{
  "type": "URL",
  "indicator": "https://accounts.google.com",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://accounts.google.com",
    "type": "url",
    "type_title": "URL",
    "validation": [
      {
        "source": "alexa",
        "message": "Alexa rank: #1",
        "name": "Listed on Alexa"
      },
      {
        "source": "akamai",
        "message": "Akamai rank: #3",
        "name": "Akamai Popular Domain"
      },
      {
        "source": "whitelist",
        "message": "Whitelisted domain google.com",
        "name": "Whitelisted domain"
      },
      {
        "source": "majestic",
        "message": "Whitelisted domain google.com",
        "name": "Whitelisted domain"
      }
    ],
    "base_indicator": {
      "id": 2847775061,
      "indicator": "https://accounts.google.com",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 42,
      "pulses": [
        {
          "id": "69b22d9b91d2b7796f63dd0e",
          "name": "signals of abuse",
          "description": "",
          "modified": "2026-04-11T05:45:14.190000",
          "created": "2026-03-12T03:06:03.182000",
          "tags": [
            "url https"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 21,
            "FileHash-SHA1": 19,
            "FileHash-SHA256": 181,
            "URL": 327,
            "domain": 85,
            "hostname": 189
          },
          "indicator_count": 822,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "8 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69afaca79dddf98b72dd06b1",
          "name": "kitplay + breaktime :(",
          "description": "all the kits connect. weather map pdf book health calendar the intersect of the apple product webkit aligning with edge node kits is a problem. I have reached 1 mil iocs in a month manually by phone. My ears ring, my hands burn, and my soul is as corrupt as my hollow root. Ive reported this as a whistleblower and ive reported to apple etc. I must take a break after I scan some CVEs until something is done, my lymph nodes in my neck are large and sore, though I hope I could help some. :/ stay well all. sos is because my phone doesnt work in emergency situations despite 30 devices between routers phones conputers being full factory reset. Ive lost everything. month 10.",
          "modified": "2026-04-09T21:16:02.645000",
          "created": "2026-03-10T05:31:19.353000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 268,
            "hostname": 123,
            "CVE": 11,
            "FileHash-MD5": 135,
            "FileHash-SHA1": 51,
            "FileHash-SHA256": 203,
            "email": 4,
            "URL": 48
          },
          "indicator_count": 843,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "9 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0dec9f83643549f2d60c3",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
          "modified": "2026-04-04T09:52:33.171000",
          "created": "2026-04-04T09:50:01.067000",
          "tags": [
            "non dsp",
            "cor cura",
            "cookie",
            "dynamic",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "gz6mbt0grch",
            "utc ua743607001",
            "acceptencoding",
            "toggle",
            "nxdomain",
            "windows",
            "analysis",
            "files mitre",
            "xe9xaf",
            "jyx9611xb1",
            "xe3xfcxfexabe",
            "source source",
            "file name",
            "strings",
            "first",
            "path",
            "enterprise",
            "service",
            "close",
            "richard massina",
            "rocketreach",
            "email",
            "phone number",
            "clifford",
            "kenny",
            "llp associate",
            "get richard",
            "massina",
            "information og",
            "file type",
            "sigma",
            "united",
            "https",
            "mitre attack",
            "network info",
            "windows folder",
            "office macro",
            "creates",
            "office outbound",
            "phishing",
            "malicious",
            "next",
            "settings",
            "first counter",
            "default",
            "inprocserver32",
            "inprochandler32",
            "mbisslshort",
            "bearer",
            "cname",
            "mwdb",
            "bazaar",
            "bridge",
            "info",
            "accept",
            "date",
            "agent",
            "shutdown",
            "root",
            "secchuamodel",
            "excellent",
            "windows sandbox",
            "calls process",
            "hull times",
            "carol britton",
            "meyer",
            "kenny law",
            "town counsel",
            "james lampke",
            "june",
            "hiring",
            "performs dns",
            "urls",
            "found",
            "belgium",
            "processes extra",
            "t1055 process",
            "script",
            "hull",
            "head",
            "title",
            "nothing",
            "file execution",
            "error",
            "parent pid",
            "full path",
            "command line",
            "registry keys",
            "error reporting",
            "registrya",
            "localsm0504064"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 407,
            "domain": 195,
            "hostname": 309,
            "FileHash-SHA256": 607,
            "IPv4": 98,
            "FileHash-MD5": 306,
            "FileHash-SHA1": 31,
            "email": 1,
            "YARA": 1,
            "CVE": 1
          },
          "indicator_count": 1956,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "15 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0dec7d1e663f23697fcd5",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
          "modified": "2026-04-04T09:49:59.346000",
          "created": "2026-04-04T09:49:59.346000",
          "tags": [
            "non dsp",
            "cor cura",
            "cookie",
            "dynamic",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "gz6mbt0grch",
            "utc ua743607001",
            "acceptencoding",
            "toggle",
            "nxdomain",
            "windows",
            "analysis",
            "files mitre",
            "xe9xaf",
            "jyx9611xb1",
            "xe3xfcxfexabe",
            "source source",
            "file name",
            "strings",
            "first",
            "path",
            "enterprise",
            "service",
            "close",
            "richard massina",
            "rocketreach",
            "email",
            "phone number",
            "clifford",
            "kenny",
            "llp associate",
            "get richard",
            "massina",
            "information og",
            "file type",
            "sigma",
            "united",
            "https",
            "mitre attack",
            "network info",
            "windows folder",
            "office macro",
            "creates",
            "office outbound",
            "phishing",
            "malicious",
            "next",
            "settings",
            "first counter",
            "default",
            "inprocserver32",
            "inprochandler32",
            "mbisslshort",
            "bearer",
            "cname",
            "mwdb",
            "bazaar",
            "bridge",
            "info",
            "accept",
            "date",
            "agent",
            "shutdown",
            "root",
            "secchuamodel",
            "excellent",
            "windows sandbox",
            "calls process",
            "hull times",
            "carol britton",
            "meyer",
            "kenny law",
            "town counsel",
            "james lampke",
            "june",
            "hiring",
            "performs dns",
            "urls",
            "found",
            "belgium",
            "processes extra",
            "t1055 process",
            "script",
            "hull",
            "head",
            "title",
            "nothing",
            "file execution",
            "error",
            "parent pid",
            "full path",
            "command line",
            "registry keys",
            "error reporting",
            "registrya",
            "localsm0504064"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 407,
            "domain": 195,
            "hostname": 309,
            "FileHash-SHA256": 607,
            "IPv4": 98,
            "FileHash-MD5": 306,
            "FileHash-SHA1": 31,
            "email": 1
          },
          "indicator_count": 1954,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "15 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0dec535ae0f94d37ccefb",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
          "modified": "2026-04-04T09:49:57.171000",
          "created": "2026-04-04T09:49:57.171000",
          "tags": [
            "non dsp",
            "cor cura",
            "cookie",
            "dynamic",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "gz6mbt0grch",
            "utc ua743607001",
            "acceptencoding",
            "toggle",
            "nxdomain",
            "windows",
            "analysis",
            "files mitre",
            "xe9xaf",
            "jyx9611xb1",
            "xe3xfcxfexabe",
            "source source",
            "file name",
            "strings",
            "first",
            "path",
            "enterprise",
            "service",
            "close",
            "richard massina",
            "rocketreach",
            "email",
            "phone number",
            "clifford",
            "kenny",
            "llp associate",
            "get richard",
            "massina",
            "information og",
            "file type",
            "sigma",
            "united",
            "https",
            "mitre attack",
            "network info",
            "windows folder",
            "office macro",
            "creates",
            "office outbound",
            "phishing",
            "malicious",
            "next",
            "settings",
            "first counter",
            "default",
            "inprocserver32",
            "inprochandler32",
            "mbisslshort",
            "bearer",
            "cname",
            "mwdb",
            "bazaar",
            "bridge",
            "info",
            "accept",
            "date",
            "agent",
            "shutdown",
            "root",
            "secchuamodel",
            "excellent",
            "windows sandbox",
            "calls process",
            "hull times",
            "carol britton",
            "meyer",
            "kenny law",
            "town counsel",
            "james lampke",
            "june",
            "hiring",
            "performs dns",
            "urls",
            "found",
            "belgium",
            "processes extra",
            "t1055 process",
            "script",
            "hull",
            "head",
            "title",
            "nothing",
            "file execution",
            "error",
            "parent pid",
            "full path",
            "command line",
            "registry keys",
            "error reporting",
            "registrya",
            "localsm0504064"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 407,
            "domain": 195,
            "hostname": 309,
            "FileHash-SHA256": 607,
            "IPv4": 98,
            "FileHash-MD5": 306,
            "FileHash-SHA1": 31,
            "email": 1
          },
          "indicator_count": 1954,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "15 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0dec2efedd87c3a05cc10",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
          "modified": "2026-04-04T09:49:54.810000",
          "created": "2026-04-04T09:49:54.810000",
          "tags": [
            "non dsp",
            "cor cura",
            "cookie",
            "dynamic",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "gz6mbt0grch",
            "utc ua743607001",
            "acceptencoding",
            "toggle",
            "nxdomain",
            "windows",
            "analysis",
            "files mitre",
            "xe9xaf",
            "jyx9611xb1",
            "xe3xfcxfexabe",
            "source source",
            "file name",
            "strings",
            "first",
            "path",
            "enterprise",
            "service",
            "close",
            "richard massina",
            "rocketreach",
            "email",
            "phone number",
            "clifford",
            "kenny",
            "llp associate",
            "get richard",
            "massina",
            "information og",
            "file type",
            "sigma",
            "united",
            "https",
            "mitre attack",
            "network info",
            "windows folder",
            "office macro",
            "creates",
            "office outbound",
            "phishing",
            "malicious",
            "next",
            "settings",
            "first counter",
            "default",
            "inprocserver32",
            "inprochandler32",
            "mbisslshort",
            "bearer",
            "cname",
            "mwdb",
            "bazaar",
            "bridge",
            "info",
            "accept",
            "date",
            "agent",
            "shutdown",
            "root",
            "secchuamodel",
            "excellent",
            "windows sandbox",
            "calls process",
            "hull times",
            "carol britton",
            "meyer",
            "kenny law",
            "town counsel",
            "james lampke",
            "june",
            "hiring",
            "performs dns",
            "urls",
            "found",
            "belgium",
            "processes extra",
            "t1055 process",
            "script",
            "hull",
            "head",
            "title",
            "nothing",
            "file execution",
            "error",
            "parent pid",
            "full path",
            "command line",
            "registry keys",
            "error reporting",
            "registrya",
            "localsm0504064"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 407,
            "domain": 195,
            "hostname": 309,
            "FileHash-SHA256": 607,
            "IPv4": 98,
            "FileHash-MD5": 306,
            "FileHash-SHA1": 31,
            "email": 1
          },
          "indicator_count": 1954,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "15 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0dec10ab26722b8dbd382",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
          "modified": "2026-04-04T09:49:52.991000",
          "created": "2026-04-04T09:49:52.991000",
          "tags": [
            "non dsp",
            "cor cura",
            "cookie",
            "dynamic",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "gz6mbt0grch",
            "utc ua743607001",
            "acceptencoding",
            "toggle",
            "nxdomain",
            "windows",
            "analysis",
            "files mitre",
            "xe9xaf",
            "jyx9611xb1",
            "xe3xfcxfexabe",
            "source source",
            "file name",
            "strings",
            "first",
            "path",
            "enterprise",
            "service",
            "close",
            "richard massina",
            "rocketreach",
            "email",
            "phone number",
            "clifford",
            "kenny",
            "llp associate",
            "get richard",
            "massina",
            "information og",
            "file type",
            "sigma",
            "united",
            "https",
            "mitre attack",
            "network info",
            "windows folder",
            "office macro",
            "creates",
            "office outbound",
            "phishing",
            "malicious",
            "next",
            "settings",
            "first counter",
            "default",
            "inprocserver32",
            "inprochandler32",
            "mbisslshort",
            "bearer",
            "cname",
            "mwdb",
            "bazaar",
            "bridge",
            "info",
            "accept",
            "date",
            "agent",
            "shutdown",
            "root",
            "secchuamodel",
            "excellent",
            "windows sandbox",
            "calls process",
            "hull times",
            "carol britton",
            "meyer",
            "kenny law",
            "town counsel",
            "james lampke",
            "june",
            "hiring",
            "performs dns",
            "urls",
            "found",
            "belgium",
            "processes extra",
            "t1055 process",
            "script",
            "hull",
            "head",
            "title",
            "nothing",
            "file execution",
            "error",
            "parent pid",
            "full path",
            "command line",
            "registry keys",
            "error reporting",
            "registrya",
            "localsm0504064"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 407,
            "domain": 195,
            "hostname": 309,
            "FileHash-SHA256": 607,
            "IPv4": 98,
            "FileHash-MD5": 306,
            "FileHash-SHA1": 31,
            "email": 1
          },
          "indicator_count": 1954,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "15 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "699fbc709300e0ad353443f8",
          "name": "SLIMWARE Simple Installer WIN 32 EXE",
          "description": "The full text of the full transcript of this year's EU Referendum, which will take place on 26 March 2017, has been published on Facebook and Twitter, with the hashtag \"proceeding\".",
          "modified": "2026-04-01T00:44:45.494000",
          "created": "2026-02-26T03:22:24.798000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 78,
            "FileHash-SHA1": 76,
            "FileHash-SHA256": 1466,
            "domain": 268,
            "hostname": 199,
            "URL": 193,
            "CVE": 23,
            "CIDR": 1,
            "email": 3
          },
          "indicator_count": 2307,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 51,
          "modified_text": "18 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6998d15c75b59044877602c1",
          "name": "Corrupt.... Files",
          "description": "beaware",
          "modified": "2026-04-01T00:44:45.494000",
          "created": "2026-02-20T21:25:48.559000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 706,
            "FileHash-SHA1": 859,
            "FileHash-SHA256": 1480,
            "URL": 743,
            "domain": 1565,
            "email": 55,
            "hostname": 912,
            "CVE": 54,
            "CIDR": 27
          },
          "indicator_count": 6401,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 49,
          "modified_text": "18 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c236a2d4fd8035ff724bfd",
          "name": "Privacy Notice | Newfold Digital",
          "description": "A full list of key information about the Netherlands-based RIPE Network Coordination Centre (RIPE), as compiled by the BBC's Panorama programme, as well as the official website:.<<pretext",
          "modified": "2026-03-24T07:24:01.470000",
          "created": "2026-03-24T07:00:50.366000",
          "tags": [
            "ripe ncc",
            "ripe network",
            "ripe",
            "organization",
            "orgid",
            "city",
            "orgabusehandle",
            "abuse contact",
            "orgabusephone",
            "de status",
            "handle",
            "address range",
            "cidr",
            "allocation type",
            "allocated pa",
            "status",
            "whois server",
            "entity dtagnic",
            "entity dtagripe",
            "services",
            "net100",
            "net1000000",
            "stateprov",
            "rabusehandle",
            "loudoun county",
            "postalcode",
            "mcics",
            "nethandle",
            "mcics address",
            "pkwy city",
            "orgtechhandle",
            "key identifier",
            "x509v3 subject",
            "v3 serial",
            "number",
            "issuer",
            "cnsectigo rsa",
            "secure server",
            "ca cgb",
            "subject public",
            "key info",
            "cncomodo rsa",
            "ca limited",
            "validity",
            "server",
            "registrar abuse",
            "date",
            "iana id",
            "contact phone",
            "dnssec",
            "domain status",
            "registrar url",
            "registrar whois",
            "registrar",
            "registrant ext",
            "corehub",
            "expiration date",
            "registry domain",
            "registrar iana",
            "street",
            "code",
            "redacted for",
            "privacy tech",
            "postal code",
            "registrant fax",
            "domain id",
            "admin country",
            "admin postal",
            "ma admin",
            "email",
            "registrant city",
            "tierranet",
            "fax ext",
            "privacy",
            "whois privacy",
            "san diego",
            "privacy admin",
            "cus olet",
            "encrypt cnr13",
            "key algorithm",
            "domain name",
            "contact email",
            "record type",
            "ttl value",
            "registrant name",
            "creation date",
            "iframe tags",
            "language",
            "html document",
            "unicode text",
            "utf8 text",
            "gazebo model",
            "configuration",
            "markup language",
            "doctype",
            "deny",
            "secchuamodel",
            "excellent",
            "php script",
            "crlf line",
            "php source"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 208,
            "hostname": 184,
            "IPv4": 25,
            "domain": 51,
            "email": 28,
            "FileHash-SHA256": 194,
            "CIDR": 16,
            "FileHash-MD5": 67,
            "FileHash-SHA1": 263,
            "CVE": 4
          },
          "indicator_count": 1040,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "26 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69bf261cc4e399447d78776c",
          "name": "Cyber Bully Attackers | Revenge Attacks | Remote attackers | Malware Packed |",
          "description": "Several government entities, attorneys have sought porn revenge including physical violence, attempted crimes, malicious prosecution case , harassment when a female patient of man formerly known as Jeffrey Scott Reimer of Chester Springs, PA, violently, critically injured patient in a sexually charged assault [URL\thttp://foundry2-lbl.dvr.dn2.n-helix.com\t\t\t\nhttps://foundry2-lbl.dvr.dn2.n-helix.com\t\tfoundry2-lbl.dvr.dn2.n-helix.com\t\t\t\t\thttps://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/\t\t\nhttp://datafoundry.com\t\t\t\nhttp://foundry2sdbl.dvr.dn2.n-helix.com\t\t\thttps://209-99-40-223.fwd.datafoundry.com\t\t\t\ndatafoundry.com",
          "modified": "2026-03-21T23:13:32.760000",
          "created": "2026-03-21T23:13:32.760000",
          "tags": [
            "sc data",
            "data upload",
            "please sub",
            "include data",
            "extraction",
            "failed",
            "sc pulse",
            "idron anv",
            "extr please",
            "include review",
            "exclude sugges",
            "stop show",
            "typ domain",
            "united",
            "virtool",
            "name servers",
            "cryp",
            "emails",
            "win32",
            "ip address",
            "worm",
            "trojan",
            "learn",
            "suspicious",
            "informative",
            "ck id",
            "name tactics",
            "command",
            "adversaries",
            "spawns",
            "ssl certificate",
            "initial access",
            "link initial",
            "prefetch8",
            "mitre att",
            "ck matrix",
            "flag",
            "windows nt",
            "win64",
            "accept",
            "encrypt",
            "form",
            "hybrid",
            "bypass",
            "general",
            "path",
            "iframe",
            "click",
            "strings",
            "anchor https",
            "anchor",
            "liberal",
            "sabey",
            "liberal friends",
            "meta",
            "html internet",
            "html document",
            "unicode text",
            "utf8 text",
            "info initial",
            "access ta0001",
            "compromise",
            "t1189 network",
            "communication",
            "get http",
            "artifacts v",
            "full reports",
            "v get",
            "help dns",
            "resolutions",
            "ip traffic",
            "extr data",
            "enter sc",
            "extra data",
            "referen",
            "broth",
            "passive dns",
            "urls",
            "http",
            "hostname",
            "files domain",
            "files related",
            "related tags",
            "none google",
            "safe browsing",
            "inquest labs",
            "lucas acha",
            "code integrity",
            "checks creation",
            "otx logo",
            "all hostname",
            "files",
            "domain",
            "protect",
            "date",
            "title",
            "exchange",
            "se http",
            "present jan",
            "present feb",
            "present dec",
            "backdoor",
            "certificate",
            "all domain",
            "alibaba cloud",
            "hichina",
            "porkbun llc",
            "cloudflare",
            "namecheap inc",
            "namecheap",
            "domains",
            "dynadot llc",
            "ascio",
            "denmark",
            "url https",
            "filehashsha256",
            "url http",
            "dopple ai",
            "snit",
            "iocs",
            "otx description",
            "information",
            "report spam",
            "delete service",
            "poem",
            "hunter",
            "malicious",
            "porn revenge",
            "brian sabeys",
            "all report",
            "spam delete",
            "rl http",
            "https",
            "expiration http",
            "spam brian",
            "swipper",
            "type indicator",
            "role title",
            "added active",
            "related pulses",
            "filehashmd5",
            "filehashsha1",
            "sha256",
            "scan",
            "learn more",
            "indicators show",
            "tbmvid",
            "sourcelnms",
            "zx1724209326040",
            "xxx videos",
            "xxxvideohd",
            "adversary",
            "packing",
            "palantir.com",
            "discovery",
            "victim won case",
            "doin it",
            "palantirian abuse",
            "apple",
            "sabey data centers",
            "insurance",
            "quasi government",
            "the brother sabey",
            "reimer",
            "law enforcement",
            "vessel state",
            "sabey porn",
            "hall evans",
            "christopher ahmann",
            "defamation",
            "google"
          ],
          "references": [
            "The Brothers Sabey \u2013 Conservatives with Liberal Friends \u2022 https://thebrotherssabey.com/",
            "http://watchhers.net/index.php",
            "http://212.33.237.86/images/1/report.php",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
            "https://webmail.police.govmm.org/owa/",
            "https://pks.wroclaw.sa.gov.pl:1443/ \u2022 portal.bialystok.sa.gov.pl",
            "https://tulach.cc/ phishing \u2022 45.32.112.220 scanning_host \u2022 45.76.79.215",
            "Mark Brian Sabey",
            "Melvin Sabey",
            "Christopher P \u2018Buzz\u2019 Ahmann",
            "Ronda Cordova",
            "Unknown Persons impersonating Private Investigators (plural)",
            "Quasi Government Case",
            "Victim silenced. Struck by Car Driven by male police let walk",
            "Denver Police let this attempted murder walk. Cited him as a ghost driver",
            "Make driver stuck victim with large vehicle after PT unknowingly reported original assault Jeffrey Reiner to Dora",
            "Sexual and Physical Assaulter - Jeffrey Scott Reimer",
            "Reimer was a PT. Unknown whereabouts , name or job description",
            "Denver Police Department Major Crimes closed investigation",
            "Investigation closed when Brian Sabey initiated a malicious prosecution case against Victim",
            "I bring up the personal nature of the crime because a delete service has been used",
            "More than 1000 IoC\u2019s including pulses have been ILLEGALLY removed",
            "All IoC\u2019s originate from sources named. There are some unknown attackers",
            "This is a serious crime. I\u2019m certain God WILL pay them.",
            "https://palantirwww.sweetheartvideo.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t3\t  domain\tpalantir.io\t\t\tMar 21, 2026, 2:06:10 PM\t\t34\t  URL\thttps://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/ \u2022 www.palantir.com",
            "http://palantirwww.sweetheartvideo.com/ (weirdness)",
            "http://foundry2-lbl.dvr.dn2.n-helix.com \u2022 https://foundry2-lbl.dvr.dn2.n-helix.com",
            "foundry2-lbl.dvr.dn2.n-helix.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t29\t  URL\thttps://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/\t\t\tMar 21, 2026, 2:06:10 PM\t\t8\t  URL\thttp://datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t9\t  URL\thttp://foundry2sdbl.dvr.dn2.n-helix.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t17\t  URL\thttps://209-99-40-223.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t27\t  domain\tdatafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t40\t  hostname\t209-99-40-223.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:1",
            "foundry2-lbl.dvr.dn2.n-helix.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t29\t  URL\thttps://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/\t\t\tMar 21, 2026, 2:06:10 PM\t\t8\t  URL\thttp://datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t9\t  URL\thttp://foundry2sdbl.dvr.dn2.n-helix.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t17\t  URL\thttps://209-99-40-223.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t27\t  domain\tdatafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t40\t  hostname\t209-99-40-223.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:1",
