{ "type": "URL", "indicator": "http://gceight8vt.top/upload.php", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "http://gceight8vt.top/upload.php", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3946041374, "indicator": "http://gceight8vt.top/upload.php", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "66c8523d0dd3d95ed18e5555", "name": "Decoding the Stealthy Memory-Only Malware", "description": "This intelligence report provides an in-depth analysis of a complex, multi-stage malware campaign called PEAKLIGHT. It details the infection chain, starting with movie lure ZIP files containing malicious LNK files that initiate a JavaScript dropper. This dropper then executes a PowerShell downloader script, PEAKLIGHT, responsible for retrieving additional payloads from a content delivery network. The report examines different variations of PEAKLIGHT and the malware it delivers, including LUMMAC.V2, SHADOWLADDER, and CRYPTBOT. The analysis highlights the obfuscation techniques employed by the threat actors, such as system binary proxy execution and CDN abuse.", "modified": "2024-09-22T09:06:06.424000", "created": "2024-08-23T09:11:24.544000", "tags": [ "lummac.v2", "javascript", "infostealer", "shadowladder", "obfuscation", "malware", "cryptbot", "powershell" ], "references": [ "https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LUMMAC.V2", "display_name": "LUMMAC.V2", "target": null }, { "id": "CRYPTBOT", "display_name": "CRYPTBOT", "target": null }, { "id": "SHADOWLADDER", "display_name": "SHADOWLADDER", "target": null } ], "attack_ids": [ { "id": "T1218.005", "name": "Mshta", "display_name": "T1218.005 - Mshta" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 209, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 22, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "URL": 6, "domain": 12 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 386482, "modified_text": "615 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6889ebeb317457163ab8fa42", "name": "Emmenhtal loader", "description": "Campaigns that used Emmenhtal to deliver various payloads", "modified": "2025-08-29T09:03:58.967000", "created": "2025-07-30T09:54:51.943000", "tags": [], "references": [ "Emmenhtal.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 395, "BitcoinAddress": 1, "CVE": 6, "FileHash-MD5": 240, "FileHash-SHA1": 123, "FileHash-SHA256": 392, "domain": 182, "email": 1, "hostname": 181 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 42, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "688b0dde98e8d32361238f0f", "name": "Emmenhtal Loader Campaign deliver various payloads [IMEBEEIMFINE]", "description": "", "modified": "2025-08-29T09:03:58.967000", "created": "2025-07-31T06:31:58.326000", "tags": [], "references": [ "Emmenhtal.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6889ebeb317457163ab8fa42", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 395, "BitcoinAddress": 1, "CVE": 6, "FileHash-MD5": 240, "FileHash-SHA1": 123, "FileHash-SHA256": 392, "domain": 182, "email": 1, "hostname": 181 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cfad5b197151f30fff52d4", "name": "PEAKLIGHT Malware Decoding the Stealthy Memory", "description": "IOC{Indicators of Compromise} - a full list of the key words and phrases used to describe a person's position on a subject of political or social change.. and.", "modified": "2024-09-27T23:05:06.750000", "created": "2024-08-28T23:06:03.184000", "tags": [ "compromise", "domains", "urls" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 17, "FileHash-SHA1": 15, "FileHash-SHA256": 15, "URL": 15, "domain": 12, "hostname": 4 }, "indicator_count": 78, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "610 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cd83c0717511523a98ec1e", "name": "PEAKLIGHT: Decoding the Stealthy Memory-Only Malware | Google Cloud Blog", "description": "A security firm, Mandiant, has identified a new method of distributing malware-as-a-service, and identified the final downloader for the malware, known as PEAKLIGHT.", "modified": "2024-09-26T07:01:24.325000", "created": "2024-08-27T07:44:00.648000", "tags": [ "powershell", "base64", "stealth", "configuration", "variation", "base64 decoding", "decompression", "ecb mode", "gzip", "powershell code", "logic", "base64-encoded", "cryptbot.autoit", "lummac.v2", "shadowladder", "javascript", "peaklight" ], "references": [ "https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Base64-Encoded", "display_name": "Base64-Encoded", "target": null }, { "id": "CRYPTBOT.AUTOIT", "display_name": "CRYPTBOT.AUTOIT", "target": null }, { "id": "LummaC.V2", "display_name": "LummaC.V2", "target": null }, { "id": "SHADOWLADDER", "display_name": "SHADOWLADDER", "target": null }, { "id": "JavaScript", "display_name": "JavaScript", "target": null }, { "id": "PEAKLIGHT", "display_name": "PEAKLIGHT", "target": null } ], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 22, "FileHash-SHA1": 20, "FileHash-SHA256": 20, "URL": 19, "domain": 13, "hostname": 4 }, "indicator_count": 98, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "611 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cd0ac61ef187c1560795e3", "name": "Weekly OSINT Highlights, 26 August 2024", "description": "", "modified": "2024-09-25T23:05:39.876000", "created": "2024-08-26T23:07:50.934000", "tags": [ "OSINT" ], "references": [ "https://community.riskiq.com/article/9e3295c1" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 16, "domain": 7, "FileHash-SHA256": 31, "FileHash-SHA1": 12, "FileHash-MD5": 36 }, "indicator_count": 102, "is_author": false, "is_subscribing": null, "subscriber_count": 1620, "modified_text": "612 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66c8b54dacf0a8b428859db3", "name": "PEAKLIGHT: Decoding the Stealthy Memory-Only Malware | Google Cloud Blog", "description": "", "modified": "2024-09-22T16:04:24.657000", "created": "2024-08-23T16:14:05.119000", "tags": [ "powershell", "base64", "stealth", "configuration", "variation", "base64 decoding", "decompression", "ecb mode", "gzip", "powershell code", "logic" ], "references": [ "https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AustinBH", "id": "147442", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 22, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "URL": 19, "domain": 12, "hostname": 4 }, "indicator_count": 65, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "615 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/", "https://community.riskiq.com/article/9e3295c1", "https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware", "Emmenhtal.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Cryptbot", "Shadowladder", "Lummac.v2" ], "industries": [], "unique_indicators": 49 }, "other": { "adversary": [], "malware_families": [ "Shadowladder", "Peaklight", "Javascript", "Base64-encoded", "Cryptbot.autoit", "Lummac.v2" ], "industries": [], "unique_indicators": 1822 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/gceight8vt.top", "whois": "http://whois.domaintools.com/gceight8vt.top", "domain": "gceight8vt.top", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "66c8523d0dd3d95ed18e5555", "name": "Decoding the Stealthy Memory-Only Malware", "description": "This intelligence report provides an in-depth analysis of a complex, multi-stage malware campaign called PEAKLIGHT. It details the infection chain, starting with movie lure ZIP files containing malicious LNK files that initiate a JavaScript dropper. This dropper then executes a PowerShell downloader script, PEAKLIGHT, responsible for retrieving additional payloads from a content delivery network. The report examines different variations of PEAKLIGHT and the malware it delivers, including LUMMAC.V2, SHADOWLADDER, and CRYPTBOT. The analysis highlights the obfuscation techniques employed by the threat actors, such as system binary proxy execution and CDN abuse.", "modified": "2024-09-22T09:06:06.424000", "created": "2024-08-23T09:11:24.544000", "tags": [ "lummac.v2", "javascript", "infostealer", "shadowladder", "obfuscation", "malware", "cryptbot", "powershell" ], "references": [ "https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LUMMAC.V2", "display_name": "LUMMAC.V2", "target": null }, { "id": "CRYPTBOT", "display_name": "CRYPTBOT", "target": null }, { "id": "SHADOWLADDER", "display_name": "SHADOWLADDER", "target": null } ], "attack_ids": [ { "id": "T1218.005", "name": "Mshta", "display_name": "T1218.005 - Mshta" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 209, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 22, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "URL": 6, "domain": 12 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 386482, "modified_text": "615 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6889ebeb317457163ab8fa42", "name": "Emmenhtal loader", "description": "Campaigns that used Emmenhtal to deliver various payloads", "modified": "2025-08-29T09:03:58.967000", "created": "2025-07-30T09:54:51.943000", "tags": [], "references": [ "Emmenhtal.