{ "type": "Domain", "indicator": "hellomydearqq.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/hellomydearqq.com", "alexa": "http://www.alexa.com/siteinfo/hellomydearqq.com", "indicator": "hellomydearqq.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 276329, "indicator": "hellomydearqq.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 37, "pulses": [ { "id": "56f052b4aef9214b1550ba7c", "name": "Teslacrypt Spam Campaign: \u201cUnpaid Issue\u2026\u201d", "description": "Cyber criminals continue to use exploit kits to infect victims with ransomware but they also use MALSPAM emails to lure possible victims \u2013 a key vector into an enterprise environment that lacks the proper security controls, and one with insufficient information security training for end users. Some examples are email messages claiming to be in regards to an overdue bill or invoice, utilizing such terminology in the subject line and given file name, such as invoice.zip or payment_doc_298427.zip", "modified": "2016-03-21T19:59:48.214000", "created": "2016-03-21T19:59:48.214000", "tags": [ "Teslacrypt", "spam", "ransomware", "malwarebytes" ], "references": [ "https://blog.malwarebytes.org/intelligence/2016/03/teslacrypt-spam-campaign-unpaid-issue/" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 45, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 29, "hostname": 1 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 386584, "modified_text": "3723 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f4eba31a8adb1aa8e6654d", "name": "2016: Malware Analysis Report", "description": "", "modified": "2026-05-31T17:02:36.343000", "created": "2026-05-01T18:06:27.269000", "tags": [], "references": [ "2016-01-12 - The Magnificent FIN7- Revealing a Cybercriminal Threat Group.pdf", "2016-01-01 - Die erste Ransomware in JavaScript- Ransom32.pdf", "2016-01-12 - Trochilus RAT Evades Antivirus Detection, Used for Cyber-Espionage in South-East Asia.pdf", "2016-01-13 - Russian group behind 2013 Foreign Ministry hack.pdf", "2016-01-09 - Confirmation of a Coordinated Attack on the Ukrainian Power Grid.pdf", "2016-01-18 - Updated Blackmoon banking Trojan stays focused on South Korean banking customers.pdf", "2016-01-22 - PlugX APT Malware.pdf", "2016-01-21 - Android Spywaller- Firewall-Style Antivirus Blocking.pdf", "2016-01-22 - New Attacks Linked to C0d0so0 Group.pdf", "2016-01-22 - The Impact of Dragonfly Malware on Industrial Control Systems.pdf", "2016-01-24 - Scarlet Mimic- Years-Long Espionage Campaign Targets Minority Activists.pdf", "2016-01-25 - Hidden Tear Ransomware Developer Blackmailed by Malware Developers using his Code.pdf", "2016-01-23 - Imminent Monitor 4 RAT Analysis \u2013 A Glance.pdf", "2016-01-28 - BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents.pdf", "2016-01-28 - CenterPOS- An Evolving POS Threat.pdf", "2016-01-29 - From Linux to Windows \u2013 New Family of Cross-Platform Desktop Backdoors Discovered.pdf", "2016-01-29 - Malicious Office Files Dropping Kasidet And Dridex.pdf", "2016-02-03 - Emissary Trojan Changelog- Did Operation Lotus Blossom Cause It to Evolve-.pdf", "2016-01-22 - Sykipot APT Malware.pdf", "2016-02-05 - Vawtrak and UrlZone Banking Trojans Target Japan.pdf", "2016-02-08 - APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks.pdf", "2016-01-29 - VB2015 paper- It's A File Infector... It\u2019s Ransomware... It's Virlock.pdf", "2016-02-02 - Vipasana ransomware new ransom on the block.pdf", "2016-02-09 - DMA Locker Strikes Back.pdf", "2016-02-09 - Chinese Cyberspies Pivot To Russia In Wake Of Obama-Xi Pact.pdf", "2016-02-02 - DMA Locker- New Ransomware, But No Reason To Panic.pdf", "2016-02-12 - A Look Into Fysbis- Sofacy\u2019s Linux Backdoor.pdf", "2016-02-17 - Russian Police Prevented Massive Banking Sector Cyber Attack.pdf", "2016-02-09 - Bedep Lurking in Angler's Shadows.pdf", "2016-02-12 - Security Alert- Mazar BOT \u2013 the Android Malware That Can Erase Your Phone.pdf", "2016-02-09 - Poseidon Group- a Targeted Attack Boutique specializing in global cyber-espionage.pdf", "2016-02-17 - OceanLotus for OS X \u2013 an Application Bundle Pretending to be an Adobe Flash Update.pdf", "2016-02-21 - Source code for powerful Android banking malware is leaked.pdf", "2016-02-22 - Russian bank employees received fake job offers in targeted email attack.pdf", "2016-02-24 - Operation Blockbuster Coalition Ties Destructive Attacks to Lazarus Group.pdf", "2016-02-19 - Citadel 0.0.1.1 (Atmos).pdf", "2016-02-26 - Nymaim Moves Past Its Ransomware Roots - What Is Old Is New Again.pdf", "2016-02-24 - The DGA of Qakbot.T.pdf", "2016-03-01 - Look Into Locky Ransomware.pdf", "2016-03-01 - Taiwan Presidential Election- A Case Study on Thematic Targeting.pdf", "2016-02-29 - New Malware \u2018Rover\u2019 Targets Indian Ambassador to Afghanistan.pdf", "2016-02-29 - The \u201cHawkEye\u201d attack- how cybercrooks target small businesses for big money.pdf", "2016-02-25 - KeyBase Threat Grows Despite Public Takedown- A Picture is Worth a Thousand Words.pdf", "2016-03-07 - RedHat Hacker.asp.pdf", "2016-03-01 - Shrouded Crossbow Creators Behind BIFROSE for UNIX.pdf", "2016-02-18 - New Android Trojan \u201cXbot\u201d Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom.pdf", "2016-03-03 - Attack on Zygote- a new twist in the evolution of mobile threats.pdf", "2016-03-11 - Cerber ransomware- new, but mature.pdf", "2016-03-04 - Tracing the Lineage of DarkSeoul.pdf", "2016-03-10 - Death Comes Calling- Thanatos-Alphabot Trojan Hits the Market.pdf", "2016-03-15 - Suckfly- Revealing the secret life of your code signing certificates.pdf", "2016-03-06 - Network detector for Winnti malware.pdf", "2016-03-11 - Gaudox - HTTP Bot (1.1.0.1) - C++-ASM - Ring3 Rootkit - Watchdog - Antis.pdf", "2016-03-11 - PowerSniff Malware Used in Macro-based Attacks.pdf", "2016-03-18 - Xor DDoS.pdf", "2016-03-09 - Korean Energy and Transportation Targets Attacked by OnionDog APT.pdf", "2016-03-14 - Massive Malvertising Campaign in US Leads to Angler Exploit Kit-BEDEP.pdf", "2016-03-14 - Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government.pdf", "2016-03-18 - Teslacrypt Spam Campaign- \u201cUnpaid Issue\u2026\u201d.pdf", "2016-02-14 - PadCrypt The first ransomware with Live Support Chat and an Uninstaller.pdf", "2016-03-23 - SamSam- The Doctor Will See You, After He Pays The Ransom.pdf", "2016-03-20 - Hidden Tear Project- Forbidden Fruit Is the Sweetest.pdf", "2016-03-23 - Gozi ISFB Sourceccode.pdf", "2016-03-21 - OS X Malware Samples Analyzed.pdf", "2016-03-31 - Stored XSS Vulnerabilites on Foscam.pdf", "2016-03-25 - ProjectM- Link Found Between Pakistani Actor and Operation Transparent Tribe.pdf", "2016-03-24 - Maktub Locker \u2013 Beautiful And Dangerous.pdf", "2016-04-06 - Locky Ransomware Is Becoming More Sophisticated - Cybercriminals Continue Email Campaign Innovation.pdf", "2016-04-07 - FBI Quietly Admits to Multi-Year APT Attack, Sensitive Data Stolen.pdf", "2016-03-30 - Ransomware Deployed by Adversary with Established Foothold.pdf", "2016-03-29 - Taiwan targeted with new cyberespionage back doorTrojan.pdf", "2016-04-14 - Targeted Ransomware Activity.pdf", "2016-04-14 - Meet GozNym- The Banking Malware Offspring of Gozi ISFB and Nymaim.pdf", "2016-04-06 - Bootkit's development overview and trend (X).pdf", "2016-03-23 - New self?protecting USB trojan able to avoid detection.pdf", "2016-04-14 - Bedep has raised its game vs Bot Zombies.pdf", "2016-04-05 - SCADA Security Report 2016.pdf", "2016-04-01 - Petya \u2013 Taking Ransomware To The Low Level.pdf", "2016-04-11 - Manamecrypt \u2013 a ransomware that takes a different route.pdf", "2016-04-08 - CryptoHost Decrypted Locks files in a password protected RAR File.pdf", "2016-04-19 - MULTIGRAIN \u2013 Point of Sale Attackers Make an Unhealthy Addition to the Pantry.pdf", "2016-03-31 - The evolution of Brazilian Malware.pdf", "2016-04-16 - Ever Present Persistence - Established Footholds Seen in the Wild.pdf", "2016-04-21 - PoS Attacks Net Crooks 20 Million Stolen Bank Cards.pdf", "2016-04-26 - Digging deep for PLATINUM.pdf", "2016-04-21 - When entropy meets Shannon.pdf", "2016-04-22 - New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists.pdf", "2016-03-11 - Gaudox - HTTP Bot (1.1.0.1) - CPlusPlus ASM - Ring3 Rootkit - Watchdog - Antis.pdf", "2016-04-19 - Trojan.GodzillaLoader (alias Godzilla Loader).pdf", "2016-04-22 - Tater- A PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit..pdf", "2016-04-28 - Tick cyberespionage group zeros in on Japan.pdf", "2016-04-19 - Your Package Has Been Successfully Encrypted- TeslaCrypt 4.1A and the Malware Attack Chain.pdf", "2016-05-02 - Prince of Persia- Infy Malware Active In Decade of Targeted Attacks.pdf", "2016-04-27 - Freezer Paper around Free Meat.pdf", "2016-05-03 - The Continuing Evolution of Samas Ransomware.pdf", "2016-04-28 - Research Spotlight- The Resurgence of Qbot.pdf", "2016-05-05 - Sophisticated New Packer Identified in CryptXXX Ransomware Sample.pdf", "2016-05-11 - Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks.pdf", "2016-04-25 - Attackers Behind GozNym Trojan Set Sights on Europe.pdf", "2016-05-03 - A Universal Windows Bootkit.pdf", "2016-05-09 - KRBanker Targets South Korea Through Adware and Exploit Kits.pdf", "2016-05-12 - LatentBot \u2013 modularny i silnie zaciemniony bot.pdf", "2016-05-09 - PSEUDO-DARKLEECH ANGLER EK FROM 185.118.66.154 SENDS BEDEP-CRYPTXXX.pdf", "2016-05-04 - Petya- the two-in-one trojan.pdf", "2016-05-02 - Prince of Persia Hashes.pdf", "2016-05-13 - Cyber Heist Attribution.pdf", "2016-05-06 - 7ev3n ransomware turning \u2018HONE$T\u2019.pdf", "2016-05-10 - Setting Sights On Retail- AbaddonPOS Now Targeting Specific POS Software.pdf", "2016-05-12 - Chinese-language Ransomware \u2018SHUJIN\u2019 Makes An Appearance.pdf", "2016-05-16 - Vietnamese Bank Blocks $1 Million SWIFT Heist.pdf", "2016-05-12 - Hancitor and Ruckguv Reappear, Updated and With Vawtrak On Deck.pdf", "2016-05-15 - What We Can Learn From the Bangladesh Central Bank Cyber Heist.pdf", "2016-05-18 - Operation Groundbait- Espionage in Ukrainian war zones.pdf", "2016-05-09 - PseudoDarkLeech Angler EK from 185.118.66.154 sends Bedep-CryptXXX.pdf", "2016-05-17 - Indian organizations targeted in Suckfly attacks.pdf", "2016-05-23 - Technical Report about the Malware used in the Cyberespionage against RUAG.pdf", "2016-05-17 - ATM infector.pdf", "2016-06 - Form Grabber 2016 [Crome,FF,Opera,Thunderbird, Outlook IE Safari] Hack the world.pdf", "2016-05-27 - Evidence of Stronger Ties Between North Korea and SWIFT Banking Attacks.pdf", "2016-05-24 - New Wekby Attacks Use DNS Requests As Command and Control Mechanism.pdf", "2016-06-02 - FastPOS- Quick and Easy Credit Card Theft.pdf", "2016-04-27 - Freezer Paper around Free Meat (Repackaging Open Source BeEF for Tracking and More).pdf", "2016-05-19 - Petya and Mischa \u2013 Ransomware Duet (Part 1).pdf", "2016-05-19 - Petya and Mischa for All! The RaaS Boom Expands to Include the Petya-Mischa Combo.pdf", "2016-05-26 - The OilRig Campaign- Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor.pdf", "2016-05-26 - SWIFT attackers\u2019 malware linked to more financial attacks.pdf", "2016-05-20 - Special Report- Cyber thieves exploit banks' faith in SWIFT transfer network.pdf", "2016-06-03 - Cooking Up Autumn (Herbst) Ransomware.pdf", "2016-06-15 - Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging.pdf", "2016-06-08 - Spear Phishing Attacks- Why They are Successful and How to Stop Them.pdf", "2016-06-14 - New Sofacy Attacks Against US Government Agency.pdf", "2016-05-22 - Cron has fallen.pdf", "2016-06-23 - Tracking Elirks Variants in Japan- Similarities to Previous Attacks.pdf", "2016-06-09 - Reverse-engineering DUBNIUM.pdf", "2016-06-07 - The Story of yet another ransom-fail-ware.pdf", "2016-06-22 - After Angler- Shift in Exploit Kit Landscape and New Crypto-Ransomware Activity.pdf", "2016-06-25 - SectorC08- Multi-Layered SFX in Recent Campaigns Target Ukraine.pdf", "2016-06-11 - The Chinese Hackers in the Back Office.pdf", "2016-06-15 - Bears in the Midst- Intrusion into the Democratic National Committee.pdf", "2016-06-17 - ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks.pdf", "2016-05-22 - Operation Ke3chang Resurfaces With New TidePool Malware.pdf", "2016-06-29 - Apocalypse- Ransomware which targets companies through insecure RDP.pdf", "2016-06-06 - Everyone sees not what they want to see.pdf", "2016-06-28 - Prince of Persia \u2013 Game Over.pdf", "2016-06-17 - Operation Daybreak.pdf", "2016-06-23 - POS and Credit Cards- In the Line of Fire with \u201cPunkeyPOS\u201d.pdf", "2016-06-17 - In The Wild- Mobile Malware Implements New Features.pdf", "2016-06-10 - Petya and Mischa- ransomware duet (part 2).pdf", "2016-06-14 - CVE-2016-4171 \u2013 Adobe Flash Zero-day used in targeted attacks.pdf", "2016-06-24 - Ani-Shell.pdf", "2016-06-25 - Rokku Ransomware shows possible link with Chimera.pdf", "2016-07-01 - KeyBase - A New Keylogger on the Block.pdf", "2016-06-15 - Mofang- A politically motivated information stealing adversary.pdf", "2016-07-01 - How I Cracked a Keylogger and Ended Up in Someone's Inbox.pdf", "2016-06-21 - The Curious Case of an Unknown Trojan Targeting German-Speaking Users.pdf", "2016-07-14 - Technical Notes on Sakula.pdf", "2016-07-08 - Investigating the LuminosityLink Remote Access Trojan Configuration.pdf", "2016-07-13 - Troldesh ransomware influenced by (the) Da Vinci code.pdf", "2016-05-23 - DMA Locker 4.0- Known ransomware preparing for a massive distribution.pdf", "2016-07-11 - When Paying Out Doesn't Pay Off.pdf", "2016-07-20 - CrypMIC Ransomware Wants to Follow CryptXXX\u2019s Footsteps.pdf", "2016-07-22 - Stampado Ransomware campaign decrypted before it Started.pdf", "2016-07-21 - Canadian Man Behind Popular \u2018Orcus RAT\u2019.pdf", "2016-07-21 - Phishing Attacks Employ Old but Effective Password Stealer.pdf", "2016-07-07 - New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware..pdf", "2016-07-25 - Patchwork cyberespionage group expands targets from governments to wide range of industries.pdf", "2016-07-26 - OTX Pulse on R980 ransomware.pdf", "2016-07-12 - Me and Mr. Robot- Tracking the Actor Behind the MAN1 Crypter.pdf", "2016-07-26 - Threat Actors Using Legitimate PayPal Accounts To Distribute Chthonic Banking Trojan.pdf", "2016-07-26 - Attack Delivers \u20189002\u2019 Trojan Through Google Drive.pdf", "2016-07-31 - China 1937CN Team Hackers Attack Airports in Vietnam.pdf", "2016-07-07 - NetTraveler APT Targets Russian, European Interests.pdf", "2016-07-18 - Third time (un)lucky \u2013 improved Petya is out.pdf", "2016-07-28 - Petya and Mischa For All Part II- They\u2019re Here\u2026.pdf", "2016-08-01 - CrowdStrike\u2019s New Methodology for Tracking eCrime.pdf", "2016-08 - Analysis of a packed Pony downloader.pdf", "2016-08-02 - Orcus \u2013 Birth of an unusual plugin builder RAT.pdf", "2016-07-08 - The Dropping Elephant \u2013 aggressive cyber-espionage in the Asian region.pdf", "2016-08-08 - Possibly Italy-Born Android RAT Reported in China, Find Bitdefender Researchers.pdf", "2016-08-08 - Doctor Web detected Linux Trojan written in Go.pdf", "2016-08-04 - What is Multigrain- Learn what makes this PoS malware different.pdf", "2016-08-08 - MONSOON - Analysis Of An APT Campaign.pdf", "2016-08-04 - Iranian Actor -Group5- Targeting Syrian Opposition.pdf", "2016-08-08 - Strider- Cyberespionage group turns eye of Sauron on targets.pdf", "2016-08-10 - CryptXXX - CrypMIC \u2013 intensywnie dystrybuowany ransomware w ramach exploit-kit\u00f3w.pdf", "2016-08-05 - Smoke Loader \u2013 downloader with a smokescreen still alive.pdf", "2016-08-08 - ProjectSauron- top level cyber-espionage platform covertly extracts encrypted government comms.pdf", "2016-08-18 - The Shadow Brokers.pdf", "2016-08-16 - Aveo Malware Family Targets Japanese Speaking Users.pdf", "2016-08-16 - Brazil Can\u2019t Catch a Break- After Panda Comes the Sphinx.pdf", "2016-08-22 - BLATSTING FUNKSPIEL.pdf", "2016-07-06 - New OSX-Keydnap malware is hungry for credentials.pdf", "2016-08-23 - GozNym Banking Trojan Targeting German Banks.pdf", "2016-08-22 - Trojan.Mutabaha.1.pdf", "2016-08-25 - Shakti Trojan - Technical Analysis.pdf", "2016-08-19 - New Hancitor Malware- Pimp my Downloaded.pdf", "2016-08-28 - FEINTCLOUD.pdf", "2016-08-23 - Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say.pdf", "2016-08-15 - Shakti Trojan- Document Thief.pdf", "2016-08-17 - Operation Ghoul- targeted attacks on industrial and engineering organizations.pdf", "2016-08-29 - Fantom ransomware impersonates Windows update.pdf", "2016-08-25 - Unpacking the spyware disguised as antivirus.pdf", "2016-08-29 - German Speakers Targeted by SPAM Leading to Ozone RAT.pdf", "2016-07-03 - Android Triada modular trojan.pdf", "2016-08-04 - Iran Threats Webpage.pdf", "2016-08-10 - Android Marcher- Continuously Evolving Mobile Malware.pdf", "2016-08-30 - OSX-Keydnap spreads via signed Transmission application.pdf", "2016-09-01 - TADAQUEOUS moments.pdf", "2016-08-30 - Pythons and Unicorns and Hancitor\u2026Oh My! Decoding Binaries Through Emulation.pdf", "2016-07-12 - Malware Discovered \u2013 SFG- Furtim Malware Analysis.pdf", "2016-09-02 - Necurs \u2013 hybrid spam botnet.pdf", "2016-08-29 - Nightmare on Tor Street- Ursnif variant Dreambot adds Tor functionality.pdf", "2016-07-30 - Luminosity RAT - Re-purposed.pdf", "2016-08-07 - Strider- Cyberespionage group turns eye of Sauron on targets.pdf", "2016-09-04 - BLATSTING Command-and-Control protocol.pdf", "2016-09-11 - BUZZDIRECTION- BLATSTING reloaded.pdf", "2016-08-11 - Smrss32 (.encrypted) Ransomware Help & Support - _HOW_TO_Decrypt.bmp.pdf", "2016-07-05 - New Backdoor Allows Full Access to Mac Systems, Bitdefender Warns.pdf", "2016-09-08 - Doctor Web discovers Linux Trojan written in Rust.pdf", "2016-09-06 - Buckeye cyberespionage group shifts gaze from US to Hong Kong.pdf", "2016-08-22 - VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick.pdf", "2016-09-08 - The Philadelphia Ransomware offers a Mercy Button for Compassionate Criminals.pdf", "2016-07-08 - GootKit- Bobbing and Weaving to Avoid Prying Eyes.pdf", "2016-09-20 - Hackers lurking, parliamentarians told _ News _ DW _ 20.09.2016.pdf", "2016-09-13 - H1N1- Technical analysis reveals new capabilities.pdf", "2016-09-17 - A few notes on SECONDDATE's C&C protocol.pdf", "2016-09-13 - The curious case of BLATSTING's RSA implementation.pdf", "2016-09-11 - Free Darktrack RAT Has the Potential of Being the Best RAT on the Market Search.pdf", "2016-09-06 - Blatsting C&C Transcript.pdf", "2016-09-16 - Tofsee \u2013 modular spambot.pdf", "2016-09-07 - The Missing Piece \u2013 Sophisticated OS X Backdoor Discovered.pdf", "2016-09-20 - Inside Petya and Mischa ransomware.pdf", "2016-09-22 - Book of Eli- African targeted attacks.pdf", "2016-09-23 - Dissecting a Hacktivist\u2019s DDoS Tool- Saphyra Revealed.pdf", "2016-09-23 - SECONDDATE in action.pdf", "2016-09-27 - New Voldemort-Nagini Ransomware Virus Infection.pdf", "2016-09-09 - GOVRAT V2.0 - Attacking US military and government.pdf", "2016-09-15 - MILE TEA- Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies.pdf", "2016-09-19 - Untangling the Ripper ATM Malware.pdf", "2016-09-22 - Zeus Delivered by DELoader to Defraud Customers of Canadian Banks.pdf", "2016-09-20 - Hackers lurking, parliamentarians told.pdf", "2016-09-26 - Sofacy\u2019s \u2018Komplex\u2019 OS X Trojan.pdf", "2016-09-21 - Reversing GO binaries like a pro.pdf", "2016-09-16 - iSpy Keylogger.pdf", "2016-09-13 - DualToy- New Windows Trojan Sideloads Risky Apps to Android and iOS Devices.pdf", "2016-09-14 - BkSoD by Ransomware- HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs.pdf", "2016-09-21 - KrebsOnSecurity Hit With Record DDoS.pdf", "2016-09-20 - Meanwhile in Britain, Qadars v3 Hardens Evasion, Targets 18 UK Banks.pdf", "2016-09-05 - Pok\u00e9mon-themed Umbreon Linux Rootkit Hits x86, ARM Systems.pdf", "2016-09-23 - Hancitor (AKA Chanitor) observed using multiple attack approaches.pdf", "2016-09-27 - Komplex Mac backdoor answers old questions.pdf", "2016-09-28 - Highly Evasive Code Injection Awaits User Interaction Before Delivering Malware.pdf", "2016-09-28 - Belling the BEAR.pdf", "2016-09-28 - Introducing Her Royal Highness the Princess Locker Ransomware.pdf", "2016-09-27 - Threat Spotlight- GozNym.pdf", "2016-09-29 - TeamXRat- Brazilian cybercrime meets ransomware.pdf", "2016-09-30 - Hacked Steam accounts spreading Remote Access Trojan.pdf", "2016-10-03 - Remsec driver analysis.pdf", "2016-10-01 - \u2018Shadow Brokers\u2019 Whine That Nobody Is Buying Their Hacked NSA Files.pdf", "2016-10-17 - RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT.pdf", "2016-10-01 - Source Code for IoT Botnet \u2018Mirai\u2019 Released.pdf", "2016-09-28 - Confucius Says\u2026Malware Families Get Further By Abusing Legitimate Websites.pdf", "2016-10-10 - Remsec driver analysis - Part 2.pdf", "2016-10-10 - How France's TV5 was almost destroyed by 'Russian hackers'.pdf", "2016-10-05 - FastPOS Updates in Time for the Retail Sale Season.pdf", "2016-09-29 - Want Tofsee My Pictures- A Botnet Gets Aggressive.pdf", "2016-10-11 - Remsec driver analysis - Part 3.pdf", "2016-10-17 - New-looking Sundown EK drops Smoke Loader, Kronos banker.pdf", "2016-10-09 - SiteIntel- Cyber Caliphate Army.pdf", "2016-10-17 - \u2018DealersChoice\u2019 is Sofacy\u2019s Flash Player Exploit Platform.pdf", "2016-10-27 - Inside the Gootkit C&C server.pdf", "2016-10-04 - OilRig Malware Campaign Updates Toolset and Expands Targets.pdf", "2016-10-03 - Polyglot \u2013 the fake CTB-locker.pdf", "2016-10-20 - TheMoon - A P2P botnet targeting Home Routers.pdf", "2016-10-18 - Digitally Signed Malware Targeting Gaming Companies.pdf", "2016-10-17 - A Tale of Two Targets.pdf", "2016-10-24 - Introducing TrickBot, Dyreza\u2019s successor.pdf", "2016-11-02 - Exposing the EGO MARKET- the cybercrime performed by the Linux-Moose botnet.pdf", "2016-10-24 - Evasive Malware Detects and Defeats Virtual Machine Analysis.pdf", "2016-10-27 - In-Dev Ransomware forces you do to Survey before unlocking Computer.pdf", "2016-11-09 - Tricks of the Trade- A Deeper Look Into TrickBot\u2019s Machinations.pdf", "2016-10-28 - zxshell repository.pdf", "2016-10-31 - Second Shadow Brokers dump released.pdf", "2016-11-09 - Down the H-W0rm Hole with Houdini\u2019s RAT.pdf", "2016-10-26 - Moonlight \u2013 Targeted attacks in the Middle East.pdf", "2016-10-15 - TrickBot- We Missed you, Dyre.pdf", "2016-11-14 - Doctor Web discovers a botnet that attacks Russian banks.pdf", "2016-11-10 - Floki Bot and the stealthy dropper.pdf", "2016-11-08 - Analysis of iOSGuiInject Adware Library.pdf", "2016-11-02 - Linux-Moose- Still breathing.pdf", "2016-10-25 - TrickBot Banker Insights.pdf", "2016-11-01 - Ursnif Malware- Deep Technical Dive.pdf", "2016-10-11 - Odinaff- New Trojan used in high level financial attacks.pdf", "2016-11-14 - Ransoc Desktop Locking Ransomware Ransacks Local Files and Social Media Profiles.pdf", "2016-10-27 - Mirai DDoS Botnet- Source Code & Binary Analysis.pdf", "2016-11-15 - CryptoLuck Ransomware being Malvertised via RIG-E Exploit Kits.pdf", "2016-11-02 - Nymaim Malware- Deep Technical Dive \u2013 Adventures in Evasive Malware.pdf", "2016-11-15 - ScanPOS, new POS malware being distributed by Kronos.pdf", "2016-11-07 - Little Trickbot Growing Up- New Campaign.pdf", "2016-11-08 - Analysis of IOS.GUIINJECT Adware Library.pdf", "2016-11-08 - SPAMTORTE VERSION 2- DISCOVERY OF AN ADVANCED, MULTILAYERED SPAMBOT CAMPAIGN THAT IS BACK WITH A VENGEANCE.pdf", "2016-10-21 - BITTER- a targeted attack against Pakistan.pdf", "2016-11-15 - Kronos Banking Trojan Used to Deliver New Point-of-Sale Malware.pdf", "2016-10-27 - BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List.pdf", "2016-10-25 - Houdini\u2019s Magic Reappearance.pdf", "2016-11-23 - InPage zero-day exploit used to attack financial institutions in Asia.pdf", "2016-11-30 - Bladabindi Remains A Constant Threat By Using Dynamic DNS Services.pdf", "2016-11-17 - It\u2019s Parliamentary - KeyBoy and the targeting of the Tibetan Community.pdf", "2016-11-22 - Cobalt hackers executed massive, synchronized ATM heists across Europe, Russia.pdf", "2016-10-03 - On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users.pdf", "2016-11-21 - PrincessLocker \u2013 ransomware with not so royal encryption.pdf", "2016-11-21 - Android malware analysis with Radare- Dissecting the Triada Trojan.pdf", "2016-11-17 - Princess Locker decryptor.pdf", "2016-11-28 - NetWire RAT Steals Payment Card Data.pdf", "2016-12-08 - Thyssenkrupp victim of cyber attack.pdf", "2016-12-06 - Deep Analysis of the Online Banking Botnet TrickBot.pdf", "2016-12-07 - The TrickBot Evolution.pdf", "2016-12-07 - August in November- New Information Stealer Hits the Scene.pdf", "2016-12-06 - August in November- New Information Stealer Hits the Scene.pdf", "2016-11-28 - A New All-in-One Botnet- Proteus.pdf", "2016-12-09 - Now Mirai Has DGA Feature Built