe (2)", "probe", "pkgtool", "pkgtool (2)", "pcmcia", "path.py", "passwd (2)", "passwd", "OpenSSLConfigVersion.cmake", "options.py", "PROMPThelp", "openssl.pc", "openmachine.rc", "on__server.py", "on.py", "OpenSSLConfig.cmake", "obexstress", "nsswitch (2).conf", "nsswitch.conf", "nopartHELP (2)", "nopartHELP", "networks (2)", "networks", "network", "mux.py", "mtools (2).conf", "mtools.conf", "mtab (2)", "mtab", "motd (2)", "motd", "modules.pcimap", "modules.pnpbiosmap", "modules.parportmap", "modules.usbmap", "modules.isapnpmap", "modules.ieee1394map", "modules.generic_string", "modules.dep", "migrate (2).sh", "migrate.sh", "midx.py", "midx (2).py", "meta.py", "memtest.py", "margin.py", "makedevs (2).sh", "makedevs.sh", "metadata.py", "ls (2).py", "ls.py", "login (2).defs", "main.py", "login.defs", "list_idx.py", "libssl.pc", "libnm-wwan.la", "libnm-ppp-plugin.la", "libnm-device-plugin-wwan.la", "libnm-device-plugin-wifi.la", "libnm-device-plugin-team.la", "libnm-device-plugin-bluetooth.la", "libnm-device-plugin-ovs.la", "libnm-device-plugin-adsl.la", "libcrypto.pc", "libc6-i386_2.31-0ubuntu6_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.info", "libc6-i386_2.30-4_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.symbols", "libc6-i386_2.30-4_amd64.info", "libc6-i386_2.30-4_amd64.symbols", "libc6-i386_2.30-0ubuntu2_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.info", "libc6-i386_2.30-0ubuntu2.1_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.symbols", "libc6-i386_2.30-0ubuntu2.1_amd64.info", "libc6-i386_2.29-0ubuntu2_amd64.url", "libc6-i386_2.29-0ubuntu2_amd64.symbols", "libc6-i386_2.29-0ubuntu2_amd64.info", "libc6-i386_2.28-10_amd64.url", "libc6-i386_2.28-10_amd64.info", "libc6-i386_2.28-10_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.info", "libc6-i386_2.27-3ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.url", "libc6-i386_2.26-0ubuntu2_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.url", "libc6-i386_2.26-0ubuntu2.1_amd64.info", "libc6-i386_2.24-11+deb9u4_amd64.url", "libc6-i386_2.30-0ubuntu2.1_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.url", "libc6-i386_2.24-9ubuntu2_amd64.info", "libc6-i386_2.24-9ubuntu2.2_amd64.url", "libc6-i386_2.24-9ubuntu2.2_amd64.symbols", "libc6-i386_2.24-9ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.url", "libc6-i386_2.24-3ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.url", "libc6-i386_2.23-0ubuntu11_amd64.url", "libc6-i386_2.24-3ubuntu1_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.info", "libc6-i386_2.23-0ubuntu11_amd64.symbols", "libc6-i386_2.23-0ubuntu11_amd64.info", "libc6-i386_2.23-0ubuntu10_amd64.url", "libc6-i386_2.23-0ubuntu10_amd64.symbols", "libc6-i386_2.23-0ubuntu10_amd64.info", "libc6-i386_2.23-0ubuntu3_amd64.symbols", "libc6-i386_2.23-0ubuntu3_amd64.info", "libc6-i386_2.21-0ubuntu4_amd64.url", "libc6-i386_2.23-0ubuntu3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.info", "libc6-i386_2.21-0ubuntu4.3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.info", "libc6-i386_2.19-18+deb8u10_amd64.url", "libc6-i386_2.19-18+deb8u10_amd64.symbols", "libc6-i386_2.19-18+deb8u10_amd64.info", "libc6-i386_2.19-10ubuntu2_amd64.url", "libc6-i386_2.19-10ubuntu2_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.symbols", "libc6-i386_2.19-10ubuntu2_amd64.info", "libc6-i386_2.19-10ubuntu2.3_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.symbols", "libc6-i386_2.19-0ubuntu6.15_amd64.info", "libc6-i386_2.19-0ubuntu6.15_amd64.url", "libc6-i386_2.19-0ubuntu6.15_amd64.symbols", "libc6-i386_2.17-93ubuntu4_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.info", "libc6-i386_2.17-0ubuntu5_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.symbols", "libc6-i386_2.17-0ubuntu5_amd64.info", "libc6-i386_2.17-0ubuntu5.1_amd64.url", "libc6-i386_2.17-0ubuntu5_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.info", "libc6-i386_2.15-0ubuntu20_amd64.url", "libc6-i386_2.15-0ubuntu20.2_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.symbols", "libc6-i386_2.15-0ubuntu20.2_amd64.info", "libc6-i386_2.15-0ubuntu20.2_amd64.symbols", "libc6-i386_2.15-0ubuntu10_amd64.info", "libc6-i386_2.15-0ubuntu10_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.info", "libc6-i386_2.15-0ubuntu10.18_amd64.url", "