{ "type": "URL", "indicator": "https://0abugs.webkit.org", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://0abugs.webkit.org", "type": "url", "type_title": "URL", "validation": [ { "source": "whitelist", "message": "Whitelisted domain webkit.org", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain webkit.org", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4169221551, "indicator": "https://0abugs.webkit.org", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "694e9e0b06df97ba54bdff06", "name": "WebKit - Malicious Apple WebKit threat. Actively being exploited over Fully Updated MacOS & iOS Devices | MITM Attack", "description": "Unsafe, malicious software threat, malicious network threat, malicious phishing threat, [This is a phishing website that impersonates a trusted website to trick you into revealing personal or financial information]\nadversary in the middle threat , browser malware threat. | Victim appears to be connected to internet, but isn\u2019t.May receive error message\u2019\u201dIt appears you are connected to the Internet, but you might want to try to reconnect to the Internet.\"\nFully Updated iPhone 17 Pro / 1\nMonth old - Positive for Adversary in the Middle attack. Fully tested. Spoke to adversaries related to sinkhole and BotNet. New target being heavily attacked, includes strange physical attack resulting in medical treatments as result of physical trauma. Rohypnol suspected. Victim dumped on a doorstep (-phone) hours after suspected Rohypnol in a 1 inch glass of Champagne in trustee housewarming environment w/coworkers and their friends. | New iPhone purchased after attack\n#denver #testthekits #plant #mfr", "modified": "2026-01-25T14:02:14.953000", "created": "2025-12-26T14:39:07.815000", "tags": [ "bugzilla", "webkit bugzilla", "urls", "content type", "meta", "united", "msie", "chrome", "moved", "apple center", "gmt content", "win32mydoom dec", "trojan", "servers", "worm", "domain", "record value", "expiration date", "et trojan", "hello ssl", "destination", "port", "whitelisted", "unknown", "ciphersuite", "sessionid", "asnone", "write", "virustotal", "drweb", "vipre", "mcafee", "panda", "malware", "pandex!gen1", "et", "present dec", "present nov", "a domains", "certificate", "ip address", "title", "atom", "present sep", "present oct", "present aug", "name servers", "aaaa", "date", "dynamicloader", "crlf line", "ff d5", "unicode text", "utf8", "ee fc", "yara rule", "f0 ff", "ascii text", "ff bb", "suspicious", "music", "push", "next", "autorun", "contacted", "domains", "less see", "all related", "pulses otx", "tags", "related", "found", "passive dns", "entries", "all ipv4", "files", "reverse dns", "location united", "flag", "windir", "openurl c", "prefetch2", "analysis", "tor analysis", "dns requests", "domain address", "csc corporate", "whois field", "value country", "us creation", "dnssec", "domain name", "name server", "learn", "ck id", "name tactics", "informative", "adversaries", "command", "defense evasion", "spawns", "mitre att", "password crack", "cryptographic", "decrypt", "code overlap", "polymorphic", "status", "alfper", "search", "win32", "network", "dns error", "phishing" ], "references": [ "https://build.webkit.org/results/Apple-Sequoia-Safer-CPP-Checks/301548@main", "googleadapis.com \u2022 googleapis.cn \u2022 108.177.98.84 \u2022 pki.google.com \u2022 source.android.google.cn \u2022 url.google.com \u2022 www.google.com", "Chrome Relationship: 173.194.112.8 \u2022 173.194.116.163 \u2022 chrome.google.com", "IDS Detections: Worm.Mydoom Checkin User-Agent (explwer)", "IDS Detections: Observed DNS Query to .biz TLD", "Yara Detections: Nrv2x , UPX_OEP_place , UPX_Modified_Or_Inside ,", "Yara Detections: UPX20030XMarkusOberhumerLaszloMolnarJohnReiser ,", "Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser", "Alerts: antisandbox_sleep network_bind persistence_autorun persistence_autorun_tasks", "Alerts: binary_yara polymorphic procmem_yara suricata_alert antivm_generic_diskreg", "Alerts: dead_connect dynamic_function_loading network_http contains_pe_overlay", "Alerts: packer_unknown_pe_section_name contains_pe_overlay suspicious_tld stealth_timeout", "Alerts: queries_keyboard_layout accesses_public_folder antidebug_setunhandledexceptionfilter", "Interesting Strings: admin@bigtits.com support@cyberplat.com admin@easypay.com", "Interesting Strings: support@wmtransfer.com admin@paypal.com support@rbkmoney.ru", "Interesting Strings: admin@wmtransfer.com 1.9.1.4 192.168.1.2", "IDS Detections: ET TROJAN Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Session_Id length greater than Client_Hello Length)", "IDS Detections: ET TROJAN Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Cipher_Suite length greater than Client_Hello Length)", "Alerts: network_icmp injection_runpe persistence_autorun copies_self injection_rwx reads_self", "Alerts: antivirus_virustotal dropper packer_entropy", "ET | Cipher Suite IP\u2019s Contacted: 156 IP\u2019s Contacted 107.23.91.76 108.160.172.206 12.221.217.40", "ET | Cipher Suite IP\u2019s Contacted: 131.107.116.240 131.84.179.51 132.3.48.38 128.150.221.19 128.174.104.18", "ET | Cipher Suite IP\u2019s Contacted: 128.200.84.203 130.199.54.31", "Contacted: store.gearboxsoftware.com labs.ericsson.com www.bankofky.com acc.dau.mil", "Contacted: forums.weather.com www.hnfs.net eduforge.org forums.nordrus.info", "Contacted: www.medicalcountermeasures.gov forum.defcon.org", "Strange / Malicious Apple URL\u2019s URI\u2019S and IP\u2019s", "https://applepay.cdn-apple.com/jsapi/v1.3.2/apple \u2022 https://www.apple.com/wss/fonts \u2022 013.ts.apple.com", "https://updates.cdn-apple.com/2022FallFCS/patches/012-73541/F0A2BDFD-317B-4557-BD18-269079BDB196/com_apple_MobileAsset_MobileSoftwareUpdate_UpdateBrain/f9886a753f7d0b2fc3378a28ab6975769f6b1c26", "nserver4.apple.com \u2022 ocsp.apple.com \u2022 www.apple.com \u2022 17.33.193.247 \u2022 gb-api-uat.apple.com", "usw2.apple.com \u2022 usw2.apple.com/ \u2022 www.itunesradio.com \u2022 www.macboxset.com", "privaterelay.appleid.com \u2022 https://bugs.webkit.org/ \u2022 https://bugs.webkit.org/github.cgi \u2022 webkit.org", "Apple OSINT: build.webkit.org 17.33.193.45 TTL: 300 \u2022 CSC Corporate Domains, Inc. Organization: Apple Inc.", "Apple OSINT: Name Server: NSERVER4.APPLE.COM \u2022 Organization: Apple Inc. ReigstrarCSC Corporate Domains, Inc. State: CA", "https://hybrid-analysis.com/sample/17e2cf5950f3683477038dcc9c0d95d9f43690a60a477f0f4b3f9af8d53448b2/694e89e1a3f4ce06f703dace" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "United Kingdom of Great Britain and Northern Ireland", "Canada" ], "malware_families": [ { "id": "Pandex!gen1", "display_name": "Pandex!gen1", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" }, { "id": "Win.Trojan.Installcore-972", "display_name": "Win.Trojan.Installcore-972", "target": null }, { "id": "worm:Win32/Mofksys.RND!MTB", "display_name": "worm:Win32/Mofksys.RND!MTB", "target": "/malware/worm:Win32/Mofksys.RND!MTB" }, { "id": "AutoRun", "display_name": "AutoRun", "target": null }, { "id": "Mal_Harebot1", "display_name": "Mal_Harebot1", "target": null } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1553.002", "name": "Code Signing", "display_name": "T1553.002 - Code Signing" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1036.004", "name": "Masquerade Task or Service", "display_name": "T1036.004 - Masquerade Task or Service" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 273, "hostname": 248, "FileHash-MD5": 219, "email": 13, "domain": 138, "FileHash-SHA256": 