{ "type": "URL", "indicator": "https://108.165.178.42/updates.rss", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://108.165.178.42/updates.rss", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3628118260, "indicator": "https://108.165.178.42/updates.rss", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "63f017041f697d73cca5e659", "name": "Twitter Feed - drb_ra - 17-02-2023", "description": "", "modified": "2023-03-20T00:01:17.081000", "created": "2023-02-18T00:08:36.727000", "tags": [ "CobaltStrike" ], "references": [ "https://twitter.com/drb_ra/status/1626407758051278849", "https://twitter.com/drb_ra/status/1626409577452281857", "https://twitter.com/drb_ra/status/1626409600898502657", "https://twitter.com/drb_ra/status/1626409840267481089", "https://twitter.com/drb_ra/status/1626553209757089795", "https://twitter.com/drb_ra/status/1626554110693482496", "https://twitter.com/drb_ra/status/1626558875712331777", "https://twitter.com/drb_ra/status/1626560141104496640", "https://twitter.com/drb_ra/status/1626561846089072641", "https://twitter.com/drb_ra/status/1626564430182989824", "https://twitter.com/drb_ra/status/1626586779062247424", "https://twitter.com/drb_ra/status/1626586846573760512", "https://twitter.com/drb_ra/status/1626587020603850754", "https://twitter.com/drb_ra/status/1626587203903295491", "https://twitter.com/drb_ra/status/1626587243774377984", "https://twitter.com/drb_ra/status/1626587383889293312", "https://twitter.com/drb_ra/status/1626587458489192451", "https://twitter.com/drb_ra/status/1626587739570450435", "https://twitter.com/drb_ra/status/1626589376997388293", "https://twitter.com/drb_ra/status/1626589472585560066", "https://twitter.com/drb_ra/status/1626589626134851586", "https://twitter.com/drb_ra/status/1626640908375453696", "https://twitter.com/drb_ra/status/1626641304758194188", "https://twitter.com/drb_ra/status/1626642301928759296", "https://twitter.com/drb_ra/status/1626642751314968576", "https://twitter.com/drb_ra/status/1626643280988340224", "https://twitter.com/drb_ra/status/1626643606478983171", "https://twitter.com/drb_ra/status/1626644572993425433", "https://twitter.com/drb_ra/status/1626645201866395660", "https://twitter.com/drb_ra/status/1626647260992835597", "https://twitter.com/drb_ra/status/1626648917751353345", "https://twitter.com/drb_ra/status/1626650630558257170", "https://twitter.com/drb_ra/status/1626652362667397126", "https://twitter.com/drb_ra/status/1626652541319581716", "https://twitter.com/drb_ra/status/1626654042821632000", "https://twitter.com/drb_ra/status/1626654106944213011", "https://twitter.com/drb_ra/status/1626655626074984449", "https://twitter.com/drb_ra/status/1626655968418271233", "https://twitter.com/drb_ra/status/1626672323376869378", "https://twitter.com/drb_ra/status/1626672400166182926", "https://twitter.com/drb_ra/status/1626672466582986770", "https://twitter.com/drb_ra/status/1626672611949174786", "https://twitter.com/drb_ra/status/1626672642353684491", "https://twitter.com/drb_ra/status/1626672701770194959", "https://twitter.com/drb_ra/status/1626672862386872337", "https://twitter.com/drb_ra/status/1626673209176121354", "https://twitter.com/drb_ra/status/1626673809393606679", "https://twitter.com/drb_ra/status/1626674178483970056", "https://twitter.com/drb_ra/status/1626674436467220489" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 51 }, "indicator_count": 51, "is_author": false, "is_subscribing": null, "subscriber_count": 1624, "modified_text": "1171 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63e556508c95dc6493df4ee9", "name": "ACTIVIDAD MALICIOSA | referente a Cobalt Strike hasta 09-02-2023", "description": "Here is a full list of highlights from the BBC News website's live coverage of the 2016 Olympics in Rio de Janeiro, Brazil, and the Paralympic Games in London, which will take place on Thursday, 