{ "type": "URL", "indicator": "http://e.com/XXX/xml/..]", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "http://e.com/XXX/xml/..]", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3600611950, "indicator": "http://e.com/XXX/xml/..]", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "65709510e5b078aa5f09ca51", "name": "widevinecdm.dll seemingly problematic - supply chain holy god mother of fu.k", "description": "", "modified": "2023-12-06T15:36:48.409000", "created": "2023-12-06T15:36:48.409000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1447, "FileHash-MD5": 199, "FileHash-SHA1": 197, "domain": 267, "hostname": 871, "URL": 1930, "email": 2 }, "indicator_count": 4913, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "910 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63dbc92dd6dd6d29e1a637a7", "name": "192.99.158.243:80 (appie.com)", "description": "[object Object", "modified": "2023-03-04T14:02:04.452000", "created": "2023-02-02T14:31:09.039000", "tags": [ "malware", "trojan", "apt", "runtime data", "ansi", "unicode", "localappdata", "hash seen", "runtime process", "temp", "sha256", "sha1", "win64", "entropy", "suspicious", "ransomware", "general", "date", "mozilla", "accept", "strings", "malicious", "windows nt", "khtml", "gecko", "request url", "format details", "request get", "host", "raw hex", "c4 e7", "c0 a8", "f3 c2", "get favic" ], "references": [ "I first found this like 3 or 4 years ago cant belive its still a thing - appie.com/favicon.ico - change the i to a capital I", "Here is the full text of the request for the image of Favicon, which was sent to the appie.com website by the US government in 2008.. and the subject:.", "https://hybrid-analysis.com/sample/29e0152b350f004f7dfe6f2188d014aab87a723b9c4b613c579f6add610242b8/63bcd2c7dc34a339c406a344" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 156, "hostname": 44, "domain": 29, "FileHash-SHA256": 65, "FileHash-MD5": 52, "FileHash-SHA1": 51 }, "indicator_count": 397, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1187 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63dbc58e164ab858b1501214", "name": "I first found this like 3 or 4 years ago cant belive its still a thing - appie.com/favicon.ico - change the i to a capital I", "description": "Here is the full text of the request for the image of Favicon, which was sent to the appie.com website by the US government in 2008.. and the subject:.", "modified": "2023-02-02T14:15:42.486000", "created": "2023-02-02T14:15:42.486000", "tags": [ "windows nt", "win64", "khtml", "gecko", "request get", "host", "raw hex", "c0 a8", "f3 c2", "get favic" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 44, "domain": 3, "FileHash-SHA256": 1, "hostname": 4 }, "indicator_count": 52, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1217 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63c8b5fe14c9a2744aafc835", "name": "Sign in \u2013 Google accounts google account from e.com ???? - T1105 Ingress Tool Transfer ???", "description": "Click here to find out more about the world's most northerly languages and ethnic groups, which are available on the BBC World News website and iPlayer (in English, iPad and mobile).", "modified": "2023-01-19T03:16:14.824000", "created": "2023-01-19T03:16:14.824000", "tags": [ "analysis", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "programfiles", "input", "report", "windir", "ransomware", "suspicious", "general", "strings", "google", "sign", "google account", "email", "forgot email", "use private", "browsing", "learn", "create account", "e.com" ], "references": [ "https://myaccount.google.com/u/1/accountlinking?hl=en-GB", "https://www.hybrid-analysis.com/sample/134aa68a3c3fdc7232e01975247699b806576d0954e695042f44f4b74a7acba1/63c883a9634ab92b2b44d552", "e.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "FileHash-SHA256": 5, "URL": 24, "hostname": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 35, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1231 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63c8b2f10c9b8b2344261988", "name": "Sign in \u2013 Google accounts google account from e.com ???? - T1105 Ingress Tool Transfer ???", "description": "Click here to find out more about the world's most northerly languages and ethnic groups, which are available on the BBC World News website and iPlayer (in English, iPad and mobile).", "modified": "2023-01-19T03:03:13.013000", "created": "2023-01-19T03:03:13.013000", "tags": [ "analysis", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "programfiles", "input", "report", "windir", "ransomware", "suspicious", "general", "strings", "google", "sign", "google account", "email", "forgot email", "use private", "browsing", "learn", "create account", "e.com" ], "references": [ "https://myaccount.google.com/u/1/accountlinking?hl=en-GB", "https://www.hybrid-analysis.com/sample/134aa68a3c3fdc7232e01975247699b806576d0954e695042f44f4b74a7acba1/63c883a9634ab92b2b44d552", "e.