196, "FileHash-SHA1": 126 }, "indicator_count": 1213, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "84 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://updates.cdn-apple.com/2022FallFCS/patches/012-73541/F0A2BDFD-317B-4557-BD18-269079BDB196/com_apple_MobileAsset_MobileSoftwareUpdate_UpdateBrain/f9886a753f7d0b2fc3378a28ab6975769f6b1c26", "googleadapis.com \u2022 googleapis.cn \u2022 108.177.98.84 \u2022 pki.google.com \u2022 source.android.google.cn \u2022 url.google.com \u2022 www.google.com", "IDS Detections: ET TROJAN Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Cipher_Suite length greater than Client_Hello Length)", "Chrome Relationship: 173.194.112.8 \u2022 173.194.116.163 \u2022 chrome.google.com", "Interesting Strings: admin@wmtransfer.com 1.9.1.4 192.168.1.2", "privaterelay.appleid.com \u2022 https://bugs.webkit.org/ \u2022 https://bugs.webkit.org/github.cgi \u2022 webkit.org", "Interesting Strings: support@wmtransfer.com admin@paypal.com support@rbkmoney.ru", "Yara Detections: UPX20030XMarkusOberhumerLaszloMolnarJohnReiser ,", "Alerts: packer_unknown_pe_section_name contains_pe_overlay suspicious_tld stealth_timeout", "Contacted: forums.weather.com www.hnfs.net eduforge.org forums.nordrus.info", "Alerts: antisandbox_sleep network_bind persistence_autorun persistence_autorun_tasks", "Apple OSINT: Name Server: NSERVER4.APPLE.COM \u2022 Organization: Apple Inc. ReigstrarCSC Corporate Domains, Inc. State: CA", "Interesting Strings: admin@bigtits.com support@cyberplat.com admin@easypay.com", "nserver4.apple.com \u2022 ocsp.apple.com \u2022 www.apple.com \u2022 17.33.193.247 \u2022 gb-api-uat.apple.com", "Alerts: queries_keyboard_layout accesses_public_folder antidebug_setunhandledexceptionfilter", "Apple OSINT: build.webkit.org 17.33.193.45 TTL: 300 \u2022 CSC Corporate Domains, Inc. Organization: Apple Inc.", "https://applepay.cdn-apple.com/jsapi/v1.3.2/apple \u2022 https://www.apple.com/wss/fonts \u2022 013.ts.apple.com", "https://hybrid-analysis.com/sample/17e2cf5950f3683477038dcc9c0d95d9f43690a60a477f0f4b3f9af8d53448b2/694e89e1a3f4ce06f703dace", "ET | Cipher Suite IP\u2019s Contacted: 156 IP\u2019s Contacted 107.23.91.76 108.160.172.206 12.221.217.40", "Strange / Malicious Apple URL\u2019s URI\u2019S and IP\u2019s", "IDS Detections: Worm.Mydoom Checkin User-Agent (explwer)", "Alerts: network_icmp injection_runpe persistence_autorun copies_self injection_rwx reads_self", "usw2.apple.com \u2022 usw2.apple.com/ \u2022 www.itunesradio.com \u2022 www.macboxset.com", "ET | Cipher Suite IP\u2019s Contacted: 131.107.116.240 131.84.179.51 132.3.48.38 128.150.221.19 128.174.104.18", "Contacted: store.gearboxsoftware.com labs.ericsson.com www.bankofky.com acc.dau.mil", "Contacted: www.medicalcountermeasures.gov forum.defcon.org", "Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser", "Alerts: dead_connect dynamic_function_loading network_http contains_pe_overlay", "https://build.webkit.org/results/Apple-Sequoia-Safer-CPP-Checks/301548@main", "IDS Detections: ET TROJAN Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Session_Id length greater than Client_Hello Length)", "Alerts: antivirus_virustotal dropper packer_entropy", "Alerts: binary_yara polymorphic procmem_yara suricata_alert antivm_generic_diskreg", "Yara Detections: Nrv2x , UPX_OEP_place , UPX_Modified_Or_Inside ,", "ET | Cipher Suite IP\u2019s Contacted: 128.200.84.203 130.199.54.31", "IDS Detections: Observed DNS Query to .biz TLD" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Worm:win32/mofksys.rnd!mtb", "Mal_harebot1", "Win.trojan.installcore-972", "Autorun", "Et", "Pandex!gen1", "Trojan:win32/mydoom" ], "industries": [], "unique_indicators": 1432 