            "https://rdweb.datafoundry.com/RDWeb/Pages/en-US/login.aspx",
            "https://www.datafoundry.com/data-center-contamination-control/",
            "https://www.datafoundry.com/data-center-contamination-control/",
            "https://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/",
            "http://foundry2-lbl.dvr.dn2.n-helix.com/",
            "https://207-207-25-201.fwd.datafoundry.com/",
            "http://datafoundry.com \u2022 http://foundry2sdbl.dvr.dn2.n-helix.com \u2022 https://209-99-40-223.fwd.datafoundry.com \u2022 datafoundry.com \u2022 209-99-40-223.fwd.datafoundry.com \u2022 beabetta.ifoundry.co.uk.s7b2.psmtp.com \u2022 foundry2sdbl.dvr.dn2.n-helix.com \u2022 fwd.datafoundry.com \u2022 207-207-25-154.fwd.datafoundry.com \u2022 207-207-25-156.fwd.datafoundry.com\t\t\t207-207-25-160.fwd.datafoundry.com \u2022 207-207-25-163.fwd.datafoundry.com  \u2022\t207-207-25-164.fwd.datafoundry.com \u2022 207-207-25-165.fwd.datafoundry.com\t\t\tMar 21, 207-207-25-166.fwd",
            "http://datafoundry.com \u2022 https://209-99-40-223.fwd.datafoundry.com\tdatafoundry.com \u2022 209-99-40-223.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t13\t  hostname\tbeabetta.ifoundry.co.uk.s7b2.psmtp.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t12\t  hostname\tfoundry2sdbl.dvr.dn2.n-helix.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t18\t  hostname\tfwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t8\t  hostname\t207-207-25-154.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t19\t  hostname\t207-207-25-156.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:1",
            "https://rdweb.datafoundry.com/",
            "https://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/",
            "http://foundry2sdbl.dvr.dn2.n-helix.com/",
            "Updated | What\u2019s left after theft",
            "207-207-25-167.fwd.datafoundry.com \u2022 207-207-25-168.fwd.datafoundry.com \u2022 207-207-25-169.fwd.datafoundry.com",
            "207-207-25-170.fwd.datafoundry.com \u2022 207-207-25-171.fwd.datafoundry.com \u2022 207-207-25-201.fwd.datafoundry.com",
            "https://www.datafoundry.com/category/news/press-releases/ (Fake Press) abuse",
            "https://www.datafoundry.com/category/news/press-releases/",
            "207-207-25-209.fwd.datafoundry.com \u2022\t207-207-25-212.fwd.datafoundry.com \u2022 207-207-25-213.fwd.datafoundry.com \u2022 209-99-64-53.fwd.datafoundry.com",
            "209-99-69-91.fwd.datafoundry.com \u2022 dns1.datafoundry.com \u2022 dns2.datafoundry.com \u2022 rdweb.datafoundry.com",
            "www.go.datafoundry.com \u2022 http://207-207-25-209.fwd.datafoundry.com",
            "http://209-99-64-53.fwd.datafoundry.com \u2022 http://dns2.datafoundry.com \u2022 http://fwd.datafoundry.com",
            "http://pdns1.datafoundry.com/ \u2022\thttp://rdweb.datafoundry.com \u2022 http://rdweb.datafoundry.com/",
            "https://rdweb.datafoundry.com/ \u2022 http://www.datafoundry.com \u2022 https://207-207-25-163.fwd.datafoundry.com \u2022",
            "https://207-207-25-209.fwd.datafoundry.com \u2022 https://209-99-40-224.fwd.datafoundry.com/",
            "https://209-99-64-53.fwd.datafoundry.com \u2022 https://dns1.datafoundry.com \u2022 https://dns2.datafoundry.com \u2022 https://fwd.datafoundry.com",
            "Some may may find this content is very disturbing and offensive"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Porn Revenge",
              "display_name": "Porn Revenge",
              "target": null
            },
            {
              "id": "Tons of Malware",
              "display_name": "Tons of Malware",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1041",
              "name": "Exfiltration Over C2 Channel",
              "display_name": "T1041 - Exfiltration Over C2 Channel"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1132",
              "name": "Data Encoding",
              "display_name": "T1132 - Data Encoding"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1189",
              "name": "Drive-by Compromise",
              "display_name": "T1189 - Drive-by Compromise"
            },
            {
              "id": "T1553",
              "name": "Subvert Trust Controls",
              "display_name": "T1553 - Subvert Trust Controls"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1568",
              "name": "Dynamic Resolution",
              "display_name": "T1568 - Dynamic Resolution"
            },
            {
              "id": "T1583",
              "name": "Acquire Infrastructure",
              "display_name": "T1583 - Acquire Infrastructure"
            },
            {
              "id": "T1583.001",
              "name": "Domains",
              "display_name": "T1583.001 - Domains"
            },
            {
              "id": "T1553.002",
              "name": "Code Signing",
              "display_name": "T1553.002 - Code Signing"
            },
            {
              "id": "T1132.001",
              "name": "Standard Encoding",
              "display_name": "T1132.001 - Standard Encoding"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1568.002",
              "name": "Domain Generation Algorithms",
              "display_name": "T1568.002 - Domain Generation Algorithms"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1113",
              "name": "Screen Capture",
              "display_name": "T1113 - Screen Capture"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1125",
              "name": "Video Capture",
              "display_name": "T1125 - Video Capture"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1143",
              "name": "Hidden Window",
              "display_name": "T1143 - Hidden Window"
            },
            {
              "id": "T1176",
              "name": "Browser Extensions",
              "display_name": "T1176 - Browser Extensions"
            },
            {
              "id": "T1449",
              "name": "Exploit SS7 to Redirect Phone Calls/SMS",
              "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS"
            },
            {
              "id": "T1495",
              "name": "Firmware Corruption",
              "display_name": "T1495 - Firmware Corruption"
            },
            {
              "id": "T1546",
              "name": "Event Triggered Execution",
              "display_name": "T1546 - Event Triggered Execution"
            },
            {
              "id": "T1587.001",
              "name": "Malware",
              "display_name": "T1587.001 - Malware"
            },
            {
              "id": "T1608.001",
              "name": "Upload Malware",
              "display_name": "T1608.001 - Upload Malware"
            },
            {
              "id": "T1457",
              "name": "Malicious Media Content",
              "display_name": "T1457 - Malicious Media Content"
            },
            {
              "id": "T1586.001",
              "name": "Social Media Accounts",
              "display_name": "T1586.001 - Social Media Accounts"
            },
            {
              "id": "T1593.001",
              "name": "Social Media",
              "display_name": "T1593.001 - Social Media"
            },
            {
              "id": "T1068",
              "name": "Exploitation for Privilege Escalation",
              "display_name": "T1068 - Exploitation for Privilege Escalation"
            },
            {
              "id": "T1080",
              "name": "Taint Shared Content",
              "display_name": "T1080 - Taint Shared Content"
            },
            {
              "id": "T1190",
              "name": "Exploit Public-Facing Application",
              "display_name": "T1190 - Exploit Public-Facing Application"
            },
            {
              "id": "T1472",
              "name": "Generate Fraudulent Advertising Revenue",
              "display_name": "T1472 - Generate Fraudulent Advertising Revenue"
            },
            {
              "id": "T1586",
              "name": "Compromise Accounts",
              "display_name": "T1586 - Compromise Accounts"
            },
            {
              "id": "T1059.002",
              "name": "AppleScript",
              "display_name": "T1059.002 - AppleScript"
            },
            {
              "id": "T1456",
              "name": "Drive-by Compromise",
              "display_name": "T1456 - Drive-by Compromise"
            },
            {
              "id": "T1210",
              "name": "Exploitation of Remote Services",
              "display_name": "T1210 - Exploitation of Remote Services"
            },
            {
              "id": "T1583.005",
              "name": "Botnet",
              "display_name": "T1583.005 - Botnet"
            },
            {
              "id": "T1584",
              "name": "Compromise Infrastructure",
              "display_name": "T1584 - Compromise Infrastructure"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 6034,
            "domain": 1422,
            "IPv4": 883,
            "FileHash-MD5": 274,
            "FileHash-SHA1": 252,
            "FileHash-SHA256": 3378,
            "email": 11,
            "hostname": 2753,
            "CVE": 1,
            "SSLCertFingerprint": 9,
            "IPv6": 32
          },
          "indicator_count": 15049,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 140,
          "modified_text": "28 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69228447b9c71795633314df",
          "name": "Keep Corrupt - University of Alberta Incidents continue to escalate - 02.16.26",
          "description": "Recovered accounts that have been used & abused - courtesy of decisions by non-technical leadership = accounts for UAlberta students -> PW manager made inaccessible (tied to UAlberta account) during a Data-Breach.\nWhen PW manager & Accounts returned, was populated by these (many = fraudulent; some appear to be abuse of legitimate services, while others do not, yet don't know function or origin)\n\nNot representative of OG PW manager. Many (most) accts. used/abused (on-going). \n\nDon't have a backup of original = hard to compare. Don't quite know what the majority of these companies etc. are for and/or do exactly. Putting them together as they roll-in.\nCan't turn them off in most cases - I don't have access to the U of A accounts these originate from and/or original recovery methods. \n\n2 more batches to add to this pulse (Need to add into VT) 02.16.26\n\nCountries listed are where 2 victims (UAlberta Graduates) have citizenship or some tie with.",
          "modified": "2026-03-04T21:04:10.482000",
          "created": "2025-11-23T03:49:27.649000",
          "tags": [
            "geoip",
            "as54113",
            "fastly",
            "as20940",
            "as15169",
            "google",
            "as214401",
            "maincubesas",
            "gmbh",
            "apache geoip",
            "facebook",
            "UAlberta",
            "AHS",
            "Treaty 8",
            "GoA",
            "Alberta",
            "Edmonton",
            "YEG"
          ],
          "references": [
            "https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a",
            "URLscanio, FSio, vT",
            "03.11.14: https://www.virustotal.com/graph/embed/ge2e309eb8bd34fcca56398089b2291058dfe1fca69dc4e5aa66db0365caf735b?theme=dark",
            "https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/summary",
            "https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/iocs",
            "https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a (11.22.25)"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "Cura\u00e7ao",
            "Guatemala",
            "Sint Maarten (Dutch part)",
            "Tanzania, United Republic of",
            "Barbados",
            "United States of America",
            "Bahamas",
            "Anguilla",
            "Canada",
            "Saint Vincent and the Grenadines",
            "United Kingdom of Great Britain and Northern Ireland",
            "Kenya",
            "France",
            "Aruba",
            "Mexico",
            "Poland",
            "Costa Rica",
            "Ireland",
            "Trinidad and Tobago",
            "Netherlands",
            "Slovakia",
            "Spain",
            "Philippines"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Government",
            "Technology",
            "Telecommunications",
            "Education",
            "Healthcare",
            "Finance",
            "Retail",
            "Hospitality",
            "Transportation"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 4,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CIDR": 47,
            "FileHash-MD5": 32,
            "FileHash-SHA1": 12,
            "FileHash-SHA256": 1047,
            "URL": 4006,
            "domain": 2126,
            "email": 412,
            "hostname": 2122,
            "CVE": 1
          },
          "indicator_count": 9805,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 134,
          "modified_text": "45 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6964c08bf79bcb252eaa9e15",
          "name": "TrojanSpy -  Spotify account under an attack which conceals artists releases / deletes followers",
          "description": "Spotify Attacks: TrojanSpy - Streamer Spotify account under an attack which conceals artists releases / deletes followers. The attack is adversarial. I\u2019m unclear how widespread it is.  . Further research required. OTX auto generated Pegasus. Released work that was once viewable is now concealed, followers deleted.\n#cloudfront #spyware #delete_service #cloudfront_attacks",
          "modified": "2026-02-11T09:03:20.933000",
          "created": "2026-01-12T09:36:11.701000",
          "tags": [
            "google",
            "fastly",
            "googlecl",
            "january",
            "http",
            "domain",
            "akamaias",
            "cloudflar",
            "page url",
            "de summary",
            "april",
            "reverse dns",
            "url https",
            "general full",
            "software",
            "united",
            "resource hash",
            "protocol h3",
            "security quic",
            "protocol h2",
            "security tls",
            "main",
            "present jan",
            "title",
            "gmt max",
            "certificate",
            "moved",
            "lowfi",
            "gmt content",
            "meta",
            "present dec",
            "status",
            "aaaa",
            "passive dns",
            "urls",
            "search",
            "expiration date",
            "win32",
            "files",
            "verdict",
            "files ip",
            "address",
            "mtb jan",
            "trojandropper",
            "backdoor",
            "win32upatre jan",
            "origin trial",
            "gmt cache",
            "443 ma2592000",
            "possible",
            "worm",
            "trojan",
            "ip address",
            "record value",
            "dark",
            "found",
            "ipv4 add",
            "error",
            "trojanspy",
            "emails",
            "servers",
            "pegasus",
            "america flag",
            "america asn",
            "tlsv1",
            "read c",
            "show",
            "medium",
            "lstockholm",
            "ospotify ab",
            "odigicert inc",
            "execution",
            "next",
            "dock",
            "write",
            "persistence",
            "dynamicloader",
            "yara rule",
            "ms windows",
            "pe32",
            "named pipe",
            "smartassembly",
            "delphi",
            "malware",
            "united states",
            "pe file",
            "filehash",
            "md5 add",
            "av detections",
            "ids detections",
            "yara detections",
            "alerts",
            "high",
            "write c",
            "tls sni",
            "tls handshake",
            "delete",
            "as15169",
            "stun binding",
            "request",
            "port",
            "win64",
            "themida",
            "guard",
            "risepro",
            "sha256",
            "sha1",
            "pattern match",
            "ascii text",
            "size",
            "mitre att",
            "ck id",
            "null",
            "refresh",
            "span",
            "hybrid",
            "general",
            "local",
            "path",
            "click",
            "strings",
            "tools",
            "look",
            "verify",
            "restart",
            "learn",
            "command",
            "name tactics",
            "suspicious",
            "informative",
            "spawns",
            "ck techniques",
            "evasion att",
            "t1480 execution",
            "directui",
            "element",
            "hwndhost",
            "classinfobase",
            "hwndelement",
            "value",
            "explorer",
            "insert",
            "movie",
            "hacktool",
            "showing",
            "entries http",
            "scans show",
            "california",
            "location united",
            "next associated",
            "pulse pulses",
            "name servers",
            "found request",
            "unique",
            "url add",
            "related nids",
            "files location",
            "expiration",
            "flag united",
            "present nov",
            "present sep",
            "href",
            "suricata stream",
            "command decode",
            "starfield",
            "encrypt",
            "iframe",
            "date",
            "title error",
            "hostname",
            "pulse submit",
            "memcommit",
            "checks",
            "windows",
            "capture",
            "cloudfront",
            "colorado",
            "creation date",
            "hostname add",
            "eset",
            "binary file",
            "pdb path",
            "internalname",
            "nod32",
            "amon"
          ],
          "references": [
            "open.spotify.com \u2022",
            "https://open.spotify.com/intl-de/track/5KjB1j0u54VXg6M8SN8hH2",
            "https://open.spotify.com/track/5KjB1j0u54VXg6M8SN8hH2",
            "FileHash-SHA256 cb40cd426d6e55c2b175b5be3327bfdf8d5a0074bf48b823121bd4720ed2ad95",
            "events.launchdarkly.com \u2022 clientstream.launchdarkly. \u2022 app.launchdarkly.com",
            "https://target.tccwest.www.littleswimmers.fr/",
            "www.onyx-ware.com \u2022 endgamesystems.com",
            "cloudfront.net \u2022  d127qq8ld0aiq5.cloudfront.net"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Win.Packed.Stealerc-10017074-0",
              "display_name": "Win.Packed.Stealerc-10017074-0",
              "target": null
            },
            {
              "id": "#Lowfi:Win32/AutoIt",
              "display_name": "#Lowfi:Win32/AutoIt",
              "target": "/malware/#Lowfi:Win32/AutoIt"
            },
            {
              "id": "Win.Packed.Generic-9967832-0",
              "display_name": "Win.Packed.Generic-9967832-0",
              "target": null
            },
            {
              "id": "TrojanSpy:MSIL/Yakbeex.A",
              "display_name": "TrojanSpy:MSIL/Yakbeex.A",
              "target": "/malware/TrojanSpy:MSIL/Yakbeex.A"
            },
            {
              "id": "Pegasus",
              "display_name": "Pegasus",
              "target": null
            },
            {
              "id": "Win32:HacktoolX-gen\\ [Trj]",
              "display_name": "Win32:HacktoolX-gen\\ [Trj]",
              "target": null
            },
            {
              "id": "nUFS_unicode",
              "display_name": "nUFS_unicode",
              "target": null
            },
            {
              "id": "HackTool:Win32/CobaltStrike.A",
              "display_name": "HackTool:Win32/CobaltStrike.A",
              "target": "/malware/HackTool:Win32/CobaltStrike.A"
            },
            {
              "id": "Win.Dropper.PoisonIvy-9876745-0",
              "display_name": "Win.Dropper.PoisonIvy-9876745-0",
              "target": null
            },
            {
              "id": "Trojan:Win32/Zombie.A",
              "display_name": "Trojan:Win32/Zombie.A",
              "target": "/malware/Trojan:Win32/Zombie.A"
            },
            {
              "id": "Win.Trojan.Barys-10005825-0",
              "display_name": "Win.Trojan.Barys-10005825-0",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1102",
              "name": "Web Service",
              "display_name": "T1102 - Web Service"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1119",
              "name": "Automated Collection",
              "display_name": "T1119 - Automated Collection"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1143",
              "name": "Hidden Window",
              "display_name": "T1143 - Hidden Window"
            },
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1063",
              "name": "Security Software Discovery",
              "display_name": "T1063 - Security Software Discovery"
            },
            {
              "id": "TA0003",
              "name": "Persistence",
              "display_name": "TA0003 - Persistence"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1069",
              "name": "Permission Groups Discovery",
              "display_name": "T1069 - Permission Groups Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1113",
              "name": "Screen Capture",
              "display_name": "T1113 - Screen Capture"
            },
            {
              "id": "T1587.001",
              "name": "Malware",
              "display_name": "T1587.001 - Malware"
            },
            {
              "id": "T1069.002",
              "name": "Domain Groups",
              "display_name": "T1069.002 - Domain Groups"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1189",
              "name": "Drive-by Compromise",
              "display_name": "T1189 - Drive-by Compromise"
            },
            {
              "id": "T1553",
              "name": "Subvert Trust Controls",
              "display_name": "T1553 - Subvert Trust Controls"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1568",
              "name": "Dynamic Resolution",
              "display_name": "T1568 - Dynamic Resolution"
            },
            {
              "id": "T1583",
              "name": "Acquire Infrastructure",
              "display_name": "T1583 - Acquire Infrastructure"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1158",
              "name": "Hidden Files and Directories",
              "display_name": "T1158 - Hidden Files and Directories"
            },
            {
              "id": "TA0037",
              "name": "Command and Control",
              "display_name": "TA0037 - Command and Control"
            }
          ],
          "industries": [
            "Entertainment",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 1293,
            "URL": 3389,
            "FileHash-MD5": 635,
            "FileHash-SHA1": 531,
            "FileHash-SHA256": 2345,
            "domain": 501,
            "email": 12,
            "SSLCertFingerprint": 16
          },
          "indicator_count": 8722,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 138,
          "modified_text": "67 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "690a2c38de1708af54217faa",
          "name": "Access Token used to steal security credentials & hack and ride DND of targeted individuals",
          "description": "- https://shift.gearboxsoftware.com/link\n- Found embedded in targets phone.\n\nAccess Token used to steal security credentials & hack and ride DND of targeted individuals device. \nTAM Legal \u2022  Tulach \u2022 Hall Render \u2022 Quasi Government | Some type of Foundry user account found. \n\nStop illegally \n  stalking, harassment, attempts, hacking, death threats. . Because the Colorado government allowing entities like this to operate without any type of rules, oversight or boundaries \nMILLION$ were wasted in your own fraud, waste in abuse scheme. AT&T , CrowdStrike , United Healthcare , UC Healthcare, Intermountain Health, T-Mobile, Amazon East, the Colorado Government itself, Medicare and Medicaid. For what? You have zero talent so you take it from those who do. You have nothing coming to you so you steal it from those who do. Is this somehow legal? \n#contacted #all_hosts backdoor #ransomware  #cve #usa #american_terrorists #workers_compenstation_abuse #silencing #targeting #hitmen #illegal #malvertizing #aws_dns",
          "modified": "2025-12-04T15:01:02.531000",
          "created": "2025-11-04T16:39:20.035000",
          "tags": [
            "present aug",
            "moved",
            "encrypt",
            "present jul",
            "passive dns",
            "ipv4 add",
            "reverse dns",
            "united states",
            "present may",
            "ip address",
            "gmt content",
            "ipv4",
            "all ipv4",
            "america",
            "united",
            "present oct",
            "name servers",
            "redacted for",
            "emails",
            "for privacy",
            "unknown ns",
            "unknown aaaa",
            "dynamicloader",
            "focus region",
            "unicode text",
            "utf16",
            "ms windows",
            "bokeh onlycanon",
            "zeiss jena",
            "mcsonnar",
            "high",
            "win64",
            "stream",
            "write",
            "smartassembly",
            "trailer",
            "next",
            "search",
            "medium",
            "as15169",
            "write c",
            "reads",
            "team",
            "malware",
            "local",
            "yara detections",
            "delphi",
            "strings",
            "dcom",
            "form",
            "trojandropper",
            "mtb nov",
            "backdoor",
            "otx telemetry",
            "trojan",
            "type",
            "data upload",
            "extraction",
            "ol rop",
            "hash avast",
            "avg clamav",
            "msdefender nov",
            "win32upatre nov",
            "win32berbew nov",
            "dynamic",
            "pe section",
            "error",
            "close",
            "status",
            "urls",
            "expiration date",
            "hostname",
            "url analysis",
            "yara rule",
            "show",
            "binary file",
            "wine emulator",
            "mtb oct",
            "files",
            "denmark asn",
            "as32934",
            "candyopen",
            "possible",
            "smoke loader",
            "trojanspy",
            "filehash",
            "pulses otx",
            "related tags",
            "file type",
            "no analysis",
            "available",
            "api key",
            "screenshots",
            "present nov",
            "aaaa",
            "mtb may",
            "mexico",
            "hostname add",
            "registrar",
            "domain add",
            "location united",
            "email add",
            "none related",
            "domains",
            "email domain",
            "service",
            "domain",
            "america flag",
            "body",
            "title",
            "aws dns",
            "next associated",
            "risepro",
            "guard",
            "v full",
            "reports v",
            "t1059 shared",
            "modules",
            "t1129 system",
            "t1569",
            "help v",
            "t1179 boot",
            "logon autost",
            "encoding",
            "packing f0001",
            "hidden files",
            "e1203 windows",
            "file attributes",
            "registry value",
            "catalog tree",
            "analysis ob0001",
            "evasion b0003",
            "virtual machine",
            "ip traffic",
            "memory pattern",
            "pattern urls",
            "tls sni",
            "get https",
            "post https",
            "named pipe",
            "delete c",
            "radar",
            "defender",
            "format",
            "learn",
            "command",
            "ck id",
            "name tactics",
            "suspicious",
            "informative",
            "spawns",
            "mitre att",
            "ck techniques",
            "evasion att",
            "country",
            "contacted hosts",
            "process details",
            "flag",
            "globalc",
            "intel",
            "win32",
            "worm",
            "path",
            "explorer",
            "script",
            "href",
            "external",
            "html content",
            "tulach",
            "hallrender",
            "tam legal",
            "brian sabey",
            "christopher ahmann",
            "apple",
            "msie",
            "chrome",
            "ascio",
            "creation date",
            "date",
            "germany unknown",
            "germany asn",
            "files ip",
            "address",
            "asn as24940",
            "less",
            "script urls",
            "a domains",
            "prox",
            "dennis schrder",
            "meta",
            "apache",
            "99u25f.exe",
            "entries",
            "as24940 hetzner",
            "dns resolutions",
            "status code",
            "body length",
            "kb body",
            "software/ hardware",
            "external-resources",
            "password-input",
            "overview",
            "colorado"
          ],
          "references": [
            "https://shift.gearboxsoftware.com/link",
            "https://tulach.cc/",
            "https://www.anyxxxtube.net/search-porn/tsara-brashears/  \u2022 alohatube.xyz \u2022 1001pornvideos.com",
            "x402.porn \u2022 http://alohatube.xyz/search/tsara-brashears \u2022 \thttps://ufovpn.io/blog/is-eporner-safe",
            "https://www.turbo.net/run/videolan/vlc",
            "http://www.forensickb.com/2013/03/file-entropy-explained.html",
            "https://www.xlabs.com.br/blog/cve-2013-3304-dell-equallogic-directory-traversal/ \u2022 http://cve.phidias.com/",
            "Overview \"Keeping money\" by the Colorado workers' compensation system can refer to",
            "legal deductions, legitimate reasons for payment delays or denial, or potential issues that require legal",
            "counsel. The system does not \"keep\" money without a valid reason.Lies. they\u2019ve Ben in trouble before ."