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "FileHash-SHA256": 5, "URL": 24, "hostname": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 35, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1231 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6398fe16df6290d8fcac2f77", "name": "widevinecdm.dll seemingly problematic - supply chain holy god mother of fu.k", "description": "https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf", "modified": "2023-01-12T21:02:22.235000", "created": "2022-12-13T22:35:02.021000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "threat level", "date", "sha256", "unicode", "size", "pcap", "pcap processing", "runtime process", "accept", "suspicious", "hybrid", "malicious", "close", "click", "hosts", "ransomware", "general", "local", "path", "mozilla", "strings", "localappdata", "temp", "prefetch8 ansi", "entropy", "win64", "disabled hash", "friendly", "mozi", "trident", "copy md5", "copy sha1", "copy sha256", "file", "type data", "download file", "db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf", "widevinecdm.dll", "https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c2" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 871, "URL": 1930, "domain": 267, "FileHash-SHA256": 1447, "FileHash-MD5": 199, "FileHash-SHA1": 197, "email": 2 }, "indicator_count": 4913, "is_author": false, "is_subscribing": null, "subscriber_count": 397, "modified_text": "1238 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "e.com", "https://www.hybrid-analysis.com/sample/134aa68a3c3fdc7232e01975247699b806576d0954e695042f44f4b74a7acba1/63c883a9634ab92b2b44d552", "https://hybrid-analysis.com/sample/29e0152b350f004f7dfe6f2188d014aab87a723b9c4b613c579f6add610242b8/63bcd2c7dc34a339c406a344", "Here is the full text of the request for the image of Favicon, which was sent to the appie.com website by the US government in 2008.. and the subject:.", "I first found this like 3 or 4 years ago cant belive its still a thing - appie.com/favicon.ico - change the i to a capital I", "https://myaccount.google.com/u/1/accountlinking?hl=en-GB" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 5315 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/e.com", "whois": "http://whois.domaintools.com/e.com", "domain": "e.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "65709510e5b078aa5f09ca51", "name": "widevinecdm.dll seemingly problematic - supply chain holy god mother of fu.k", "description": "", "modified": "2023-12-06T15:36:48.409000", "created": "2023-12-06T15:36:48.409000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1447, "FileHash-MD5": 199, "FileHash-SHA1": 197, "domain": 267, "hostname": 871, "URL": 1930, "email": 2 }, "indicator_count": 4913, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "910 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63dbc92dd6dd6d29e1a637a7", "name": "192.99.158.243:80 (appie.com)", "description": "[object Object", "modified": "2023-03-04T14:02:04.452000", "created": "2023-02-02T14:31:09.039000", "tags": [ "malware", "trojan", "apt", "runtime data", "ansi", "unicode", "localappdata", "hash seen", "runtime process", "temp", "sha256", "sha1", "win64", "entropy", "suspicious", "ransomware", "general", "date", "mozilla", "accept", "strings", "malicious", "windows nt", "khtml", "gecko", "request url", "format details", "request get", "host", "raw hex", "c4 e7", "c0 a8", "f3 c2", "get favic" ], "references": [ "I first found this like 3 or 4 years ago cant belive its still a thing - appie.com/favicon.ico - change the i to a capital I", "Here is the full text of the request for the image of Favicon, which was sent to the appie.com website by the US government in 2008.. and the subject:.", "https://hybrid-analysis.com/sample/29e0152b350f004f7dfe6f2188d014aab87a723b9c4b613c579f6add610242b8/63bcd2c7dc34a339c406a344" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 156, "hostname": 44, "domain": 29, "FileHash-SHA256": 65, "FileHash-MD5": 52, "FileHash-SHA1": 51 }, "indicator_count": 397, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1187 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63dbc58e164ab858b1501214", "name": "I