22 February 2016.", "modified": "2023-03-11T19:04:31.508000", "created": "2023-02-09T20:23:44.796000", "tags": [ "discovery", "ta0005", "ta0003", "ta0009", "ta0004", "ta0007", "ta0008", "ta0001", "t1001", "t1003", "manipulation", "cobalt strike", "cobaltstrike", "bcplsg bgpnet", "global asn", "beacon cobalt", "andregironda", "anonymous", "adm service", "lg dacom", "corporation" ], "references": [ "https://threatfox.abuse.ch/browse.php?search=malware%3ACobaltStrike+", "https://www.alertasyseguridad.com/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1029", "name": "Scheduled Transfer", "display_name": "T1029 - Scheduled Transfer" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1137", "name": "Office Application Startup", "display_name": "T1137 - Office Application Startup" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 12, "URL": 248, "domain": 14 }, "indicator_count": 274, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "1180 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63e556570c1c627acccf30eb", "name": "ACTIVIDAD MALICIOSA | referente a Cobalt Strike hasta 09-02-2023", "description": "Here is a full list of highlights from the BBC News website's live coverage of the 2016 Olympics in Rio de Janeiro, Brazil, and the Paralympic Games in London, which will take place on Thursday, 22 February 2016.", "modified": "2023-03-11T19:04:31.508000", "created": "2023-02-09T20:23:51.461000", "tags": [ "discovery", "ta0005", "ta0003", "ta0009", "ta0004", "ta0007", "ta0008", "ta0001", "t1001", "t1003", "manipulation", "cobalt strike", "cobaltstrike", "bcplsg bgpnet", "global asn", "beacon cobalt", "andregironda", "anonymous", "adm service", "lg dacom", "corporation" ], "references": [ "https://threatfox.abuse.ch/browse.php?search=malware%3ACobaltStrike+", "https://www.alertasyseguridad.com/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1029", "name": "Scheduled Transfer", "display_name": "T1029 - Scheduled Transfer" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1137", "name": "Office Application Startup", "display_name": "T1137 - Office Application Startup" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 12, "URL": 248, "domain": 14 }, "indicator_count": 274, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "1180 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/drb_ra/status/1626587203903295491", "https://twitter.com/drb_ra/status/1626643606478983171", "https://twitter.com/drb_ra/status/1626642751314968576", "https://twitter.com/drb_ra/status/1626672642353684491", "https://twitter.com/drb_ra/status/1626589472585560066", "https://twitter.com/drb_ra/status/1626652541319581716", "https://twitter.com/drb_ra/status/1626409600898502657", "https://twitter.com/drb_ra/status/1626673809393606679", "https://twitter.com/drb_ra/status/1626655626074984449", "https://www.alertasyseguridad.com/repositorio-ioc/", "https://twitter.com/drb_ra/status/1626586846573760512", "https://twitter.com/drb_ra/status/1626647260992835597", "https://twitter.com/drb_ra/status/1626643280988340224", "https://twitter.com/drb_ra/status/1626672862386872337", "https://twitter.com/drb_ra/status/1626589376997388293", "https://twitter.com/drb_ra/status/1626672611949174786", "https://twitter.com/drb_ra/status/1626587020603850754", "https://twitter.com/drb_ra/status/1626409577452281857", "https://twitter.com/drb_ra/status/1626587243774377984", "https://twitter.com/drb_ra/status/1626561846089072641", "https://twitter.com/drb_ra/status/1626409840267481089", "https://twitter.com/drb_ra/status/1626652362667397126", "https://twitter.com/drb_ra/status/1626587458489192451", "https://twitter.com/drb_ra/status/1626655968418271233", "https://twitter.com/drb_ra/status/1626673209176121354", "https://twitter.com/drb_ra/status/1626644572993425433", "https://twitter.com/drb_ra/status/1626674178483970056", "https://twitter.com/drb_ra/status/1626589626134851586", "https://twitter.com/drb_ra/status/1626640908375453696", "https://twitter.com/drb_ra/status/1626587739570450435", "https://twitter.com/drb_ra/status/1626642301928759296", "https://twitter.com/drb_ra/status/1626672400166182926", "https://twitter.com/drb_ra/status/1626641304758194188", "https://twitter.com/drb_ra/status/1626672323376869378", "https://twitter.com/drb_ra/status/1626558875712331777", "https://twitter.com/drb_ra/status/1626554110693482496", "https://twitter.com/drb_ra/status/1626645201866395660", "https://threatfox.abuse.ch/browse.php?search=malware%3ACobaltStrike+", "https://twitter.com/drb_ra/status/1626553209757089795", "https://twitter.com/drb_ra/status/1626654106944213011", "https://twitter.com/drb_ra/status/1626672701770194959", "https://twitter.com/drb_ra/status/1626672466582986770", "https://twitter.com/drb_ra/status/1626674436467220489", "https://twitter.com/drb_ra/status/1626587383889293312", "https://twitter.com/drb_ra/status/1626586779062247424", "https://twitter.com/drb_ra/status/1626648917751353345", "https://twitter.com/drb_ra/status/1626654042821632000", "https://twitter.com/drb_ra/status/1626560141104496640", "https://twitter.com/drb_ra/status/1626407758051278849", "https://twitter.com/drb_ra/status/1626650630558257170", "https://twitter.com/drb_ra/status/1626564430182989824" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Cobalt strike" ], "industries": [], "unique_indicators": 461 } } }, "false_positive": [], "alexa": "", "whois": "http://whois.domaintools.com/108.165.178.42", "domain": "Unavailable", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "63f017041f697d73cca5e659", "name": "Twitter Feed - drb_ra - 17-02-2023", "description": "", "modified": "2023-03-20T00:01:17.081000", "created": "2023-02-18T00:08:36.727000", "tags": [ "CobaltStrike" ], "references": [ "https://twitter.com/drb_ra/status/1626407758051278849", "https://twitter.com/drb_ra/status/1626409577452281857", "https://twitter.com/drb_ra/status/1626409600898502657", "https://twitter.com/drb_ra/status/1626409840267481089", "https://twitter.com/drb_ra/status/1626553209757089795", "https://twitter.com/drb_ra/status/1626554110693482496", "https://twitter.com/drb_ra/status/1626558875712331777", "https://twitter.com/drb_ra/status/1626560141104496640", "https://twitter.com/drb_ra/status/1626561846089072641", "https://twitter.com/drb_ra/status/1626564430182989824", "https://twitter.com/drb_ra/status/1626586779062247424", "https://twitter.com/drb_ra/status/1626586846573760512", "https://twitter.com/drb_ra/status/1626587020603850754", "https://twitter.com/drb_ra/status/1626587203903295491", "https://twitter.com/drb_ra/status/1626587243774377984", "https://twitter.com/drb_ra/status/1626587383889293312", "https://twitter.com/drb_ra/status/1626587458489192451", "https://twitter.com/drb_ra/status/1626587739570450435", "https://twitter.com/drb_ra/status/1626589376997388293", "https://twitter.com/drb_ra/status/1626589472585560066", "https://twitter.com/drb_ra/status/1626589626134851586", "https://twitter.com/drb_ra/status/1626640908375453696", "https://twitter.com/drb_ra/status/1626641304758194188", "https://twitter.com/drb_ra/status/1626642301928759296", "https://twitter.com/drb_ra/status/1626642751314968576", "https://twitter.com/drb_ra/status/1626643280988340224", "https://twitter.com/drb_ra/status/1626643606478983171", "https://twitter.com/drb_ra/status/1626644572993425433", "https://twitter.com/drb_ra/status/1626645201866395660", "https://twitter.com/drb_ra/status/1626647260992835597", "https://twitter.com/drb_ra/status/1626648917751353345", "https://twitter.com/drb_ra/status/1626650630558257170", "https://twitter.com/drb_ra/status/1626652362667397126", "https://twitter.com/drb_ra/status/1626652541319581716", "https://twitter.com/drb_ra/status/1626654042821632000