          ],
          "public": 1,
          "adversary": "Colorado Quasi Government | Workerk Compensation",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Win.Trojan.Generic-9878032-0",
              "display_name": "Win.Trojan.Generic-9878032-0",
              "target": null
            },
            {
              "id": "Win.Trojan.Starter-171",
              "display_name": "Win.Trojan.Starter-171",
              "target": null
            },
            {
              "id": "GravityRAT",
              "display_name": "GravityRAT",
              "target": null
            },
            {
              "id": "Backdoor:Win32/Berbew.AA!MTB",
              "display_name": "Backdoor:Win32/Berbew.AA!MTB",
              "target": "/malware/Backdoor:Win32/Berbew.AA!MTB"
            },
            {
              "id": "Trojan:MSIL/AgentTesla.DW!MTB",
              "display_name": "Trojan:MSIL/AgentTesla.DW!MTB",
              "target": "/malware/Trojan:MSIL/AgentTesla.DW!MTB"
            },
            {
              "id": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn",
              "display_name": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn",
              "target": null
            },
            {
              "id": "Trojandropper:Win32/VB.IL",
              "display_name": "Trojandropper:Win32/VB.IL",
              "target": "/malware/Trojandropper:Win32/VB.IL"
            },
            {
              "id": "Nemucod",
              "display_name": "Nemucod",
              "target": null
            },
            {
              "id": "Berbew",
              "display_name": "Berbew",
              "target": null
            },
            {
              "id": "PWS:Win32/Zbot.MS!MTB",
              "display_name": "PWS:Win32/Zbot.MS!MTB",
              "target": "/malware/PWS:Win32/Zbot.MS!MTB"
            },
            {
              "id": "Win.Trojan.Barys-10005825-0",
              "display_name": "Win.Trojan.Barys-10005825-0",
              "target": null
            },
            {
              "id": "Upatre",
              "display_name": "Upatre",
              "target": null
            },
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Win.Exploit.Rozena-10038302-0",
              "display_name": "Win.Exploit.Rozena-10038302-0",
              "target": null
            },
            {
              "id": "Zombie",
              "display_name": "Zombie",
              "target": null
            },
            {
              "id": "Trojan:Win32/Zombie",
              "display_name": "Trojan:Win32/Zombie",
              "target": "/malware/Trojan:Win32/Zombie"
            },
            {
              "id": "Muldrop",
              "display_name": "Muldrop",
              "target": null
            },
            {
              "id": "Worm:Win32/Mofksys.RND!MTB",
              "display_name": "Worm:Win32/Mofksys.RND!MTB",
              "target": "/malware/Worm:Win32/Mofksys.RND!MTB"
            },
            {
              "id": "Dorv",
              "display_name": "Dorv",
              "target": null
            },
            {
              "id": "Win.Malware.Pits-10035540-0",
              "display_name": "Win.Malware.Pits-10035540-0",
              "target": null
            },
            {
              "id": "Win.Ransomware.Msilzilla-10014498-0",
              "display_name": "Win.Ransomware.Msilzilla-10014498-0",
              "target": null
            },
            {
              "id": "CVE-2023-4966",
              "display_name": "CVE-2023-4966",
              "target": null
            },
            {
              "id": "Exploit:Linux/CVE-2017-17215",
              "display_name": "Exploit:Linux/CVE-2017-17215",
              "target": "/malware/Exploit:Linux/CVE-2017-17215"
            },
            {
              "id": "Ransom:Win32/CVE-2017-0147",
              "display_name": "Ransom:Win32/CVE-2017-0147",
              "target": "/malware/Ransom:Win32/CVE-2017-0147"
            },
            {
              "id": "CVE-2022-26134",
              "display_name": "CVE-2022-26134",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1063",
              "name": "Security Software Discovery",
              "display_name": "T1063 - Security Software Discovery"
            },
            {
              "id": "T1119",
              "name": "Automated Collection",
              "display_name": "T1119 - Automated Collection"
            },
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1179",
              "name": "Hooking",
              "display_name": "T1179 - Hooking"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1569",
              "name": "System Services",
              "display_name": "T1569 - System Services"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1069",
              "name": "Permission Groups Discovery",
              "display_name": "T1069 - Permission Groups Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1553",
              "name": "Subvert Trust Controls",
              "display_name": "T1553 - Subvert Trust Controls"
            },
            {
              "id": "T1568",
              "name": "Dynamic Resolution",
              "display_name": "T1568 - Dynamic Resolution"
            },
            {
              "id": "T1457",
              "name": "Malicious Media Content",
              "display_name": "T1457 - Malicious Media Content"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 12,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 6051,
            "hostname": 2627,
            "FileHash-MD5": 401,
            "FileHash-SHA1": 257,
            "email": 11,
            "domain": 1838,
            "FileHash-SHA256": 1742,
            "CVE": 4,
            "SSLCertFingerprint": 3
          },
          "indicator_count": 12934,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 140,
          "modified_text": "136 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "68dc624893ea922b898f911b",
          "name": "FBI? Ghe real one? Idk - Cab / Deive by compromised an iOS device",
          "description": "Checking a targets phone, it\u2019s seems very infected with limited results on google searches results. I clicked on an image I thought looked suspicious. Image was coded. I have no idea if this is the FBI I haven\u2019t examined or researched for vulnerabilities yet. I will break this down over time. The number is kept alive but number could not be verified , it was a different number altogether. The phone was out of service, I reached out to 911. And spoke to a person I can\u2019t verify. The service was reconnected a day later. It\u2019s a very crazy hack!",
          "modified": "2025-10-30T22:01:00.256000",
          "created": "2025-09-30T23:05:44.154000",
          "tags": [
            "search",
            "google search",
            "in a",
            "relevance",
            "internet storm",
            "intranet",
            "part",
            "steps",
            "hyper v",
            "windowssystem32",
            "ping request",
            "algorithm",
            "ouno sni",
            "key usage",
            "google llc",
            "v3 serial",
            "number",
            "public key",
            "info",
            "key algorithm",
            "domain",
            "subject key",
            "identifier",
            "net173",
            "net1730000",
            "gogl",
            "orgid",
            "gogl address",
            "city",
            "mountain view",
            "stateprov",
            "postalcode",
            "registrar",
            "ip address",
            "http",
            "port",
            "accept",
            "info file",
            "network dropped",
            "duration cuckoo",
            "version file",
            "machine label",
            "shutdown",
            "learn",
            "ck id",
            "name tactics",
            "suspicious",
            "informative",
            "command",
            "adversaries",
            "defense evasion",
            "spawns",
            "found",
            "united",
            "ascii text",
            "pattern match",
            "mitre att",
            "title",
            "hybrid",
            "general",
            "path",
            "click",
            "strings",
            "body",
            "initial access",
            "local",
            "passive dns",
            "urls",
            "url add",
            "related nids",
            "files location",
            "flag united",
            "backdoor",
            "status",
            "aaaa",
            "date",
            "name servers",
            "record value",
            "emails",
            "present aug",
            "present sep",
            "moved",
            "error",
            "antivm",
            "drive by",
            "cab by"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1189",
              "name": "Drive-by Compromise",
              "display_name": "T1189 - Drive-by Compromise"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1553",
              "name": "Subvert Trust Controls",
              "display_name": "T1553 - Subvert Trust Controls"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1568",
              "name": "Dynamic Resolution",
              "display_name": "T1568 - Dynamic Resolution"
            },
            {
              "id": "T1583",
              "name": "Acquire Infrastructure",
              "display_name": "T1583 - Acquire Infrastructure"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1113",
              "name": "Screen Capture",
              "display_name": "T1113 - Screen Capture"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 3,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 544,
            "FileHash-SHA256": 2300,
            "URL": 3905,
            "hostname": 1675,
            "FileHash-MD5": 209,
            "FileHash-SHA1": 210,
            "CIDR": 1,
            "email": 7,
            "SSLCertFingerprint": 8,
            "CVE": 2
          },
          "indicator_count": 8861,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 137,
          "modified_text": "170 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "68d40c9a87988555c2e23626",
          "name": "Described as \u2018Haunted\u2019 - Ransom & espionage continues to plague  residential communities | HighMark Residential",
          "description": "A national apartment apartment and townhome community that describes itself as luxury has developed such a poor reputation for poor conditions, communication, discrimination, a belief legal entities are running communities some which have been converted hospitals has a terrible spyware , ransom  problem they seem unwilling to address. Compromised to the hilt & famously known to have its own Reddit thread dedicated to a haunted\u2019 Denver community our team has  researched in the past. Denver community  had a compromise that likely brought attention to or spearheaded the AT&T outage. whitesky.us or the outage was a coincidence.\n\nConcerns about espionage, passwords, outages, ransomware. \ntips from former residents from Phoenix, Texas and Utah in on weekend. Broad research required.\nThailand live?",
          "modified": "2025-10-24T14:04:50.784000",
          "created": "2025-09-24T15:22:02.262000",
          "tags": [
            "encrypt",
            "residential",
            "benefits",
            "contact us",
            "email",
            "denver highmark",
            "windows nt",
            "dynamicloader",
            "generic http",
            "exe upload",
            "medium",
            "host",
            "inbound",
            "trojan",
            "write",
            "markus",
            "malware",
            "checkin",
            "trojandropper",
            "mtb sep",
            "united",
            "passive dns",
            "win32upatre sep",
            "ipv4",
            "reverse dns",
            "alerts",
            "av detections",
            "ids detections",
            "yara detections",
            "high",
            "dynamic",
            "reads",
            "pe file",
            "checks system",
            "write c",
            "a domains",
            "gmt server",
            "certificate",
            "hostname add",
            "url analysis",
            "title",
            "apache",
            "name servers",
            "ip address",
            "emails",
            "servers",
            "users",
            "recycle bin",
            "learn",
            "ck id",
            "name tactics",
            "suspicious",
            "informative",
            "command",
            "adversaries",
            "defense evasion",
            "t1480 execution",
            "windir",
            "openurl c",
            "eregec4",
            "kl0hsy",
            "pattern match",
            "ascii text",
            "mitre att",
            "ck matrix",
            "t1057",
            "prefetch2",
            "yara signature",
            "general",
            "local",
            "path",
            "click",
            "ipv4 add",
            "urls",
            "files",
            "outbound",
            "cname",
            "apache x",
            "powered",
            "modified",
            "moved",
            "body doctype",
            "content type",
            "accept",
            "script script",
            "script urls",
            "queue security",
            "script begin",
            "url add",
            "http",
            "hostname",
            "files domain",
            "files related",
            "related tags",
            "dominet",
            "record value",
            "domain",
            "meta",
            "gmt etag",
            "pulse submit",
            "alive thailand",
            "xml title",
            "x tec",
            "html public",
            "show",
            "copy",
            "pe section",
            "contacted",
            "md5 add",
            "pulse pulses",
            "analysis date",
            "file score",
            "search",
            "win64",
            "khtml",
            "gecko",
            "json",
            "themida",
            "download",
            "next",
            "public folder",
            "windows",
            "highest",
            "a file",
            "checks adapter",
            "mpgph131 hr",
            "hourly rl",
            "mpgph131 lg",
            "onlogon rl",
            "entries",
            "checks",
            "high automated",
            "ollydbg",
            "gbdyllo",
            "file monitor",
            "process monitor",
            "cape",
            "related nids",
            "files location",
            "flag united",
            "pulses none",
            "next associated",
            "hosting",
            "33",
            "customercare"
          ],
          "references": [
            "IDS Detections: Win32/Vflooder.B Checkin | Virus Total vtapi DOS"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Trojan:Win32/Vflooder",
              "display_name": "Trojan:Win32/Vflooder",
              "target": "/malware/Trojan:Win32/Vflooder"
            },
            {
              "id": "Trojandownloader:Win32/Upatre",
              "display_name": "Trojandownloader:Win32/Upatre",
              "target": "/malware/Trojandownloader:Win32/Upatre"
            },
            {
              "id": "Win.Trojan.Agent",
              "display_name": "Win.Trojan.Agent",
              "target": null
            },
            {
              "id": "ALF:Trojan:Win32/G3nasom!imp",
              "display_name": "ALF:Trojan:Win32/G3nasom!imp",
              "target": null
            },
            {
              "id": "Trojandropper:Win32/Muldrop.V!MTB",
              "display_name": "Trojandropper:Win32/Muldrop.V!MTB",
              "target": "/malware/Trojandropper:Win32/Muldrop.V!MTB"
            },
            {
              "id": "Themida",
              "display_name": "Themida",
              "target": null
            },
            {
              "id": "TEL:CreateScheduledTask.A!Sigattr",
              "display_name": "TEL:CreateScheduledTask.A!Sigattr",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1114",
              "name": "Email Collection",
              "display_name": "T1114 - Email Collection"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1143",
              "name": "Hidden Window",
              "display_name": "T1143 - Hidden Window"
            },
            {
              "id": "T1147",
              "name": "Hidden Users",
              "display_name": "T1147 - Hidden Users"
            },
            {
              "id": "T1211",
              "name": "Exploitation for Defense Evasion",
              "display_name": "T1211 - Exploitation for Defense Evasion"
            },
            {
              "id": "T1048.001",
              "name": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol",
              "display_name": "T1048.001 - Exfiltration Over Symmetric Encrypted Non-C2 Protocol"
            },
            {
              "id": "T1595.001",
              "name": "Scanning IP Blocks",
              "display_name": "T1595.001 - Scanning IP Blocks"
            },
            {
              "id": "T1046",
              "name": "Network Service Scanning",
              "display_name": "T1046 - Network Service Scanning"
            },
            {
              "id": "T1113",
              "name": "Screen Capture",
              "display_name": "T1113 - Screen Capture"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1119",
              "name": "Automated Collection",
              "display_name": "T1119 - Automated Collection"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 3081,
            "FileHash-MD5": 756,
            "FileHash-SHA1": 724,
            "FileHash-SHA256": 3089,
            "domain": 1476,
            "email": 8,
            "hostname": 1198,
            "SSLCertFingerprint": 3
          },
          "indicator_count": 10335,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 142,
          "modified_text": "177 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "68cd76f1888c22a2e105e524",
          "name": "Sign in - Google Accounts | Ransomware G3nasom",
          "description": "Needs to more research due to how malicious it is. Did attack a monitored target via Google search.\n\nI haven\u2019t put the time into naming all vulnerabilities. Positive for ransomware ALF:Trojan:Win32/G3nasom formerly named \u201c Win.Ransomware.Gandcrab-10044141-0\u201d",
          "modified": "2025-10-19T14:00:01.535000",
          "created": "2025-09-19T15:29:53.126000",
          "tags": [
            "sign",
            "google account",
            "email",
            "forgot email",
            "private window",
            "learn",
            "guest mode",
            "next create",
            "dynamicloader",
            "windows nt",
            "msie",
            "wow64",
            "slcc2",
            "media center",
            "tlsv1",
            "owotrus ca",
            "limited",
            "server ca",
            "python",
            "write",
            "trojan",
            "guard",
            "win64",
            "accept",
            "updater",
            "launcher",
            "malware",
            "contacted",
            "filehash",
            "av detections",
            "ids detections",
            "yara detections",
            "alerts",
            "analysis date",
            "passive dns",
            "google trust",
            "ip address",
            "related nids",
            "united",
            "url http",
            "present aug",
            "present sep",
            "present jul",
            "unknown aaaa",
            "domain",
            "title",
            "body",
            "trojandropper",
            "mtb sep",
            "meta",
            "next associated",
            "win32upatre sep",
            "backdoor",
            "ipv4",
            "moved",
            "ddos",
            "data upload",
            "extraction",
            "iocs",
            "failed",
            "source url",
            "indicato",
            "mat my",
            "data",
            "ck id",
            "name tactics",
            "suspicious",
            "informative",
            "adversaries",
            "found",
            "command",
            "initial access",
            "spawns",
            "chrome",
            "gmt content",
            "avast avg",
            "next http",
            "ascii text",
            "size",
            "pattern match",
            "mitre att",
            "error",
            "null",
            "android",
            "general",
            "local",
            "path",
            "click",
            "strings",
            "trident",
            "write c",
            "medium",
            "search",
            "show",
            "high",
            "push",
            "service",
            "ms defender",
            "files matching",
            "number",
            "hide samples",
            "date hash",
            "next yara",
            "emotet",
            "g3nasom",
            "entries",
            "alerts show",
            "ck technique",
            "technique id",
            "io control",
            "anomalous",
            "geofencing",
            "sha256 add",
            "pulse pulses",
            "copy"
          ],
          "references": [
            "http://accounts.google.com/v3/signin/identifier",
            "Yara Detection: Cabinet _Archive",
            "Banking Malware"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Emotet",
              "display_name": "Emotet",
              "target": null
            },
            {
              "id": "ALF:Trojan:Win32/G3nasom",
              "display_name": "ALF:Trojan:Win32/G3nasom",
              "target": null
            },
            {
              "id": "Win.Ransomware.Gandcrab-10044141-0\t(renamed G3nasom)",
              "display_name": "Win.Ransomware.Gandcrab-10044141-0\t(renamed G3nasom)",
              "target": null
            },
            {
              "id": "Win.Trojan.Barys-10005825-0",
              "display_name": "Win.Trojan.Barys-10005825-0",
              "target": null
            },
            {
              "id": "Trojandropper:Win32/Muldrop.V!MTB",
              "display_name": "Trojandropper:Win32/Muldrop.V!MTB",
              "target": "/malware/Trojandropper:Win32/Muldrop.V!MTB"
            },
            {
              "id": "Backdoor:Win32/Berbew",
              "display_name": "Backdoor:Win32/Berbew",
              "target": "/malware/Backdoor:Win32/Berbew"
            },
            {
              "id": "Upatre",
              "display_name": "Upatre",
              "target": null
            },
            {
              "id": "Trojan:Win32/Emotet.KDS!MTB",
              "display_name": "Trojan:Win32/Emotet.KDS!MTB",
              "target": "/malware/Trojan:Win32/Emotet.KDS!MTB"
            }
          ],
          "attack_ids": [
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1119",
              "name": "Automated Collection",
              "display_name": "T1119 - Automated Collection"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1553",
              "name": "Subvert Trust Controls",
              "display_name": "T1553 - Subvert Trust Controls"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1583",
              "name": "Acquire Infrastructure",
              "display_name": "T1583 - Acquire Infrastructure"
            },
            {
              "id": "T1590",
              "name": "Gather Victim Network Information",
              "display_name": "T1590 - Gather Victim Network Information"
            },
            {
              "id": "T1113",
              "name": "Screen Capture",
              "display_name": "T1113 - Screen Capture"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1147",
              "name": "Hidden Users",
              "display_name": "T1147 - Hidden Users"
            },
            {
              "id": "T1143",
              "name": "Hidden Window",
              "display_name": "T1143 - Hidden Window"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1068",
              "name": "Exploitation for Privilege Escalation",
              "display_name": "T1068 - Exploitation for Privilege Escalation"
            },
            {
              "id": "TA0011",
              "name": "Command and Control",
              "display_name": "TA0011 - Command and Control"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 13,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 531,
            "FileHash-SHA256": 1069,
            "URL": 1607,
            "FileHash-MD5": 275,
            "FileHash-SHA1": 187,
            "SSLCertFingerprint": 25,
            "domain": 188,
            "email": 2
