{ "type": "Domain", "indicator": "gift-catch.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/gift-catch.com", "alexa": "http://www.alexa.com/siteinfo/gift-catch.com", "indicator": "gift-catch.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3783358236, "indicator": "gift-catch.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "63fcbb1398645e14b5ce6cf3", "name": "Steam Phishing Collection", "description": "This page stores Pocket Card phishing page IOCs. Legitimate website for the brand is https://steamcommunity.com\nNOLA defense is tracking newly observed phishing websites. Follow us on twitter https://twitter.com/noladefense", "modified": "2026-06-02T01:38:08.470000", "created": "2023-02-27T14:15:47.622000", "tags": [ "domain", "url", "phishing", "scam", "steam" ], "references": [ "https://www.virustotal.com/gui/collection/348d12ddbef91e34c6260626b43cdb47bfb53dc322e1884b5794e7e5261d63f0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Technology" ], "TLP": "green", "cloned_from": null, "export_count": 504, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "noladefense", "id": "222814", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_222814/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4, "domain": 14, "hostname": 15 }, "indicator_count": 33, "is_author": false, "is_subscribing": null, "subscriber_count": 453, "modified_text": "22 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "65bc3431d38adeaeb0ba0226", "name": "Twitter Feed - noladefense - 01-02-2024", "description": "", "modified": "2024-03-03T00:04:03.559000", "created": "2024-02-02T00:15:44.559000", "tags": [ "phishing" ], "references": [ "https://twitter.com/noladefense/status/1752845015162724681", "https://twitter.com/noladefense/status/1752846344975163870", "https://twitter.com/noladefense/status/1752846417847038190", "https://twitter.com/noladefense/status/1752853866230452502", "https://twitter.com/noladefense/status/1752853870793900076", "https://twitter.com/noladefense/status/1752853881195806915", "https://twitter.com/noladefense/status/1752853891933200626", "https://twitter.com/noladefense/status/1752853903744418227", "https://twitter.com/noladefense/status/1752853902288908596", "https://twitter.com/noladefense/status/1752853919020032178", "https://twitter.com/noladefense/status/1752853925470888026", "https://twitter.com/noladefense/status/1752853929581236241", "https://twitter.com/noladefense/status/1752853927702270199", "https://twitter.com/noladefense/status/1752853930692714808", "https://twitter.com/noladefense/status/1752853943036625268", "https://twitter.com/noladefense/status/1752853954147266904", "https://twitter.com/noladefense/status/1752853956319908318", "https://twitter.com/noladefense/status/1752853979564855320", "https://twitter.com/noladefense/status/1752853987022250269", "https://twitter.com/noladefense/status/1752863232807596058", "https://twitter.com/noladefense/status/1752863283487326662", "https://twitter.com/noladefense/status/1752864607801139447", "https://twitter.com/noladefense/status/1752864660825465186", "https://twitter.com/noladefense/status/1752864715607359497", "https://twitter.com/noladefense/status/1752864801724715327", "https://twitter.com/noladefense/status/1752864897002516676", "https://twitter.com/noladefense/status/1752868969050951972", "https://twitter.com/noladefense/status/1752868980560105727", "https://twitter.com/noladefense/status/1752869263596028050", "https://twitter.com/noladefense/status/1752869345540141516", "https://twitter.com/noladefense/status/1752873517513646332", "https://twitter.com/noladefense/status/1752873565974671715", "https://twitter.com/noladefense/status/1752873616557977884", "https://twitter.com/noladefense/status/1752874974451310651", "https://twitter.com/noladefense/status/1752875109407240628", "https://twitter.com/noladefense/status/1752879411022471507", "https://twitter.com/noladefense/status/1752879469075824838", "https://twitter.com/noladefense/status/1752879527351529623", "https://twitter.com/noladefense/status/1752884028191940620", "https://twitter.com/noladefense/status/1752884033980125676", "https://twitter.com/noladefense/status/1752884056251842849", "https://twitter.com/noladefense/status/1752886423152201912", "https://twitter.com/noladefense/status/1752887810808238357", "https://twitter.com/noladefense/status/1752887883441090916", "https://twitter.com/noladefense/status/1752887976533676317", "https://twitter.com/noladefense/status/1752889369952727340", "https://twitter.com/noladefense/status