libc6-i386_2.15-0ubuntu10_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.url", "libc6-i386_2.13-20ubuntu5_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.symbols", "libc6-i386_2.13-20ubuntu5.3_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.symbols", "libc6-i386_2.13-20ubuntu5.2_amd64.info", "libc6-i386_2.13-0ubuntu13_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.symbols", "libc6-i386_2.13-0ubuntu13.2_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.url", "libc6-i386_2.13-0ubuntu13.2_amd64.info", "libc6-i386_2.12.1-0ubuntu10.4_amd64.info", "libc6-i386_2.13-0ubuntu13.2_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.info", "libc6-i386_2.11.1-0ubuntu7_amd64.url", "libc6-i386_2.12.1-0ubuntu6_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.url", "libc6-i386_2.11.1-0ubuntu7.21_amd64.url", "libc6-i386_2.11.1-0ubuntu7.12_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.info", "libc6-i386_2.11.1-0ubuntu7.11_amd64.symbols", "libc6-i386_2.10.1-0ubuntu19_amd64.url", "libc6-i386_2.10.1-0ubuntu19_amd64.info", "libc6-i386_2.10.1-0ubuntu19_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.info", "libc6-i386_2.10.1-0ubuntu15_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.url", "libc6-i386_2.9-4ubuntu6_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.symbols", "libc6-i386_2.9-4ubuntu6.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu9_amd64.info", "libc6-i386_2.8~20080505-0ubuntu7_amd64.url", "libc6-i386_2.7-10ubuntu8.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.info", "libc6-i386_2.7-10ubuntu3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.info", "libc6-i386_2.6.1-1ubuntu10_amd64.url", "libc6-i386_2.6.1-1ubuntu10_amd64.symbols", "libc6-i386_2.6.1-1ubuntu10_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.symbols", "libc6-i386_2.6.1-1ubuntu9_amd64.url", "libc6-i386_2.6.1-1ubuntu9_amd64.info", "libc6-i386_2.6.1-1ubuntu9_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.info", "libc6-i386_2.4-1ubuntu12_amd64.url", "libc6-i386_2.4-1ubuntu12_amd64.symbols", "libc6-i386_2.4-1ubuntu12_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.symbols", "libc6-i386_2.4-1ubuntu12.3_amd64.url", "libc6-i386_2.4-1ubuntu12.3_amd64.info", "libc6-i386_2.5-0ubuntu14_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.symbols", "libc6-i386_2.3.6-0ubuntu20_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.url", "libc6-i386_2.3.6-0ubuntu20.6_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.symbols", "ldd", "libc6-i386_2.4-1ubuntu12.3_amd64.symbols", "ld.so (2).conf", "ld.so.conf", "join.py", "itl-logo (3).txt", "itl-logo (2).txt", "issue", "issue (2)", "io.py", "installpkg", "INSNFS (2)", "installpkg (2)", "INSNFS", "INShd", "INShd (2)", "INSfd (2)", "INSfd", "INSdir (2)", "INSdir", "INSCD", "INSCD (2)", "inittab (2)", "inittab", "init.py", "__init__ (2).py", "__init__.py", "index (2).py", "index.py", "import_duplicity.py", "hosts (2)", "hosts", "host (2).conf", "host.conf", "HOSTNAME", "hlinkdb.py", "help.py", "helpers.py", "HOSTNAME (2)", "hashsplit.py", "group (2)", "group", "gc (2).py", "git.py", "get.py", "gc.py", "fuse.py", "func.py", "fstab (2)", "fstab", "ftp.py", "fsck (2).ext2", "fsck (2).ext3", "fsck.ext3", "fsck.ext2", "fsck.py", "filesize", "features.py", "fdisk (2)", "fdisk", "FDhelp (2)", "FDhelp", "empty (3)", "empty (2)", "drecurse.py", "dialogrc", "dialogrc (2)", "disk2 (2)", "drecurse (2).py", "disk2", "damage.py", "daemon.py", "compat.py", "closemachine.rc", "checkout_info.py", "cfdisk (2)", "client.py", "cfdisk", "cat_file.py", "bup-import-rsnapshot", "bup-import-rdiff-backup", "brc (2)", "brc", "bloom (2).py", "bloom.py", "asyncrecv.rc", "90-nm-cloud-setup.sh", "vfs.py", "tree.py", "template-WaR2X6", "a1676298638", "a4033901479", ".X1-lock", ".X0-lock", ".X1024-lock", "b3336837578", "MozillaUpdateLock-7A4D7A8EFFB43502", "imurmurhash.min.js", ".X1025-lock", "murmur2", "b529967783", "empty.lock~", "ab.1", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/65fcd2b1519a5f86d60eed63", "https://hybrid-analysis.com/file-collection/6604df33503d4a306e01c776", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/6604e16b6b94878cbb062194", "https://hybrid-analysis.com/file-collection/6604df4bb797f028b4065601", "https://hybrid-analysis.com/sample/2eaba531c48445e241c116f61653649e403d4b1ef07bfc96390e986e1eeb5b83/6604e230edf88ab15b0d83fc", "https://hybrid-analysis.com/file-collection/66057525d9b81759df06c4b5", "https://hybrid-analysis.com/sample/d714e2a850645f9a0f8f3785dd0eedd47a417417bed470b968e0f6a1a2e746e6/652cf1f4243d9d03b90f74a1", "https://www.virustotal.com/gui/file/ea8490563a229b89f2b779217938f9eb2bcf93dd89de9f7fc5c035632f0934b5/relations" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 