", "https://twitter.com/drb_ra/status/1626654106944213011", "https://twitter.com/drb_ra/status/1626655626074984449", "https://twitter.com/drb_ra/status/1626655968418271233", "https://twitter.com/drb_ra/status/1626672323376869378", "https://twitter.com/drb_ra/status/1626672400166182926", "https://twitter.com/drb_ra/status/1626672466582986770", "https://twitter.com/drb_ra/status/1626672611949174786", "https://twitter.com/drb_ra/status/1626672642353684491", "https://twitter.com/drb_ra/status/1626672701770194959", "https://twitter.com/drb_ra/status/1626672862386872337", "https://twitter.com/drb_ra/status/1626673209176121354", "https://twitter.com/drb_ra/status/1626673809393606679", "https://twitter.com/drb_ra/status/1626674178483970056", "https://twitter.com/drb_ra/status/1626674436467220489" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 51 }, "indicator_count": 51, "is_author": false, "is_subscribing": null, "subscriber_count": 1624, "modified_text": "1171 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63e556508c95dc6493df4ee9", "name": "ACTIVIDAD MALICIOSA | referente a Cobalt Strike hasta 09-02-2023", "description": "Here is a full list of highlights from the BBC News website's live coverage of the 2016 Olympics in Rio de Janeiro, Brazil, and the Paralympic Games in London, which will take place on Thursday, 22 February 2016.", "modified": "2023-03-11T19:04:31.508000", "created": "2023-02-09T20:23:44.796000", "tags": [ "discovery", "ta0005", "ta0003", "ta0009", "ta0004", "ta0007", "ta0008", "ta0001", "t1001", "t1003", "manipulation", "cobalt strike", "cobaltstrike", "bcplsg bgpnet", "global asn", "beacon cobalt", "andregironda", "anonymous", "adm service", "lg dacom", "corporation" ], "references": [ "https://threatfox.abuse.ch/browse.php?search=malware%3ACobaltStrike+", "https://www.alertasyseguridad.com/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1029", "name": "Scheduled Transfer", "display_name": "T1029 - Scheduled Transfer" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1137", "name": "Office Application Startup", "display_name": "T1137 - Office Application Startup" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 12, "URL": 248, "domain": 14 }, "indicator_count": 274, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "1180 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63e556570c1c627acccf30eb", "name": "ACTIVIDAD MALICIOSA | referente a Cobalt Strike hasta 09-02-2023", "description": "Here is a full list of highlights from the BBC News website's live coverage of the 2016 Olympics in Rio de Janeiro, Brazil, and the Paralympic Games in London, which will take place on Thursday, 22 February 2016.", "modified": "2023-03-11T19:04:31.508000", "created": "2023-02-09T20:23:51.461000", "tags": [ "discovery", "ta0005", "ta0003", "ta0009", "ta0004", "ta0007", "ta0008", "ta0001", "t1001", "t1003", "manipulation", "cobalt strike", "cobaltstrike", "bcplsg bgpnet", "global asn", "beacon cobalt", "andregironda", "anonymous", "adm service", "lg dacom", "corporation" ], "references": [ "https://threatfox.abuse.ch/browse.php?search=malware%3ACobaltStrike+", "https://www.alertasyseguridad.com/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1029", "name": "Scheduled Transfer", "display_name": "T1029 - Scheduled Transfer" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1137", "name": "Office Application Startup", "display_name": "T1137 - Office Application Startup" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 12, "URL": 248, "domain": 14 }, "indicator_count": 274, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "1180 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://108.165.178.42/updates.rss", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://108.165.178.42/updates.rss", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780527091.3122442 }