/1752895508153008232", "https://twitter.com/noladefense/status/1752898970005770648", "https://twitter.com/noladefense/status/1752899128252629252", "https://twitter.com/noladefense/status/1752899138998468888", "https://twitter.com/noladefense/status/1752914092342296978", "https://twitter.com/noladefense/status/1752929220001456227", "https://twitter.com/noladefense/status/1752929235017121905", "https://twitter.com/noladefense/status/1752944287413596531", "https://twitter.com/noladefense/status/1752944327523705121", "https://twitter.com/noladefense/status/1752944345857089946", "https://twitter.com/noladefense/status/1752944368883749056", "https://twitter.com/noladefense/status/1752944371660439735", "https://twitter.com/noladefense/status/1752944376462840104", "https://twitter.com/noladefense/status/1752944398483013757", "https://twitter.com/noladefense/status/1752944411409866890", "https://twitter.com/noladefense/status/1752944428480606312", "https://twitter.com/noladefense/status/1752944442519011447", "https://twitter.com/noladefense/status/1752946056524898501", "https://twitter.com/noladefense/status/1752974476629725394", "https://twitter.com/noladefense/status/1752974489174888907", "https://twitter.com/noladefense/status/1752974507789164609", "https://twitter.com/noladefense/status/1752974525287768120", "https://twitter.com/noladefense/status/1752974532694909208", "https://twitter.com/noladefense/status/1752989657459994630", "https://twitter.com/noladefense/status/1752989670869180610", "https://twitter.com/noladefense/status/1752989682990752183", "https://twitter.com/noladefense/status/1752989707892371501", "https://twitter.com/noladefense/status/1752989713797923222", "https://twitter.com/noladefense/status/1752989738015891656", "https://twitter.com/noladefense/status/1753004756350464461", "https://twitter.com/noladefense/status/1753007529548812683", "https://twitter.com/noladefense/status/1753019861427494947", "https://twitter.com/noladefense/status/1753034905930379295", "https://twitter.com/noladefense/status/1753034919763218594", "https://twitter.com/noladefense/status/1753034935374418022", "https://twitter.com/noladefense/status/1753046828453351854", "https://twitter.com/noladefense/status/1753049996650295797", "https://twitter.com/noladefense/status/1753050011003130057", "https://twitter.com/noladefense/status/1753050046386368788", "https://twitter.com/noladefense/status/1753053449229312037", "https://twitter.com/noladefense/status/1753065080810545301", "https://twitter.com/noladefense/status/1753065098242068652", "https://twitter.com/noladefense/status/1753065109562478811", "https://twitter.com/noladefense/status/1753065127862276471", "https://twitter.com/noladefense/status/1753065143104360509", "https://twitter.com/noladefense/status/1753065171738927333", "https://twitter.com/noladefense/status/1753095287504011359", "https://twitter.com/noladefense/status/1753095304801407143", "https://twitter.com/noladefense/status/1753095321012318509", "https://twitter.com/noladefense/status/1753095335344246860", "https://twitter.com/noladefense/status/1753095365371338888", "https://twitter.com/noladefense/status/1753095378121961728", "https://twitter.com/noladefense/status/1753095400829985152", "https://twitter.com/noladefense/status/1753095411126980808", "https://twitter.com/noladefense/status/1753095424359940588", "https://twitter.com/noladefense/status/1753095432975135148", "https://twitter.com/noladefense/status/1753095435768524916", "https://twitter.com/noladefense/status/1753095460082909389", "https://twitter.com/noladefense/status/1753110353310036214", "https://twitter.com/noladefense/status/1753110378832072972", "https://twitter.com/noladefense/status/1753110405512380693", "https://twitter.com/noladefense/status/1753110420863467619", "https://twitter.com/noladefense/status/1753110444309381131", "https://twitter.com/noladefense/status/1753115054940332116", "https://twitter.com/noladefense/status/1753125497926512968", "https://twitter.com/noladefense/status/1753125506076053620", "https://twitter.com/noladefense/status/1753125522702262719", "https://twitter.com/noladefense/status/1753125545955463385", "https://twitter.com/noladefense/status/1753140573609841020", "https://twitter.com/noladefense/status/1753140596871430271", "https://twitter.com/noladefense/status/1753170939649425554", "https://twitter.com/noladefense/status/1753170946976887034", "https://twitter.com/noladefense/status/1753170955382235344", "https://twitter.com/noladefense/status/1753170962004992