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 395, "BitcoinAddress": 1, "CVE": 6, "FileHash-MD5": 240, "FileHash-SHA1": 123, "FileHash-SHA256": 392, "domain": 182, "email": 1, "hostname": 181 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 42, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "688b0dde98e8d32361238f0f", "name": "Emmenhtal Loader Campaign deliver various payloads [IMEBEEIMFINE]", "description": "", "modified": "2025-08-29T09:03:58.967000", "created": "2025-07-31T06:31:58.326000", "tags": [], "references": [ "Emmenhtal.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6889ebeb317457163ab8fa42", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 395, "BitcoinAddress": 1, "CVE": 6, "FileHash-MD5": 240, "FileHash-SHA1": 123, "FileHash-SHA256": 392, "domain": 182, "email": 1, "hostname": 181 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cfad5b197151f30fff52d4", "name": "PEAKLIGHT Malware Decoding the Stealthy Memory", "description": "IOC{Indicators of Compromise} - a full list of the key words and phrases used to describe a person's position on a subject of political or social change.. and.", "modified": "2024-09-27T23:05:06.750000", "created": "2024-08-28T23:06:03.184000", "tags": [ "compromise", "domains", "urls" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 17, "FileHash-SHA1": 15, "FileHash-SHA256": 15, "URL": 15, "domain": 12, "hostname": 4 }, "indicator_count": 78, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "610 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cd83c0717511523a98ec1e", "name": "PEAKLIGHT: Decoding the Stealthy Memory-Only Malware | Google Cloud Blog", "description": "A security firm, Mandiant, has identified a new method of distributing malware-as-a-service, and identified the final downloader for the malware, known as PEAKLIGHT.", "modified": "2024-09-26T07:01:24.325000", "created": "2024-08-27T07:44:00.648000", "tags": [ "powershell", "base64", "stealth", "configuration", "variation", "base64 decoding", "decompression", "ecb mode", "gzip", "powershell code", "logic", "base64-encoded", "cryptbot.autoit", "lummac.v2", "shadowladder", "javascript", "peaklight" ], "references": [ "https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Base64-Encoded", "display_name": "Base64-Encoded", "target": null }, { "id": "CRYPTBOT.AUTOIT", "display_name": "CRYPTBOT.AUTOIT", "target": null }, { "id": "LummaC.V2", "display_name": "LummaC.V2", "target": null }, { "id": "SHADOWLADDER", "display_name": "SHADOWLADDER", "target": null }, { "id": "JavaScript", "display_name": "JavaScript", "target": null }, { "id": "PEAKLIGHT", "display_name": "PEAKLIGHT", "target": null } ], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 22, "FileHash-SHA1": 20, "FileHash-SHA256": 20, "URL": 19, "domain": 13, "hostname": 4 }, "indicator_count": 98, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "611 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cd0ac61ef187c1560795e3", "name": "Weekly OSINT Highlights, 26 August 2024", "description": "", "modified": "2024-09-25T23:05:39.876000", "created": "2024-08-26T23:07:50.934000", "tags": [ "OSINT" ], "references": [ "https://community.riskiq.com/article/9e3295c1" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 16, "domain": 7, "FileHash-SHA256": 31, "FileHash-SHA1": 12, "FileHash-MD5": 36 }, "indicator_count": 102, "is_author": false, "is_subscribing": null, "subscriber_count": 1620, "modified_text": "612 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66c8b54dacf0a8b428859db3", "name": "PEAKLIGHT: Decoding the Stealthy Memory-Only Malware | Google Cloud Blog", "description": "", "modified": "2024-09-22T16:04:24.657000", "created": "2024-08-23T16:14:05.119000", "tags": [ "powershell", "base64", "stealth", "configuration", "variation", "base64 decoding", "decompression", "ecb mode", "gzip", "powershell code", "logic" ], "references": [ "https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AustinBH", "id": "147442", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 22, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "URL": 19, "domain": 12, "hostname": 4 }, "indicator_count": 65, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "615 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "http://gceight8vt.top/upload.php", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "http://gceight8vt.top/upload.php", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780206422.7251115 }