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/webkit.org", "whois": "http://whois.domaintools.com/webkit.org", "domain": "webkit.org", "hostname": "0abugs.webkit.org" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "694e9e0b06df97ba54bdff06", "name": "WebKit - Malicious Apple WebKit threat. Actively being exploited over Fully Updated MacOS & iOS Devices | MITM Attack", "description": "Unsafe, malicious software threat, malicious network threat, malicious phishing threat, [This is a phishing website that impersonates a trusted website to trick you into revealing personal or financial information]\nadversary in the middle threat , browser malware threat. | Victim appears to be connected to internet, but isn\u2019t.May receive error message\u2019\u201dIt appears you are connected to the Internet, but you might want to try to reconnect to the Internet.\"\nFully Updated iPhone 17 Pro / 1\nMonth old - Positive for Adversary in the Middle attack. Fully tested. Spoke to adversaries related to sinkhole and BotNet. New target being heavily attacked, includes strange physical attack resulting in medical treatments as result of physical trauma. Rohypnol suspected. Victim dumped on a doorstep (-phone) hours after suspected Rohypnol in a 1 inch glass of Champagne in trustee housewarming environment w/coworkers and their friends. | New iPhone purchased after attack\n#denver #testthekits #plant #mfr", "modified": "2026-01-25T14:02:14.953000", "created": "2025-12-26T14:39:07.815000", "tags": [ "bugzilla", "webkit bugzilla", "urls", "content type", "meta", "united", "msie", "chrome", "moved", "apple center", "gmt content", "win32mydoom dec", "trojan", "servers", "worm", "domain", "record value", "expiration date", "et trojan", "hello ssl", "destination", "port", "whitelisted", "unknown", "ciphersuite", "sessionid", "asnone", "write", "virustotal", "drweb", "vipre", "mcafee", "panda", "malware", "pandex!gen1", "et", "present dec", "present nov", "a domains", "certificate", "ip address", "title", "atom", "present sep", "present oct", "present aug", "name servers", "aaaa", "date", "dynamicloader", "crlf line", "ff d5", "unicode text", "utf8", "ee fc", "yara rule", "f0 ff", "ascii text", "ff bb", "suspicious", "music", "push", "next", "autorun", "contacted", "domains", "less see", "all related", "pulses otx", "tags", "related", "found", "passive dns", "entries", "all ipv4", "files", "reverse dns", "location united", "flag", "windir", "openurl c", "prefetch2", "analysis", "tor analysis", "dns requests", "domain address", "csc corporate", "whois field", "value country", "us creation", "dnssec", "domain name", "name server", "learn", "ck id", "name tactics", "informative", "adversaries", "command", "defense evasion", "spawns", "mitre att", "password crack", "cryptographic", "decrypt", "code overlap", "polymorphic", "status", "alfper", "search", "win32", "network", "dns error", "phishing" ], "references": [ "https://build.webkit.org/results/Apple-Sequoia-Safer-CPP-Checks/301548@main", "googleadapis.com \u2022 googleapis.cn \u2022 108.177.98.84 \u2022 pki.google.com \u2022 source.android.google.cn \u2022 url.google.com \u2022 www.google.com", "Chrome Relationship: 173.194.112.8 \u2022 173.194.116.163 \u2022 chrome.google.com", "IDS Detections: Worm.Mydoom Checkin User-Agent (explwer)", "IDS Detections: Observed DNS Query to .biz TLD", "Yara Detections: Nrv2x , UPX_OEP_place , UPX_Modified_Or_Inside ,", "Yara Detections: UPX20030XMarkusOberhumerLaszloMolnarJohnReiser ,", "Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser", "Alerts: antisandbox_sleep network_bind persistence_autorun persistence_autorun_tasks", "Alerts: binary_yara polymorphic procmem_yara suricata_alert antivm_generic_diskreg", "Alerts: dead_connect dynamic_function_loading network_http contains_pe_overlay", "Alerts: packer_unknown_pe_section_name