449", "https://twitter.com/noladefense/status/1753170973845504014", "https://twitter.com/noladefense/status/1753170978790691081", "https://twitter.com/noladefense/status/1753170988588548455", "https://twitter.com/noladefense/status/1753170986722025708", "https://twitter.com/noladefense/status/1753171001259495528", "https://twitter.com/noladefense/status/1753171000940724537", "https://twitter.com/noladefense/status/1753171003818070144", "https://twitter.com/noladefense/status/1753171011128721599", "https://twitter.com/noladefense/status/1753171026253324467", "https://twitter.com/noladefense/status/1753171031122993363", "https://twitter.com/noladefense/status/1753171057970642997", "https://twitter.com/noladefense/status/1753175257752477760", "https://twitter.com/noladefense/status/1753176906894037170", "https://twitter.com/noladefense/status/1753186136967536785", "https://twitter.com/noladefense/status/1753186144584348104", "https://twitter.com/noladefense/status/1753186160661221885", "https://twitter.com/noladefense/status/1753186158249439460", "https://twitter.com/noladefense/status/1753186173575483485", "https://twitter.com/noladefense/status/1753186173353083174", "https://twitter.com/noladefense/status/1753186180709933335", "https://twitter.com/noladefense/status/1753186188209365359", "https://twitter.com/noladefense/status/1753186197361311769" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 32, "URL": 126, "FileHash-SHA256": 135, "domain": 92, "FileHash-MD5": 2 }, "indicator_count": 387, "is_author": false, "is_subscribing": null, "subscriber_count": 1626, "modified_text": "822 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65574cb4447c8d87ad85fa75", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:24.343000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65574cbe6bdbe24ecb170b24", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:34.083000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 102, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65580c1516990d69644fb3d0", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:57.372000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 100, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65580c17e69371b34a573f72", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:59.619000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/noladefense/status/1753095304801407143", "https://twitter.com/noladefense/status/1752989707892371501", "https://twitter.com/noladefense/status/1752864607801139447", "https://twitter.com/noladefense/status/1752875109407240628", "https://twitter.com/noladefense/status/1752873565974671715", "https://twitter.com/noladefense/status/1753171003818070144", "https://twitter.com/noladefense/status/1752944442519011447", "https://twitter.com/noladefense/status/1753125506076053620", "https://twitter.com/noladefense/status/1753095378121961728", "https://twitter.com/noladefense/status/1752863283487326662", "https://twitter.com/noladefense/status/1753110353310036214", "https://twitter.com/noladefense/status/1753170955382235344", "https://twitter.com/noladefense/status/1753095460082909389", "https://twitter.com/noladefense/status/1752974525287768120", "https://twitter.com/noladefense/status/1752887883441090916", "https://twitter.com/noladefense/status/1752868969050951972", "https://twitter.com/noladefense/status/1753186173575483485", "https://twitter.com/noladefense/status/1753095335344246860", "https://twitter.com/noladefense/status/1753186144584348104", "https://twitter.com/noladefense/status/1752873616557977884", "https://twitter.com/noladefense/status/1752944376462840104", "https://twitter.com/noladefense/status/1752846417847038190", "https://twitter.com/noladefense/status/1752974532694909208", "https://twitter.com/noladefense/status/1753095424359940588", "https://twitter.com/noladefense/status/1752864715607359497", "https://twitter.com/noladefense/status/1752864660825465186", "https://twitter.com/noladefense/status/1752899128252629252", "https://twitter.com/noladefense/status/1753186188209365359", "https://twitter.com/noladefense/status/1753125545955463385", "https://twitter.com/noladefense/status/1753046828453351854", "https://twitter.com/noladefense/status/1752944398483013757", "https://twitter.com/noladefense/status/1752944411409866890", "https://twitter.com/noladefense/status/1752879469075824838", "https://twitter.com/noladefense/status/1753065098242068652", "https://twitter.com/noladefense/status/1752898970005770648", "https://twitter.com/noladefense/status/1753