in.pdf", "2016-12-01 - CNACOM - Open Source Exploitation via Strategic Web Compromise.pdf", "2016-12-07 - Floki Bot Strikes, Talos and Flashpoint Respond.pdf", "2016-12-14 - MiKey - A Linux keylogger.pdf", "2016-12-19 - Dismantling a Nuclear Bot.pdf", "2016-12-09 - -Proof of Concept- CryptoWire Ransomware Spawns Lomix and UltraLocker Families.pdf", "2016-12-26 - Rocket Kitten.pdf", "2016-12-14 - Kaspersky Security Bulletin 2016. Review of the year. Overall statistics for 2016.pdf", "2016-12-14 - Twin zero-day attacks- PROMETHIUM and NEODYMIUM target individuals in Europe.pdf", "2016-12-27 - Pegasus internals- Technical Teardown of the Pegasus malware and Trident exploit chain.pdf", "2016-12-16 - Bayrob- Three suspects extradited to face charges in US.pdf", "2016-12-20 - Alice- A Lightweight, Compact, No-Nonsense ATM Malware.pdf", "2016-12-29 - Some notes on IoCs.pdf", "2016-12-15 - Let It Ride- The Sofacy Group\u2019s DealersChoice Attacks Continue.pdf", "2016-12-22 - Tofsee Spambot features .ch DGA - Reversal and Countermesaures.pdf", "2016-12-23 - Emsisoft Decryptor for GlobeImposter.pdf", "2016-11-30 - Shamoon 2- Return of the Disttrack Wiper.pdf", "2016-11-23 - Analysis- Ursnif - spying on your data since 2007.pdf", "2016-12-09 - New Exo Android Trojan Sold on Hacking Forums, Dark Web.pdf", "APT C 03.pdf", "2016-12-28 - Switcher- Android joins the \u2018attack-the-router\u2019 club.pdf", "2016-12-27 - ANALYSIS OF AUGUST STEALER MALWARE.pdf", "2016-11-30 - Shamoon- Back from the dead and destructive as ever.pdf", "Asruex.pdf", "2016-11-22 - Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy.pdf", "Aveo.pdf", "attack delivers 9002 trojan through google drive.pdf", "APT-C-09 (2).pdf", "Black Energy APT.pdf", "Cisco HayStack.pdf", "Dust Storm Infographic.pdf", "Apt 2015 (2).pdf", "Dissecting the malware in inocnation campaign.pdf", "Dynasty.pdf", "NetTraveler.pdf", "Houdini.s.Magic.Reappearance.pdf", "Operation Blockbuster Ex Summary.pdf", "Operation Dust Storm.pdf", "2016-01-22 - CVE-2015-4400 - Backdoorbot, Network Configuration Leak on a Connected Doorbell.pdf", "2016-01-26 - URLZone Zones in on Japan.pdf", "2016-01-21 - NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan.pdf", "2016-04-13 - Ghosts in the Endpoint.pdf", "2016-05-25 - CVE-2015-2545- overview of current threats.pdf", "2016-05-29 - Keep Calm and (Don\u2019t) Enable Macros- A New Threat Actor Targets UAE Dissidents.pdf", "2016-12-01 - Alert (TA16-336A)- Avalanche (crimeware-as-a-service infrastructure).pdf", "2016-12-13 - The rise of TeleBots- Analyzing disruptive KillDisk attacks.pdf", "2016-12-09 - Windows 10- protection, detection, and response against recent Depriz malware attacks.pdf", "2016-12-15 - Goldeneye Ransomware \u2013 the Petya-Mischa combo rebranded.pdf", "2016-12-20 - New Linux-Rakos threat- devices and servers under SSH scan (again).pdf", "2016-12-29 - GRIZZLY STEPPE \u2013 Russian Malicious Cyber Activity.pdf", "A tale of two targets.pdf", "APT-C-15.pdf", "Attack on Ukraine Power Grid.pdf", "Bears in the Midst Intrusion into the Democratic National Committee \u00bb.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1023", "name": "Shortcut Modification", "display_name": "T1023 - Shortcut Modification" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1065", "name": "Uncommonly Used Port", "display_name": "T1065 - Uncommonly Used Port" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1085", "name": "Rundll32", "display_name": "T1085 - Rundll32" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1124", "name": "System Time Discovery", "display_name": "T1124 - System Time Discovery" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "kikinumpav", "id": "385742", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1150, "FileHash-SHA256": 1957, "URL": 1407, "domain": 1246, "hostname": 1684, "FileHash-SHA1": 433, "CVE": 54, "email": 60, "BitcoinAddress": 4, "YARA": 1 }, "indicator_count": 7996, "is_author": false, "is_subscribing": null, "subscriber_count": 12, "modified_text": "3 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-05-31T01:02:14", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64343, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880099, "is_author": false, "is_subscribing": null, "subscriber_count": 300, "modified_text": "19 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65f5828f8217ecbe6ce3a89b", "name": "IOCs Industriales", "description": "", "modified": "2024-03-16T11:29:19.302000", "created": "2024-03-16T11:29:19.302000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 81, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dtatov00", "id": "256758", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "806 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65f5827a4e23b095e5af5f44", "name": "IOCs Industriales", "description": "", "modified": "2024-03-16T11:28:58.984000", "created": "2024-03-16T11:28:58.984000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dtatov00", "id": "256758", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "806 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65f582700d35b0e7c8dd9df8", "name": "IOCs Industriales", "description": "", "modified": "2024-03-16T11:28:48.062000", "created": "2024-03-16T11:28:48.062000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dtatov00", "id": "256758", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "806 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65f5823b9d7bc6b422256296", "name": "IOCs Industriales", "description": "", "modified": "2024-03-16T11:27:55.808000", "created": "2024-03-16T11:27:55.808000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dtatov00", "id": "256758", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "806 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f04af6927f6584755d691", "name": "Registrar Abuse | CNC", "description": "", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-30T01:19:43.234000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "653e92fcaf9d549477914ece", "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f047d030109e1cab23db8", "name": "Qakbot, Qbot, Qausar | CNC", "description": "", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-30T01:18:53.112000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "653e9215890dfc9167d774e3", "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f04475b063d0b0d3badca", "name": "CNC | Malicious activities. | aig.com [lacks http/https]", "description": "", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-30T01:17:59.531000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "653e9147fc170101be4f7afe", "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653e92fcaf9d549477914ece", "name": "Registrar Abuse | CNC", "description": "My input: unsigned, evasive,Trojan:Win32/Danabot.G, missing STSH, CNC, phishing, trojans, scanning host, exploit host. \n\n\n[Auto populated: Last DNS records are held by a single person, and they are not the same as the previous records, which were posted in the early 1990s and early 2000s, according to the US government.]", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-29T17:14:36.780000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653e9215890dfc9167d774e3", "name": "Qakbot, Qbot, Qausar | CNC", "description": "My input: unsigned, evasive,Trojan:Win32/Danabot.G, missing STSH, CNC, phishing, trojans, scanning host, exploit host. \n\n\n[Auto populated: Last DNS records are held by a single person, and they are not the same as the previous records, which were posted in the early 1990s and early 2000s, according to the US government.]", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-29T17:10:45.609000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653e9147fc170101be4f7afe", "name": "CNC | Malicious activities. | aig.com [lacks http/https]", "description": "My input: unsigned, evasive,Trojan:Win32/Danabot.G, missing STSH, CNC, phishing, trojans, scanning host, exploit host. \n\n\n[Auto populated: Last DNS records are held by a single person, and they are not the same as the previous records, which were posted in the early 1990s and early 2000s, according to the US government.]", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-29T17:07:19.371000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e7995af8d4a3461031898b", "name": "IOC Records \u2192Provided by @NextRayAI", "description": "", "modified": "2023-10-02T00:00:29.692000", "created": "2023-08-24T17:54:34.404000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 233, "modified_text": "972 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6507dcf477ef9466c2de35e3", "name": "HIVE (Pulse created by RVS_i_am)", "description": "For more information, please see:\n\nContact info: wnd5xkus@duck.com / kcqhf2ok@duck.com (Email & Phone has 'not been very effective' means of communication)\nTwitter: @NorrisN60014\nDiscord: inawj_2\nMastadon: Disable_Duck@nerdculture.de\n\nOther:\nAlienVault: DISABLE_DUCK\nFileScan: DISABLE_DUCK\nMetadefender: red_snow_ak3jzram", "modified": "2023-09-18T05:15:32.926000", "created": "2023-09-18T05:15:32.926000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "64fa30d707f35d3c9d8bd1cd", "export_count": 43, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 234, "modified_text": "986 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6507dcf100d8bde09b555013", "name": "HIVE (Pulse created by RVS_i_am)", "description": "", "modified": "2023-09-18T05:15:29.671000", "created": "2023-09-18T05:15:29.671000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "64fa30d707f35d3c9d8bd1cd", "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "986 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64fa30d7bc2e4d93884b2a4c", "name": "HIVE", "description": "", "modified": "2023-09-07T20:21:43.678000", "created": "2023-09-07T20:21:43.678000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RVS_i_am", "id": "251642", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 49, "modified_text": "996 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64fa30d707f35d3c9d8bd1cd", "name": "HIVE", "description": "", "modified": "2023-09-07T20:21:43.271000", "created": "2023-09-07T20:21:43.271000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RVS_i_am", "id": "251642", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "996 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64fa30cce362cbd8ba18c887", "name": "HIVE", "description": "", "modified": "2023-09-07T20:21:32.701000", "created": "2023-09-07T20:21:32.701000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RVS_i_am", "id": "251642", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "996 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64fa30c8b0f038985fbce564", "name": "HIVE", "description": "", "modified": "2023-09-07T20:21:28.946000", "created": "2023-09-07T20:21:28.946000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RVS_i_am", "id": "251642", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "996 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64fa30b1c5599ae3fd943671", "name": "HIVE", "description": "", "modified": "2023-09-07T20:21:05.125000", "created": "2023-09-07T20:21:05.125000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RVS_i_am", "id": "251642", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 46, "modified_text": "996 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64fa30a3429961426a8c9f3f", "name": "HIVE", "description": "", "modified": "2023-09-07T20:20:51.389000", "created": "2023-09-07T20:20:51.389000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RVS_i_am", "id": "251642", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "996 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64fa309b486cb2d0cacbc33e", "name": "HIVE", "description": "", "modified": "2023-09-07T20:20:43.518000", "created": "2023-09-07T20:20:43.518000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RVS_i_am", "id": "251642", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "996 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64fa309b8869335d1a9e6293", "name": "HIVE", "description": "", "modified": "2023-09-07T20:20:43.122000", "created": "2023-09-07T20:20:43.122000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RVS_i_am", "id": "251642", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 44, "modified_text": "996 