contains_pe_overlay suspicious_tld stealth_timeout", "Alerts: queries_keyboard_layout accesses_public_folder antidebug_setunhandledexceptionfilter", "Interesting Strings: admin@bigtits.com support@cyberplat.com admin@easypay.com", "Interesting Strings: support@wmtransfer.com admin@paypal.com support@rbkmoney.ru", "Interesting Strings: admin@wmtransfer.com 1.9.1.4 192.168.1.2", "IDS Detections: ET TROJAN Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Session_Id length greater than Client_Hello Length)", "IDS Detections: ET TROJAN Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Cipher_Suite length greater than Client_Hello Length)", "Alerts: network_icmp injection_runpe persistence_autorun copies_self injection_rwx reads_self", "Alerts: antivirus_virustotal dropper packer_entropy", "ET | Cipher Suite IP\u2019s Contacted: 156 IP\u2019s Contacted 107.23.91.76 108.160.172.206 12.221.217.40", "ET | Cipher Suite IP\u2019s Contacted: 131.107.116.240 131.84.179.51 132.3.48.38 128.150.221.19 128.174.104.18", "ET | Cipher Suite IP\u2019s Contacted: 128.200.84.203 130.199.54.31", "Contacted: store.gearboxsoftware.com labs.ericsson.com www.bankofky.com acc.dau.mil", "Contacted: forums.weather.com www.hnfs.net eduforge.org forums.nordrus.info", "Contacted: www.medicalcountermeasures.gov forum.defcon.org", "Strange / Malicious Apple URL\u2019s URI\u2019S and IP\u2019s", "https://applepay.cdn-apple.com/jsapi/v1.3.2/apple \u2022 https://www.apple.com/wss/fonts \u2022 013.ts.apple.com", "https://updates.cdn-apple.com/2022FallFCS/patches/012-73541/F0A2BDFD-317B-4557-BD18-269079BDB196/com_apple_MobileAsset_MobileSoftwareUpdate_UpdateBrain/f9886a753f7d0b2fc3378a28ab6975769f6b1c26", "nserver4.apple.com \u2022 ocsp.apple.com \u2022 www.apple.com \u2022 17.33.193.247 \u2022 gb-api-uat.apple.com", "usw2.apple.com \u2022 usw2.apple.com/ \u2022 www.itunesradio.com \u2022 www.macboxset.com", "privaterelay.appleid.com \u2022 https://bugs.webkit.org/ \u2022 https://bugs.webkit.org/github.cgi \u2022 webkit.org", "Apple OSINT: build.webkit.org 17.33.193.45 TTL: 300 \u2022 CSC Corporate Domains, Inc. Organization: Apple Inc.", "Apple OSINT: Name Server: NSERVER4.APPLE.COM \u2022 Organization: Apple Inc. ReigstrarCSC Corporate Domains, Inc. State: CA", "https://hybrid-analysis.com/sample/17e2cf5950f3683477038dcc9c0d95d9f43690a60a477f0f4b3f9af8d53448b2/694e89e1a3f4ce06f703dace" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "United Kingdom of Great Britain and Northern Ireland", "Canada" ], "malware_families": [ { "id": "Pandex!gen1", "display_name": "Pandex!gen1", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" }, { "id": "Win.Trojan.Installcore-972", "display_name": "Win.Trojan.Installcore-972", "target": null }, { "id": "worm:Win32/Mofksys.RND!MTB", "display_name": "worm:Win32/Mofksys.RND!MTB", "target": "/malware/worm:Win32/Mofksys.RND!MTB" }, { "id": "AutoRun", "display_name": "AutoRun", "target": null }, { "id": "Mal_Harebot1", "display_name": "Mal_Harebot1", "target": null } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1553.002", "name": "Code Signing", "display_name": "T1553.002 - Code Signing" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1036.004", "name": "Masquerade Task or Service", "display_name": "T1036.004 - Masquerade Task or Service" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 273, "hostname": 248, "FileHash-MD5": 219, "email": 13, "domain": 138, "FileHash-SHA256": 196, "FileHash-SHA1": 126 }, "indicator_count": 1213, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "84 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://0abugs.webkit.org", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://0abugs.webkit.org", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776645631.9437017 }