125497926512968", "https://twitter.com/noladefense/status/1752853919020032178", "https://twitter.com/noladefense/status/1752853870793900076", "https://twitter.com/noladefense/status/1752944428480606312", "https://twitter.com/noladefense/status/1753065127862276471", "https://twitter.com/noladefense/status/1753095432975135148", "https://twitter.com/noladefense/status/1753170939649425554", "https://twitter.com/noladefense/status/1753170988588548455", "https://twitter.com/noladefense/status/1752884056251842849", "https://twitter.com/noladefense/status/1753171026253324467", "https://twitter.com/noladefense/status/1753176906894037170", "https://twitter.com/noladefense/status/1752889369952727340", "https://twitter.com/noladefense/status/1752944345857089946", "https://twitter.com/noladefense/status/1752974489174888907", "https://twitter.com/noladefense/status/1752989713797923222", "https://twitter.com/noladefense/status/1753140596871430271", "https://twitter.com/noladefense/status/1752853943036625268", "https://twitter.com/noladefense/status/1752884028191940620", "https://twitter.com/noladefense/status/1752864897002516676", "https://twitter.com/noladefense/status/1752944368883749056", "https://twitter.com/noladefense/status/1753140573609841020", "https://twitter.com/noladefense/status/1752944327523705121", "https://twitter.com/noladefense/status/1753170986722025708", "https://twitter.com/noladefense/status/1753186136967536785", "https://twitter.com/noladefense/status/1753170973845504014", "https://twitter.com/noladefense/status/1753004756350464461", "https://twitter.com/noladefense/status/1753095287504011359", "https://twitter.com/noladefense/status/1753115054940332116", "https://twitter.com/noladefense/status/1753007529548812683", "https://twitter.com/noladefense/status/1753171000940724537", "https://twitter.com/noladefense/status/1753170946976887034", "https://twitter.com/noladefense/status/1753171031122993363", "https://twitter.com/noladefense/status/1753110444309381131", "https://twitter.com/noladefense/status/1753186197361311769", "https://twitter.com/noladefense/status/1753034919763218594", "https://twitter.com/noladefense/status/1753170962004992449", "https://twitter.com/noladefense/status/1752899138998468888", "https://twitter.com/noladefense/status/1752929220001456227", "https://twitter.com/noladefense/status/1753065171738927333", "https://twitter.com/noladefense/status/1753170978790691081", "https://twitter.com/noladefense/status/1753171057970642997", "https://twitter.com/noladefense/status/1753050046386368788", "https://twitter.com/noladefense/status/1752863232807596058", "https://twitter.com/noladefense/status/1752853881195806915", "https://twitter.com/noladefense/status/1752879527351529623", "https://twitter.com/noladefense/status/1753110420863467619", "https://twitter.com/noladefense/status/1753065143104360509", "https://twitter.com/noladefense/status/1752887976533676317", "https://twitter.com/noladefense/status/1752846344975163870", "https://www.virustotal.com/gui/collection/348d12ddbef91e34c6260626b43cdb47bfb53dc322e1884b5794e7e5261d63f0", "https://twitter.com/noladefense/status/1752869263596028050", "https://twitter.com/noladefense/status/1753186173353083174", "https://twitter.com/noladefense/status/1752853902288908596", "https://twitter.com/noladefense/status/1752853891933200626", "https://twitter.com/noladefense/status/1753186180709933335", "https://twitter.com/noladefense/status/1752886423152201912", "https://twitter.com/noladefense/status/1753034935374418022", "https://twitter.com/noladefense/status/1753050011003130057", "https://twitter.com/noladefense/status/1752853929581236241", "https://twitter.com/noladefense/status/1753186160661221885", "https://twitter.com/noladefense/status/1752873517513646332", "https://twitter.com/noladefense/status/1752853930692714808", "https://twitter.com/noladefense/status/1752845015162724681", "https://twitter.com/noladefense/status/1753110405512380693", "https://twitter.com/noladefense/status/1752884033980125676", "https://twitter.com/noladefense/status/1752868980560105727", "https://twitter.com/noladefense/status/1752853979564855320", "https://twitter.com/noladefense/status/1752853987022250269", "https://twitter.com/noladefense/status/1752853925470888026", "https://twitter.com/noladefense/status/1752974476629725394", "https://twitter.com/noladefense/status/1753095435768524916", "https://twitter.com/noladefense/status/1752914092342296978", "https://twitter.com/noladefense/status/1752874974451310651", "https://twitter.com/noladefense/status/1752989670869180610", "https://twitter.com/noladefense/status/1753125522702262719", "https://twitter.com/noladefense/status/1752853954147266904", "https://twitter.com/noladefense/status/1752974507789164609", "https://twitter.com/noladefense/status/1752929235017121905", "https://twitter.com/noladefense/status/1753065080810545301", "https://twitter.com/noladefense/status/1753110378832072972", "https://twitter.com/noladefense/status/1753175257752477760", "https://twitter.com/noladefense/status/1753095411126980808", "https://twitter.com/noladefense/status/1752946056524898501", "https://twitter.com/noladefense/status/1752989738015891656", "https://twitter.com/noladefense/status/1753186158249439460", "https://twitter.com/noladefense/status/1752879411022471507", "https://twitter.com/noladefense/status/1753034905930379295", "https://twitter.com/noladefense/status/1752944371660439735", "https://twitter.com/noladefense/status/1753065109562478811", "https://twitter.com/noladefense/status/1752869345540141516", "https://twitter.com/noladefense/status/1753171001259495528", "https://twitter.com/noladefense/status/1753095365371338888", "https://twitter.com/noladefense/status/1752853956319908318", "https://twitter.com/noladefense/status/1753049996650295797", "https://twitter.com/noladefense/status/1753095321012318509", "https://twitter.com/noladefense/status/1753171011128721599", "https://twitter.com/noladefense/status/1752887810808238357", "https://twitter.com/noladefense/status/1753053449229312037", "https://twitter.com/noladefense/status/1752853927702270199", "https://twitter.com/noladefense/status/1752895508153008232", "https://twitter.com/noladefense/status/1752989682990752183", "https://twitter.com/noladefense/status/1752944287413596531", "https://twitter.com/noladefense/status/1752864801724715327", "https://twitter.com/noladefense/status/1752853903744418227", "https://twitter.com/noladefense/status/1752989657459994630", "https://twitter.com/noladefense/status/1753095400829985152", "https://twitter.com/noladefense/status/1752853866230452502", "https://twitter.com/noladefense/status/1753019861427494947" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Beach research", "Webtoolbar", "Maltiverse" ], "industries": [ "Health", "Medical", "Medicine", "Nutritional", "Technology" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "63fcbb1398645e14b5ce6cf3", "name": "Steam Phishing Collection", "description": "This page stores Pocket Card phishing page IOCs. Legitimate website for the brand is https://steamcommunity.com\nNOLA defense is tracking newly observed phishing websites. Follow us on twitter https://twitter.com/noladefense", "modified": "2026-06-02T01:38:08.470000", "created": "2023-02-27T14:15:47.622000", "tags": [ "domain", "url", "phishing", "scam", "steam" ], "references": [ "https://www.virustotal.com/gui/collection/348d12ddbef91e34c6260626b43cdb47bfb53dc322e1884b5794e7e5261d63f0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Technology" ], "TLP": "green", "cloned_from": null, "export_count": 504, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "noladefense", "id": "222814", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_222814/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4, "domain": 14, "hostname": 15 }, "indicator_count": 33, "is_author": false, "is_subscribing": null, "subscriber_count": 453, "modified_text": "22 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "65bc3431d38adeaeb0ba0226", "name": "Twitter Feed - noladefense - 01-02-2024", "description": "", "modified": "2024-03-03T00:04:03.559000", "created": "2024-02-02T00:15:44.559000", "tags": [ "phishing" ], "references": [ "https://twitter.com/noladefense/status/1752845015162724681", "https://twitter.com/noladefense/status/1752846344975163870", "https://twitter.com/noladefense/status/1752846417847038190", "https://twitter.com/noladefense/status/1752853866230452502", "https://twitter.com/noladefense/status/1752853870793900076", "https://twitter.com/noladefense/status/1752853881195806915", "https://twitter.com/noladefense/status/1752853891933200626", "https://twitter.com/noladefense/status/1752853903744418227", "https://twitter.com/noladefense/status/1752853902288908596", "https://twitter.com/noladefense/status/1752853919020032178", "https://twitter.com/noladefense/status/1752853925470888026", "https://twitter.com/noladefense/status/1752853929581236241", "https://twitter.com/noladefense/status/1752853927702270199", "https://twitter.com/noladefense/status