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64fa3090d3eb1de3bad58767", "name": "HIVE", "description": "", "modified": "2023-09-07T20:20:32.583000", "created": "2023-09-07T20:20:32.583000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RVS_i_am", "id": "251642", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 46, "modified_text": "996 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64fa308c07f35d3c9d8bd1cc", "name": "HIVE", "description": "", "modified": "2023-09-07T20:20:28.541000", "created": "2023-09-07T20:20:28.541000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RVS_i_am", "id": "251642", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "996 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e799845f4ca1eaee3b9957", "name": "IOC Records \u2192Provided by @NextRayAI", "description": "", "modified": "2023-08-24T17:55:16.165000", "created": "2023-08-24T17:55:16.165000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "1011 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e79960d336b6a4b53c561e", "name": "IOC Records \u2192Provided by @NextRayAI", "description": "", "modified": "2023-08-24T17:54:40.425000", "created": "2023-08-24T17:54:40.425000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "1011 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e7995f5e8231aa87cdddc5", "name": "IOC Records \u2192Provided by @NextRayAI", "description": "", "modified": "2023-08-24T17:54:39.765000", "created": "2023-08-24T17:54:39.765000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "1011 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e7995ece1da1e24e444a27", "name": "IOC Records \u2192Provided by @NextRayAI", "description": "", "modified": "2023-08-24T17:54:38.909000", "created": "2023-08-24T17:54:38.909000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "1011 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e799540d4697a46f8f230c", "name": "IOC Records \u2192Provided by @NextRayAI", "description": "", "modified": "2023-08-24T17:54:28.757000", "created": "2023-08-24T17:54:28.757000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "1011 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e799240e77a37a1a1fd255", "name": "IOC Records \u2192 Provided by @NextRayAI", "description": "", "modified": "2023-08-24T17:53:40.054000", "created": "2023-08-24T17:53:40.054000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "1011 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e79923528ad3eb11ea884c", "name": "IOC Records \u2192 Provided by @NextRayAI", "description": "", "modified": "2023-08-24T17:53:39.444000", "created": "2023-08-24T17:53:39.444000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "1011 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e7992247e0b22db4bd642a", "name": "IOC Records \u2192 Provided by @NextRayAI", "description": "", "modified": "2023-08-24T17:53:38.528000", "created": "2023-08-24T17:53:38.528000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "1011 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e7991e0e88ef39bef95a12", "name": "IOC Records \u2192 Provided by @NextRayAI", "description": "", "modified": "2023-08-24T17:53:34.071000", "created": "2023-08-24T17:53:34.071000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "1011 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e79918d81a265ff4d3d514", "name": "IOC Records \u2192 Provided by @NextRayAI", "description": "", "modified": "2023-08-24T17:53:28.601000", "created": "2023-08-24T17:53:28.601000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "1011 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e7990cbf87cda6c38013cf", "name": "IOC Records \u2192 Provided by @NextRayAI", "description": "", "modified": "2023-08-24T17:53:16.082000", "created": "2023-08-24T17:53:16.082000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "1011 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "2016-09-22 - Zeus Delivered by DELoader to Defraud Customers of Canadian Banks.pdf", "2016-10-27 - Inside the Gootkit C&C server.pdf", "2016-04-27 - Freezer Paper around Free Meat (Repackaging Open Source BeEF for Tracking and More).pdf", "2016-11-21 - Android malware analysis with Radare- Dissecting the Triada Trojan.pdf", "2016-03-09 - Korean Energy and Transportation Targets Attacked by OnionDog APT.pdf", "2016-10-03 - Remsec driver analysis.pdf", "Operation Dust Storm.pdf", "2016-01-28 - CenterPOS- An Evolving POS Threat.pdf", "2016-09-23 - SECONDDATE in action.pdf", "2016-05-25 - CVE-2015-2545- overview of current threats.pdf", "2016-12-22 - Tofsee Spambot features .ch DGA - Reversal and Countermesaures.pdf", "2016-07-05 - New Backdoor Allows Full Access to Mac Systems, Bitdefender Warns.pdf", "2016-03-03 - Attack on Zygote- a new twist in the evolution of mobile threats.pdf", "2016-05-04 - Petya- the two-in-one trojan.pdf", "2016-08-16 - Aveo Malware Family Targets Japanese Speaking Users.pdf", "2016-04-16 - Ever Present Persistence - Established Footholds Seen in the Wild.pdf", "2016-08-22 - VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick.pdf", "2016-10-09 - SiteIntel- Cyber Caliphate Army.pdf", "2016-01-22 - PlugX APT Malware.pdf", "2016-10-24 - Evasive Malware Detects and Defeats Virtual Machine Analysis.pdf", "Bears in the Midst Intrusion into the Democratic National Committee \u00bb.pdf", "2016-05-02 - Prince of Persia Hashes.pdf", "2016-11-02 - Exposing the EGO MARKET- the cybercrime performed by the Linux-Moose botnet.pdf", "2016-07-07 - NetTraveler APT Targets Russian, European Interests.pdf", "2016-08-08 - Possibly Italy-Born Android RAT Reported in China, Find Bitdefender Researchers.pdf", "2016-12-29 - Some notes on IoCs.pdf", "2016-06-14 - CVE-2016-4171 \u2013 Adobe Flash Zero-day used in targeted attacks.pdf", "2016-09-27 - Threat Spotlight- GozNym.pdf", "2016-08-16 - Brazil Can\u2019t Catch a Break- After Panda Comes the Sphinx.pdf", "2016-01-12 - The Magnificent FIN7- Revealing a Cybercriminal Threat Group.pdf", "2016-09-04 - BLATSTING Command-and-Control protocol.pdf", "2016-01-22 - Sykipot APT Malware.pdf", "2016-02-24 - Operation Blockbuster Coalition Ties Destructive Attacks to Lazarus Group.pdf", "2016-04-27 - Freezer Paper around Free Meat.pdf", "2016-04-28 - Tick cyberespionage group zeros in on Japan.pdf", "2016-10-11 - Remsec driver analysis - Part 3.pdf", "2016-06-15 - Mofang- A politically motivated information stealing adversary.pdf", "2016-08-04 - Iran Threats Webpage.pdf", "2016-11-23 - InPage zero-day exploit used to attack financial institutions in Asia.pdf", "2016-12-20 - New Linux-Rakos threat- devices and servers under SSH scan (again).pdf", "2016-01-21 - Android Spywaller- Firewall-Style Antivirus Blocking.pdf", "2016-08-19 - New Hancitor Malware- Pimp my Downloaded.pdf", "2016-02-17 - Russian Police Prevented Massive Banking Sector Cyber Attack.pdf", "2016-09-14 - BkSoD by Ransomware- HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs.pdf", "2016-06-02 - FastPOS- Quick and Easy Credit Card Theft.pdf", "2016-08-29 - Nightmare on Tor Street- Ursnif variant Dreambot adds Tor functionality.pdf", "2016-09-21 - Reversing GO binaries like a pro.pdf", "Attack on Ukraine Power Grid.pdf", "2016-06-17 - In The Wild- Mobile Malware Implements New Features.pdf", "2016-05-13 - Cyber Heist Attribution.pdf", "2016-04-06 - Locky Ransomware Is Becoming More Sophisticated - Cybercriminals Continue Email Campaign Innovation.pdf", "2016-05-26 - The OilRig Campaign- Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor.pdf", "2016-02-18 - New Android Trojan \u201cXbot\u201d Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom.pdf", "2016-08-11 - Smrss32 (.encrypted) Ransomware Help & Support - _HOW_TO_Decrypt.bmp.pdf", "2016-08-08 - Strider- Cyberespionage group turns eye of Sauron on targets.pdf", "2016-11-10 - Floki Bot and the stealthy dropper.pdf", "2016-03-10 - Death Comes Calling- Thanatos-Alphabot Trojan Hits the Market.pdf", "2016-08 - Analysis of a packed Pony downloader.pdf", "2016-06-17 - ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks.pdf", "2016-04-25 - Attackers Behind GozNym Trojan Set Sights on Europe.pdf", "2016-08-25 - Shakti Trojan - Technical Analysis.pdf", "2016-04-01 - Petya \u2013 Taking Ransomware To The Low Level.pdf", "2016-11-30 - Shamoon- Back from the dead and destructive as ever.pdf", "2016-06-14 - New Sofacy Attacks Against US Government Agency.pdf", "2016-09-06 - Buckeye cyberespionage group shifts gaze from US to Hong Kong.pdf", "2016-02-09 - Chinese Cyberspies Pivot To Russia In Wake Of Obama-Xi Pact.pdf", "2016-08-05 - Smoke Loader \u2013 downloader with a smokescreen still alive.pdf", "2016-04-06 - Bootkit's development overview and trend (X).pdf", "2016-12-14 - Twin zero-day attacks- PROMETHIUM and NEODYMIUM target individuals in Europe.pdf", "2016-02-09 - DMA Locker Strikes Back.pdf", "2016-02-29 - New Malware \u2018Rover\u2019 Targets Indian Ambassador to Afghanistan.pdf", "2016-07-12 - Malware Discovered \u2013 SFG- Furtim Malware Analysis.pdf", "2016-02-02 - DMA Locker- New Ransomware, But No Reason To Panic.pdf", "2016-02-09 - Bedep Lurking in Angler's Shadows.pdf", "2016-01-13 - Russian group behind 2013 Foreign Ministry hack.pdf", "2016-03-11 - Cerber ransomware- new, but mature.pdf", "2016-09-13 - The curious case of BLATSTING's RSA implementation.pdf", "2016-06-08 - Spear Phishing Attacks- Why They are Successful and How to Stop Them.pdf", "2016-11-09 - Down the H-W0rm Hole with Houdini\u2019s RAT.pdf", "2016-03-31 - Stored XSS Vulnerabilites on Foscam.pdf", "2016-01-25 - Hidden Tear Ransomware Developer Blackmailed by Malware Developers using his Code.pdf", "2016-09-20 - Hackers lurking, parliamentarians told _ News _ DW _ 20.09.2016.pdf", "2016-11-08 - Analysis of IOS.GUIINJECT Adware Library.pdf", "2016-06-15 - Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging.pdf", "2016-04-19 - Your Package Has Been Successfully Encrypted- TeslaCrypt 4.1A and the Malware Attack Chain.pdf", "2016-07-30 - Luminosity RAT - Re-purposed.pdf", "2016-05-09 - PSEUDO-DARKLEECH ANGLER EK FROM 185.118.66.154 SENDS BEDEP-CRYPTXXX.pdf", "2016-02-21 - Source code for powerful Android banking malware is leaked.pdf", "2016-01-24 - Scarlet Mimic- Years-Long Espionage Campaign Targets Minority Activists.pdf", "2016-10-21 - BITTER- a targeted attack against Pakistan.pdf", "2016-05-15 - What We Can Learn From the Bangladesh Central Bank Cyber Heist.pdf", "2016-01-18 - Updated Blackmoon banking Trojan stays focused on South Korean banking customers.pdf", "2016-07-22 - Stampado Ransomware campaign decrypted before it Started.pdf", "2016-12-07 - The TrickBot Evolution.pdf", "2016-03-01 - Shrouded Crossbow Creators Behind BIFROSE for UNIX.pdf", "2016-05-26 - SWIFT attackers\u2019 malware linked to more financial attacks.pdf", "2016-06-21 - The Curious Case of an Unknown Trojan Targeting German-Speaking Users.pdf", "2016-08-30 - OSX-Keydnap spreads via signed Transmission application.pdf", "2016-10-25 - TrickBot Banker Insights.pdf", "2016-09-27 - New Voldemort-Nagini Ransomware Virus Infection.pdf", "2016-12-09 - New Exo Android Trojan Sold on Hacking Forums, Dark Web.pdf", "2016-06-25 - Rokku Ransomware shows possible link with Chimera.pdf", "2016-07-07 - New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware..pdf", "2016-11-02 - Nymaim Malware- Deep Technical Dive \u2013 Adventures in Evasive Malware.pdf", "2016-12-20 - Alice- A Lightweight, Compact, No-Nonsense ATM Malware.pdf", "2016-07-08 - The Dropping Elephant \u2013 aggressive cyber-espionage in the Asian region.pdf", "2016-07-28 - Petya and Mischa For All Part II- They\u2019re Here\u2026.pdf", "Apt 2015 (2).pdf", "2016-03-31 - The evolution of Brazilian Malware.pdf", "2016-03-29 - Taiwan targeted with new cyberespionage back doorTrojan.pdf", "2016-01-01 - Die erste Ransomware in JavaScript- Ransom32.pdf", "2016-06-03 - Cooking Up Autumn (Herbst) Ransomware.pdf", "2016-03-21 - OS X Malware Samples Analyzed.pdf", "2016-08-04 - Iranian Actor -Group5- Targeting Syrian Opposition.pdf", "2016-03-06 - Network detector for Winnti malware.pdf", "2016-10-04 - OilRig Malware Campaign Updates Toolset and Expands Targets.pdf", "2016-03-18 - Xor DDoS.pdf", "2016-11-22 - Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy.pdf", "2016-11-28 - A New All-in-One Botnet- Proteus.pdf", "2016-06-23 - POS and Credit Cards- In the Line of Fire with \u201cPunkeyPOS\u201d.pdf", "2016-03-11 - Gaudox - HTTP Bot (1.1.0.1) - CPlusPlus ASM - Ring3 Rootkit - Watchdog - Antis.pdf", "APT-C-15.pdf", "2016-05-06 - 7ev3n ransomware turning \u2018HONE$T\u2019.pdf", "2016-12-09 - Windows 10- protection, detection, and response against recent