297, "email": 8, "hostname": 204, "URL": 382, "FileHash-SHA1": 7, "CVE": 2, "FileHash-MD5": 45, "FileHash-SHA256": 5 }, "indicator_count": 950, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "722 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a823f8dbade2ab32ee77", "name": "Remote Access |Trick Clicks | C2 | False evidence appearing real. Content reputation.", "description": "", "modified": "2023-12-06T16:58:11.569000", "created": "2023-12-06T16:58:11.569000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 7, "FileHash-SHA256": 598, "hostname": 403, "domain": 583, "URL": 1814, "FileHash-MD5": 175, "FileHash-SHA1": 95 }, "indicator_count": 3675, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6522804c01930c8d2f1ad71f", "name": "Remote Access |Trick Clicks | C2 | False evidence appearing real. Content reputation.", "description": "Unrelated websites successfully flood , and dismantle reputations, marketing efforts of targets who has and lost 100% online visibility. Cyber criminals set up malicious websites, that drive down reputation, relevant media of target. The domains are traps popular w/some hackers or malicious red team groups typically hired by attorneys. Clicks, revenue flow to cyber criminals through malicious redirects, AGGRESSIVE social engineering, intellectual property abuse and obnoxious distraction. Contact is often made to trick target into believing their is interested in their product, body of work. Legal docs or funds may be exchange, giving cyber criminal access, email, clouds, Dropbox, forced login abuse, cloud share, phone number, C2, payment methods, banking, privilege to distribute, falsify ad campaigns of target. It's complicated but practices to frustrate , impoverish, profit, track, silence target. Malicious intent. Heavy tracking, core communication service swap.", "modified": "2023-11-07T08:04:06.581000", "created": "2023-10-08T10:11:22.600000", "tags": [ "heur", "cyber threat", "engineering", "covid19", "united", "phishing site", "telefonica peru", "malicious site", "control server", "phishing", "suppobox", "malware", "team", "ransomware", "download", "facebook", "daum", "cobalt strike", "pony", "artemis", "simda", "sodinokibi", "zbot", "bank", "feodo", "laplasclipper", "squirrelwaffle", "binder", "virut", "ramnit", "dropper", "formbook", "azorult", "revil", "matsnu", "service", "generic", "malicious", "emotet", "br", "trojanspy", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware site", "blacklist", "alexa", "malicious url", "detection list", "INDICATOR ROLE TITLE DESCRIPTION EXPIRATION RELATED PULSES URL ", "C2", "command_and_control", "nr-data", "cyber crime", "impersonation", "fraud", "intellectual property", "targets", "kedence", "song culture", "tsara lynn", "k\u00e9dence", "tsara", "tsara brashears", "social engineering", "interface exchange", "abuse", "privilege", "indicator", "file", "pattern match", "ascii text", "appdata", "windows nt", "script", "mitre att", "ck id", "show technique", "hybrid", "general", "local", "forced login", "content reputation", "reputation", "scheme", "crime", "cyber criminals", "arizona", "colorado", "newyork", "british", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "suricata alerts", "event category", "description sid", "suricata", "suricata", "cloud", "device remotwd", "remote attack", "remote controlled devices", "tracking", "spyware", "florida", "united states", "canada", "estonia", "cyber criminal", "alert" ], "references": [ "smartwishlist_1_.js", "https://www.hybrid-analysis.com/sample/ef02a04e1487fd373923ef2aa42b3d9af8d5fd600e5198150283b31aa7ed7558", "CVE-2012-1856", "CVE-2013-1331", "CVE-2017-8570", "CVE-2017-0147", "CVE-2017-11882", "CVE-2017-0199", "CVE-2018-8453", "https://the.sciencebehindecommerce.com/d9core", "https://pixel.tapad.com/idsync/ex/push