/1752853930692714808", "https://twitter.com/noladefense/status/1752853943036625268", "https://twitter.com/noladefense/status/1752853954147266904", "https://twitter.com/noladefense/status/1752853956319908318", "https://twitter.com/noladefense/status/1752853979564855320", "https://twitter.com/noladefense/status/1752853987022250269", "https://twitter.com/noladefense/status/1752863232807596058", "https://twitter.com/noladefense/status/1752863283487326662", "https://twitter.com/noladefense/status/1752864607801139447", "https://twitter.com/noladefense/status/1752864660825465186", "https://twitter.com/noladefense/status/1752864715607359497", "https://twitter.com/noladefense/status/1752864801724715327", "https://twitter.com/noladefense/status/1752864897002516676", "https://twitter.com/noladefense/status/1752868969050951972", "https://twitter.com/noladefense/status/1752868980560105727", "https://twitter.com/noladefense/status/1752869263596028050", "https://twitter.com/noladefense/status/1752869345540141516", "https://twitter.com/noladefense/status/1752873517513646332", "https://twitter.com/noladefense/status/1752873565974671715", "https://twitter.com/noladefense/status/1752873616557977884", "https://twitter.com/noladefense/status/1752874974451310651", "https://twitter.com/noladefense/status/1752875109407240628", "https://twitter.com/noladefense/status/1752879411022471507", "https://twitter.com/noladefense/status/1752879469075824838", "https://twitter.com/noladefense/status/1752879527351529623", "https://twitter.com/noladefense/status/1752884028191940620", "https://twitter.com/noladefense/status/1752884033980125676", "https://twitter.com/noladefense/status/1752884056251842849", "https://twitter.com/noladefense/status/1752886423152201912", "https://twitter.com/noladefense/status/1752887810808238357", "https://twitter.com/noladefense/status/1752887883441090916", "https://twitter.com/noladefense/status/1752887976533676317", "https://twitter.com/noladefense/status/1752889369952727340", "https://twitter.com/noladefense/status/1752895508153008232", "https://twitter.com/noladefense/status/1752898970005770648", "https://twitter.com/noladefense/status/1752899128252629252", "https://twitter.com/noladefense/status/1752899138998468888", "https://twitter.com/noladefense/status/1752914092342296978", "https://twitter.com/noladefense/status/1752929220001456227", "https://twitter.com/noladefense/status/1752929235017121905", "https://twitter.com/noladefense/status/1752944287413596531", "https://twitter.com/noladefense/status/1752944327523705121", "https://twitter.com/noladefense/status/1752944345857089946", "https://twitter.com/noladefense/status/1752944368883749056", "https://twitter.com/noladefense/status/1752944371660439735", "https://twitter.com/noladefense/status/1752944376462840104", "https://twitter.com/noladefense/status/1752944398483013757", "https://twitter.com/noladefense/status/1752944411409866890", "https://twitter.com/noladefense/status/1752944428480606312", "https://twitter.com/noladefense/status/1752944442519011447", "https://twitter.com/noladefense/status/1752946056524898501", "https://twitter.com/noladefense/status/1752974476629725394", "https://twitter.com/noladefense/status/1752974489174888907", "https://twitter.com/noladefense/status/1752974507789164609", "https://twitter.com/noladefense/status/1752974525287768120", "https://twitter.com/noladefense/status/1752974532694909208", "https://twitter.com/noladefense/status/1752989657459994630", "https://twitter.com/noladefense/status/1752989670869180610", "https://twitter.com/noladefense/status/1752989682990752183", "https://twitter.com/noladefense/status/1752989707892371501", "https://twitter.com/noladefense/status/1752989713797923222", "https://twitter.com/noladefense/status/1752989738015891656", "https://twitter.com/noladefense/status/1753004756350464461", "https://twitter.com/noladefense/status/1753007529548812683", "https://twitter.com/noladefense/status/1753019861427494947", "https://twitter.com/noladefense/status/1753034905930379295", "https://twitter.com/noladefense/status/1753034919763218594", "https://twitter.com/noladefense/status/1753034935374418022", "https://twitter.com/noladefense/status/1753046828453351854", "https://twitter.com/noladefense/status/1753049996650295797", "https://twitter.com/noladefense/status/1753050011003130057", "https://twitter.com/noladefense/status/1753050046386368788", "https://twitter.com/noladefense/status/1753053449229312037", "https://twitter.com/noladefense/status/1753065080810545301