          },
          "indicator_count": 3884,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 138,
          "modified_text": "182 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6889153bb756c703bd61c97d",
          "name": "Calisto - APT - 07.29.25 - UA ChromeBook Retro",
          "description": "Maldoc Calisto - 03.17.23\nRetroanalysis of a simple test to demonstrate a point (had some extensions to capture data). Borrowed a Google Chromebook From University of Alberta & signed in to my CCID on Campus with the Chromebook provided by Office of DOS (provided to them by 'offside IT'. Chromebook did not do so well. Returned. \n\nMAL_PDF_Calisto_PDF_Streams_Jul_09 (Threatzone)\nThis supports findings from Beehive Security who later blocked Calisto/Callisto with their MDR Solution.",
          "modified": "2025-09-03T00:22:10.750000",
          "created": "2025-07-29T18:38:51.647000",
          "tags": [
            "triage",
            "malware",
            "analysis",
            "report",
            "reported",
            "analyze",
            "sandbox",
            "download submit",
            "sha512",
            "sha1",
            "filesize",
            "sha256",
            "file",
            "token",
            "prefetch8",
            "prefetch1",
            "dataprofile",
            "general",
            "config",
            "download",
            "copy",
            "target",
            "defense",
            "generic",
            "impact",
            "virus",
            "trojan",
            "ransomware",
            "static",
            "indicator of compromise",
            "ioc",
            "extraction",
            "emulation",
            "online",
            "submit",
            "sample",
            "platform",
            "vxstream",
            "apt",
            "hybrid analysis",
            "api key",
            "vetting process",
            "please note",
            "please",
            "switch",
            "inquest labs",
            "resources api",
            "notes supported",
            "cve list",
            "drop your",
            "service",
            "privacy policy",
            "found url",
            "ck id",
            "details found",
            "ingress tool",
            "transfer",
            "t1105",
            "details url",
            "t1571",
            "pdf found",
            "found",
            "contentparse",
            "externalparser",
            "woff2",
            "inputfile",
            "domainresolve",
            "u200c200d",
            "u25cc",
            "ioc value",
            "Callisto",
            "Maldoc",
            "UAlberta",
            "U of A",
            "Chromebook",
            "Microsoft",
            "Google",
            "Telus",
            "Calisto",
            "APT"
          ],
          "references": [
            "https://tria.ge/250729-wr59yabk7y/behavioral2",
            "https://www.filescan.io/uploads/68890e2dc79df08ef097cd38/reports/06923db6-30ae-455f-8026-73461cc1472e/overview",
            "https://hybrid-analysis.com/sample/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e",
            "https://metadefender.com/results/file/YTI1MDcyOXl4LTdxa1I5ZlVJNGVsWTRUS2kz_mdaas",
            "https://polyswarm.network/scan/results/file/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce",
            "https://app.threat.zone/submission/5879c4fe-ce35-45c3-8a3c-e8c06d0e2b2d/overview",
            "https://tip.neiki.dev/file/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e",
            "https://www.virustotal.com/gui/file/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e",
            "https://www.virustotal.com/gui/file-analysis/MTllN2NiNTVkMGQ1MTYzNGY0OTg4MGY2MmRiYmNjYzg6MTc1MzgxNDIzNQ==",
            "https://vtbehaviour.commondatastorage.googleapis.com/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1753815427&Signature=BM1MWONwwKd011yMi5XzJJHo01QYs0qWdERlFPM9BGS4OW62YRzI4FX6aMwA6MgQB2eLDnMBjwIYw2ct1yC2HAzJ82eh6VqtBu%2BiE6lObCQjjON9nx29EKx9dGSRLewI3Zjpp7Kbokc%2FIKEh40ZNmeXNc4aCsECY%2Fwq9FQOmT2vm8Bi6IHzZNBMT3srLRZsr%2Bo36MP6ckdybeglLLnb9LA5iEOYbMBMEq6HxMj%2BfLIssDjKInHz7",
            "https://hybrid-analysis.com/sample/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce/6889105954703efa4303f7c7",
            "https://malpedia.caad.fkie.fraunhofer.de/actor/callisto"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "Canada",
            "Netherlands"
          ],
          "malware_families": [
            {
              "id": "MAL_PDF_Calisto_PDF_Streams_Jul_09",
              "display_name": "MAL_PDF_Calisto_PDF_Streams_Jul_09",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1012",
              "name": "Query Registry",
              "display_name": "T1012 - Query Registry"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1217",
              "name": "Browser Bookmark Discovery",
              "display_name": "T1217 - Browser Bookmark Discovery"
            },
            {
              "id": "T1614",
              "name": "System Location Discovery",
              "display_name": "T1614 - System Location Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            }
          ],
          "industries": [
            "Education",
            "Technology",
            "Healthcare",
            "Government"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 33,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 6319,
            "CIDR": 11,
            "CVE": 9,
            "FileHash-MD5": 323,
            "FileHash-SHA1": 260,
            "FileHash-SHA256": 292,
            "domain": 596,
            "email": 37,
            "hostname": 806
          },
          "indicator_count": 8653,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 131,
          "modified_text": "228 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "688af30ab2a5242f48ba2c21",
          "name": "IoC\u2019s of Potentially \u2018falsified\u2019 LinkedIn of attempted Hitman DPD let walk",
          "description": "IoC\u2019s of Potentially \u2018falsified\u2019 LinkedIn profile of attempted Hitman DPD let walk. Name removed from pulse attempted HM. Denver Police positively identified driver , plates& vehicle positive walk. All attorneys accepted then dropped her case alleging \u2019she \u2019was too hacked?\u2019 \n\nAlleged traffic officer lets positively identified driver who intentionally tried to drive target Tsara Brashears of of the I - 25 after a PT  unexpectedly reported Jeffrey Reimer to DORA without victims knowledge or permission . Officer falsely states Brashears didn\u2019t have a drivers license. Wreck led to worsening a new SCI injury that eventually led to \u2026\n\n#corruption #denver #why #rip #dpd #stop",
          "modified": "2025-08-30T04:01:11.958000",
          "created": "2025-07-31T04:37:30.179000",
          "tags": [
            "dynamicloader",
            "entries",
            "search",
            "stun binding",
            "request",
            "port",
            "show",
            "write c",
            "medium",
            "whitelisted",
            "copy",
            "themida",
            "guard",
            "write",
            "risepro",
            "malware",
            "win64",
            "next",
            "software",
            "united",
            "for privacy",
            "unknown aaaa",
            "ip address",
            "creation date",
            "found",
            "gmt content",
            "443 ma2592000",
            "error"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1063",
              "name": "Security Software Discovery",
              "display_name": "T1063 - Security Software Discovery"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 19,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 587,
            "FileHash-SHA256": 1137,
            "URL": 2279,
            "FileHash-MD5": 109,
            "FileHash-SHA1": 100,
            "domain": 291,
            "email": 1,
            "CVE": 1
          },
          "indicator_count": 4505,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 138,
          "modified_text": "232 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6695e27f356a22d97fba5ca8",
          "name": "Critical attack/s continues to affect YouTube Creator/s account/s",
          "description": "Related to YouTube creator/s  attack/s. Found as part of Jays Youtube Bot.exe and YouTube bots.\nFull CnC, access and id devices. Redirects views, resells. spoofs, binds and/or accounts. FRAUD! \nReference: YARA Signature Match - THOR APT Scanner\nRULE: SUSP_Wextract_Anomaly_Unsigned_May23\nRULE_SET: Livehunt - Suspicious290 Indicators \ud83c\udff9\nRULE_TYPE: THOR APT Scanner's rule set only \ud83d\udd28\nRULE_LINK: https://valhalla.nextron-systems.com/info/rule/SUSP_Wextract_Anomaly_Unsigned_May23\nDESCRIPTION: Detects an anomalous unsigned wextract that contains additional code and has been seen abused to deliver malware\nREFERENCE: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/deconstructing-amadeys-latest-multi-stage-attack-and-malware-distribution/\nRULE_AUTHOR: X__Junior\nThor for details #susp_wextract_anomaly_unsigned_may23",
          "modified": "2024-08-15T02:00:24.886000",
          "created": "2024-07-16T03:01:17.316000",
          "tags": [
            "win32 exe",
            "wextract",
            "kb file",
            "files",
            "file type",
            "javascript",
            "graph",
            "ip detections",
            "country",
            "userprofile",
            "runtime modules",
            "samplepath",
            "delnoderundll32",
            "mpgph131 hr",
            "hourly rl",
            "highest c",
            "mpgph131 lg",
            "onlogon rl",
            "highest",
            "process",
            "registrya",
            "registry keys",
            "registry",
            "windows policy",
            "shell folders",
            "file execution",
            "binary data",
            "security center",
            "text c",
            "peexe c",
            "xml c",
            "zip c",
            "file system",
            "written c",
            "dropped",
            "hashes",
            "windows nt",
            "wow64",
            "referer https",
            "date thu",
            "get https",
            "request",
            "gecko response",
            "gmt connection",
            "gmt vary",
            "etag",
            "accept",
            "win64",
            "query",
            "windows get",
            "internal",
            "set file",
            "create",
            "create process",
            "windows read",
            "shutdown system",
            "modify access",
            "delete registry",
            "enumerate",
            "behavior tags",
            "k0pmbc",
            "spsfsb",
            "ctsu",
            "efq78c",
            "egw7od",
            "en3i8d",
            "i6ydgd",
            "iz1fbc",
            "izt63",
            "kum7z",
            "vs2003",
            "sp1 build",
            "contained",
            "info compiler",
            "products",
            "header intel",
            "name md5",
            "type",
            "language",
            "simplified",
            "army",
            "variant sides",
            "with russia",
            "ramnit",
            "netsupport rat",
            "sneaky server",
            "replacement",
            "unauthorized",
            "sim unlock",
            "emotet",
            "chaos",
            "malicious",
            "critical",
            "copy",
            "life",
            "pe32",
            "intel",
            "ms windows",
            "ms visual",
            "win32 dynamic",
            "link library",
            "win16 ne",
            "pe32 compiler",
            "cc linker",
            "urls",
            "gandi sas",
            "domains",
            "cloudflare",
            "ii llc",
            "psiusa",
            "domain robot",
            "ltd dba",
            "com laude",
            "ascio",
            "contacted",
            "ms word",
            "document",
            "b file",
            "html",
            "javascript jac",
            "html iu3",
            "executed by usa",
            "#wextract",
            "#unsigned",
            "thor",
            "stealer",
            "evader",
            "systemroot",
            "grum",
            "high",
            "delete c",
            "cape",
            "write",
            "103 read",
            "clsid read",
            "date read",
            "trojan",
            "united",
            "unknown",
            "status",
            "cname",
            "creation date",
            "search",
            "as1921",
            "austria unknown",
            "emails",
            "expiration date",
            "date",
            "pragma",
            "next",
            "passive dns",
            "backdoor",
            "win32",
            "scan endpoints",
            "all scoreblue",
            "ipv4",
            "usa",
            "co",
            "teams",
            "cybercrime",
            "spoof",
            "benjamin",
            "dynamicloader",
            "write c",
            "pe32 executable",
            "show",
            "yara rule",
            "windows",
            "recon",
            "worm",
            "powershell",
            "june",
            "delphi",
            "malware",
            "malice",
            "retaliation",
            "through the nights",
            "apple",
            "lenovo",
            "ios",
            "hackers",
            "move",
            "moved"
          ],
          "references": [
            "WEXTRACT.EXE .MUI: FileHash-SHA256 00e5aefb5ffd357e995d1a4ee30735a692780b203cd58e6239637471047d51a4",
            "MALWARE STEALER TROJAN EVADER | WEXTRACT.EXE .MUI | TXTRESSE | via https://www.virustotal.com/gui/domain/www.youtube.com",
            "CS Sigma: Matches rule Suspicious DNS Query for IP Lookup Service APIs by Brandon George (blog post), Thomas Patzke",
            "Critical CS Sigma: Matches rule Suspicious Double Extension File Execution by Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems)",
            "^ by Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems) ^",
            "CS Sigma: Matches rule Disable Windows Defender Functionalities Via Registry Keys by AlertIQ, J\u00e1n Tren\u010dansk\u00fd, frack113, Nasreddine Bencherchali, Swachchhanda Shrawan",
            "CS Sigma: Matches rule Chromium Browser Instance Executed With Custom Extension by Aedan Russell, frack113, X__Junior (Nextron Systems)",
            "CS Sigma: Matches rule Suspicious Add Scheduled Task Parent by Florian Roth (Nextron Systems)",
            "CS Sigma: Matches rule Suspicious Schtasks Schedule Type With High Privileges by Nasreddine Bencherchali (Nextron Systems)",
            "CS Sigma: Matches rule Scheduled Task Creation by Florian Roth (Nextron Systems)",
            "CS IDS: Matches rule (stream_tcp) data sent on stream not accepting data",
            "CS IDS: Matches rule (http_inspect) HTTP response has UTF character set that failed to normalize",
            "CS IDS: Matches rule ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)",
            "CS IDS: Matches rule ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)",
            "CS IDS: Matches rule ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)",
            "CS IDS: Matches rule ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token)  Matches rule ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP)",
            "CS IDS: Matches rule ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)",
            "CS IDS: Matches rule ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent",
            "CS IDS: Matches rule ET MALWARE Suspected RisePro TCP Heartbeat Packet",
            "CS IDS: Matches rule ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)",
            "CS IDS: Matches rule ET MALWARE Win32/Ramnit Checkin Matches rule MALWARE-CNC Win.Trojan.Ramnit variant outbound detected",
            "TXTRESSE: FileHash-SHA256 00001dd58b69582cc30a16b000bce3d96d369487444385489084719676afba4d",
            "Crowdsourced YARA rules: Matches rule UPX from ruleset UPX by kevoreilly",
            "Crowdsourced YARA rules: Matches rule win_ramnit_auto from ruleset win.ramnit_auto by Felix Bilstein - yara-signator at cocacoding dot com",
            "Crowdsourced YARA rules: Matches rule MAL_Ramnit_May19_1 from ruleset crime_nansh0u by Florian Roth (Nextron Systems)",
            "Crowdsourced IDS rules: Matches rule: MALWARE-CNC Win.Trojan.Ramnit variant outbound detected",
            "Crowdsourced IDS rules: Matches rule: (port_scan) UDP filtered",
            "Crowdsourced IDS rules: Matches rule: ET MALWARE Win32/Ramnit Checkin | Matches rule ET DNS Query for .cc TLD",
            "https://www.nextron-systems.com/notes-on-virustotal-matches/",
            "TrojanDownloader:Win32/Upatre ,  Virus:Win32/Sality.AT , Win.Downloader.Small-1645",
            "Antivirus Detections: Backdoor:Win32/Likseput.B ,  PWS:Win32/QQpass.B!MTB ,  Trojan:Win32/Scrarev.C ,  Trojan:Win32/Speesipro.A ,  Trojan:Win32/Zombie.A ,  TrojanDownloader:Win32/Cutwail.BS ,  TrojanDownloader:Win32/Nemucod ,",
            "IDS Detections: Backdoor.Win32.Pushdo.s Checkin Backdoor.Win32.Pushdo.s Checkin Suspicious csrss.exe in URI",
            "https://www.virustotal.com/gui/file/00e5aefb5ffd357e995d1a4ee30735a692780b203cd58e6239637471047d51a4/detection",
            "Jays Youtube Bot.exe > FileHash-SHA256 00514527e00ee001d042",
            "https://www.youtube.com/watch?v=ucEkWcFuH0Y&list=TLPQMDgwNjIwMjKO_xApd0GzPQ&index=2",
            "https://www.youtube.com/watch?v=GyuMozsVyYs",
            "Emotet | YouTube \u2022 Darklivity Podcast \"Unhinged Horror\"",
            "https://otx.alienvault.com/pulse/6694bb9be1b61bf820500004",
            "http://193.233.132.62/hera/amadka.exe | https://www.info-only-men.com/landing/mlp88g?subPublisher=popunder:eu-adsrv.rtbsuperhub.com&zone=popunder:eu-adsrv.rtbsuperhub.com&",
            "https://software-free-phone-2018.win/62ae8f9b-d0cb-4b4c-8318-dd7900e1d092/e29481e9-a792-46a8-bbf0-188ed2a816ae/?brand=Apple&browser=Safari&btd=dHJr",
            "nr-data.net [Apple Private Data Collection]",
            "https://rector-fitiology.icu/99c8d3a6-be16-421a-87a8-40701eae8149?zoneid=6543079&bannerid=18710758&browser=chrome&os=ios&devic",
            "https://software-free-phone-2018.win/7a7c1101-0538-49de-925f-4f4675a5fd1f/3b0669f6-a07e-4eb8-8e2b-d0282d482c1a/?brand=Lenovo&browser=Chr"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "WAT:Blacked-E",
              "display_name": "WAT:Blacked-E",
              "target": null
            },
            {
              "id": "Win32:RmnDrp [Inf]",
              "display_name": "Win32:RmnDrp [Inf]",
              "target": null
            },
            {
              "id": "AI:FileInfector.EAEEA7850C",
              "display_name": "AI:FileInfector.EAEEA7850C",
              "target": null
            },
            {
              "id": "Virus.Ramnit/Nimnul",
              "display_name": "Virus.Ramnit/Nimnul",
              "target": null
            },
            {
              "id": "Trojan.Crifi.1",
              "display_name": "Trojan.Crifi.1",
              "target": null
            },
            {
              "id": "Trojan.MSIL.Injurer.cbd",
              "display_name": "Trojan.MSIL.Injurer.cbd",
              "target": null
            },
            {
              "id": "Win.Downloader.Small-1645",
              "display_name": "Win.Downloader.Small-1645",
              "target": null
            },
            {
              "id": "Trojan:Win32/Scrarev.C",
              "display_name": "Trojan:Win32/Scrarev.C",
              "target": "/malware/Trojan:Win32/Scrarev.C"
            },
            {
              "id": "Trojan:Win32/Zombie.A",
              "display_name": "Trojan:Win32/Zombie.A",
              "target": "/malware/Trojan:Win32/Zombie.A"
            },
            {
              "id": "Trojan:Win32/Speesipro.A",
              "display_name": "Trojan:Win32/Speesipro.A",
              "target": "/malware/Trojan:Win32/Speesipro.A"
            },
            {
              "id": "Virus:Win32/Sality.AT",
              "display_name": "Virus:Win32/Sality.AT",
              "target": "/malware/Virus:Win32/Sality.AT"
            },
            {
              "id": "TrojanDownloader:Win32/Upatre",
              "display_name": "TrojanDownloader:Win32/Upatre",
              "target": "/malware/TrojanDownloader:Win32/Upatre"
            },
            {
              "id": "TrojanDownloader:Win32/Cutwail.BS",
              "display_name": "TrojanDownloader:Win32/Cutwail.BS",
              "target": "/malware/TrojanDownloader:Win32/Cutwail.BS"
            },
            {
              "id": "TrojanDownloader:Win32/Nemucod",
              "display_name": "TrojanDownloader:Win32/Nemucod",
              "target": "/malware/TrojanDownloader:Win32/Nemucod"
            },
            {
              "id": "PWS:Win32/QQpass.B!MTB",
              "display_name": "PWS:Win32/QQpass.B!MTB",
              "target": "/malware/PWS:Win32/QQpass.B!MTB"
            },
            {
              "id": "Backdoor:Win32/Likseput.B",
              "display_name": "Backdoor:Win32/Likseput.B",
              "target": "/malware/Backdoor:Win32/Likseput.B"
            },
            {
              "id": "Worm:Win32/Benjamin",
              "display_name": "Worm:Win32/Benjamin",
              "target": "/malware/Worm:Win32/Benjamin"
            },
            {
              "id": "ALF:HeraklezEval:TrojanSpy:Win32/SocStealer",
              "display_name": "ALF:HeraklezEval:TrojanSpy:Win32/SocStealer",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "TA0037",
              "name": "Command and Control",
              "display_name": "TA0037 - Command and Control"
            },
            {
              "id": "T1588",
              "name": "Obtain Capabilities",
              "display_name": "T1588 - Obtain Capabilities"
            },
            {
              "id": "T1583",
              "name": "Acquire Infrastructure",
              "display_name": "T1583 - Acquire Infrastructure"
            },
            {
              "id": "T1031",
              "name": "Modify Existing Service",
              "display_name": "T1031 - Modify Existing Service"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1472",
              "name": "Generate Fraudulent Advertising Revenue",
              "display_name": "T1472 - Generate Fraudulent Advertising Revenue"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1598",
              "name": "Phishing for Information",
              "display_name": "T1598 - Phishing for Information"
            },
            {
              "id": "T1528",
              "name": "Steal Application Access Token",
              "display_name": "T1528 - Steal Application Access Token"
            },
            {
              "id": "T1539",
              "name": "Steal Web Session Cookie",
              "display_name": "T1539 - Steal Web Session Cookie"
            },
            {
              "id": "T1068",
              "name": "Exploitation for Privilege Escalation",
              "display_name": "T1068 - Exploitation for Privilege Escalation"
            },
            {
              "id": "T1134.004",
              "name": "Parent PID Spoofing",
              "display_name": "T1134.004 - Parent PID Spoofing"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1003.007",
              "name": "Proc Filesystem",
              "display_name": "T1003.007 - Proc Filesystem"
            },
            {
              "id": "T1042",
              "name": "Change Default File Association",
              "display_name": "T1042 - Change Default File Association"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            }
          ],
          "industries": [
            "Media",
            "Technology",
            "Civil Society",
            "Crime Victims"
          ],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 30,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 4312,
            "domain": 1056,
            "hostname": 1818,
            "URL": 5125,
            "FileHash-MD5": 310,
            "FileHash-SHA1": 221,
            "email": 3
          },
          "indicator_count": 12845,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 228,
          "modified_text": "612 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "65f980ad16123b5d52f5f76f",
          "name": "DNS Hijacking - \u4e5d\u79c0\u76f4\u64ad-\u9ad8\u54c1\u8d28\u7f8e\u5973\u5728\u7ebf\u89c6\u9891\u4e92\u52a8\u793e\u533a -MilesIT.com [Report originated from octoseek]",
          "description": "",
          "modified": "2024-04-13T11:00:32.548000",