static-tracking.klaviyo.com u002dtracking.klaviyo.com", "https://www.miraclebrand.co/apps/wonderment/tracking", "remote-access.net", "dev.remote-access.net", "hubspot.remote-access.net", "http://avient.remote-access.net/", "qa.remote-access.net", "http://www.remote-access.net", "https://avient.remote-access.net", "bam.nr-data.net", "appleaccessory.online", "init.ess.apple.com", "tv.apple.com", "http://icloud.ypcdce.com", "dr4qe3ddw9y32.cloudfront.net", "http://45.159.189.105/bot/regex", "http://clipper.guru/bot/regex", "http://45.159.189.105/bot/regex?key=afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34", "cloud.smartwishlist.webmarked.net", "http://dialacake.com/mumbai/yellow-pineapple-cake-2770.html", "https://hubspot.remote-access.net", "icloud.ypcdce.com", "Research and Data analysis" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BR", "display_name": "BR", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "Ramnit", "display_name": "Ramnit", "target": null }, { "id": "Emotet - S0367", "display_name": "Emotet - S0367", "target": null }, { "id": "Squirrelwaffle", "display_name": "Squirrelwaffle", "target": null }, { "id": "LaplasClipper", "display_name": "LaplasClipper", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "Virus:Win32/Daum", "display_name": "Virus:Win32/Daum", "target": "/malware/Virus:Win32/Daum" }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Backdoor:PHP/Artemis", "display_name": "Backdoor:PHP/Artemis", "target": "/malware/Backdoor:PHP/Artemis" }, { "id": "TEL:HackTool:Win32/ArtemisUser", "display_name": "TEL:HackTool:Win32/ArtemisUser", "target": null }, { "id": "Azorult - S0344", "display_name": "Azorult - S0344", "target": null }, { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Backdoor:Win32/Simda", "display_name": "Backdoor:Win32/Simda", "target": "/malware/Backdoor:Win32/Simda" }, { "id": "Ransomware", "display_name": "Ransomware", "target": null }, { "id": "Formbook", "display_name": "Formbook", "target": null }, { "id": "REvil (ELF)", "display_name": "REvil (ELF)", "target": null }, { "id": "Trojan:Win32/Matsnu", "display_name": "Trojan:Win32/Matsnu", "target": "/malware/Trojan:Win32/Matsnu" }, { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "ZeuS", "display_name": "ZeuS", "target": null }, { "id": "Pony - S0453", "display_name": "Pony - S0453", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 41, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 7, "hostname": 403, "domain": 583, "URL": 1814, "FileHash-MD5": 175, "FileHash-SHA1": 95, "FileHash-SHA256": 598 }, "indicator_count": 3675, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f1b570ce3f6227774113b", "name": "Remote Access |Trick Clicks | C2 | False evidence appearing real. ", "description": "", "modified": "2023-11-07T08:04:06.581000", "created": "2023-10-30T02:56:23.462000", "tags": [ "heur", "cyber threat", "engineering", "covid19", "united", "phishing site", "telefonica peru", "malicious site", "control server", "phishing", "suppobox", "malware", "team", "ransomware", "download", "facebook", "daum", "cobalt strike", "pony", "artemis", "simda", "sodinokibi", "zbot", "bank", "feodo", "laplasclipper", "squirrelwaffle", "binder", "virut", "ramnit", "dropper", "formbook", "azorult", "revil", "matsnu", "service", "generic", "malicious", "emotet", "br", "trojanspy", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware site", "blacklist", "alexa", "malicious url", "detection list", "INDICATOR ROLE TITLE DESCRIPTION EXPIRATION RELATED PULSES URL ", "C2", "command_and_control", "nr-data", "cyber crime", "impersonation", "fraud", "intellectual property", "targets", "kedence", "song culture", "tsara lynn", "k\u00e9dence", "tsara", "tsara brashears", "social engineering", "interface exchange", "abuse", "privilege", "indicator", "file", "pattern match", "ascii text", "appdata", "windows nt", "script", "mitre att", "ck id", "show technique", "hybrid", "general", "local", "forced login", "content reputation", "reputation", "scheme", "crime", "cyber criminals", "arizona", "colorado", "newyork", "british", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "suricata alerts", "event category", "description sid", "suricata", "suricata", "cloud", "device remotwd", "remote attack", "remote