", "https://twitter.com/noladefense/status/1753065098242068652", "https://twitter.com/noladefense/status/1753065109562478811", "https://twitter.com/noladefense/status/1753065127862276471", "https://twitter.com/noladefense/status/1753065143104360509", "https://twitter.com/noladefense/status/1753065171738927333", "https://twitter.com/noladefense/status/1753095287504011359", "https://twitter.com/noladefense/status/1753095304801407143", "https://twitter.com/noladefense/status/1753095321012318509", "https://twitter.com/noladefense/status/1753095335344246860", "https://twitter.com/noladefense/status/1753095365371338888", "https://twitter.com/noladefense/status/1753095378121961728", "https://twitter.com/noladefense/status/1753095400829985152", "https://twitter.com/noladefense/status/1753095411126980808", "https://twitter.com/noladefense/status/1753095424359940588", "https://twitter.com/noladefense/status/1753095432975135148", "https://twitter.com/noladefense/status/1753095435768524916", "https://twitter.com/noladefense/status/1753095460082909389", "https://twitter.com/noladefense/status/1753110353310036214", "https://twitter.com/noladefense/status/1753110378832072972", "https://twitter.com/noladefense/status/1753110405512380693", "https://twitter.com/noladefense/status/1753110420863467619", "https://twitter.com/noladefense/status/1753110444309381131", "https://twitter.com/noladefense/status/1753115054940332116", "https://twitter.com/noladefense/status/1753125497926512968", "https://twitter.com/noladefense/status/1753125506076053620", "https://twitter.com/noladefense/status/1753125522702262719", "https://twitter.com/noladefense/status/1753125545955463385", "https://twitter.com/noladefense/status/1753140573609841020", "https://twitter.com/noladefense/status/1753140596871430271", "https://twitter.com/noladefense/status/1753170939649425554", "https://twitter.com/noladefense/status/1753170946976887034", "https://twitter.com/noladefense/status/1753170955382235344", "https://twitter.com/noladefense/status/1753170962004992449", "https://twitter.com/noladefense/status/1753170973845504014", "https://twitter.com/noladefense/status/1753170978790691081", "https://twitter.com/noladefense/status/1753170988588548455", "https://twitter.com/noladefense/status/1753170986722025708", "https://twitter.com/noladefense/status/1753171001259495528", "https://twitter.com/noladefense/status/1753171000940724537", "https://twitter.com/noladefense/status/1753171003818070144", "https://twitter.com/noladefense/status/1753171011128721599", "https://twitter.com/noladefense/status/1753171026253324467", "https://twitter.com/noladefense/status/1753171031122993363", "https://twitter.com/noladefense/status/1753171057970642997", "https://twitter.com/noladefense/status/1753175257752477760", "https://twitter.com/noladefense/status/1753176906894037170", "https://twitter.com/noladefense/status/1753186136967536785", "https://twitter.com/noladefense/status/1753186144584348104", "https://twitter.com/noladefense/status/1753186160661221885", "https://twitter.com/noladefense/status/1753186158249439460", "https://twitter.com/noladefense/status/1753186173575483485", "https://twitter.com/noladefense/status/1753186173353083174", "https://twitter.com/noladefense/status/1753186180709933335", "https://twitter.com/noladefense/status/1753186188209365359", "https://twitter.com/noladefense/status/1753186197361311769" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 32, "URL": 126, "FileHash-SHA256": 135, "domain": 92, "FileHash-MD5": 2 }, "indicator_count": 387, "is_author": false, "is_subscribing": null, "subscriber_count": 1626, "modified_text": "822 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65574cb4447c8d87ad85fa75", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:24.343000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65574cbe6bdbe24ecb170b24", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:34.083000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 102, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65580c1516990d69644fb3d0", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:57.372000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 100, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65580c17e69371b34a573f72", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:59.619000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "gift-catch.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "gift-catch.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780445250.2500114 }