          "created": "2024-03-19T12:10:21.291000",
          "tags": [
            "q htpps",
            "g htpps",
            "q https",
            "virustotal",
            "exif standard",
            "tiff image",
            "msie",
            "windows nt",
            "wow64",
            "slcc2",
            "media center",
            "default",
            "jpeg image",
            "search",
            "copy",
            "code",
            "write",
            "pecompact",
            "february",
            "packer",
            "delphi",
            "win32",
            "persistence",
            "execution",
            "next",
            "create c",
            "delete c",
            "intel",
            "ms windows",
            "pe32",
            "precreate read",
            "united",
            "show",
            "regsetvalueexa",
            "trojan",
            "markus",
            "mozilla",
            "write c",
            "json",
            "entries",
            "ascii text",
            "data",
            "as15169",
            "error",
            "malware",
            "win64",
            "denmark as32934",
            "ip hostname",
            "reverse ip",
            "lookup country",
            "as7018 att",
            "as14618",
            "as54113",
            "country code",
            "as36081 state",
            "redirect chain",
            "redirection",
            "location",
            "lakewood",
            "emails",
            "as name",
            "ssl certificate",
            "whois record",
            "k0pmbc",
            "spsfsb",
            "zwdk9d",
            "vwdzfe",
            "contacted",
            "referrer",
            "ntmzac",
            "historical ssl",
            "august",
            "hacktool",
            "core",
            "agent tesla",
            "emotet",
            "chaos",
            "ransomexx",
            "quasar",
            "algorithm",
            "v3 serial",
            "number",
            "cus cnamazon",
            "validity",
            "subject public",
            "key info",
            "key algorithm",
            "key identifier",
            "subject key",
            "first",
            "server",
            "registrar abuse",
            "date",
            "markmonitor",
            "epic games",
            "iana id",
            "contact phone",
            "domain status",
            "registrar whois",
            "registrar",
            "win32 exe",
            "python",
            "launchres",
            "win32 dll",
            "unrealengine",
            "detections type",
            "name",
            "bundled",
            "ctsu",
            "smokeloader",
            "privateloader",
            "relic",
            "monitoring",
            "startpage",
            "\u7f8e\u5973\u76f4\u64ad",
            "\u7f8e\u5973\u89c6\u9891",
            "\u7f8e\u5973\u4e3b\u64ad",
            "\u89c6\u9891\u804a\u5929",
            "\u89c6\u9891\u4ea4\u53cb",
            "\u7f8e\u5973\u4ea4\u53cb",
            "\u7f8e\u5973\u79c0\u573a",
            "\u6e05\u7eaf\u7f8e\u5973",
            "\u6027\u611f\u7f8e\u5973",
            "\u7f8e\u5973\u4e92\u52a8",
            "\u7f8e\u5973\u804a\u5929",
            "\u7f8e\u5973\u5728\u7ebf\u8868\u6f14",
            "\u7f8e\u5973\u76f4\u64ad\u95f4",
            "\u7f8e\u5973\u804a\u5929\u5ba4",
            "icp2021030667",
            "0110542",
            "copyright",
            "rights reserved",
            "resolutions",
            "contacted urls",
            "siblings domain",
            "siblings",
            "parent domain",
            "cname",
            "whitelisted",
            "status",
            "as15169 google",
            "asnone united",
            "servers",
            "aaaa",
            "body",
            "sample",
            "samples",
            "detection list",
            "blacklist",
            "cisco umbrella",
            "site",
            "site top",
            "heur",
            "alexa top",
            "safe site",
            "million",
            "million alexa",
            "site safe",
            "malicious site",
            "unsafe",
            "alexa",
            "riskware",
            "artemis",
            "blacknet rat",
            "quasar rat",
            "crack",
            "presenoker",
            "dapato",
            "stealer",
            "phish",
            "memscan",
            "nsis",
            "phishing",
            "bulz",
            "maltiverse",
            "trojanspy",
            "blacknet",
            "zbot",
            "aig",
            "unknown",
            "passive dns",
            "urls",
            "expiresthu",
            "gmt path",
            "scan endpoints",
            "encrypt",
            "dynamicloader",
            "high",
            "medium",
            "qaeaav12",
            "windows",
            "cape",
            "windows wget",
            "suspicious",
            "powershell",
            "canvas",
            "form",
            "showing",
            "all octoseek",
            "url https",
            "pulse pulses",
            "http",
            "ip address",
            "related nids",
            "files location",
            "cus cnr3",
            "olet",
            "l http",
            "wifi",
            "wifi access",
            "wifi hotspot",
            "wifi internet",
            "southwest wifi",
            "inflight",
            "inflight entertainment",
            "southwest",
            "comedy",
            "internet",
            "strong",
            "drama",
            "google chrome",
            "business select",
            "internet access",
            "apple safari",
            "book",
            "rapid",
            "love",
            "summer",
            "poppy",
            "floyd",
            "district",
            "jackson",
            "kevin",
            "live",
            "music",
            "upgrade",
            "gift",
            "lost",
            "carol",
            "canada",
            "cobalt strike",
            "malicious",
            "fragtor",
            "phishing paypal",
            "mail spammer"
          ],
          "references": [
            "https://www.9xiuzb.com/activity/activity_pcunion?piusr=t_420",
            "tracking.epicgames.com | epicgames.com | https://www.epicgames.com/id/activate",
            "Conneted to Network: drcody@milesit.com | milesit.com | milestechnologies.com | info.milestechnologies.com | www.milesit.com | www.milestechnologies.com",
            "Conneted to Network: http://seed.wavebrowser.co/seed?osname=win&channel=stable&milestone=1 | f16ac036e3.nxcli.net",
            "Conneted to Network: https://getconnected.southwestwifi.com | www.coloradoltcpartnership.org",
            "https://otx.alienvault.com/otxapi/indicators/file/screenshot/58d35aa65e820e83be595049b9e5a223ffb1f5f9111b64ccdd2622479cda9e1b",
            "https://otx.alienvault.com/otxapi/indicators/file/screenshot/233e5b27962a141061eff04ae07699d1a2faa8d47077a2da31770a5f59327ee3",
            "https://otx.alienvault.com/indicator/file/58d35aa65e820e83be595049b9e5a223ffb1f5f9111b64ccdd2622479cda9e1b",
            "https://otx.alienvault.com/otxapi/indicators/file/screenshot/f0d38614f706da3a08acdf7188eac139a352621ccada40e5e22d191412acc357",
            "Phone purchased for target by a 'self-proclaimed' W/F PI from Lakewood, Colorado w/o consent/prior knowledge. PI fitful, so target paid for phone.",
            "Found claims PI was a hacker. Brother a hitman. Verbalized non-specific affiliation w/City of Lakewood. Refused to provide target phone passcode.",
            "Target admits to ignoring major signs: 'PI' called just before request submitted.Spent hours researching & denouncing targets former 'questionable 'PI",
            "'PI' feigned high concern for target, begged her to meet at 10 P.M. Target refused. Target states she will only meet in safe public spot in daylight.",
            "'PI' arrives in separate car w/unseen veteran. Points out DV LP to target , states he's not with her. Leads target to restaurant 'to talk'. Stays awhile.",
            "'PI' orders 2 meals. Leaves restaurant a few times. Talks about troubled mother  w/medication addictions. Incredibly emotional vowing to be better.",
            "Emotionally demands disabled target cash advanced to pay all bills. Denies formerly alleged abilities & skills, still wants $1500 for 4 hours of nothing.",
            "Of note: Alleging Federal Investigator calls target. Found her in Bark? No. He asks for $4G to relocate target in 2 days provide hacker secured iPhone.",
            "'PI' claims to have information. Sends  picture of who he claims is attacker now millionaire owner of Mile High Sports & Rehabilitation. Asks if she knew.",
            "Target knows nothing about assaulter. Chicago Fed  text photo for target to confirm identity of attacker. Be sends a photo of Dr. John T. Sasha.",
            "Target was treated by Dr. Sasha, was not assaulter. Target relays Law Firm dropped her as she refused to include Sasha in Injury claim.",
            "Goal to present targets case, blame & have Sacha removed by board of Colorado attorneys. Widely known firm angrily begins misconduct in her case.",
            "Fed alleged if Sasha was in cahoots she could get millions. Target again refused. Alleging Chicago Fed contends be needs  to move her 50+ miles.",
            "Fed lost interest after satisfied Sasha wasn't of interest. Target interest to rid self of hackers and stalkers. Inundated with  calls from fake PI's.",
            "Colorado doesn't require a PI licensure. That's a major problem as many stalkers, malicious hackers & the ruthless are drawn to this occupation.",
            "Metro T-Mobile refuses refund. Allows target to store phone with them in resealed box. When retrieved box opened and tampered with.",
            "Issues: Target contacted a single PI from a very compromised device, received sealed as gift from trusted person via provider. Others contact her.",
            "I know this isn't a blog. If someone is targeted, every device will be compromised. It's the goal of the attackers. Unwarranted bounty found.",
            "Law enforcement aware and assure target in person she's not a suspect in any crime is Colorado or nationally. All DA's, law enforcement PI's check.",
            "You can either have a runner or become a hacker. Only  2 choices for targeted individuals. Target needs to become ethical hacker or ethical grey hat, Purple teamer.",
            "Device security reset temporarily before epicgames[.]com a resource being used attempted to self download.  Relentless...",
            "Self whitelisting tool, domains moved within nginx."
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Bulz",
              "display_name": "Bulz",
              "target": null
            },
            {
              "id": "Quasar",
              "display_name": "Quasar",
              "target": null
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            },
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "BlackNET",
              "display_name": "BlackNET",
              "target": null
            },
            {
              "id": "Zbot",
              "display_name": "Zbot",
              "target": null
            },
            {
              "id": "Fragtor",
              "display_name": "Fragtor",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1003",
              "name": "OS Credential Dumping",
              "display_name": "T1003 - OS Credential Dumping"
            },
            {
              "id": "T1005",
              "name": "Data from Local System",
              "display_name": "T1005 - Data from Local System"
            },
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1081",
              "name": "Credentials in Files",
              "display_name": "T1081 - Credentials in Files"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1119",
              "name": "Automated Collection",
              "display_name": "T1119 - Automated Collection"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1040",
              "name": "Network Sniffing",
              "display_name": "T1040 - Network Sniffing"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1199",
              "name": "Trusted Relationship",
              "display_name": "T1199 - Trusted Relationship"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1557",
              "name": "Man-in-the-Middle",
              "display_name": "T1557 - Man-in-the-Middle"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": "65f4ba867ec44a4dc0e6fc96",
          "export_count": 51,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 8753,
            "domain": 1525,
            "hostname": 3740,
            "FileHash-SHA256": 6746,
            "FileHash-MD5": 619,
            "FileHash-SHA1": 509,
            "SSLCertFingerprint": 3,
            "CVE": 8,
            "CIDR": 5,
            "email": 7
          },
          "indicator_count": 21915,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 235,
          "modified_text": "736 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "65f4ba867ec44a4dc0e6fc96",
          "name": "DNS Hijacking - \u4e5d\u79c0\u76f4\u64ad-\u9ad8\u54c1\u8d28\u7f8e\u5973\u5728\u7ebf\u89c6\u9891\u4e92\u52a8\u793e\u533a -MilesIT.com",
          "description": "Jiuxiu Live - High-quality beauty online video interactive community - \u4e5d\u79c0\u76f4\u64ad-\u9ad8\u54c1\u8d28\u7f8e\u5973\u5728\u7ebf\u89c6\u9891\u4e92\u52a8\u793e\u533a -porn dump. Performed tiny DNS test on affected target. \nDNS stuffing  pornography. DNSpionage , custom browser, DNS tunneling encoding  data, programs, protocols, DNS queries, responses, amplification attack; perform  (DDoS) on server, flood attack,  spoofing.  Attack. Miles IT & affiliated logging inas target. Pitfall of being compromised for some; you won't speak to legitimate business unless you know & recognize voice. \nSome notations in references.",
          "modified": "2024-04-13T11:00:32.548000",
          "created": "2024-03-15T21:15:50.802000",
          "tags": [
            "q htpps",
            "g htpps",
            "q https",
            "virustotal",
            "exif standard",
            "tiff image",
            "msie",
            "windows nt",
            "wow64",
            "slcc2",
            "media center",
            "default",
            "jpeg image",
            "search",
            "copy",
            "code",
            "write",
            "pecompact",
            "february",
            "packer",
            "delphi",
            "win32",
            "persistence",
            "execution",
            "next",
            "create c",
            "delete c",
            "intel",
            "ms windows",
            "pe32",
            "precreate read",
            "united",
            "show",
            "regsetvalueexa",
            "trojan",
            "markus",
            "mozilla",
            "write c",
            "json",
            "entries",
            "ascii text",
            "data",
            "as15169",
            "error",
            "malware",
            "win64",
            "denmark as32934",
            "ip hostname",
            "reverse ip",
            "lookup country",
            "as7018 att",
            "as14618",
            "as54113",
            "country code",
            "as36081 state",
            "redirect chain",
            "redirection",
            "location",
            "lakewood",
            "emails",
            "as name",
            "ssl certificate",
            "whois record",
            "k0pmbc",
            "spsfsb",
            "zwdk9d",
            "vwdzfe",
            "contacted",
            "referrer",
            "ntmzac",
            "historical ssl",
            "august",
            "hacktool",
            "core",
            "agent tesla",
            "emotet",
            "chaos",
            "ransomexx",
            "quasar",
            "algorithm",
            "v3 serial",
            "number",
            "cus cnamazon",
            "validity",
            "subject public",
            "key info",
            "key algorithm",
            "key identifier",
            "subject key",
            "first",
            "server",
            "registrar abuse",
            "date",
            "markmonitor",
            "epic games",
            "iana id",
            "contact phone",
            "domain status",
            "registrar whois",
            "registrar",
            "win32 exe",
            "python",
            "launchres",
            "win32 dll",
            "unrealengine",
            "detections type",
            "name",
            "bundled",
            "ctsu",
            "smokeloader",
            "privateloader",
            "relic",
            "monitoring",
            "startpage",
            "\u7f8e\u5973\u76f4\u64ad",
            "\u7f8e\u5973\u89c6\u9891",
            "\u7f8e\u5973\u4e3b\u64ad",
            "\u89c6\u9891\u804a\u5929",
            "\u89c6\u9891\u4ea4\u53cb",
            "\u7f8e\u5973\u4ea4\u53cb",
            "\u7f8e\u5973\u79c0\u573a",
            "\u6e05\u7eaf\u7f8e\u5973",
            "\u6027\u611f\u7f8e\u5973",
            "\u7f8e\u5973\u4e92\u52a8",
            "\u7f8e\u5973\u804a\u5929",
            "\u7f8e\u5973\u5728\u7ebf\u8868\u6f14",
            "\u7f8e\u5973\u76f4\u64ad\u95f4",
            "\u7f8e\u5973\u804a\u5929\u5ba4",
            "icp2021030667",
            "0110542",
            "copyright",
            "rights reserved",
            "resolutions",
            "contacted urls",
            "siblings domain",
            "siblings",
            "parent domain",
            "cname",
            "whitelisted",
            "status",
            "as15169 google",
            "asnone united",
            "servers",
            "aaaa",
            "body",
            "sample",
            "samples",
            "detection list",
            "blacklist",
            "cisco umbrella",
            "site",
            "site top",
            "heur",
            "alexa top",
            "safe site",
            "million",
            "million alexa",
            "site safe",
            "malicious site",
            "unsafe",
            "alexa",
            "riskware",
            "artemis",
            "blacknet rat",
            "quasar rat",
            "crack",
            "presenoker",
            "dapato",
            "stealer",
            "phish",
            "memscan",
            "nsis",
            "phishing",
            "bulz",
            "maltiverse",
            "trojanspy",
            "blacknet",
            "zbot",
            "aig",
            "unknown",
            "passive dns",
            "urls",
            "expiresthu",
            "gmt path",
            "scan endpoints",
            "encrypt",
            "dynamicloader",
            "high",
            "medium",
            "qaeaav12",
            "windows",
            "cape",
            "windows wget",
            "suspicious",
            "powershell",
            "canvas",
            "form",
            "showing",
            "all octoseek",
            "url https",
            "pulse pulses",
            "http",
            "ip address",
            "related nids",
            "files location",
            "cus cnr3",
            "olet",
            "l http",
            "wifi",
            "wifi access",
            "wifi hotspot",
            "wifi internet",
            "southwest wifi",
            "inflight",
            "inflight entertainment",
            "southwest",
            "comedy",
            "internet",
            "strong",
            "drama",
            "google chrome",
            "business select",
            "internet access",
            "apple safari",
            "book",
            "rapid",
            "love",
            "summer",
            "poppy",
            "floyd",
            "district",
            "jackson",
            "kevin",
            "live",
            "music",
            "upgrade",
            "gift",
            "lost",
            "carol",
            "canada",
            "cobalt strike",
            "malicious",
            "fragtor",
            "phishing paypal",
            "mail spammer"
          ],
          "references": [
            "https://www.9xiuzb.com/activity/activity_pcunion?piusr=t_420",
            "tracking.epicgames.com | epicgames.com | https://www.epicgames.com/id/activate",
            "Conneted to Network: drcody@milesit.com | milesit.com | milestechnologies.com | info.milestechnologies.com | www.milesit.com | www.milestechnologies.com",
            "Conneted to Network: http://seed.wavebrowser.co/seed?osname=win&channel=stable&milestone=1 | f16ac036e3.nxcli.net",
            "Conneted to Network: https://getconnected.southwestwifi.com | www.coloradoltcpartnership.org",
            "https://otx.alienvault.com/otxapi/indicators/file/screenshot/58d35aa65e820e83be595049b9e5a223ffb1f5f9111b64ccdd2622479cda9e1b",
            "https://otx.alienvault.com/otxapi/indicators/file/screenshot/233e5b27962a141061eff04ae07699d1a2faa8d47077a2da31770a5f59327ee3",
            "https://otx.alienvault.com/indicator/file/58d35aa65e820e83be595049b9e5a223ffb1f5f9111b64ccdd2622479cda9e1b",
            "https://otx.alienvault.com/otxapi/indicators/file/screenshot/f0d38614f706da3a08acdf7188eac139a352621ccada40e5e22d191412acc357",
            "Phone purchased for target by a 'self-proclaimed' W/F PI from Lakewood, Colorado w/o consent/prior knowledge. PI fitful, so target paid for phone.",
            "Found claims PI was a hacker. Brother a hitman. Verbalized non-specific affiliation w/City of Lakewood. Refused to provide target phone passcode.",
            "Target admits to ignoring major signs: 'PI' called just before request submitted.Spent hours researching & denouncing targets former 'questionable 'PI",
            "'PI' feigned high concern for target, begged her to meet at 10 P.M. Target refused. Target states she will only meet in safe public spot in daylight.",
            "'PI' arrives in separate car w/unseen veteran. Points out DV LP to target , states he's not with her. Leads target to restaurant 'to talk'. Stays awhile.",
            "'PI' orders 2 meals. Leaves restaurant a few times. Talks about troubled mother  w/medication addictions. Incredibly emotional vowing to be better.",
            "Emotionally demands disabled target cash advanced to pay all bills. Denies formerly alleged abilities & skills, still wants $1500 for 4 hours of nothing.",
            "Of note: Alleging Federal Investigator calls target. Found her in Bark? No. He asks for $4G to relocate target in 2 days provide hacker secured iPhone.",
            "'PI' claims to have information. Sends  picture of who he claims is attacker now millionaire owner of Mile High Sports & Rehabilitation. Asks if she knew.",
            "Target knows nothing about assaulter. Chicago Fed  text photo for target to confirm identity of attacker. Be sends a photo of Dr. John T. Sasha.",
            "Target was treated by Dr. Sasha, was not assaulter. Target relays Law Firm dropped her as she refused to include Sasha in Injury claim.",
            "Goal to present targets case, blame & have Sacha removed by board of Colorado attorneys. Widely known firm angrily begins misconduct in her case.",
            "Fed alleged if Sasha was in cahoots she could get millions. Target again refused. Alleging Chicago Fed contends be needs  to move her 50+ miles.",
            "Fed lost interest after satisfied Sasha wasn't of interest. Target interest to rid self of hackers and stalkers. Inundated with  calls from fake PI's.",
            "Colorado doesn't require a PI licensure. That's a major problem as many stalkers, malicious hackers & the ruthless are drawn to this occupation.",
            "Metro T-Mobile refuses refund. Allows target to store phone with them in resealed box. When retrieved box opened and tampered with.",
            "Issues: Target contacted a single PI from a very compromised device, received sealed as gift from trusted person via provider. Others contact her.",
            "I know this isn't a blog. If someone is targeted, every device will be compromised. It's the goal of the attackers. Unwarranted bounty found.",
            "Law enforcement aware and assure target in person she's not a suspect in any crime is Colorado or nationally. All DA's, law enforcement PI's check.",
            "You can either have a runner or become a hacker. Only  2 choices for targeted individuals. Target needs to become ethical hacker or ethical grey hat, Purple teamer.",
            "Device security reset temporarily before epicgames[.]com a resource being used attempted to self download.  Relentless...",
            "Self whitelisting tool, domains moved within nginx."