controlled devices", "tracking", "spyware", "florida", "united states", "canada", "estonia", "cyber criminal", "alert" ], "references": [ "smartwishlist_1_.js", "https://www.hybrid-analysis.com/sample/ef02a04e1487fd373923ef2aa42b3d9af8d5fd600e5198150283b31aa7ed7558", "CVE-2012-1856", "CVE-2013-1331", "CVE-2017-8570", "CVE-2017-0147", "CVE-2017-11882", "CVE-2017-0199", "CVE-2018-8453", "https://the.sciencebehindecommerce.com/d9core", "https://pixel.tapad.com/idsync/ex/push static-tracking.klaviyo.com u002dtracking.klaviyo.com", "https://www.miraclebrand.co/apps/wonderment/tracking", "remote-access.net", "dev.remote-access.net", "hubspot.remote-access.net", "http://avient.remote-access.net/", "qa.remote-access.net", "http://www.remote-access.net", "https://avient.remote-access.net", "bam.nr-data.net", "appleaccessory.online", "init.ess.apple.com", "tv.apple.com", "http://icloud.ypcdce.com", "dr4qe3ddw9y32.cloudfront.net", "http://45.159.189.105/bot/regex", "http://clipper.guru/bot/regex", "http://45.159.189.105/bot/regex?key=afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34", "cloud.smartwishlist.webmarked.net", "http://dialacake.com/mumbai/yellow-pineapple-cake-2770.html", "https://hubspot.remote-access.net", "icloud.ypcdce.com", "Research and Data analysis" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BR", "display_name": "BR", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "Ramnit", "display_name": "Ramnit", "target": null }, { "id": "Emotet - S0367", "display_name": "Emotet - S0367", "target": null }, { "id": "Squirrelwaffle", "display_name": "Squirrelwaffle", "target": null }, { "id": "LaplasClipper", "display_name": "LaplasClipper", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "Virus:Win32/Daum", "display_name": "Virus:Win32/Daum", "target": "/malware/Virus:Win32/Daum" }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Backdoor:PHP/Artemis", "display_name": "Backdoor:PHP/Artemis", "target": "/malware/Backdoor:PHP/Artemis" }, { "id": "TEL:HackTool:Win32/ArtemisUser", "display_name": "TEL:HackTool:Win32/ArtemisUser", "target": null }, { "id": "Azorult - S0344", "display_name": "Azorult - S0344", "target": null }, { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Backdoor:Win32/Simda", "display_name": "Backdoor:Win32/Simda", "target": "/malware/Backdoor:Win32/Simda" }, { "id": "Ransomware", "display_name": "Ransomware", "target": null }, { "id": "Formbook", "display_name": "Formbook", "target": null }, { "id": "REvil (ELF)", "display_name": "REvil (ELF)", "target": null }, { "id": "Trojan:Win32/Matsnu", "display_name": "Trojan:Win32/Matsnu", "target": "/malware/Trojan:Win32/Matsnu" }, { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "ZeuS", "display_name": "ZeuS", "target": null }, { "id": "Pony - S0453", "display_name": "Pony - S0453", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "6522804c01930c8d2f1ad71f", "export_count": 30, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 7, "hostname": 403, "domain": 583, "URL": 1814, "FileHash-MD5": 175, "FileHash-SHA1": 95, "FileHash-SHA256": 598 }, "indicator_count": 3675, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "644b318830af34fc51b096f6", "name": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability CVE-2022-30190", "description": "Here is the full text of the Metasploit module that generates a malicious Microsoft Office document that will be used to launch a cyber-attack on the firm's computer systems, and how to do it.", "modified": "2023-04-28T02:38:00.791000", "created": "2023-04-28T02:38:00.791000", "tags": [ "html", "char", "microsoft", "office word", "srvport", "metasploit", "current source", "rank", "msdtjs", "microsoft word", "powershell" ], "references": [ "word_msdtjs_rce.rb.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HTML", "display_name": "HTML", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OkGamerOfYeet", "id": "233948", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 1, "domain": 1 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 27, "modified_text": "1087 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "entry.name", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "entry.name", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776644488.3790975 }