Depriz malware attacks.pdf", "2016-08-30 - Pythons and Unicorns and Hancitor\u2026Oh My! Decoding Binaries Through Emulation.pdf", "2016-12-06 - Deep Analysis of the Online Banking Botnet TrickBot.pdf", "2016-05-03 - The Continuing Evolution of Samas Ransomware.pdf", "Dynasty.pdf", "2016-09-17 - A few notes on SECONDDATE's C&C protocol.pdf", "A tale of two targets.pdf", "2016-11-15 - ScanPOS, new POS malware being distributed by Kronos.pdf", "Asruex.pdf", "2016-02-12 - A Look Into Fysbis- Sofacy\u2019s Linux Backdoor.pdf", "2016-05-02 - Prince of Persia- Infy Malware Active In Decade of Targeted Attacks.pdf", "2016-02-19 - Citadel 0.0.1.1 (Atmos).pdf", "2016-06-17 - Operation Daybreak.pdf", "2016-08-18 - The Shadow Brokers.pdf", "2016-11-15 - CryptoLuck Ransomware being Malvertised via RIG-E Exploit Kits.pdf", "2016-08-22 - Trojan.Mutabaha.1.pdf", "2016-05-05 - Sophisticated New Packer Identified in CryptXXX Ransomware Sample.pdf", "2016-01-22 - CVE-2015-4400 - Backdoorbot, Network Configuration Leak on a Connected Doorbell.pdf", "2016-09-20 - Meanwhile in Britain, Qadars v3 Hardens Evasion, Targets 18 UK Banks.pdf", "2016-10-17 - RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT.pdf", "2016-01-29 - Malicious Office Files Dropping Kasidet And Dridex.pdf", "2016-08-04 - What is Multigrain- Learn what makes this PoS malware different.pdf", "2016-04-14 - Bedep has raised its game vs Bot Zombies.pdf", "attack delivers 9002 trojan through google drive.pdf", "2016-10-17 - New-looking Sundown EK drops Smoke Loader, Kronos banker.pdf", "2016-03-04 - Tracing the Lineage of DarkSeoul.pdf", "2016-04-22 - New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists.pdf", "2016-09-26 - Sofacy\u2019s \u2018Komplex\u2019 OS X Trojan.pdf", "2016-07-11 - When Paying Out Doesn't Pay Off.pdf", "2016-11-02 - Linux-Moose- Still breathing.pdf", "2016-05-09 - PseudoDarkLeech Angler EK from 185.118.66.154 sends Bedep-CryptXXX.pdf", "2016-12-13 - The rise of TeleBots- Analyzing disruptive KillDisk attacks.pdf", "2016-07-08 - Investigating the LuminosityLink Remote Access Trojan Configuration.pdf", "2016-09-28 - Confucius Says\u2026Malware Families Get Further By Abusing Legitimate Websites.pdf", "2016-02-02 - Vipasana ransomware new ransom on the block.pdf", "2016-11-01 - Ursnif Malware- Deep Technical Dive.pdf", "2016-02-29 - The \u201cHawkEye\u201d attack- how cybercrooks target small businesses for big money.pdf", "2016-10-25 - Houdini\u2019s Magic Reappearance.pdf", "2016-03-15 - Suckfly- Revealing the secret life of your code signing certificates.pdf", "2016-07-03 - Android Triada modular trojan.pdf", "2016-08-29 - Fantom ransomware impersonates Windows update.pdf", "2016-11-09 - Tricks of the Trade- A Deeper Look Into TrickBot\u2019s Machinations.pdf", "2016-12-27 - Pegasus internals- Technical Teardown of the Pegasus malware and Trident exploit chain.pdf", "2016-07-13 - Troldesh ransomware influenced by (the) Da Vinci code.pdf", "2016-12-16 - Bayrob- Three suspects extradited to face charges in US.pdf", "2016-07-12 - Me and Mr. Robot- Tracking the Actor Behind the MAN1 Crypter.pdf", "NetTraveler.pdf", "2016-09-28 - Highly Evasive Code Injection Awaits User Interaction Before Delivering Malware.pdf", "2016-03-25 - ProjectM- Link Found Between Pakistani Actor and Operation Transparent Tribe.pdf", "2016-07-08 - GootKit- Bobbing and Weaving to Avoid Prying Eyes.pdf", "2016-05-03 - A Universal Windows Bootkit.pdf", "2016-09-06 - Blatsting C&C Transcript.pdf", "2016-07-26 - OTX Pulse on R980 ransomware.pdf", "2016-05-19 - Petya and Mischa \u2013 Ransomware Duet (Part 1).pdf", "2016-09-11 - Free Darktrack RAT Has the Potential of Being the Best RAT on the Market Search.pdf", "2016-09-02 - Necurs \u2013 hybrid spam botnet.pdf", "Houdini.s.Magic.Reappearance.pdf", "2016-01-23 - Imminent Monitor 4 RAT Analysis \u2013 A Glance.pdf", "2016-10-24 - Introducing TrickBot, Dyreza\u2019s successor.pdf", "2016-12-15 - Let It Ride- The Sofacy Group\u2019s DealersChoice Attacks Continue.pdf", "2016-06-25 - SectorC08- Multi-Layered SFX in Recent Campaigns Target Ukraine.pdf", "2016-03-11 - Gaudox - HTTP Bot (1.1.0.1) - C++-ASM - Ring3 Rootkit - Watchdog - Antis.pdf", "2016-06-06 - Everyone sees not what they want to see.pdf", "2016-03-24 - Maktub Locker \u2013 Beautiful And Dangerous.pdf", "2016-04-21 - When entropy meets Shannon.pdf", "2016-11-30 - Shamoon 2- Return of the Disttrack Wiper.pdf", "2016-02-14 - PadCrypt The first ransomware with Live Support Chat and an Uninstaller.pdf", "2016-02-08 - APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks.pdf", "2016-10-01 - \u2018Shadow Brokers\u2019 Whine That Nobody Is Buying Their Hacked NSA Files.pdf", "2016-09-23 - Hancitor (AKA Chanitor) observed using multiple attack approaches.pdf", "2016-11-08 - Analysis of iOSGuiInject Adware Library.pdf", "2016-01-29 - VB2015 paper- It's A File Infector... It\u2019s Ransomware... It's Virlock.pdf", "2016-12-27 - ANALYSIS OF AUGUST STEALER MALWARE.pdf", "2016-03-11 - PowerSniff Malware Used in Macro-based Attacks.pdf", "2016-09-19 - Untangling the Ripper ATM Malware.pdf", "2016-02-26 - Nymaim Moves Past Its Ransomware Roots - What Is Old Is New Again.pdf", "2016-09-08 - Doctor Web discovers Linux Trojan written in Rust.pdf", "2016-04-08 - CryptoHost Decrypted Locks files in a password protected RAR File.pdf", "2016-09-21 - KrebsOnSecurity Hit With Record DDoS.pdf", "2016-08-02 - Orcus \u2013 Birth of an unusual plugin builder RAT.pdf", "2016-10-17 - A Tale of Two Targets.pdf", "2016-07-20 - CrypMIC Ransomware Wants to Follow CryptXXX\u2019s Footsteps.pdf", "2016-11-08 - SPAMTORTE VERSION 2- DISCOVERY OF AN ADVANCED, MULTILAYERED SPAMBOT CAMPAIGN THAT IS BACK WITH A VENGEANCE.pdf", "2016-07-31 - China 1937CN Team Hackers Attack Airports in Vietnam.pdf", "2016-10-01 - Source Code for IoT Botnet \u2018Mirai\u2019 Released.pdf", "2016-04-26 - Digging deep for PLATINUM.pdf", "2016-08-08 - MONSOON - Analysis Of An APT Campaign.pdf", "2016-05-27 - Evidence of Stronger Ties Between North Korea and SWIFT Banking Attacks.pdf", "2016-09-07 - The Missing Piece \u2013 Sophisticated OS X Backdoor Discovered.pdf", "Aveo.pdf", "2016-03-23 - SamSam- The Doctor Will See You, After He Pays The Ransom.pdf", "2016-12-14 - MiKey - A Linux keylogger.pdf", "2016-08-10 - CryptXXX - CrypMIC \u2013 intensywnie dystrybuowany ransomware w ramach exploit-kit\u00f3w.pdf", "2016-09-23 - Dissecting a Hacktivist\u2019s DDoS Tool- Saphyra Revealed.pdf", "2016-02-09 - Poseidon Group- a Targeted Attack Boutique specializing in global cyber-espionage.pdf", "2016-05-22 - Cron has fallen.pdf", "2016-03-14 - Massive Malvertising Campaign in US Leads to Angler Exploit Kit-BEDEP.pdf", "2016-08-01 - CrowdStrike\u2019s New Methodology for Tracking eCrime.pdf", "2016-02-12 - Security Alert- Mazar BOT \u2013 the Android Malware That Can Erase Your Phone.pdf", "2016-09-29 - Want Tofsee My Pictures- A Botnet Gets Aggressive.pdf", "2016-04-11 - Manamecrypt \u2013 a ransomware that takes a different route.pdf", "2016-09-15 - MILE TEA- Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies.pdf", "2016-07-21 - Canadian Man Behind Popular \u2018Orcus RAT\u2019.pdf", "2016-11-17 - It\u2019s Parliamentary - KeyBoy and the targeting of the Tibetan Community.pdf", "2016-05-12 - Chinese-language Ransomware \u2018SHUJIN\u2019 Makes An Appearance.pdf", "2016-10-27 - BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List.pdf", "2016-09-28 - Introducing Her Royal Highness the Princess Locker Ransomware.pdf", "2016-03-07 - RedHat Hacker.asp.pdf", "2016-09-16 - iSpy Keylogger.pdf", "2016-03-18 - Teslacrypt Spam Campaign- \u201cUnpaid Issue\u2026\u201d.pdf", "2016-10-31 - Second Shadow Brokers dump released.pdf", "2016-04-22 - Tater- A PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit..pdf", "2016-06-09 - Reverse-engineering DUBNIUM.pdf", "2016-02-24 - The DGA of Qakbot.T.pdf", "2016-09-13 - DualToy- New Windows Trojan Sideloads Risky Apps to Android and iOS Devices.pdf", "2016-12-26 - Rocket Kitten.pdf", "2016-06-23 - Tracking Elirks Variants in Japan- Similarities to Previous Attacks.pdf", "2016-08-28 - FEINTCLOUD.pdf", "2016-12-07 - August in November- New Information Stealer Hits the Scene.pdf", "2016-10-26 - Moonlight \u2013 Targeted attacks in the Middle East.pdf", "2016-05-12 - Hancitor and Ruckguv Reappear, Updated and With Vawtrak On Deck.pdf", "APT C 03.pdf", "2016-07-26 - Threat Actors Using Legitimate PayPal Accounts To Distribute Chthonic Banking Trojan.pdf", "2016-09-09 - GOVRAT V2.0 - Attacking US military and government.pdf", "2016-09-20 - Inside Petya and Mischa ransomware.pdf", "2016-12-06 - August in November- New Information Stealer Hits the Scene.pdf", "2016-12-07 - Floki Bot Strikes, Talos and Flashpoint Respond.pdf", "Black Energy APT.pdf", "2016-10-05 - FastPOS Updates in Time for the Retail Sale Season.pdf", "2016-03-14 - Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government.pdf", "2016-05-12 - LatentBot \u2013 modularny i silnie zaciemniony bot.pdf", "2016-11-14 - Ransoc Desktop Locking Ransomware Ransacks Local Files and Social Media Profiles.pdf", "2016-10-11 - Odinaff- New Trojan used in high level financial attacks.pdf", "2016-12-09 - Now Mirai Has DGA Feature Built in.pdf", "2016-11-15 - Kronos Banking Trojan Used to Deliver New Point-of-Sale Malware.pdf", "2016-09-29 - TeamXRat- Brazilian cybercrime meets ransomware.pdf", "2016-03-01 - Taiwan Presidential Election- A Case Study on Thematic Targeting.pdf", "2016-04-19 - Trojan.GodzillaLoader (alias Godzilla Loader).pdf", "2016-02-17 - OceanLotus for OS X \u2013 an Application Bundle Pretending to be an Adobe Flash Update.pdf", "2016-04-07 - FBI Quietly Admits to Multi-Year APT Attack, Sensitive Data Stolen.pdf", "2016-06-07 - The Story of yet another ransom-fail-ware.pdf", "2016-10-10 - How France's TV5 was almost destroyed by 'Russian hackers'.pdf", "2016-12-01 - CNACOM - Open Source Exploitation via Strategic Web Compromise.pdf", "APT-C-09 (2).pdf", "2016-08-08 - ProjectSauron- top level cyber-espionage platform covertly extracts encrypted government comms.pdf", "2016-04-05 - SCADA Security Report 2016.pdf", "2016-07-26 - Attack Delivers \u20189002\u2019 Trojan Through Google Drive.pdf", "2016-05-16 - Vietnamese Bank Blocks $1 Million SWIFT Heist.pdf", "Dust Storm Infographic.pdf", "2016-05-19 - Petya and Mischa for All! The RaaS Boom Expands to Include the Petya-Mischa Combo.pdf", "2016-07-06 - New OSX-Keydnap malware is hungry for credentials.pdf", "2016-08-07 - Strider- Cyberespionage group turns eye of Sauron on targets.pdf", "2016-09-30 - Hacked Steam accounts spreading Remote Access Trojan.pdf", "2016-12-19 - Dismantling a Nuclear Bot.pdf", "Dissecting the malware in inocnation campaign.pdf", "2016-05-22 - Operation Ke3chang Resurfaces With New TidePool Malware.pdf", "2016-12-23 - Emsisoft Decryptor for GlobeImposter.pdf", "2016-07-01 - KeyBase - A New Keylogger on the Block.pdf", "2016-05-11 - Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks.pdf", "2016-09-16 - Tofsee \u2013 modular spambot.pdf", "2016-12-09 - -Proof of Concept- CryptoWire Ransomware Spawns Lomix and UltraLocker Families.pdf", "2016-11-23 - Analysis- Ursnif - spying on your data since 2007.pdf", "2016-10-15 - TrickBot- We Missed you, Dyre.pdf", "2016-02-03 - Emissary Trojan Changelog- Did Operation Lotus Blossom Cause It to Evolve-.pdf", "2016-05-23 - Technical Report about the Malware used in the Cyberespionage against RUAG.pdf", "2016-06-11 - The Chinese Hackers in the Back Office.pdf", "2016-04-28 - Research Spotlight- The Resurgence of Qbot.pdf", "2016-12-14 - Kaspersky Security Bulletin 2016. Review of the year. Overall statistics for 2016.pdf", "2016-04-21 - PoS Attacks Net Crooks 20 Million Stolen Bank Cards.pdf", "2016-12-29 - GRIZZLY STEPPE \u2013 Russian Malicious Cyber Activity.pdf", "2016-11-07 - Little Trickbot Growing Up- New Campaign.pdf", "2016-09-11 - BUZZDIRECTION- BLATSTING reloaded.pdf", "2016-07-14 - Technical Notes on Sakula.pdf", "2016-07-25 - Patchwork cyberespionage group expands targets from governments to wide range of industries.pdf", "2016-07-21 - Phishing Attacks Employ Old but Effective Password Stealer.pdf", "2016-03-20 - Hidden Tear Project- Forbidden Fruit Is the Sweetest.pdf", "2016-09-13 - H1N1- Technical analysis reveals new capabilities.pdf", "2016-05-20 - Special Report- Cyber thieves exploit banks' faith in SWIFT transfer network.pdf", "2016-10-18 - Digitally Signed Malware Targeting Gaming Companies.pdf", "2016-01-09 - Confirmation of a Coordinated Attack on the Ukrainian Power Grid.pdf", "2016-10-03 - On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users.pdf", "2016-10-27 - Mirai DDoS Botnet- Source Code & Binary Analysis.pdf", "Cisco HayStack.pdf", "2016-08-10 - Android Marcher- Continuously Evolving Mobile Malware.pdf", "2016-08-23 - Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say.pdf", "2016-04-14 - Targeted Ransomware Activity.pdf", "2016-09-20 - Hackers lurking, parliamentarians told.pdf", "2016-05-17 - Indian organizations targeted in Suckfly attacks.pdf", "2016-04-13 - Ghosts in the Endpoint.pdf", "2016-08-08 - Doctor Web detected Linux Trojan written in Go.pdf", "2016-08-29 - German Speakers Targeted by SPAM Leading to Ozone RAT.pdf", "2016-12-08 - Thyssenkrupp victim of cyber attack.pdf", "2016-04-14 - Meet GozNym- The Banking Malware Offspring of Gozi ISFB and Nymaim.pdf", "2016-11-22 - Cobalt hackers executed massive, synchronized ATM heists across Europe, Russia.pdf", "2016-06-24 - Ani-Shell.pdf", "2016-09-27 - Komplex Mac backdoor answers old questions.pdf", "2016-01-28 - BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents.pdf", "2016-05-23 - DMA Locker 4.0- Known ransomware preparing for a massive distribution.pdf", "2016-08-15 - Shakti Trojan- Document Thief.pdf", "2016-05-29 - Keep Calm and (Don\u2019t) Enable Macros- A New Threat Actor Targets UAE Dissidents.pdf", "2016-03-01 - Look Into Locky Ransomware.pdf", "2016-01-29 - From Linux to Windows \u2013 New Family of Cross-Platform Desktop Backdoors Discovered.pdf", "2016-03-30 - Ransomware Deployed by Adversary with Established Foothold.pdf", "2016-09-05 - Pok\u00e9mon-themed Umbreon Linux Rootkit Hits x86, ARM Systems.pdf", "2016-08-22 - BLATSTING FUNKSPIEL.pdf", "2016-11-14 - Doctor Web discovers a botnet that attacks Russian banks.pdf", "2016-07-01 - How I Cracked a Keylogger and Ended Up in Someone's Inbox.pdf", "2016-02-05 - Vawtrak and UrlZone Banking Trojans Target Japan.pdf", "2016-06 - Form Grabber 2016 [Crome,FF,Opera,Thunderbird, Outlook IE Safari] Hack the world.pdf", "2016-10-17 - \u2018DealersChoice\u2019 is Sofacy\u2019s Flash Player Exploit Platform.pdf", "Operation Blockbuster Ex Summary.pdf", "2016-05-09 - KRBanker Targets South Korea Through Adware and Exploit Kits.pdf", "2016-04-19 - MULTIGRAIN \u2013 Point of Sale Attackers Make an Unhealthy Addition to the Pantry.pdf", "2016-01-21 - NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan.pdf", "2016-03-23 - Gozi ISFB Sourceccode.pdf", "2016-01-26 - URLZone Zones in on Japan.pdf", "2016-06-29 - Apocalypse- Ransomware which targets companies through insecure RDP.pdf", "2016-06-15 - Bears in the Midst- Intrusion into the Democratic National Committee.pdf", "2016-10-20 - TheMoon - A P2P botnet targeting Home Routers.pdf", "2016-09-01 - TADAQUEOUS moments.pdf", "2016-02-22 - Russian bank employees received fake job offers in targeted email attack.pdf", "2016-06-10 - Petya and Mischa- ransomware duet (part 2).pdf", "2016-09-22 - Book of Eli- African targeted attacks.pdf", "2016-10-03 - Polyglot \u2013 the fake CTB-locker.pdf", "2016-02-25 - KeyBase Threat Grows Despite Public Takedown- A Picture is Worth a Thousand Words.pdf", "2016-08-23 - GozNym Banking Trojan Targeting German Banks.pdf", "2016-09-28 - Belling the BEAR.pdf", "2016-11-30 - Bladabindi Remains A Constant Threat By Using Dynamic DNS Services.pdf", "2016-05-24 - New Wekby Attacks Use DNS Requests As Command and Control Mechanism.pdf", "2016-08-25 - Unpacking the spyware disguised as antivirus.pdf", "2016-06-28 - Prince of Persia \u2013 Game Over.pdf", "2016-11-17 - Princess Locker decryptor.pdf", "2016-05-18 - Operation Groundbait- Espionage in Ukrainian war zones.pdf", "2016-10-28 - zxshell repository.pdf", "2016-01-22 - The Impact of Dragonfly Malware on Industrial Control Systems.pdf", "2016-11-28 - NetWire RAT Steals Payment Card Data.pdf", "2016-03-23 - New self?protecting USB trojan able to avoid detection.pdf", "2016-07-18 - Third time (un)lucky \u2013 improved Petya is out.pdf", "2016-01-22 - New Attacks Linked to C0d0so0 Group.pdf", "2016-05-17 - ATM infector.pdf", "2016-06-22 - After Angler- Shift in Exploit Kit Landscape and New Crypto-Ransomware Activity.pdf", "2016-09-08 - The Philadelphia Ransomware offers a Mercy Button for Compassionate Criminals.pdf", "2016-11-21 - PrincessLocker \u2013 ransomware with not so royal encryption.pdf", "2016-12-01 - Alert (TA16-336A)- Avalanche (crimeware-as-a-service infrastructure).pdf", "https://blog.malwarebytes.org/intelligence/2016/03/teslacrypt-spam-campaign-unpaid-issue/", "2016-12-28 - Switcher- Android joins the \u2018attack-the-router\u2019 club.pdf", "2016-10-10 - Remsec driver analysis - Part 2.pdf", "2016-10-27 - In-Dev Ransomware forces you do to Survey before unlocking Computer.pdf", "2016-05-10 - Setting Sights On Retail- AbaddonPOS Now Targeting Specific POS Software.pdf", "2016-12-15 - Goldeneye Ransomware \u2013 the Petya-Mischa combo rebranded.pdf", "2016-01-12 - Trochilus RAT Evades Antivirus Detection, Used for Cyber-Espionage in South-East Asia.pdf", "2016-08-17 - Operation Ghoul- targeted attacks on industrial and engineering organizations.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Industrial", "Defense", "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 37, "pulses": [ { "id": "56f052b4aef9214b1550ba7c", "name": "Teslacrypt Spam Campaign: \u201cUnpaid Issue\u2026\u201d", "description": "Cyber criminals continue to use exploit kits to infect victims with ransomware but they also use MALSPAM emails to lure possible victims \u2013 a key vector into an enterprise environment that lacks the proper security controls, and one with insufficient information security training for end users. Some examples are email messages claiming to be in regards to an overdue bill or invoice, utilizing such terminology in the subject line and given file name, such as invoice.zip or payment_doc_298427.zip", "modified": "2016-03-21T19:59:48.214000", "created": "2016-03-21T19:59:48.214000", "tags": [ "Teslacrypt", "spam", "ransomware", "malwarebytes" ], "references": [ "https://blog.malwarebytes.org/intelligence/2016/03/teslacrypt-spam-campaign-unpaid-issue/" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 45, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 29, "hostname": 1 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 386584, "modified_text": "3723 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f4eba31a8adb1aa8e6654d", "name": "2016: Malware Analysis Report", "description": "", "modified": "2026-05-31T17:02:36.343000", "created": "2026-05-01T18:06:27.269000", "tags": [], "references": [ "2016-01-12 - The Magnificent FIN7- Revealing a Cybercriminal Threat Group.pdf", "2016-01-01 - Die erste Ransomware in JavaScript- Ransom32.pdf", "2016-01-12 - Trochilus RAT Evades Antivirus Detection, Used for Cyber-Espionage in South-East Asia.pdf", "2016-01-13 - Russian group behind 2013 Foreign Ministry hack.pdf", "2016-01-09 - Confirmation of a Coordinated Attack on the Ukrainian Power Grid.pdf", "2016-01-18 - Updated Blackmoon banking Trojan stays focused on South Korean banking customers.pdf", "2016-01-22 - PlugX APT Malware.pdf", "2016-01-21 - Android Spywaller- Firewall-Style Antivirus Blocking.pdf", "2016-01-22 - New Attacks Linked to C0d0so0 Group.pdf", "2016-01-22 - The Impact of Dragonfly Malware on Industrial Control Systems.pdf", "2016-01-24 - Scarlet Mimic- Years-Long Espionage Campaign Targets Minority Activists.pdf", "2016-01-25 - Hidden Tear Ransomware Developer Blackmailed by Malware Developers using his Code.pdf", "2016-01-23 - Imminent Monitor 4 RAT Analysis \u2013 A Glance.pdf", "2016-01-28 - BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents.pdf", "2016-01-28 - CenterPOS- An Evolving POS Threat.pdf", "2016-01-29 - From Linux to Windows \u2013 New Family of Cross-Platform Desktop Backdoors Discovered.pdf", "2016-01-29 - Malicious Office Files Dropping Kasidet And Dridex.pdf", "2016-02-03 - Emissary Trojan Changelog- Did Operation Lotus Blossom Cause It to Evolve-.pdf", "2016-01-22 - Sykipot APT Malware.pdf", "2016-02-05 - Vawtrak and UrlZone Banking Trojans Target Japan.pdf", "2016-02-08 - APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks.pdf", "2016-01-29 - VB2015 paper- It's A File Infector... It\u2019s Ransomware... It's Virlock.pdf", "2016-02-02 - Vipasana ransomware new ransom on the block.pdf", "2016-02-09 - DMA Locker Strikes Back.pdf", "2016-02-09 - Chinese Cyberspies Pivot To Russia In Wake Of Obama-Xi Pact.pdf", "2016-02-02 - DMA Locker- New Ransomware, But No Reason To Panic.pdf", "2016-02-12 - A Look Into Fysbis- Sofacy\u2019s Linux Backdoor.pdf", "2016-02-17 - Russian Police Prevented Massive Banking Sector Cyber Attack.pdf", "2016-02-09 - Bedep Lurking in Angler's Shadows.pdf", "2016-02-12 - Security Alert- Mazar BOT \u2013 the Android Malware That Can Erase Your Phone.pdf", "2016-02-09 - Poseidon Group- a Targeted Attack Boutique specializing in global cyber-espionage.pdf", "2016-02-17 - OceanLotus for OS X \u2013 an Application Bundle Pretending to be an Adobe Flash Update.pdf", "2016-02-21 - Source code for powerful Android banking malware is leaked.pdf", "2016-02-22 - Russian bank employees received fake job offers in targeted email attack.pdf", "2016-02-24 - Operation Blockbuster Coalition Ties Destructive Attacks to Lazarus Group.pdf", "2016-02-19 - Citadel 0.0.1.1 (Atmos).pdf", "2016-02-26 - Nymaim Moves Past Its Ransomware Roots - What Is Old Is New Again.pdf", "2016-02-24 - The DGA of Qakbot.T.pdf", "2016-03-01 - Look Into Locky Ransomware.pdf", "2016-03-01 - Taiwan Presidential Election- A Case Study on Thematic Targeting.pdf", "2016-02-29 - New Malware \u2018Rover\u2019 Targets Indian Ambassador to Afghanistan.pdf", "2016-02-29 - The \u201cHawkEye\u201d attack- how cybercrooks target small businesses for big money.pdf", "2016-02-25 - KeyBase Threat Grows Despite Public Takedown- A Picture is Worth a Thousand Words.pdf", "2016-03-07 - RedHat Hacker.asp.pdf", "2016-03-01 - Shrouded Crossbow Creators Behind BIFROSE for UNIX.pdf", "2016-02-18 - New Android Trojan \u201cXbot\u201d Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom.pdf", "2016-03-03 - Attack on Zygote- a new twist in the evolution of mobile threats.pdf", "2016-03-11 - Cerber ransomware- new, but mature.pdf", "2016-03-04 - Tracing the Lineage of DarkSeoul.pdf", "2016-03-10 - Death Comes Calling- Thanatos-Alphabot Trojan Hits the Market.pdf", "2016-03-15 - Suckfly- Revealing the secret life of your code signing certificates.pdf", "2016-03-06 - Network detector for Winnti malware.pdf", "2016-03-11 - Gaudox - HTTP Bot (1.1.0.1) - C++-ASM - Ring3 Rootkit - Watchdog - Antis.pdf", "2016-03-11 - PowerSniff Malware Used in Macro-based Attacks.pdf", "2016-03-18 - Xor DDoS.pdf", "2016-03-09 - Korean Energy and Transportation Targets Attacked by OnionDog APT.pdf", "2016-03-14 - Massive Malvertising Campaign in US Leads to Angler Exploit Kit-BEDEP.pdf", "2016-03-14 - Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government.pdf", "2016-03-18 - Teslacrypt Spam Campaign- \u201cUnpaid Issue\u2026\u201d.pdf", "2016-02-14 - PadCrypt The first ransomware with Live Support Chat and an Uninstaller.pdf", "2016-03-23 - SamSam- The Doctor Will See You, After He Pays The Ransom.pdf", "2016-03-20 - Hidden Tear Project- Forbidden Fruit Is the Sweetest.pdf", "2016-03-23 - Gozi ISFB Sourceccode.pdf", "2016-03-21 - OS X Malware Samples Analyzed.pdf", "2016-03-31 - Stored XSS Vulnerabilites on Foscam.pdf", "2016-03-25 - ProjectM- Link Found Between Pakistani Actor and Operation Transparent Tribe.pdf", "2016-03-24 - Maktub Locker \u2013 Beautiful And Dangerous.pdf", "2016-04-06 - Locky Ransomware Is Becoming More Sophisticated - Cybercriminals Continue Email Campaign Innovation.pdf", "2016-04-07 - FBI Quietly Admits to Multi-Year APT Attack, Sensitive Data Stolen.pdf", "2016-03-30 - Ransomware Deployed by Adversary with Established Foothold.pdf", "2016-03-29 - Taiwan targeted with new cyberespionage back doorTrojan.pdf", "2016-04-14 - Targeted Ransomware Activity.pdf", "2016-04-14 - Meet GozNym- The Banking Malware Offspring of Gozi ISFB and Nymaim.pdf", "2016-04-06 - Bootkit's development overview and trend (X).pdf", "2016-03-23 - New self?protecting USB trojan able to avoid detection.pdf", "2016-04-14 - Bedep has raised its game vs Bot Zombies.pdf", "2016-04-05 - SCADA Security Report 2016.pdf", "2016-04-01 - Petya \u2013 Taking Ransomware To The Low Level.pdf", "2016-04-11 - Manamecrypt \u2013 a ransomware that takes a different route.pdf", "2016-04-08 - CryptoHost Decrypted Locks files in a password protected RAR File.pdf", "2016-04-19 - MULTIGRAIN \u2013 Point of Sale Attackers Make an Unhealthy Addition to the Pantry.pdf", "2016-03-31 - The evolution of Brazilian Malware.pdf", "2016-04-16 - Ever Present Persistence - Established Footholds Seen in the Wild.pdf", "2016-04-21 - PoS Attacks Net Crooks 20 Million Stolen Bank Cards.pdf", "2016-04-26 - Digging deep for PLATINUM.pdf", "2016-04-21 - When entropy meets Shannon.pdf", "2016-04-22 - New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists.pdf", "2016-03-11 - Gaudox - HTTP Bot (1.1.0.1) - CPlusPlus ASM - Ring3 Rootkit - Watchdog - Antis.pdf", "2016-04-19 - Trojan.GodzillaLoader (alias Godzilla Loader).pdf", "2016-04-22 - Tater- A PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit..pdf", "2016-04-28 - Tick cyberespionage group zeros in on Japan.pdf", "2016-04-19 - Your Package Has Been Successfully Encrypted- TeslaCrypt 4.1A and the Malware Attack Chain.pdf", "2016-05-02 - Prince of Persia- Infy Malware Active In Decade of Targeted Attacks.pdf", "2016-04-27 - Freezer Paper around Free Meat.pdf", "2016-05-03 - The Continuing Evolution of Samas Ransomware.pdf", "2016-04-28 - Research Spotlight- The Resurgence of Qbot.pdf", "2016-05-05 - Sophisticated New Packer Identified in CryptXXX Ransomware Sample.pdf", "2016-05-11 - Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks.pdf", "2016-04-25 - Attackers Behind GozNym Trojan Set Sights on Europe.pdf", "2016-05-03 - A Universal Windows Bootkit.pdf", "2016-05-09 - KRBanker Targets South Korea Through Adware and Exploit Kits.pdf", "2016-05-12 - LatentBot \u2013 modularny i silnie zaciemniony bot.pdf", "2016-05-09 - PSEUDO-DARKLEECH ANGLER EK FROM 185.118.66.154 SENDS BEDEP-CRYPTXXX.pdf", "2016-05-04 - Petya- the two-in-one trojan.pdf", "2016-05-02 - Prince of Persia Hashes.pdf", "2016-05-13 - Cyber Heist Attribution.pdf", "2016-05-06 - 7ev3n ransomware turning \u2018HONE$T\u2019.pdf", "2016-05-10 - Setting Sights On Retail- AbaddonPOS Now Targeting Specific POS Software.pdf", "2016-05-12 - Chinese-language Ransomware \u2018SHUJIN\u2019 Makes An Appearance.pdf", "2016-05-16 - Vietnamese Bank Blocks $1 Million SWIFT Heist.pdf", "2016-05-12 - Hancitor and Ruckguv Reappear, Updated and With Vawtrak On Deck.pdf", "2016-05-15 - What We Can Learn From the Bangladesh Central Bank Cyber Heist.pdf", "2016-05-18 - Operation Groundbait- Espionage in Ukrainian war zones.pdf", "2016-05-09 - PseudoDarkLeech Angler EK from 185.118.66.154 sends Bedep-CryptXXX.pdf", "2016-05-17 - Indian organizations targeted in Suckfly attacks.pdf", "2016-05-23 - Technical Report about the Malware used in the Cyberespionage against RUAG.pdf", "2016-05-17 - ATM infector.pdf", "2016-06 - Form Grabber 2016 [Crome,FF,Opera,Thunderbird, Outlook IE Safari] Hack the world.pdf", "2016-05-27 - Evidence of Stronger Ties Between North Korea and SWIFT Banking Attacks.pdf", "2016-05-24 - New Wekby Attacks Use DNS Requests As Command and Control Mechanism.pdf", "2016-06-02 - FastPOS- Quick and Easy Credit Card Theft.pdf", "2016-04-27 - Freezer Paper around Free Meat (Repackaging Open Source BeEF for Tracking and More).pdf", "2016-05-19 - Petya and Mischa \u2013 Ransomware Duet (Part 1).pdf", "2016-05-19 - Petya and Mischa for All! The RaaS Boom Expands to Include the Petya-Mischa Combo.pdf", "2016-05-26 - The OilRig Campaign- Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor.pdf", "2016-05-26 - SWIFT attackers\u2019 malware linked to more financial attacks.pdf", "2016-05-20 - Special Report- Cyber thieves exploit banks' faith in SWIFT transfer network.pdf", "2016-06-03 - Cooking Up Autumn (Herbst) Ransomware.pdf", "2016-06-15 - Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging.pdf", "2016-06-08 - Spear Phishing Attacks- Why They are Successful and How to Stop Them.pdf", "2016-06-14 - New Sofacy Attacks Against US Government Agency.pdf", "2016-05-22 - Cron has fallen.pdf", "2016-06-23 - Tracking Elirks Variants in Japan- Similarities to Previous Attacks.pdf", "2016-06-09 - Reverse-engineering DUBNIUM.pdf", "2016-06-07 - The Story of yet another ransom-fail-ware.pdf", "2016-06-22 - After Angler- Shift in Exploit Kit Landscape and New Crypto-Ransomware Activity.pdf", "2016-06-25 - SectorC08- Multi-Layered SFX in Recent Campaigns Target Ukraine.pdf", "2016-06-11 - The Chinese Hackers in the Back Office.pdf", "2016-06-15 - Bears in the Midst- Intrusion into the Democratic National Committee.pdf", "2016-06-17 - ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks.pdf", "2016-05-22 - Operation Ke3chang Resurfaces With New TidePool Malware.pdf", "2016-06-29 - Apocalypse- Ransomware which targets companies through insecure RDP.pdf", "2016-06-06 - Everyone sees not what they want to see.pdf", "2016-06-28 - Prince of Persia \u2013 Game Over.pdf", "2016-06-17 - Operation Daybreak.pdf", "2016-06-23 - POS and Credit Cards- In the Line of Fire with \u201cPunkeyPOS\u201d.pdf", "2016-06-17 - In The Wild- Mobile Malware Implements New Features.pdf", "2016-06-10 - Petya and Mischa- ransomware duet (part 2).pdf", "2016-06-14 - CVE-2016-4171 \u2013 Adobe Flash Zero-day used in targeted attacks.pdf", "2016-06-24 - Ani-Shell.pdf", "2016-06-25 - Rokku Ransomware shows possible link with Chimera.pdf", "2016-07-01 - KeyBase - A New Keylogger on the Block.pdf", "2016-06-15 - Mofang- A politically motivated information stealing adversary.pdf", "2016-07-01 - How I Cracked a Keylogger and Ended Up in Someone's Inbox.pdf", "2016-06-21 - The Curious Case of an Unknown Trojan Targeting German-Speaking Users.pdf", "2016-07-14 - Technical Notes on Sakula.pdf", "2016-07-08 - Investigating the LuminosityLink Remote Access Trojan Configuration.pdf", "2016-07-13 - Troldesh ransomware influenced by (the) Da Vinci code.pdf", "2016-05-23 - DMA Locker 4.0- Known ransomware preparing for a massive distribution.pdf", "2016-07-11 - When Paying Out Doesn't Pay Off.pdf", "2016-07-20 - CrypMIC Ransomware Wants to Follow CryptXXX\u2019s Footsteps.pdf", "2016-07-22 - Stampado Ransomware campaign decrypted before it Started.pdf", "2016-07-21 - Canadian Man Behind Popular \u2018Orcus RAT\u2019.pdf", "2016-07-21 - Phishing Attacks Employ Old but Effective Password Stealer.pdf", "2016-07-07 - New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware..pdf", "2016-07-25 - Patchwork cyberespionage group expands targets from governments to wide range of industries.pdf", "2016-07-26 - OTX Pulse on R980 ransomware.pdf", "2016-07-12 - Me and Mr. Robot- Tracking the Actor Behind the MAN1 Crypter.pdf", "2016-07-26 - Threat Actors Using Legitimate PayPal Accounts To Distribute Chthonic Banking Trojan.pdf", "2016-07-26 - Attack Delivers \u20189002\u2019 Trojan Through Google Drive.pdf", "2016-07-31 - China 1937CN Team Hackers Attack Airports in Vietnam.pdf", "2016-07-07 - NetTraveler APT Targets Russian, European Interests.pdf", "2016-07-18 - Third time (un)lucky \u2013 improved Petya is out.pdf", "2016-07-28 - Petya and Mischa For All Part II- They\u2019re Here\u2026.pdf", "2016-08-01 - CrowdStrike\u2019s New Methodology for Tracking eCrime.pdf", "2016-08 - Analysis of a packed Pony downloader.pdf", "2016-08-02 - Orcus \u2013 Birth of an unusual plugin builder RAT.pdf", "2016-07-08 - The Dropping Elephant \u2013 aggressive cyber-espionage in the Asian region.pdf", "2016-08-08 - Possibly Italy-Born Android RAT Reported in China, Find Bitdefender Researchers.pdf", "2016-08-08 - Doctor Web detected Linux Trojan written in Go.pdf", "2016-08-04 - What is Multigrain- Learn what makes this PoS malware different.pdf", "2016-08-08 - MONSOON - Analysis Of An APT Campaign.pdf", "2016-08-04 - Iranian Actor -Group5- Targeting Syrian Opposition.pdf", "2016-08-08 - Strider- Cyberespionage group turns eye of Sauron on targets.pdf", "2016-08-10 - CryptXXX - CrypMIC \u2013 intensywnie dystrybuowany ransomware w ramach exploit-kit\u00f3w.pdf", "2016-08-05 - Smoke Loader \u2013 downloader with a smokescreen still alive.pdf", "2016-08-08 - ProjectSauron- top level cyber-espionage platform covertly extracts encrypted government comms.pdf", "2016-08-18 - The Shadow Brokers.pdf", "2016-08-16 - Aveo Malware Family Targets Japanese Speaking Users.pdf", "2016-08-16 - Brazil Can\u2019t Catch a Break- After Panda Comes the Sphinx.pdf", "2016-08-22 - BLATSTING FUNKSPIEL.pdf", "2016-07-06 - New OSX-Keydnap malware is hungry for credentials.pdf", "2016-08-23 - GozNym Banking Trojan Targeting German Banks.pdf", "2016-08-22 - Trojan.Mutabaha.1.pdf", "2016-08-25 - Shakti Trojan - Technical Analysis.pdf", "2016-08-19 - New Hancitor Malware- Pimp my Downloaded.pdf", "2016-08-28 - FEINTCLOUD.pdf", "2016-08-23 - Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say.pdf", "2016-08-15 - Shakti Trojan- Document Thief.pdf", "2016-08-17 - Operation Ghoul- targeted attacks on industrial and engineering organizations.pdf", "2016-08-29 - Fantom ransomware impersonates Windows update.pdf", "2016-08-25 - Unpacking the spyware disguised as antivirus.pdf", "2016-08-29 - German Speakers Targeted by SPAM Leading to Ozone RAT.pdf", "2016-07-03 - Android Triada modular trojan.pdf", "2016-08-04 - Iran Threats Webpage.pdf", "2016-08-10 - Android Marcher- Continuously Evolving Mobile Malware.pdf", "2016-08-30 - OSX-Keydnap spreads via signed Transmission application.pdf", "2016-09-01 - TADAQUEOUS moments.pdf", "2016-08-30 - Pythons and Unicorns and Hancitor\u2026Oh My! Decoding Binaries Through Emulation.pdf", "2016-07-12 - Malware Discovered \u2013 SFG- Furtim Malware Analysis.pdf", "2016-09-02 - Necurs \u2013 hybrid spam botnet.pdf", "2016-08-29 - Nightmare on Tor Street- Ursnif variant Dreambot adds Tor functionality.pdf", "2016-07-30 - Luminosity RAT - Re-purposed.pdf", "2016-08-07 - Strider- Cyberespionage group turns eye of Sauron on targets.pdf", "2016-09-04 - BLATSTING Command-and-Control protocol.pdf", "2016-09-11 - BUZZDIRECTION- BLATSTING reloaded.pdf", "2016-08-11 - Smrss32 (.encrypted) Ransomware Help & Support - _HOW_TO_Decrypt.bmp.pdf", "2016-07-05 - New Backdoor Allows Full Access to Mac Systems, Bitdefender Warns.pdf", "2016-09-08 - Doctor Web discovers Linux Trojan written in Rust.pdf", "2016-09-06 - Buckeye cyberespionage group shifts gaze from US to Hong Kong.pdf", "2016-08-22 - VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick.pdf", "2016-09-08 - The Philadelphia Ransomware offers a Mercy Button for Compassionate Criminals.pdf", "2016-07-08 - GootKit- Bobbing and Weaving to Avoid Prying Eyes.pdf", "2016-09-20 - Hackers lurking, parliamentarians told _ News _ DW _ 20.09.2016.pdf", "2016-09-13 - H1N1- Technical analysis reveals new capabilities.pdf", "2016-09-17 - A few notes on SECONDDATE's C&C protocol.pdf", "2016-09-13 - The curious case of BLATSTING's RSA implementation.pdf", "2016-09-11 - Free Darktrack RAT Has the Potential of Being the Best RAT on the Market Search.pdf", "2016-09-06 - Blatsting C&C Transcript.pdf", "2016-09-16 - Tofsee \u2013 modular spambot.pdf", "2016-09-07 - The Missing Piece \u2013 Sophisticated OS X Backdoor Discovered.pdf", "2016-09-20 - Inside Petya and Mischa ransomware.pdf", "2016-09-22 - Book of Eli- African targeted attacks.pdf", "2016-09-23 - Dissecting a Hacktivist\u2019s DDoS Tool- Saphyra Revealed.pdf", "2016-09-23 - SECONDDATE in action.pdf", "2016-09-27 - New Voldemort-Nagini Ransomware Virus Infection.pdf", "2016-09-09 - GOVRAT V2.0 - Attacking US military and government.pdf", "2016-09-15 - MILE TEA- Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies.pdf", "2016-09-19 - Untangling the Ripper ATM Malware.pdf", "2016-09-22 - Zeus Delivered by DELoader to Defraud Customers of Canadian Banks.pdf", "2016-09-20 - Hackers lurking, parliamentarians told.pdf", "2016-09-26 - Sofacy\u2019s \u2018Komplex\u2019 OS X Trojan.pdf", "2016-09-21 - Reversing GO binaries like a pro.pdf", "2016-09-16 - iSpy Keylogger.pdf", "2016-09-13 - DualToy- New Windows Trojan Sideloads Risky Apps to Android and iOS Devices.pdf", "2016-09-14 - BkSoD by Ransomware- HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs.pdf", "2016-09-21 - KrebsOnSecurity Hit With Record DDoS.pdf", "2016-09-20 - Meanwhile in Britain, Qadars v3 Hardens Evasion, Targets 18 UK Banks.pdf", "2016-09-05 - Pok\u00e9mon-themed Umbreon Linux Rootkit Hits x86, ARM Systems.pdf", "2016-09-23 - Hancitor (AKA Chanitor) observed using multiple attack