{ "type": "URL", "indicator": "https://afterpm.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://afterpm.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4032357535, "indicator": "https://afterpm.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "679c9d57da555f158d9bd671", "name": "Lumma Stealer's GitHub-Based Delivery Explored via Managed Detection and Response", "description": "Trend Micro's Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub. The attackers exploited GitHub's release infrastructure to deliver various malware, including SectopRAT, Vidar, and Cobeacon. The campaign used compromised websites for redirection to GitHub-hosted malicious payloads. The malware exfiltrated sensitive data, connected to C&C servers, and employed evasion techniques. The tactics show similarities with the Stargazer Goblin group, known for using compromised websites and GitHub for payload distribution. The attack chain involved multiple stages, including initial access through GitHub, execution of malware, and subsequent deployment of additional tools. The campaign highlights the evolving distribution methods of Lumma Stealer and the importance of proactive security measures.", "modified": "2025-03-02T09:02:22.531000", "created": "2025-01-31T09:52:23.158000", "tags": [ "information stealing", "lumma stealer" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html" ], "public": 1, "adversary": "Stargazer Goblin", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null }, { "id": "SectopRAT", "display_name": "SectopRAT", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Cobeacon", "display_name": "Cobeacon", "target": null } ], "attack_ids": [ { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 54, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 17, "FileHash-MD5": 2, "FileHash-SHA256": 1, "domain": 16 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 386493, "modified_text": "454 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67a069df10b7aaf19d8956ca", "name": "Lumma Stealer's GitHub-Based Delivery Explored via Managed Detection and Response", "description": "", "modified": "2025-03-02T09:02:22.531000", "created": "2025-02-03T07:01:51.012000", "tags": [ "information stealing", "lumma stealer" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html" ], "public": 1, "adversary": "Stargazer Goblin", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null }, { "id": "SectopRAT", "display_name": "SectopRAT", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Cobeacon", "display_name": "Cobeacon", "target": null } ], "attack_ids": [ { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": "679c9d57da555f158d9bd671", "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 17, "FileHash-MD5": 2, "FileHash-SHA256": 1, "domain": 16 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "454 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67a190e2ecf07150fe50809b", "name": "Lumma Stealer's GitHub-Based Delivery Explored via Managed Detection and Response", "description": "", "modified": "2025-03-02T09:02:22.531000", "created": "2025-02-04T04:00:34.384000", "tags": [ "information stealing", "lumma stealer" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html" ], "public": 1, "adversary": "Stargazer Goblin", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null }, { "id": "SectopRAT", "display_name": "SectopRAT", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Cobeacon", "display_name": "Cobeacon", "target": null } ], "attack_ids": [ { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": "67a069df10b7aaf19d8956ca", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 17, "FileHash-MD5": 2, "FileHash-SHA256": 1, "domain": 16 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "454 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html" ], "related": { "alienvault": { "adversary": [ "Stargazer Goblin" ], "malware_families": [ "Lumma stealer", "Cobeacon", "Vidar", "Sectoprat" ], "industries": [], "unique_indicators": 40 }, "other": { "adversary": [ "Stargazer Goblin" ], "malware_families": [ "Lumma stealer", "Cobeacon", "Vidar", "Sectoprat" ], "industries": [], "unique_indicators": 40 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/afterpm.com", "whois": "http://whois.domaintools.com/afterpm.com", "domain": "afterpm.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "679c9d57da555f158d9bd671", "name": "Lumma Stealer's GitHub-Based Delivery Explored via Managed Detection and Response", "description": "Trend Micro's Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub. The attackers exploited GitHub's release infrastructure to deliver various malware, including SectopRAT, Vidar, and Cobeacon. The campaign used compromised websites for redirection to GitHub-hosted malicious payloads. The malware exfiltrated sensitive data, connected to C&C servers, and employed evasion techniques. The tactics show similarities with the Stargazer Goblin group, known for using compromised websites and GitHub for payload distribution. The attack chain involved multiple stages, including initial access through GitHub, execution of malware, and subsequent deployment of additional tools. The campaign highlights the evolving distribution methods of Lumma Stealer and the importance of proactive security measures.", "modified": "2025-03-02T09:02:22.531000", "created": "2025-01-31T09:52:23.158000", "tags": [ "information stealing", "lumma stealer" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html" ], "public": 1, "adversary": "Stargazer Goblin", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null }, { "id": "SectopRAT", "display_name": "SectopRAT", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Cobeacon", "display_name": "Cobeacon", "target": null } ], "attack_ids": [ { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 54, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 17, "FileHash-MD5": 2, "FileHash-SHA256": 1, "domain": 16 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 386493, "modified_text": "454 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67a069df10b7aaf19d8956ca", "name": "Lumma Stealer's GitHub-Based Delivery Explored via Managed Detection and Response", "description": "", "modified": "2025-03-02T09:02:22.531000", "created": "2025-02-03T07:01:51.012000", "tags": [ "information stealing", "lumma stealer" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html" ], "public": 1, "adversary": "Stargazer Goblin", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null }, { "id": "SectopRAT", "display_name": "SectopRAT", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Cobeacon", "display_name": "Cobeacon", "target": null } ], "attack_ids": [ { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": "679c9d57da555f158d9bd671", "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 17, "FileHash-MD5": 2, "FileHash-SHA256": 1, "domain": 16 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "454 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67a190e2ecf07150fe50809b", "name": "Lumma Stealer's GitHub-Based Delivery Explored via Managed Detection and Response", "description": "", "modified": "2025-03-02T09:02:22.531000", "created": "2025-02-04T04:00:34.384000", "tags": [ "information stealing", "lumma stealer" ], "references": [ "https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html" ], "public": 1, "adversary": "Stargazer Goblin", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null }, { "id": "SectopRAT", "display_name": "SectopRAT", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Cobeacon", "display_name": "Cobeacon", "target": null } ], "attack_ids": [ { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": "67a069df10b7aaf19d8956ca", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 17, "FileHash-MD5": 2, "FileHash-SHA256": 1, "domain": 16 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "454 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://afterpm.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://afterpm.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780211204.2645762 }