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Bulz",
              "display_name": "Bulz",
              "target": null
            },
            {
              "id": "Quasar",
              "display_name": "Quasar",
              "target": null
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            },
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "BlackNET",
              "display_name": "BlackNET",
              "target": null
            },
            {
              "id": "Zbot",
              "display_name": "Zbot",
              "target": null
            },
            {
              "id": "Fragtor",
              "display_name": "Fragtor",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1003",
              "name": "OS Credential Dumping",
              "display_name": "T1003 - OS Credential Dumping"
            },
            {
              "id": "T1005",
              "name": "Data from Local System",
              "display_name": "T1005 - Data from Local System"
            },
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1081",
              "name": "Credentials in Files",
              "display_name": "T1081 - Credentials in Files"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1119",
              "name": "Automated Collection",
              "display_name": "T1119 - Automated Collection"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1040",
              "name": "Network Sniffing",
              "display_name": "T1040 - Network Sniffing"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1199",
              "name": "Trusted Relationship",
              "display_name": "T1199 - Trusted Relationship"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1557",
              "name": "Man-in-the-Middle",
              "display_name": "T1557 - Man-in-the-Middle"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 60,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 8753,
            "domain": 1525,
            "hostname": 3740,
            "FileHash-SHA256": 6746,
            "FileHash-MD5": 619,
            "FileHash-SHA1": 509,
            "SSLCertFingerprint": 3,
            "CVE": 8,
            "CIDR": 5,
            "email": 7
          },
          "indicator_count": 21915,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 227,
          "modified_text": "736 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570a464c07b076a6022abbe",
          "name": "Social Engineering - Anonymizer  - Qakbot \u221a",
          "description": "",
          "modified": "2023-12-06T16:42:12.952000",
          "created": "2023-12-06T16:42:12.952000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 9,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 28,
            "URL": 247,
            "FileHash-SHA256": 705,
            "hostname": 126,
            "FileHash-MD5": 17,
            "FileHash-SHA1": 13
          },
          "indicator_count": 1136,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570a127b18f314c64abf0ca",
          "name": "MITRE ATT&C - T1140 - Deobfuscate/Decode Files or Information",
          "description": "",
          "modified": "2023-12-06T16:28:23.639000",
          "created": "2023-12-06T16:28:23.639000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 8,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 1651,
            "FileHash-MD5": 32,
            "FileHash-SHA1": 25,
            "hostname": 939,
            "domain": 339,
            "URL": 2307,
            "email": 2
          },
          "indicator_count": 5295,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 110,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570a11eb966ec5b823d2ae8",
          "name": "Drive By Malware",
          "description": "",
          "modified": "2023-12-06T16:28:14.217000",
          "created": "2023-12-06T16:28:14.217000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 8,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 1651,
            "FileHash-MD5": 32,
            "FileHash-SHA1": 25,
            "hostname": 939,
            "domain": 339,
            "URL": 2307,
            "email": 2
          },
          "indicator_count": 5295,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 111,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570a11966ff39f73aed8c7d",
          "name": "Fileless Malware",
          "description": "",
          "modified": "2023-12-06T16:28:09.128000",
          "created": "2023-12-06T16:28:09.128000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 8,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 1651,
            "FileHash-MD5": 32,
            "FileHash-SHA1": 25,
            "hostname": 939,
            "domain": 339,
            "URL": 2307,
            "email": 2
          },
          "indicator_count": 5295,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 110,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570a0c0b966ec5b823d2ae7",
          "name": "PROXY - Defense Evasion \u2022 Malicious Spammer",
          "description": "",
          "modified": "2023-12-06T16:26:40.335000",
          "created": "2023-12-06T16:26:40.335000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 8,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 28,
            "URL": 247,
            "FileHash-SHA256": 705,
            "hostname": 126,
            "FileHash-MD5": 17,
            "FileHash-SHA1": 13
          },
          "indicator_count": 1136,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570a05bc6152413ed0fdbaa",
          "name": "Social Engineering -Striven Anonymizer",
          "description": "",
          "modified": "2023-12-06T16:24:59.615000",
          "created": "2023-12-06T16:24:59.615000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 8,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 28,
            "URL": 247,
            "FileHash-SHA256": 705,
            "hostname": 126,
            "FileHash-MD5": 17,
            "FileHash-SHA1": 13
          },
          "indicator_count": 1136,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570972ccaeed5791f7bf452",
          "name": "https://itunes.apple.com/us/app/live-sport-tv-listing-guide/id1182257083?ls=1&mt=8 and https://play.google.com/store/apps/details?id=sport.mobile2ads.com",
          "description": "",
          "modified": "2023-12-06T15:45:48.530000",
          "created": "2023-12-06T15:45:48.530000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 406,
            "FileHash-MD5": 53,
            "FileHash-SHA1": 51,
            "hostname": 58,
            "domain": 49,
            "URL": 169,
            "email": 2
          },
          "indicator_count": 788,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 110,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570972886cebe9b81c62534",
          "name": "oops wrong title this was the goo playstore version for 2m.ma sporttotal",
          "description": "",
          "modified": "2023-12-06T15:45:44.788000",
          "created": "2023-12-06T15:45:44.788000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 264,
            "hostname": 20,
            "URL": 55,
            "domain": 1
          },
          "indicator_count": 340,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 110,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570919f567f88c3b2dd75c6",
          "name": "twitter.com/FLDEO",
          "description": "",
          "modified": "2023-12-06T15:22:07.801000",
          "created": "2023-12-06T15:22:07.801000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 1186,
            "hostname": 229,
            "domain": 132,
            "URL": 778,
            "CIDR": 4,
            "FileHash-MD5": 18
          },
          "indicator_count": 2347,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "65708431101fabb9bba6f2ca",
          "name": "twitter.com.sncfconnect.",
          "description": "",
          "modified": "2023-12-06T14:24:49.902000",
          "created": "2023-12-06T14:24:49.902000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 1184,
            "hostname": 190,
            "domain": 134,
            "URL": 718,
            "CIDR": 4,
            "FileHash-MD5": 18
          },
          "indicator_count": 2248,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64eed9e039cd84d4b7b9aa54",
          "name": "MITRE ATT&C - T1140 - Deobfuscate/Decode Files or Information ",
          "description": "",
          "modified": "2023-09-28T21:05:16.310000",
          "created": "2023-08-30T05:55:44.012000",
          "tags": [
            "as15169 google",
            "united",
            "aaaa",
            "domain",
            "search",
            "cname",
            "passive dns",
            "urls",
            "entries",
            "dashboard",
            "date",
            "sha1",
            "ssdeep",
            "tnull file",
            "magic",
            "file size",
            "software",
            "ioctype",
            "iocvalue",
            "refunds",
            "show less",
            "line",
            "value",
            "august",
            "variables",
            "recordimlel",
            "fcssrowkey",
            "ijvalues",
            "wjdd object",
            "berr",
            "mxndff boolean",
            "url age"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": "64ee70f9eaecf035471ff80c",
          "export_count": 12,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 339,
            "email": 2,
            "FileHash-MD5": 32,
            "FileHash-SHA1": 25,
            "FileHash-SHA256": 1651,
            "hostname": 939,
            "URL": 2307
          },
          "indicator_count": 5295,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 223,
          "modified_text": "933 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64ee70f9eaecf035471ff80c",
          "name": "Drive By Malware ",
          "description": "",
          "modified": "2023-09-28T21:05:16.310000",
          "created": "2023-08-29T22:28:09.867000",
          "tags": [
            "as15169 google",
            "united",
            "aaaa",
            "domain",
            "search",
            "cname",
            "passive dns",
            "urls",
            "entries",
            "dashboard",
            "date",
            "sha1",
            "ssdeep",
            "tnull file",
            "magic",
            "file size",
            "software",
            "ioctype",
            "iocvalue",
            "refunds",
            "show less",
            "line",
            "value",
            "august",
            "variables",
            "recordimlel",
            "fcssrowkey",
            "ijvalues",
            "wjdd object",
            "berr",
            "mxndff boolean",
            "url age"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": "64ee7075f37dad88d73c3830",
          "export_count": 15,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 339,
            "email": 2,
            "FileHash-MD5": 32,
            "FileHash-SHA1": 25,
            "FileHash-SHA256": 1651,
            "hostname": 939,
            "URL": 2307
          },
          "indicator_count": 5295,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 221,
          "modified_text": "933 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64ee7075f37dad88d73c3830",
          "name": "Fileless Malware",
          "description": "An example of 1 dangerous exploit. \nThis happened on Brand New fully updated locked down Apple iPhone, Samsung. If you happen to be looking at your phone, you may witness the following: Google logo on appengine.goohke .com Drive By will have a disclaimer that it is NOT affiliate.\nYou will see:\nhttps://accounts.google.com/AccountChooser?continue\nAll of your Gmail accounts will be displayed your primary account will be checked. The drive by happens at tspeed of 2 -3 seconds. Without clicking, your entire phone is compromised. Every account, locations, maps, YouTube, voice, camera, , keyloggers installed. This is not your fault. You are a target. There are empty hashes. It's fileless malware which does not write to storage. \nPhishing, malware hosting, other IoC s.\nExtremely hazardous, renders phone a zombie. New network and data plan all without your explicit consent.\nWelcome to the BotNetwork.\nhttp://appengine.google.com/\naccounts.google.com\nconsent.google.com/m?---- (Forced Consent on iOS device)",
          "modified": "2023-09-28T21:05:16.310000",
          "created": "2023-08-29T22:25:53.474000",
          "tags": [
            "as15169 google",
            "united",
            "aaaa",
            "domain",
            "search",
            "cname",
            "passive dns",
            "urls",
            "entries",
            "dashboard",
            "date",
            "sha1",
            "ssdeep",
            "tnull file",
            "magic",
            "file size",
            "software",
            "ioctype",
            "iocvalue",
            "refunds",
            "show less",
            "line",
            "value",
            "august",
            "variables",
            "recordimlel",
            "fcssrowkey",
            "ijvalues",
            "wjdd object",
            "berr",
            "mxndff boolean",
            "url age"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 13,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 339,
            "email": 2,
            "FileHash-MD5": 32,
            "FileHash-SHA1": 25,
            "FileHash-SHA256": 1651,
            "hostname": 939,
            "URL": 2307
          },
          "indicator_count": 5295,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 219,
          "modified_text": "933 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6500a47dd316d0ea5616044d",
          "name": "Social Engineering - Anonymizer  - Qakbot \u221a",
          "description": "",
          "modified": "2023-09-19T20:04:24.850000",
          "created": "2023-09-12T17:48:45.349000",
          "tags": [
            "qakbot",
            "string",
            "social engineering",
            "click",
            "malspam",
            "chromeua",
            "optout",
            "drmedgeua",
            "pattern match",
            "unicode",
            "optin",
            "suspicious",
            "footer",
            "ansi",
            "dropped file",
            "localappdata",
            "scam",
            "anonymizer",
            "Binary Padding",
            "Apt",
            "Defense Evasion",
            "junk files"
          ],
          "references": [
            "https://login.striven.com/Security/Login.aspx192.118.8.10",
            "MilesIT"
          ],
          "public": 1,
          "adversary": "Striven",
          "targeted_countries": [
            "United States of America",
            "Israel"
          ],
          "malware_families": [
            {
              "id": "Black Basta (ELF)",
              "display_name": "Black Basta (ELF)",
              "target": null
            },
            {
              "id": "ALF:MonitoringTool:AndroidOS/FinSpy",
              "display_name": "ALF:MonitoringTool:AndroidOS/FinSpy",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [
            "Cyber Security"
          ],
          "TLP": "white",
          "cloned_from": "64e26c454e86439fd9462541",
          "export_count": 21,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 201,
            "domain": 52,
            "URL": 443,
            "FileHash-MD5": 17,
            "FileHash-SHA256": 738,
            "FileHash-SHA1": 13
          },
          "indicator_count": 1464,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 222,
          "modified_text": "943 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64e7c73087130803d20066ef",
          "name": "PROXY - Defense Evasion \u2022 Malicious Spammer ",
          "description": "",
          "modified": "2023-09-19T20:04:24.850000",
          "created": "2023-08-24T21:10:08.493000",
          "tags": [
            "qakbot",
            "string",
            "social engineering",
            "click",
            "malspam",
            "chromeua",
            "optout",
            "drmedgeua",
            "pattern match",
            "unicode",
            "optin",
            "suspicious",
            "footer",
            "ansi",
            "dropped file",
            "localappdata",
            "scam",
            "anonymizer",
            "Binary Padding",
            "Apt",
            "Defense Evasion",
            "junk files"
          ],
          "references": [
            "https://login.striven.com/Security/Login.aspx192.118.8.10",
            "MilesIT"
          ],
          "public": 1,
          "adversary": "Striven",
          "targeted_countries": [
            "United States of America",
            "Israel"
          ],
          "malware_families": [
            {
              "id": "Black Basta (ELF)",
              "display_name": "Black Basta (ELF)",
              "target": null
            },
            {
              "id": "ALF:MonitoringTool:AndroidOS/FinSpy",
              "display_name": "ALF:MonitoringTool:AndroidOS/FinSpy",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [
            "Cyber Security"
          ],
          "TLP": "white",
          "cloned_from": "64e26c454e86439fd9462541",
          "export_count": 18,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 201,
            "domain": 52,
            "URL": 443,
            "FileHash-MD5": 17,
            "FileHash-SHA256": 738,
            "FileHash-SHA1": 13
          },
          "indicator_count": 1464,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 221,
          "modified_text": "943 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64e26c454e86439fd9462541",
          "name": "Social Engineering -Striven Anonymizer",
          "description": "Optin Example: Affected (device w/vulnerabilities or in BotNetwork, etc) clocks on a ' Sponsored Ad' that fits search query. Will view webpage and Optin to be contacted by email and/or telephone. Both methods will likely be required by attacker. Bad actor will call immediately, quality of call can be surprisingly poor (obnoxiously noisy), BA takes assessment, quotes prices much higher than should be. You are desperate because no one else can help. Actor will demand email,  will send various attachments, all malicious. Will not look suspicious, (strategy, video introduction, proposal, etc). Once you don't respond you may  receive email contact from different email, more attachments. Follow ups...by now bad actor has full use of device. Spyware. Apps auto download, blocked  from removal. Incredible cycle.\n\n\nLogin.aspx192.118.8.10 = 192.118.8.10\niphones.orange.co.il\nhttps://www.partner.co.il/n/login?utm_source=sm",
          "modified": "2023-09-19T20:04:24.850000",
          "created": "2023-08-20T19:40:53.299000",
          "tags": [
            "qakbot",
            "string",
            "social engineering",
            "click",
            "malspam",
            "chromeua",
            "optout",
            "drmedgeua",
            "pattern match",
            "unicode",
            "optin",
            "suspicious",
            "footer",
            "ansi",
            "dropped file",
            "localappdata",
            "scam",
            "anonymizer",
            "Binary Padding",
            "Apt",
            "Defense Evasion",
            "junk files"
          ],
          "references": [
            "https://login.striven.com/Security/Login.aspx192.118.8.10",
            "MilesIT"
          ],
          "public": 1,
          "adversary": "Striven",
          "targeted_countries": [
            "United States of America",
            "Israel"
          ],
          "malware_families": [
            {
              "id": "Black Basta (ELF)",
              "display_name": "Black Basta (ELF)",
              "target": null
            },
            {
              "id": "ALF:MonitoringTool:AndroidOS/FinSpy",
              "display_name": "ALF:MonitoringTool:AndroidOS/FinSpy",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [
            "Cyber Security"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 21,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 201,
            "domain": 52,
            "URL": 443,
            "FileHash-MD5": 17,
            "FileHash-SHA256": 738,
            "FileHash-SHA1": 13
          },
          "indicator_count": 1464,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 220,
          "modified_text": "943 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "63ee3cebfc1591ef9628202c",
          "name": "https://itunes.apple.com/us/app/live-sport-tv-listing-guide/id1182257083?ls=1&mt=8 and https://play.google.com/store/apps/details?id=sport.mobile2ads.com",
          "description": "A chronology of key events:-1.1-3.4-4.3-year-old, 1.2-2.5-magnitude, 2.6-million-second.",
          "modified": "2023-03-18T14:03:15.873000",
          "created": "2023-02-16T14:25:47.934000",
          "tags": [
            "tcpmiss",
            "cookie",
            "sandbox",
            "malware",
            "analysis",
            "online",
            "submit",
            "vxstream",
            "sample",
            "download",
            "trojan",
            "apt",
            "runtime data",
            "ansi",
            "localappdata",
            "hash seen",
            "size",
            "runtime process",
            "unicode",
            "sha256",
            "sha1",
            "temp",
            "entropy",
            "date",
            "hybrid",
            "close",
            "click",
            "ransomware",
            "february",
            "general",
            "strings",
            "format",
            "suspicious",
            "self",
            "script",
            "live sport tv listing guide",
            "gregor jutrisa",
            "sports",
            "entertainment",
            "ios apps",
            "app",
            "appstore",
            "app store",
            "iphone",
            "ipad",
            "ipod touch",
            "itouch",
            "itunes",
            "sport tv",
            "ziggo sport",
            "fox sports",
            "sky sport",
            "golf channel",
            "eurosport",
            "sport",
            "football",
            "baseball",
            "golf",
            "calendar"
          ],
          "references": [
            "https://itunes.apple.com/us/app/live-sport-tv-listing-guide/id1182257083?ls=1&mt=8",
            "Live Sport TV Listings Guide is a comprehensive sports TV listings guide for iPad, iPhone, iPad and Android devices, available on the Apple Store, Apple TV, Connected TV and app.",
            "Content Security policy for https://play.google.com/store/apps/details?id=sport.mobile2ads.com",
            "Content-Security-Policy\tscript-src 'report-sample' 'nonce-7kIhV_bemRSTmuEs7_xY3A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://pay",
            "https://hybrid-analysis.com/sample/1226ee40a542e22e99e73f8cb2cb310609eae8914923b7fe57f7a28c5aa48c16/63ee2b8543b88778ed20724d",
            "hybrid scan upload of above URL",
            "content-length\t0 x-true-cache-key\t/L/itunes.apple.com/us/app/live-sport-tv-listing-guide/id1182257083?ls=1&mt=8Browser vcd=2897 x-cache\tTCP_MISS from a23-47-195-69.deploy.akamaitechnologies.com (AkamaiGHost/10.3.4.1-33174363) (-) expires\tFri, 30 Apr 2021 04:29:13 GMT vary\tX-Apple-Store-Front, Cookie, X-Apple-Store-Front, Cookie x-responding-instance\tMZStore:3015901::: x-apple-lokamai-no-cache\ttrue pragma\tno-cache date\tFri, 30 Apr 2021 04:29:13 GMT",
            "x-apple-partner\torigin.0 access-control-allow-origin\t* x-cache-remote\tTCP_MISS from a23-47-58-148.deploy.akamaitechnologies.com (AkamaiGHost/10.4.0-33449709) (-) x-daiquiri-instance\tdaiquiri:18626002:mr47p00it-qujn07082301:7987:21RELEASE69 strict-transport-security\tmax-age=31536000; includeSubDomains apple-timing-app\t3 ms server\tdaiquiri/3.0.0 x-apple-jingle-correlation-key\tCIKYKHURNQMKOWELARQB6Y5KHI connection\tkeep-alive cache-control\tmax-age=0, no-cache, no-store"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "callmeDoris",