approaches.pdf", "2016-09-27 - Komplex Mac backdoor answers old questions.pdf", "2016-09-28 - Highly Evasive Code Injection Awaits User Interaction Before Delivering Malware.pdf", "2016-09-28 - Belling the BEAR.pdf", "2016-09-28 - Introducing Her Royal Highness the Princess Locker Ransomware.pdf", "2016-09-27 - Threat Spotlight- GozNym.pdf", "2016-09-29 - TeamXRat- Brazilian cybercrime meets ransomware.pdf", "2016-09-30 - Hacked Steam accounts spreading Remote Access Trojan.pdf", "2016-10-03 - Remsec driver analysis.pdf", "2016-10-01 - \u2018Shadow Brokers\u2019 Whine That Nobody Is Buying Their Hacked NSA Files.pdf", "2016-10-17 - RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT.pdf", "2016-10-01 - Source Code for IoT Botnet \u2018Mirai\u2019 Released.pdf", "2016-09-28 - Confucius Says\u2026Malware Families Get Further By Abusing Legitimate Websites.pdf", "2016-10-10 - Remsec driver analysis - Part 2.pdf", "2016-10-10 - How France's TV5 was almost destroyed by 'Russian hackers'.pdf", "2016-10-05 - FastPOS Updates in Time for the Retail Sale Season.pdf", "2016-09-29 - Want Tofsee My Pictures- A Botnet Gets Aggressive.pdf", "2016-10-11 - Remsec driver analysis - Part 3.pdf", "2016-10-17 - New-looking Sundown EK drops Smoke Loader, Kronos banker.pdf", "2016-10-09 - SiteIntel- Cyber Caliphate Army.pdf", "2016-10-17 - \u2018DealersChoice\u2019 is Sofacy\u2019s Flash Player Exploit Platform.pdf", "2016-10-27 - Inside the Gootkit C&C server.pdf", "2016-10-04 - OilRig Malware Campaign Updates Toolset and Expands Targets.pdf", "2016-10-03 - Polyglot \u2013 the fake CTB-locker.pdf", "2016-10-20 - TheMoon - A P2P botnet targeting Home Routers.pdf", "2016-10-18 - Digitally Signed Malware Targeting Gaming Companies.pdf", "2016-10-17 - A Tale of Two Targets.pdf", "2016-10-24 - Introducing TrickBot, Dyreza\u2019s successor.pdf", "2016-11-02 - Exposing the EGO MARKET- the cybercrime performed by the Linux-Moose botnet.pdf", "2016-10-24 - Evasive Malware Detects and Defeats Virtual Machine Analysis.pdf", "2016-10-27 - In-Dev Ransomware forces you do to Survey before unlocking Computer.pdf", "2016-11-09 - Tricks of the Trade- A Deeper Look Into TrickBot\u2019s Machinations.pdf", "2016-10-28 - zxshell repository.pdf", "2016-10-31 - Second Shadow Brokers dump released.pdf", "2016-11-09 - Down the H-W0rm Hole with Houdini\u2019s RAT.pdf", "2016-10-26 - Moonlight \u2013 Targeted attacks in the Middle East.pdf", "2016-10-15 - TrickBot- We Missed you, Dyre.pdf", "2016-11-14 - Doctor Web discovers a botnet that attacks Russian banks.pdf", "2016-11-10 - Floki Bot and the stealthy dropper.pdf", "2016-11-08 - Analysis of iOSGuiInject Adware Library.pdf", "2016-11-02 - Linux-Moose- Still breathing.pdf", "2016-10-25 - TrickBot Banker Insights.pdf", "2016-11-01 - Ursnif Malware- Deep Technical Dive.pdf", "2016-10-11 - Odinaff- New Trojan used in high level financial attacks.pdf", "2016-11-14 - Ransoc Desktop Locking Ransomware Ransacks Local Files and Social Media Profiles.pdf", "2016-10-27 - Mirai DDoS Botnet- Source Code & Binary Analysis.pdf", "2016-11-15 - CryptoLuck Ransomware being Malvertised via RIG-E Exploit Kits.pdf", "2016-11-02 - Nymaim Malware- Deep Technical Dive \u2013 Adventures in Evasive Malware.pdf", "2016-11-15 - ScanPOS, new POS malware being distributed by Kronos.pdf", "2016-11-07 - Little Trickbot Growing Up- New Campaign.pdf", "2016-11-08 - Analysis of IOS.GUIINJECT Adware Library.pdf", "2016-11-08 - SPAMTORTE VERSION 2- DISCOVERY OF AN ADVANCED, MULTILAYERED SPAMBOT CAMPAIGN THAT IS BACK WITH A VENGEANCE.pdf", "2016-10-21 - BITTER- a targeted attack against Pakistan.pdf", "2016-11-15 - Kronos Banking Trojan Used to Deliver New Point-of-Sale Malware.pdf", "2016-10-27 - BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List.pdf", "2016-10-25 - Houdini\u2019s Magic Reappearance.pdf", "2016-11-23 - InPage zero-day exploit used to attack financial institutions in Asia.pdf", "2016-11-30 - Bladabindi Remains A Constant Threat By Using Dynamic DNS Services.pdf", "2016-11-17 - It\u2019s Parliamentary - KeyBoy and the targeting of the Tibetan Community.pdf", "2016-11-22 - Cobalt hackers executed massive, synchronized ATM heists across Europe, Russia.pdf", "2016-10-03 - On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users.pdf", "2016-11-21 - PrincessLocker \u2013 ransomware with not so royal encryption.pdf", "2016-11-21 - Android malware analysis with Radare- Dissecting the Triada Trojan.pdf", "2016-11-17 - Princess Locker decryptor.pdf", "2016-11-28 - NetWire RAT Steals Payment Card Data.pdf", "2016-12-08 - Thyssenkrupp victim of cyber attack.pdf", "2016-12-06 - Deep Analysis of the Online Banking Botnet TrickBot.pdf", "2016-12-07 - The TrickBot Evolution.pdf", "2016-12-07 - August in November- New Information Stealer Hits the Scene.pdf", "2016-12-06 - August in November- New Information Stealer Hits the Scene.pdf", "2016-11-28 - A New All-in-One Botnet- Proteus.pdf", "2016-12-09 - Now Mirai Has DGA Feature Built in.pdf", "2016-12-01 - CNACOM - Open Source Exploitation via Strategic Web Compromise.pdf", "2016-12-07 - Floki Bot Strikes, Talos and Flashpoint Respond.pdf", "2016-12-14 - MiKey - A Linux keylogger.pdf", "2016-12-19 - Dismantling a Nuclear Bot.pdf", "2016-12-09 - -Proof of Concept- CryptoWire Ransomware Spawns Lomix and UltraLocker Families.pdf", "2016-12-26 - Rocket Kitten.pdf", "2016-12-14 - Kaspersky Security Bulletin 2016. Review of the year. Overall statistics for 2016.pdf", "2016-12-14 - Twin zero-day attacks- PROMETHIUM and NEODYMIUM target individuals in Europe.pdf", "2016-12-27 - Pegasus internals- Technical Teardown of the Pegasus malware and Trident exploit chain.pdf", "2016-12-16 - Bayrob- Three suspects extradited to face charges in US.pdf", "2016-12-20 - Alice- A Lightweight, Compact, No-Nonsense ATM Malware.pdf", "2016-12-29 - Some notes on IoCs.pdf", "2016-12-15 - Let It Ride- The Sofacy Group\u2019s DealersChoice Attacks Continue.pdf", "2016-12-22 - Tofsee Spambot features .ch DGA - Reversal and Countermesaures.pdf", "2016-12-23 - Emsisoft Decryptor for GlobeImposter.pdf", "2016-11-30 - Shamoon 2- Return of the Disttrack Wiper.pdf", "2016-11-23 - Analysis- Ursnif - spying on your data since 2007.pdf", "2016-12-09 - New Exo Android Trojan Sold on Hacking Forums, Dark Web.pdf", "APT C 03.pdf", "2016-12-28 - Switcher- Android joins the \u2018attack-the-router\u2019 club.pdf", "2016-12-27 - ANALYSIS OF AUGUST STEALER MALWARE.pdf", "2016-11-30 - Shamoon- Back from the dead and destructive as ever.pdf", "Asruex.pdf", "2016-11-22 - Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy.pdf", "Aveo.pdf", "attack delivers 9002 trojan through google drive.pdf", "APT-C-09 (2).pdf", "Black Energy APT.pdf", "Cisco HayStack.pdf", "Dust Storm Infographic.pdf", "Apt 2015 (2).pdf", "Dissecting the malware in inocnation campaign.pdf", "Dynasty.pdf", "NetTraveler.pdf", "Houdini.s.Magic.Reappearance.pdf", "Operation Blockbuster Ex Summary.pdf", "Operation Dust Storm.pdf", "2016-01-22 - CVE-2015-4400 - Backdoorbot, Network Configuration Leak on a Connected Doorbell.pdf", "2016-01-26 - URLZone Zones in on Japan.pdf", "2016-01-21 - NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan.pdf", "2016-04-13 - Ghosts in the Endpoint.pdf", "2016-05-25 - CVE-2015-2545- overview of current threats.pdf", "2016-05-29 - Keep Calm and (Don\u2019t) Enable Macros- A New Threat Actor Targets UAE Dissidents.pdf", "2016-12-01 - Alert (TA16-336A)- Avalanche (crimeware-as-a-service infrastructure).pdf", "2016-12-13 - The rise of TeleBots- Analyzing disruptive KillDisk attacks.pdf", "2016-12-09 - Windows 10- protection, detection, and response against recent Depriz malware attacks.pdf", "2016-12-15 - Goldeneye Ransomware \u2013 the Petya-Mischa combo rebranded.pdf", "2016-12-20 - New Linux-Rakos threat- devices and servers under SSH scan (again).pdf", "2016-12-29 - GRIZZLY STEPPE \u2013 Russian Malicious Cyber Activity.pdf", "A tale of two targets.pdf", "APT-C-15.pdf", "Attack on Ukraine Power Grid.pdf", "Bears in the Midst Intrusion into the Democratic National Committee \u00bb.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1023", "name": "Shortcut Modification", "display_name": "T1023 - Shortcut Modification" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1065", "name": "Uncommonly Used Port", "display_name": "T1065 - Uncommonly Used Port" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1085", "name": "Rundll32", "display_name": "T1085 - Rundll32" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1124", "name": "System Time Discovery", "display_name": "T1124 - System Time Discovery" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "kikinumpav", "id": "385742", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1150, "FileHash-SHA256": 1957, "URL": 1407, "domain": 1246, "hostname": 1684, "FileHash-SHA1": 433, "CVE": 54, "email": 60, "BitcoinAddress": 4, "YARA": 1 }, "indicator_count": 7996, "is_author": false, "is_subscribing": null, "subscriber_count": 12, "modified_text": "3 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-05-31T01:02:14", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64343, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880099, "is_author": false, "is_subscribing": null, "subscriber_count": 300, "modified_text": "19 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65f5828f8217ecbe6ce3a89b", "name": "IOCs Industriales", "description": "", "modified": "2024-03-16T11:29:19.302000", "created": "2024-03-16T11:29:19.302000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 81, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dtatov00", "id": "256758", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "806 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65f5827a4e23b095e5af5f44", "name": "IOCs Industriales", "description": "", "modified": "2024-03-16T11:28:58.984000", "created": "2024-03-16T11:28:58.984000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dtatov00", "id": "256758", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "806 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65f582700d35b0e7c8dd9df8", "name": "IOCs Industriales", "description": "", "modified": "2024-03-16T11:28:48.062000", "created": "2024-03-16T11:28:48.062000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dtatov00", "id": "256758", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "806 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65f5823b9d7bc6b422256296", "name": "IOCs Industriales", "description": "", "modified": "2024-03-16T11:27:55.808000", "created": "2024-03-16T11:27:55.808000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": "63456c2a30b92337ea1670e0", "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dtatov00", "id": "256758", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 493080, "IPv4": 3458, "IPv6": 519, "hostname": 41105, "URL": 155223, "CIDR": 5266 }, "indicator_count": 698651, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "806 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f04af6927f6584755d691", "name": "Registrar Abuse | CNC", "description": "", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-30T01:19:43.234000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "653e92fcaf9d549477914ece", "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f047d030109e1cab23db8", "name": "Qakbot, Qbot, Qausar | CNC", "description": "", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-30T01:18:53.112000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "653e9215890dfc9167d774e3", "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f04475b063d0b0d3badca", "name": "CNC | Malicious activities. | aig.com [lacks http/https]", "description": "", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-30T01:17:59.531000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "653e9147fc170101be4f7afe", "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "hellomydearqq.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "hellomydearqq.com", "found": true, "verdict": "malicious", "url_count": 2, "online_count": 0, "blacklists": { "spamhaus_dbl": "not listed", "surbl": "not listed" }, "urls": [ { "url": "http://hellomydearqq.com/80.exe", "status": "offline", "threat": "malware_download", "date_added": "2019-12-16", "tags": [] }, { "url": "http://hellomydearqq.com/69.exe", "status": "offline", "threat": "malware_download", "date_added": "2019-12-16", "tags": [] } ], "error": null }, "from_cache": true, "_cached_at": 1780258562.563548 }