first found this like 3 or 4 years ago cant belive its still a thing - appie.com/favicon.ico - change the i to a capital I", "description": "Here is the full text of the request for the image of Favicon, which was sent to the appie.com website by the US government in 2008.. and the subject:.", "modified": "2023-02-02T14:15:42.486000", "created": "2023-02-02T14:15:42.486000", "tags": [ "windows nt", "win64", "khtml", "gecko", "request get", "host", "raw hex", "c0 a8", "f3 c2", "get favic" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 44, "domain": 3, "FileHash-SHA256": 1, "hostname": 4 }, "indicator_count": 52, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1217 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63c8b5fe14c9a2744aafc835", "name": "Sign in \u2013 Google accounts google account from e.com ???? - T1105 Ingress Tool Transfer ???", "description": "Click here to find out more about the world's most northerly languages and ethnic groups, which are available on the BBC World News website and iPlayer (in English, iPad and mobile).", "modified": "2023-01-19T03:16:14.824000", "created": "2023-01-19T03:16:14.824000", "tags": [ "analysis", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "programfiles", "input", "report", "windir", "ransomware", "suspicious", "general", "strings", "google", "sign", "google account", "email", "forgot email", "use private", "browsing", "learn", "create account", "e.com" ], "references": [ "https://myaccount.google.com/u/1/accountlinking?hl=en-GB", "https://www.hybrid-analysis.com/sample/134aa68a3c3fdc7232e01975247699b806576d0954e695042f44f4b74a7acba1/63c883a9634ab92b2b44d552", "e.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "FileHash-SHA256": 5, "URL": 24, "hostname": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 35, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1231 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63c8b2f10c9b8b2344261988", "name": "Sign in \u2013 Google accounts google account from e.com ???? - T1105 Ingress Tool Transfer ???", "description": "Click here to find out more about the world's most northerly languages and ethnic groups, which are available on the BBC World News website and iPlayer (in English, iPad and mobile).", "modified": "2023-01-19T03:03:13.013000", "created": "2023-01-19T03:03:13.013000", "tags": [ "analysis", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "programfiles", "input", "report", "windir", "ransomware", "suspicious", "general", "strings", "google", "sign", "google account", "email", "forgot email", "use private", "browsing", "learn", "create account", "e.com" ], "references": [ "https://myaccount.google.com/u/1/accountlinking?hl=en-GB", "https://www.hybrid-analysis.com/sample/134aa68a3c3fdc7232e01975247699b806576d0954e695042f44f4b74a7acba1/63c883a9634ab92b2b44d552", "e.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "FileHash-SHA256": 5, "URL": 24, "hostname": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 35, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1231 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6398fe16df6290d8fcac2f77", "name": "widevinecdm.dll seemingly problematic - supply chain holy god mother of fu.k", "description": "https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf", "modified": "2023-01-12T21:02:22.235000", "created": "2022-12-13T22:35:02.021000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "threat level", "date", "sha256", "unicode", "size", "pcap", "pcap processing", "runtime process", "accept", "suspicious", "hybrid", "malicious", "close", "click", "hosts", "ransomware", "general", "local", "path", "mozilla", "strings", "localappdata", "temp", "prefetch8 ansi", "entropy", "win64", "disabled hash", "friendly", "mozi", "trident", "copy md5", "copy sha1", "copy sha256", "file", "type data", "download file", "db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf", "widevinecdm.dll", "https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c2" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 871, "URL": 1930, "domain": 267, "FileHash-SHA256": 1447, "FileHash-MD5": 199, "FileHash-SHA1": 197, "email": 2 }, "indicator_count": 4913, "is_author": false, "is_subscribing": null, "subscriber_count": 397, "modified_text": "1238 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "http://e.com/XXX/xml/..]", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "http://e.com/XXX/xml/..]", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780530191.8990216 }