            "id": "205385",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 58,
            "URL": 169,
            "domain": 49,
            "FileHash-SHA256": 406,
            "email": 2,
            "FileHash-MD5": 53,
            "FileHash-SHA1": 51
          },
          "indicator_count": 788,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 91,
          "modified_text": "1128 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "63ee3335ae058966dd91ebf3",
          "name": "oops wrong title this was the goo playstore version for 2m.ma sporttotal",
          "description": "Just the Content-Security-Policy\tscript-src ?!?!",
          "modified": "2023-02-16T18:26:20.591000",
          "created": "2023-02-16T13:44:21.521000",
          "tags": [
            "self",
            "script",
            "live sport tv listing guide",
            "gregor jutrisa",
            "sports",
            "entertainment",
            "ios apps",
            "app",
            "appstore",
            "app store",
            "iphone",
            "ipad",
            "ipod touch",
            "itouch",
            "itunes",
            "sport tv",
            "ziggo sport",
            "fox sports",
            "sky sport",
            "golf channel",
            "eurosport",
            "sport",
            "football",
            "baseball",
            "golf",
            "calendar"
          ],
          "references": [
            "https://itunes.apple.com/us/app/live-sport-tv-listing-guide/id1182257083?ls=1&mt=8",
            "Live Sport TV Listings Guide is a comprehensive sports TV listings guide for iPad, iPhone, iPad and Android devices, available on the Apple Store, Apple TV, Connected TV and app.",
            "Content Security policy for itunes app store URL",
            "Content-Security-Policy\tscript-src 'report-sample' 'nonce-7kIhV_bemRSTmuEs7_xY3A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://pay"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "callmeDoris",
            "id": "205385",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 264,
            "URL": 55,
            "hostname": 20,
            "domain": 1
          },
          "indicator_count": 340,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 91,
          "modified_text": "1158 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6301258dab13367def6afe59",
          "name": "twitter.com/FLDEO",
          "description": "",
          "modified": "2022-09-19T00:10:46.535000",
          "created": "2022-08-20T18:18:53.836000",
          "tags": [
            "Ransomware"
          ],
          "references": [
            "twitter.com:FLDEO.pdf"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Ransom:Win32/Wannaren.A",
              "display_name": "Ransom:Win32/Wannaren.A",
              "target": "/malware/Ransom:Win32/Wannaren.A"
            }
          ],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Kailula4",
            "id": "131997",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 778,
            "hostname": 229,
            "domain": 132,
            "FileHash-SHA256": 1186,
            "CIDR": 4,
            "FileHash-MD5": 18
          },
          "indicator_count": 2347,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 406,
          "modified_text": "1308 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "62323a059dd86f43416f9a4b",
          "name": "twitter.com.sncfconnect.",
          "description": "",
          "modified": "2022-04-15T00:03:47.669000",
          "created": "2022-03-16T19:27:01.465000",
          "tags": [],
          "references": [
            "twitter.com.sncfconnect.pdf"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 6,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Kailula4",
            "id": "131997",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 718,
            "hostname": 190,
            "domain": 134,
            "FileHash-SHA256": 1184,
            "CIDR": 4,
            "FileHash-MD5": 18
          },
          "indicator_count": 2248,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 406,
          "modified_text": "1465 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "foundry2-lbl.dvr.dn2.n-helix.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t29\t  URL\thttps://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/\t\t\tMar 21, 2026, 2:06:10 PM\t\t8\t  URL\thttp://datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t9\t  URL\thttp://foundry2sdbl.dvr.dn2.n-helix.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t17\t  URL\thttps://209-99-40-223.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t27\t  domain\tdatafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t40\t  hostname\t209-99-40-223.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:1",
        "https://itunes.apple.com/us/app/live-sport-tv-listing-guide/id1182257083?ls=1&mt=8",
        "Law enforcement aware and assure target in person she's not a suspect in any crime is Colorado or nationally. All DA's, law enforcement PI's check.",
        "Melvin Sabey",
        "https://207-207-25-209.fwd.datafoundry.com \u2022 https://209-99-40-224.fwd.datafoundry.com/",
        "https://www.filescan.io/uploads/68890e2dc79df08ef097cd38/reports/06923db6-30ae-455f-8026-73461cc1472e/overview",
        "http://www.forensickb.com/2013/03/file-entropy-explained.html",
        "https://tip.neiki.dev/file/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e",
        "https://pks.wroclaw.sa.gov.pl:1443/ \u2022 portal.bialystok.sa.gov.pl",
        "http://193.233.132.62/hera/amadka.exe | https://www.info-only-men.com/landing/mlp88g?subPublisher=popunder:eu-adsrv.rtbsuperhub.com&zone=popunder:eu-adsrv.rtbsuperhub.com&",
        "03.11.14: https://www.virustotal.com/graph/embed/ge2e309eb8bd34fcca56398089b2291058dfe1fca69dc4e5aa66db0365caf735b?theme=dark",
        "CS IDS: Matches rule ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token)  Matches rule ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP)",
        "https://app.threat.zone/submission/5879c4fe-ce35-45c3-8a3c-e8c06d0e2b2d/overview",
        "https://www.virustotal.com/gui/file-analysis/MTllN2NiNTVkMGQ1MTYzNGY0OTg4MGY2MmRiYmNjYzg6MTc1MzgxNDIzNQ==",
        "URLscanio, FSio, vT",
        "CS IDS: Matches rule ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)",
        "events.launchdarkly.com \u2022 clientstream.launchdarkly. \u2022 app.launchdarkly.com",
        "CS IDS: Matches rule ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)",
        "https://hybrid-analysis.com/sample/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "CS IDS: Matches rule ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)",
        "https://www.nextron-systems.com/notes-on-virustotal-matches/",
        "CS IDS: Matches rule ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent",
        "http://datafoundry.com \u2022 http://foundry2sdbl.dvr.dn2.n-helix.com \u2022 https://209-99-40-223.fwd.datafoundry.com \u2022 datafoundry.com \u2022 209-99-40-223.fwd.datafoundry.com \u2022 beabetta.ifoundry.co.uk.s7b2.psmtp.com \u2022 foundry2sdbl.dvr.dn2.n-helix.com \u2022 fwd.datafoundry.com \u2022 207-207-25-154.fwd.datafoundry.com \u2022 207-207-25-156.fwd.datafoundry.com\t\t\t207-207-25-160.fwd.datafoundry.com \u2022 207-207-25-163.fwd.datafoundry.com  \u2022\t207-207-25-164.fwd.datafoundry.com \u2022 207-207-25-165.fwd.datafoundry.com\t\t\tMar 21, 207-207-25-166.fwd",
        "Phone purchased for target by a 'self-proclaimed' W/F PI from Lakewood, Colorado w/o consent/prior knowledge. PI fitful, so target paid for phone.",
        "https://otx.alienvault.com/indicator/file/58d35aa65e820e83be595049b9e5a223ffb1f5f9111b64ccdd2622479cda9e1b",
        "http://foundry2-lbl.dvr.dn2.n-helix.com/",
        "Target admits to ignoring major signs: 'PI' called just before request submitted.Spent hours researching & denouncing targets former 'questionable 'PI",
        "You can either have a runner or become a hacker. Only  2 choices for targeted individuals. Target needs to become ethical hacker or ethical grey hat, Purple teamer.",
        "CS IDS: Matches rule ET MALWARE Win32/Ramnit Checkin Matches rule MALWARE-CNC Win.Trojan.Ramnit variant outbound detected",
        "CS IDS: Matches rule (http_inspect) HTTP response has UTF character set that failed to normalize",
        "Reimer was a PT. Unknown whereabouts , name or job description",
        "https://rector-fitiology.icu/99c8d3a6-be16-421a-87a8-40701eae8149?zoneid=6543079&bannerid=18710758&browser=chrome&os=ios&devic",
        "Content Security policy for itunes app store URL",
        "Emotet | YouTube \u2022 Darklivity Podcast \"Unhinged Horror\"",
        "207-207-25-209.fwd.datafoundry.com \u2022\t207-207-25-212.fwd.datafoundry.com \u2022 207-207-25-213.fwd.datafoundry.com \u2022 209-99-64-53.fwd.datafoundry.com",
        "IDS Detections: Backdoor.Win32.Pushdo.s Checkin Backdoor.Win32.Pushdo.s Checkin Suspicious csrss.exe in URI",
        "twitter.com.sncfconnect.pdf",
        "https://www.youtube.com/watch?v=GyuMozsVyYs",
        "Crowdsourced YARA rules: Matches rule win_ramnit_auto from ruleset win.ramnit_auto by Felix Bilstein - yara-signator at cocacoding dot com",
        "Fed lost interest after satisfied Sasha wasn't of interest. Target interest to rid self of hackers and stalkers. Inundated with  calls from fake PI's.",
        "counsel. The system does not \"keep\" money without a valid reason.Lies. they\u2019ve Ben in trouble before .",
        "https://rdweb.datafoundry.com/ \u2022 http://www.datafoundry.com \u2022 https://207-207-25-163.fwd.datafoundry.com \u2022",
        "https://www.turbo.net/run/videolan/vlc",
        "CS Sigma: Matches rule Disable Windows Defender Functionalities Via Registry Keys by AlertIQ, J\u00e1n Tren\u010dansk\u00fd, frack113, Nasreddine Bencherchali, Swachchhanda Shrawan",
        "Some may may find this content is very disturbing and offensive",
        "https://www.9xiuzb.com/activity/activity_pcunion?piusr=t_420",
        "More than 1000 IoC\u2019s including pulses have been ILLEGALLY removed",
        "https://www.datafoundry.com/category/news/press-releases/",
        "IDS Detections: Win32/Vflooder.B Checkin | Virus Total vtapi DOS",
        "http://212.33.237.86/images/1/report.php",
        "Metro T-Mobile refuses refund. Allows target to store phone with them in resealed box. When retrieved box opened and tampered with.",
        "Investigation closed when Brian Sabey initiated a malicious prosecution case against Victim",
        "https://www.datafoundry.com/category/news/press-releases/ (Fake Press) abuse",
        "Mark Brian Sabey",
        "https://shift.gearboxsoftware.com/link",
        "Of note: Alleging Federal Investigator calls target. Found her in Bark? No. He asks for $4G to relocate target in 2 days provide hacker secured iPhone.",
        "open.spotify.com \u2022",
        "http://foundry2-lbl.dvr.dn2.n-helix.com \u2022 https://foundry2-lbl.dvr.dn2.n-helix.com",
        "https://otx.alienvault.com/otxapi/indicators/file/screenshot/233e5b27962a141061eff04ae07699d1a2faa8d47077a2da31770a5f59327ee3",
        "'PI' arrives in separate car w/unseen veteran. Points out DV LP to target , states he's not with her. Leads target to restaurant 'to talk'. Stays awhile.",
        "www.go.datafoundry.com \u2022 http://207-207-25-209.fwd.datafoundry.com",
        "https://open.spotify.com/track/5KjB1j0u54VXg6M8SN8hH2",
        "https://vtbehaviour.commondatastorage.googleapis.com/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1753815427&Signature=BM1MWONwwKd011yMi5XzJJHo01QYs0qWdERlFPM9BGS4OW62YRzI4FX6aMwA6MgQB2eLDnMBjwIYw2ct1yC2HAzJ82eh6VqtBu%2BiE6lObCQjjON9nx29EKx9dGSRLewI3Zjpp7Kbokc%2FIKEh40ZNmeXNc4aCsECY%2Fwq9FQOmT2vm8Bi6IHzZNBMT3srLRZsr%2Bo36MP6ckdybeglLLnb9LA5iEOYbMBMEq6HxMj%2BfLIssDjKInHz7",
        "Jays Youtube Bot.exe > FileHash-SHA256 00514527e00ee001d042",
        "https://palantirwww.sweetheartvideo.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t3\t  domain\tpalantir.io\t\t\tMar 21, 2026, 2:06:10 PM\t\t34\t  URL\thttps://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/ \u2022 www.palantir.com",
        "Fed alleged if Sasha was in cahoots she could get millions. Target again refused. Alleging Chicago Fed contends be needs  to move her 50+ miles.",
        "https://login.striven.com/Security/Login.aspx192.118.8.10",
        "All IoC\u2019s originate from sources named. There are some unknown attackers",
        "x402.porn \u2022 http://alohatube.xyz/search/tsara-brashears \u2022 \thttps://ufovpn.io/blog/is-eporner-safe",
        "207-207-25-170.fwd.datafoundry.com \u2022 207-207-25-171.fwd.datafoundry.com \u2022 207-207-25-201.fwd.datafoundry.com",
        "CS IDS: Matches rule ET MALWARE Suspected RisePro TCP Heartbeat Packet",
        "Conneted to Network: http://seed.wavebrowser.co/seed?osname=win&channel=stable&milestone=1 | f16ac036e3.nxcli.net",
        "Content-Security-Policy\tscript-src 'report-sample' 'nonce-7kIhV_bemRSTmuEs7_xY3A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://pay",
        "CS IDS: Matches rule ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)",
        "FileHash-SHA256 cb40cd426d6e55c2b175b5be3327bfdf8d5a0074bf48b823121bd4720ed2ad95",
        "Crowdsourced IDS rules: Matches rule: ET MALWARE Win32/Ramnit Checkin | Matches rule ET DNS Query for .cc TLD",
        "Yara Detection: Cabinet _Archive",
        "MALWARE STEALER TROJAN EVADER | WEXTRACT.EXE .MUI | TXTRESSE | via https://www.virustotal.com/gui/domain/www.youtube.com",
        "Crowdsourced YARA rules: Matches rule UPX from ruleset UPX by kevoreilly",
        "http://pdns1.datafoundry.com/ \u2022\thttp://rdweb.datafoundry.com \u2022 http://rdweb.datafoundry.com/",
        "'PI' orders 2 meals. Leaves restaurant a few times. Talks about troubled mother  w/medication addictions. Incredibly emotional vowing to be better.",
        "https://tulach.cc/",
        "https://www.virustotal.com/gui/file/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e",
        "https://otx.alienvault.com/pulse/6694bb9be1b61bf820500004",
        "https://software-free-phone-2018.win/62ae8f9b-d0cb-4b4c-8318-dd7900e1d092/e29481e9-a792-46a8-bbf0-188ed2a816ae/?brand=Apple&browser=Safari&btd=dHJr",
        "TXTRESSE: FileHash-SHA256 00001dd58b69582cc30a16b000bce3d96d369487444385489084719676afba4d",
        "207-207-25-167.fwd.datafoundry.com \u2022 207-207-25-168.fwd.datafoundry.com \u2022 207-207-25-169.fwd.datafoundry.com",
        "www.onyx-ware.com \u2022 endgamesystems.com",
        "Found claims PI was a hacker. Brother a hitman. Verbalized non-specific affiliation w/City of Lakewood. Refused to provide target phone passcode.",
        "https://www.xlabs.com.br/blog/cve-2013-3304-dell-equallogic-directory-traversal/ \u2022 http://cve.phidias.com/",
        "I bring up the personal nature of the crime because a delete service has been used",
        "CS Sigma: Matches rule Scheduled Task Creation by Florian Roth (Nextron Systems)",
        "http://palantirwww.sweetheartvideo.com/ (weirdness)",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
        "https://otx.alienvault.com/otxapi/indicators/file/screenshot/f0d38614f706da3a08acdf7188eac139a352621ccada40e5e22d191412acc357",
        "nr-data.net [Apple Private Data Collection]",
        "https://polyswarm.network/scan/results/file/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
        "http://foundry2sdbl.dvr.dn2.n-helix.com/",
        "This is a serious crime. I\u2019m certain God WILL pay them.",
        "CS Sigma: Matches rule Suspicious DNS Query for IP Lookup Service APIs by Brandon George (blog post), Thomas Patzke",
        "Overview \"Keeping money\" by the Colorado workers' compensation system can refer to",
        "Issues: Target contacted a single PI from a very compromised device, received sealed as gift from trusted person via provider. Others contact her.",
        "https://otx.alienvault.com/otxapi/indicators/file/screenshot/58d35aa65e820e83be595049b9e5a223ffb1f5f9111b64ccdd2622479cda9e1b",
        "Emotionally demands disabled target cash advanced to pay all bills. Denies formerly alleged abilities & skills, still wants $1500 for 4 hours of nothing.",
        "CS Sigma: Matches rule Chromium Browser Instance Executed With Custom Extension by Aedan Russell, frack113, X__Junior (Nextron Systems)",
        "http://watchhers.net/index.php",
        "Quasi Government Case",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
        "Christopher P \u2018Buzz\u2019 Ahmann",
        "content-length\t0 x-true-cache-key\t/L/itunes.apple.com/us/app/live-sport-tv-listing-guide/id1182257083?ls=1&mt=8Browser vcd=2897 x-cache\tTCP_MISS from a23-47-195-69.deploy.akamaitechnologies.com (AkamaiGHost/10.3.4.1-33174363) (-) expires\tFri, 30 Apr 2021 04:29:13 GMT vary\tX-Apple-Store-Front, Cookie, X-Apple-Store-Front, Cookie x-responding-instance\tMZStore:3015901::: x-apple-lokamai-no-cache\ttrue pragma\tno-cache date\tFri, 30 Apr 2021 04:29:13 GMT",
        "https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a",
        "Banking Malware",
        "https://hybrid-analysis.com/sample/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce/6889105954703efa4303f7c7",
        "https://www.anyxxxtube.net/search-porn/tsara-brashears/  \u2022 alohatube.xyz \u2022 1001pornvideos.com",
        "https://webmail.police.govmm.org/owa/",
        "Colorado doesn't require a PI licensure. That's a major problem as many stalkers, malicious hackers & the ruthless are drawn to this occupation.",
        "https://www.datafoundry.com/data-center-contamination-control/",
        "https://207-207-25-201.fwd.datafoundry.com/",
        "https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a (11.22.25)",
        "Antivirus Detections: Backdoor:Win32/Likseput.B ,  PWS:Win32/QQpass.B!MTB ,  Trojan:Win32/Scrarev.C ,  Trojan:Win32/Speesipro.A ,  Trojan:Win32/Zombie.A ,  TrojanDownloader:Win32/Cutwail.BS ,  TrojanDownloader:Win32/Nemucod ,",
        "209-99-69-91.fwd.datafoundry.com \u2022 dns1.datafoundry.com \u2022 dns2.datafoundry.com \u2022 rdweb.datafoundry.com",
        "https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/summary",
        "https://www.youtube.com/watch?v=ucEkWcFuH0Y&list=TLPQMDgwNjIwMjKO_xApd0GzPQ&index=2",
        "'PI' feigned high concern for target, begged her to meet at 10 P.M. Target refused. Target states she will only meet in safe public spot in daylight.",
        "Self whitelisting tool, domains moved within nginx.",
        "CS Sigma: Matches rule Suspicious Schtasks Schedule Type With High Privileges by Nasreddine Bencherchali (Nextron Systems)",
        "Target knows nothing about assaulter. Chicago Fed  text photo for target to confirm identity of attacker. Be sends a photo of Dr. John T. Sasha.",
        "Live Sport TV Listings Guide is a comprehensive sports TV listings guide for iPad, iPhone, iPad and Android devices, available on the Apple Store, Apple TV, Connected TV and app.",
        "Critical CS Sigma: Matches rule Suspicious Double Extension File Execution by Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems)",
        "https://rdweb.datafoundry.com/RDWeb/Pages/en-US/login.aspx",
        "hybrid scan upload of above URL",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3",
        "https://209-99-64-53.fwd.datafoundry.com \u2022 https://dns1.datafoundry.com \u2022 https://dns2.datafoundry.com \u2022 https://fwd.datafoundry.com",
        "Content Security policy for https://play.google.com/store/apps/details?id=sport.mobile2ads.com",
        "https://tria.ge/250729-wr59yabk7y/behavioral2",
        "WEXTRACT.EXE .MUI: FileHash-SHA256 00e5aefb5ffd357e995d1a4ee30735a692780b203cd58e6239637471047d51a4",
        "https://www.virustotal.com/gui/file/00e5aefb5ffd357e995d1a4ee30735a692780b203cd58e6239637471047d51a4/detection",
        "Unknown Persons impersonating Private Investigators (plural)",
        "CS IDS: Matches rule (stream_tcp) data sent on stream not accepting data",
        "Crowdsourced YARA rules: Matches rule MAL_Ramnit_May19_1 from ruleset crime_nansh0u by Florian Roth (Nextron Systems)",
        "The Brothers Sabey \u2013 Conservatives with Liberal Friends \u2022 https://thebrotherssabey.com/",
        "https://open.spotify.com/intl-de/track/5KjB1j0u54VXg6M8SN8hH2",
        "'PI' claims to have information. Sends  picture of who he claims is attacker now millionaire owner of Mile High Sports & Rehabilitation. Asks if she knew.",
        "https://metadefender.com/results/file/YTI1MDcyOXl4LTdxa1I5ZlVJNGVsWTRUS2kz_mdaas",
        "tracking.epicgames.com | epicgames.com | https://www.epicgames.com/id/activate",
        "https://rdweb.datafoundry.com/",
        "^ by Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems) ^",
        "Conneted to Network: drcody@milesit.com | milesit.com | milestechnologies.com | info.milestechnologies.com | www.milesit.com | www.milestechnologies.com",
        "Denver Police let this attempted murder walk. Cited him as a ghost driver",
        "Make driver stuck victim with large vehicle after PT unknowingly reported original assault Jeffrey Reiner to Dora",
        "https://tulach.cc/ phishing \u2022 45.32.112.220 scanning_host \u2022 45.76.79.215",
        "Sexual and Physical Assaulter - Jeffrey Scott Reimer",
        "Device security reset temporarily before epicgames[.]com a resource being used attempted to self download.  Relentless...",
        "CS IDS: Matches rule ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)",
        "CS Sigma: Matches rule Suspicious Add Scheduled Task Parent by Florian Roth (Nextron Systems)",
        "http://209-99-64-53.fwd.datafoundry.com \u2022 http://dns2.datafoundry.com \u2022 http://fwd.datafoundry.com",
        "Crowdsourced IDS rules: Matches rule: MALWARE-CNC Win.Trojan.Ramnit variant outbound detected",
        "http://accounts.google.com/v3/signin/identifier",
        "https://hybrid-analysis.com/sample/1226ee40a542e22e99e73f8cb2cb310609eae8914923b7fe57f7a28c5aa48c16/63ee2b8543b88778ed20724d",
        "https://target.tccwest.www.littleswimmers.fr/",
        "cloudfront.net \u2022  d127qq8ld0aiq5.cloudfront.net",
        "https://software-free-phone-2018.win/7a7c1101-0538-49de-925f-4f4675a5fd1f/3b0669f6-a07e-4eb8-8e2b-d0282d482c1a/?brand=Lenovo&browser=Chr",
        "https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/iocs",
        "legal deductions, legitimate reasons for payment delays or denial, or potential issues that require legal",
        "I know this isn't a blog. If someone is targeted, every device will be compromised. It's the goal of the attackers. Unwarranted bounty found.",
        "https://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/",
        "Denver Police Department Major Crimes closed investigation",
        "TrojanDownloader:Win32/Upatre ,  Virus:Win32/Sality.AT , Win.Downloader.Small-1645",
        "http://datafoundry.com \u2022 https://209-99-40-223.fwd.datafoundry.com\tdatafoundry.com \u2022 209-99-40-223.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t13\t  hostname\tbeabetta.ifoundry.co.uk.s7b2.psmtp.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t12\t  hostname\tfoundry2sdbl.dvr.dn2.n-helix.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t18\t  hostname\tfwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t8\t  hostname\t207-207-25-154.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:10 PM\t\t19\t  hostname\t207-207-25-156.fwd.datafoundry.com\t\t\tMar 21, 2026, 2:06:1",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
        "Crowdsourced IDS rules: Matches rule: (port_scan) UDP filtered",
        "Ronda Cordova",
        "https://malpedia.caad.fkie.fraunhofer.de/actor/callisto",
        "x-apple-partner\torigin.0 access-control-allow-origin\t* x-cache-remote\tTCP_MISS from a23-47-58-148.deploy.akamaitechnologies.com (AkamaiGHost/10.4.0-33449709) (-) x-daiquiri-instance\tdaiquiri:18626002:mr47p00it-qujn07082301:7987:21RELEASE69 strict-transport-security\tmax-age=31536000; includeSubDomains apple-timing-app\t3 ms server\tdaiquiri/3.0.0 x-apple-jingle-correlation-key\tCIKYKHURNQMKOWELARQB6Y5KHI connection\tkeep-alive cache-control\tmax-age=0, no-cache, no-store",
        "Updated | What\u2019s left after theft",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
        "Victim silenced. Struck by Car Driven by male police let walk",
        "Conneted to Network: https://getconnected.southwestwifi.com | www.coloradoltcpartnership.org",
        "Goal to present targets case, blame & have Sacha removed by board of Colorado attorneys. Widely known firm angrily begins misconduct in her case.",
        "MilesIT",
        "Target was treated by Dr. Sasha, was not assaulter. Target relays Law Firm dropped her as she refused to include Sasha in Injury claim.",
        "twitter.com:FLDEO.pdf"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [
            "Colorado Quasi Government | Workerk Compensation",
            "Striven"
          ],
          "malware_families": [
            "Pegasus",
            "Zombie",
            "Mal_pdf_calisto_pdf_streams_jul_09",
            "Berbew",
            "Trojanspy",
            "Win.packed.generic-9967832-0",
            "Upatre",
            "Win32:hacktoolx-gen\\ [trj]",
            "Alf:trojan:win32/g3nasom!imp",
            "Trojan:win32/scrarev.c",
            "Tons of malware",
            "Trojan:win32/zombie",
            "Trojandropper:win32/muldrop.v!mtb",
            "Wat:blacked-e",
            "Porn revenge",
            "Bulz",
            "Blacknet",
            "Alf:monitoringtool:androidos/finspy",
            "Trojandownloader:win32/cutwail.bs",
            "Worm:win32/mofksys.rnd!mtb",
            "Trojan:win32/emotet.kds!mtb",
            "Backdoor:win32/berbew",
            "Win.exploit.rozena-10038302-0",
            "Backdoor:win32/likseput.b",
            "Ransom:win32/wannaren.a",
            "Win.trojan.starter-171",
            "Muldrop",
            "Zbot",
            "Win.malware.pits-10035540-0",
            "Win.ransomware.gandcrab-10044141-0\t(renamed g3nasom)",
            "Maltiverse",
            "Ransom:win32/cve-2017-0147",
            "Fragtor",
            "Dorv",
            "Themida",
            "Trojan:msil/agenttesla.dw!mtb",
            "Exploit:linux/cve-2017-17215",
            "Ai:fileinfector.eaeea7850c",
            "Virus.ramnit/nimnul",
            "Trojan.msil.injurer.cbd",
            "Worm:win32/benjamin",
            "#lowfi:win32/autoit",
            "Cve-2023-4966",
            "Trojan:win32/zombie.a",
            "Backdoor:win32/berbew.aa!mtb",
            "Pws:win32/zbot.ms!mtb",
            "Trojan:win32/vflooder",
            "Cve-2022-26134",
            "Trojandownloader:win32/upatre",
            "Trojanspy:msil/yakbeex.a",
            "Alf:trojan:win32/g3nasom",
            "Win.ransomware.msilzilla-10014498-0",
            "Trojandropper:win32/vb.il",
            "Trojan:win32/speesipro.a",
            "Alf:heraklezeval:trojanspy:win32/socstealer",
            "Virus:win32/sality.at",
            "Quasar",
            "Gravityrat",
            "Nemucod",
            "Trojandownloader:win32/nemucod",
            "Black basta (elf)",
            "Tel:createscheduledtask.a!sigattr",
            "Win.packed.stealerc-10017074-0",
            "Hacktool:win32/cobaltstrike.a",
            "Trojan.crifi.1",
            "Win.trojan.agent",
            "Win.trojan.generic-9878032-0",
            "Pws:win32/qqpass.b!mtb",
            "Win.dropper.poisonivy-9876745-0",
            "Alf:heraklezeval:trojan:msil/gravityrat!rfn",
            "Win.trojan.barys-10005825-0",
            "Nufs_unicode",
            "Win.downloader.small-1645",
            "Win32:rmndrp [inf]",
            "Emotet"
          ],
          "industries": [
            "Media",
            "Cyber security",
            "Technology",
            "Hospitality",
            "Transportation",
            "Crime victims",
            "Healthcare",
            "Telecommunications",
            "Government",
            "Entertainment",
            "Civil society",
            "Finance",
            "Education",
            "Retail"
          ],
          "unique_indicators": 121562
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/google.com",
    "whois": "http://whois.domaintools.com/google.com",
    "domain": "google.com",
    "hostname": "accounts.google.com"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 42,
  "pulses": [
    {
      "id": "69b22d9b91d2b7796f63dd0e",
      "name": "signals of abuse",
      "description": "",
      "modified": "2026-04-11T05:45:14.190000",
      "created": "2026-03-12T03:06:03.182000",
      "tags": [
        "url https"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 21,
        "FileHash-SHA1": 19,
        "FileHash-SHA256": 181,
        "URL": 327,
        "domain": 85,
        "hostname": 189
      },
      "indicator_count": 822,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "8 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69afaca79dddf98b72dd06b1",
      "name": "kitplay + breaktime :(",
      "description": "all the kits connect. weather map pdf book health calendar the intersect of the apple product webkit aligning with edge node kits is a problem. I have reached 1 mil iocs in a month manually by phone. My ears ring, my hands burn, and my soul is as corrupt as my hollow root. Ive reported this as a whistleblower and ive reported to apple etc. I must take a break after I scan some CVEs until something is done, my lymph nodes in my neck are large and sore, though I hope I could help some. :/ stay well all. sos is because my phone doesnt work in emergency situations despite 30 devices between routers phones conputers being full factory reset. Ive lost everything. month 10.",
      "modified": "2026-04-09T21:16:02.645000",
      "created": "2026-03-10T05:31:19.353000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 1,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 268,
        "hostname": 123,
        "CVE": 11,
        "FileHash-MD5": 135,
        "FileHash-SHA1": 51,
        "FileHash-SHA256": 203,
        "email": 4,
        "URL": 48
      },
      "indicator_count": 843,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "9 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0dec9f83643549f2d60c3",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
      "modified": "2026-04-04T09:52:33.171000",
      "created": "2026-04-04T09:50:01.067000",
      "tags": [
        "non dsp",
        "cor cura",
        "cookie",
        "dynamic",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "gz6mbt0grch",
        "utc ua743607001",
        "acceptencoding",
        "toggle",
        "nxdomain",
        "windows",
        "analysis",
        "files mitre",
        "xe9xaf",
        "jyx9611xb1",
        "xe3xfcxfexabe",
        "source source",
        "file name",
        "strings",
        "first",
        "path",
        "enterprise",
        "service",
        "close",
        "richard massina",
        "rocketreach",
        "email",
        "phone number",
        "clifford",
        "kenny",
        "llp associate",
        "get richard",
        "massina",
        "information og",
        "file type",
        "sigma",
        "united",
        "https",
        "mitre attack",
        "network info",
        "windows folder",
        "office macro",
        "creates",
        "office outbound",
        "phishing",
        "malicious",
        "next",
        "settings",
        "first counter",
        "default",
        "inprocserver32",
        "inprochandler32",
        "mbisslshort",
        "bearer",
        "cname",
        "mwdb",
        "bazaar",
        "bridge",
        "info",
        "accept",
        "date",
        "agent",
        "shutdown",
        "root",
        "secchuamodel",
        "excellent",
        "windows sandbox",
        "calls process",
        "hull times",
        "carol britton",
        "meyer",
        "kenny law",
        "town counsel",
        "james lampke",
        "june",
        "hiring",
        "performs dns",
        "urls",
        "found",
        "belgium",
        "processes extra",
        "t1055 process",
        "script",
        "hull",
        "head",
        "title",
        "nothing",
        "file execution",
        "error",
        "parent pid",
        "full path",
        "command line",
        "registry keys",
        "error reporting",
        "registrya",
        "localsm0504064"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 407,
        "domain": 195,
        "hostname": 309,
        "FileHash-SHA256": 607,
        "IPv4": 98,
        "FileHash-MD5": 306,
        "FileHash-SHA1": 31,
        "email": 1,
        "YARA": 1,
        "CVE": 1
      },
      "indicator_count": 1956,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "15 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0dec7d1e663f23697fcd5",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
      "modified": "2026-04-04T09:49:59.346000",
      "created": "2026-04-04T09:49:59.346000",
      "tags": [
        "non dsp",
        "cor cura",
        "cookie",
        "dynamic",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "gz6mbt0grch",
        "utc ua743607001",
        "acceptencoding",
        "toggle",
        "nxdomain",
        "windows",
        "analysis",
        "files mitre",
        "xe9xaf",
        "jyx9611xb1",
        "xe3xfcxfexabe",
        "source source",
        "file name",
        "strings",
        "first",
        "path",
        "enterprise",
        "service",
        "close",
        "richard massina",
        "rocketreach",
        "email",
        "phone number",
        "clifford",
        "kenny",
        "llp associate",
        "get richard",
        "massina",
        "information og",
        "file type",
        "sigma",
        "united",
        "https",
        "mitre attack",
        "network info",
        "windows folder",
        "office macro",
        "creates",
        "office outbound",
        "phishing",
        "malicious",
        "next",
        "settings",
        "first counter",
        "default",
        "inprocserver32",
        "inprochandler32",
        "mbisslshort",
        "bearer",
        "cname",
        "mwdb",
        "bazaar",
        "bridge",
        "info",
        "accept",
        "date",
        "agent",
        "shutdown",
        "root",
        "secchuamodel",
        "excellent",
        "windows sandbox",
        "calls process",
        "hull times",
        "carol britton",
        "meyer",
        "kenny law",
        "town counsel",
        "james lampke",
        "june",
        "hiring",
        "performs dns",
        "urls",
        "found",
        "belgium",
        "processes extra",
        "t1055 process",
        "script",
        "hull",
        "head",
        "title",
        "nothing",
        "file execution",
        "error",
        "parent pid",
        "full path",
        "command line",
        "registry keys",
        "error reporting",
        "registrya",
        "localsm0504064"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 407,
        "domain": 195,
        "hostname": 309,
        "FileHash-SHA256": 607,
        "IPv4": 98,
        "FileHash-MD5": 306,
        "FileHash-SHA1": 31,
        "email": 1
      },
      "indicator_count": 1954,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "15 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0dec535ae0f94d37ccefb",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
      "modified": "2026-04-04T09:49:57.171000",
      "created": "2026-04-04T09:49:57.171000",
      "tags": [
        "non dsp",
        "cor cura",
        "cookie",
        "dynamic",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "gz6mbt0grch",
        "utc ua743607001",
        "acceptencoding",
        "toggle",
        "nxdomain",
        "windows",
        "analysis",
        "files mitre",
        "xe9xaf",
        "jyx9611xb1",
        "xe3xfcxfexabe",
        "source source",
        "file name",
        "strings",
        "first",
        "path",
        "enterprise",
        "service",
        "close",
        "richard massina",
        "rocketreach",
        "email",
        "phone number",
        "clifford",
        "kenny",
        "llp associate",
        "get richard",
        "massina",
        "information og",
        "file type",
        "sigma",
        "united",
        "https",
        "mitre attack",
        "network info",
        "windows folder",
        "office macro",
        "creates",
        "office outbound",
        "phishing",
        "malicious",
        "next",
        "settings",
        "first counter",
        "default",
        "inprocserver32",
        "inprochandler32",
        "mbisslshort",
        "bearer",
        "cname",
        "mwdb",
        "bazaar",
        "bridge",
        "info",
        "accept",
        "date",
        "agent",
        "shutdown",
        "root",
        "secchuamodel",
        "excellent",
        "windows sandbox",
        "calls process",
        "hull times",
        "carol britton",
        "meyer",
        "kenny law",
        "town counsel",
        "james lampke",
        "june",
        "hiring",
        "performs dns",
        "urls",
        "found",
        "belgium",
        "processes extra",
        "t1055 process",
        "script",
        "hull",
        "head",
        "title",
        "nothing",
        "file execution",
        "error",
        "parent pid",
        "full path",
        "command line",
        "registry keys",
        "error reporting",
        "registrya",
        "localsm0504064"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 407,
        "domain": 195,
        "hostname": 309,
        "FileHash-SHA256": 607,
        "IPv4": 98,
        "FileHash-MD5": 306,
        "FileHash-SHA1": 31,
        "email": 1
      },
      "indicator_count": 1954,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "15 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0dec2efedd87c3a05cc10",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
      "modified": "2026-04-04T09:49:54.810000",
      "created": "2026-04-04T09:49:54.810000",
      "tags": [
        "non dsp",
        "cor cura",
        "cookie",
        "dynamic",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "gz6mbt0grch",
        "utc ua743607001",
        "acceptencoding",
        "toggle",
        "nxdomain",
        "windows",
        "analysis",
        "files mitre",
        "xe9xaf",
        "jyx9611xb1",
        "xe3xfcxfexabe",
        "source source",
        "file name",
        "strings",
        "first",
        "path",
        "enterprise",
        "service",
        "close",
        "richard massina",
        "rocketreach",
        "email",
        "phone number",
        "clifford",
        "kenny",
        "llp associate",
        "get richard",
        "massina",
        "information og",
        "file type",
        "sigma",
        "united",
        "https",
        "mitre attack",
        "network info",
        "windows folder",
        "office macro",
        "creates",
        "office outbound",
        "phishing",
        "malicious",
        "next",
        "settings",
        "first counter",
        "default",
        "inprocserver32",
        "inprochandler32",
        "mbisslshort",
        "bearer",
        "cname",
        "mwdb",
        "bazaar",
        "bridge",
        "info",
        "accept",
        "date",
        "agent",
        "shutdown",
        "root",
        "secchuamodel",
        "excellent",
        "windows sandbox",
        "calls process",
        "hull times",
        "carol britton",
        "meyer",
        "kenny law",
        "town counsel",
        "james lampke",
        "june",
        "hiring",
        "performs dns",
        "urls",
        "found",
        "belgium",
        "processes extra",
        "t1055 process",
        "script",
        "hull",
        "head",
        "title",
        "nothing",
        "file execution",
        "error",
        "parent pid",
        "full path",
        "command line",
        "registry keys",
        "error reporting",
        "registrya",
        "localsm0504064"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 407,
        "domain": 195,
        "hostname": 309,
        "FileHash-SHA256": 607,
        "IPv4": 98,
        "FileHash-MD5": 306,
        "FileHash-SHA1": 31,
        "email": 1
      },
      "indicator_count": 1954,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "15 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0dec10ab26722b8dbd382",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
      "modified": "2026-04-04T09:49:52.991000",
      "created": "2026-04-04T09:49:52.991000",
      "tags": [
        "non dsp",
        "cor cura",
        "cookie",
        "dynamic",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "gz6mbt0grch",
        "utc ua743607001",
        "acceptencoding",
        "toggle",
        "nxdomain",
        "windows",
        "analysis",
        "files mitre",
        "xe9xaf",
        "jyx9611xb1",
        "xe3xfcxfexabe",
        "source source",
        "file name",
        "strings",
        "first",
        "path",
        "enterprise",
        "service",
        "close",
        "richard massina",
        "rocketreach",
        "email",
        "phone number",
        "clifford",
        "kenny",
        "llp associate",
        "get richard",
        "massina",
        "information og",
        "file type",
        "sigma",
        "united",
        "https",
        "mitre attack",
        "network info",
        "windows folder",
        "office macro",
        "creates",
        "office outbound",
        "phishing",
        "malicious",
        "next",
        "settings",
        "first counter",
        "default",
        "inprocserver32",
        "inprochandler32",
        "mbisslshort",
        "bearer",
        "cname",
        "mwdb",
        "bazaar",
        "bridge",
        "info",
        "accept",
        "date",
        "agent",
        "shutdown",
        "root",
        "secchuamodel",
        "excellent",
        "windows sandbox",
        "calls process",
        "hull times",
        "carol britton",
        "meyer",
        "kenny law",
        "town counsel",
        "james lampke",
        "june",
        "hiring",
        "performs dns",
        "urls",
        "found",
        "belgium",
        "processes extra",
        "t1055 process",
        "script",
        "hull",
        "head",
        "title",
        "nothing",
        "file execution",
        "error",
        "parent pid",
        "full path",
        "command line",
        "registry keys",
        "error reporting",
        "registrya",
        "localsm0504064"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 407,
        "domain": 195,
        "hostname": 309,
        "FileHash-SHA256": 607,
        "IPv4": 98,
        "FileHash-MD5": 306,
        "FileHash-SHA1": 31,
        "email": 1
      },
      "indicator_count": 1954,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "15 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "699fbc709300e0ad353443f8",
      "name": "SLIMWARE Simple Installer WIN 32 EXE",
      "description": "The full text of the full transcript of this year's EU Referendum, which will take place on 26 March 2017, has been published on Facebook and Twitter, with the hashtag \"proceeding\".",
      "modified": "2026-04-01T00:44:45.494000",
      "created": "2026-02-26T03:22:24.798000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 3,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 78,
        "FileHash-SHA1": 76,
        "FileHash-SHA256": 1466,
        "domain": 268,
        "hostname": 199,
        "URL": 193,
        "CVE": 23,
        "CIDR": 1,
        "email": 3
      },
      "indicator_count": 2307,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 51,
      "modified_text": "18 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6998d15c75b59044877602c1",
      "name": "Corrupt.... Files",
      "description": "beaware",
      "modified": "2026-04-01T00:44:45.494000",
      "created": "2026-02-20T21:25:48.559000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 706,
        "FileHash-SHA1": 859,
        "FileHash-SHA256": 1480,
        "URL": 743,
        "domain": 1565,
        "email": 55,
        "hostname": 912,
        "CVE": 54,
        "CIDR": 27
      },
      "indicator_count": 6401,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 49,
      "modified_text": "18 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69c236a2d4fd8035ff724bfd",
      "name": "Privacy Notice | Newfold Digital",
      "description": "A full list of key information about the Netherlands-based RIPE Network Coordination Centre (RIPE), as compiled by the BBC's Panorama programme, as well as the official website:.<<pretext",
      "modified": "2026-03-24T07:24:01.470000",
      "created": "2026-03-24T07:00:50.366000",
      "tags": [
        "ripe ncc",
        "ripe network",
        "ripe",
        "organization",
        "orgid",
        "city",
        "orgabusehandle",
        "abuse contact",
        "orgabusephone",
        "de status",
        "handle",
        "address range",
        "cidr",
        "allocation type",
        "allocated pa",
        "status",
        "whois server",
        "entity dtagnic",
        "entity dtagripe",
        "services",
        "net100",
        "net1000000",
        "stateprov",
        "rabusehandle",
        "loudoun county",
        "postalcode",
        "mcics",
        "nethandle",
        "mcics address",
        "pkwy city",
        "orgtechhandle",
        "key identifier",
        "x509v3 subject",
        "v3 serial",
        "number",
        "issuer",
        "cnsectigo rsa",
        "secure server",
        "ca cgb",
        "subject public",
        "key info",
        "cncomodo rsa",
        "ca limited",
        "validity",
        "server",
        "registrar abuse",
        "date",
        "iana id",
        "contact phone",
        "dnssec",
        "domain status",
        "registrar url",
        "registrar whois",
        "registrar",
        "registrant ext",
        "corehub",
        "expiration date",
        "registry domain",
        "registrar iana",
        "street",
        "code",
        "redacted for",
        "privacy tech",
        "postal code",
        "registrant fax",
        "domain id",
        "admin country",
        "admin postal",
        "ma admin",
        "email",
        "registrant city",
        "tierranet",
        "fax ext",
        "privacy",
        "whois privacy",
        "san diego",
        "privacy admin",
        "cus olet",
        "encrypt cnr13",
        "key algorithm",
        "domain name",
        "contact email",
        "record type",
        "ttl value",
        "registrant name",
        "creation date",
        "iframe tags",
        "language",
        "html document",
        "unicode text",
        "utf8 text",
        "gazebo model",
        "configuration",
        "markup language",
        "doctype",
        "deny",
        "secchuamodel",
        "excellent",
        "php script",
        "crlf line",
        "php source"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 208,
        "hostname": 184,
        "IPv4": 25,
        "domain": 51,
        "email": 28,
        "FileHash-SHA256": 194,
        "CIDR": 16,
        "FileHash-MD5": 67,
        "FileHash-SHA1": 263,
        "CVE": 4
      },
      "indicator_count": 1040,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "26 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://accounts.google.com",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://accounts.google.com",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1776630006.6388235
}