{ "type": "URL", "indicator": "https://aika.hanbiton.com/Home/Home.aspx", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://aika.hanbiton.com/Home/Home.aspx", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2915950184, "indicator": "https://aika.hanbiton.com/Home/Home.aspx", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "657080e9f19d1d47ab3dc1e6", "name": "korean mail host - spamware hmmm not to sure here", "description": "", "modified": "2023-12-06T14:10:49.819000", "created": "2023-12-06T14:10:49.819000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 107, "hostname": 64, "URL": 253, "domain": 18, "FileHash-MD5": 2, "FileHash-SHA1": 1, "email": 2 }, "indicator_count": 447, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6227d2adede306e7d74b7800", "name": "korean mail host - spamware hmmm not to sure here", "description": "", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-08T22:03:25.647000", "tags": [ "date", "found" ], "references": [ "http://ge-patch.hanbiton.com/liveserver/322793.zip", "019a4c52126edf46c9f22ea4245e13a440c81319019dbbc4596a36923f5ce76f 552b8d7f984f13dda61c0f143ebab6d7d8778742289297e63dd20abff1a7cefb 75e06a7f31cf2e01e8f837bd2fbf9b44bae49a2ebd96e5686d28e7603ec2a283 7ec1c1d073210f94dfdfea82b12729879f56be442ea93e2014ad6750ea681df5" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 253, "FileHash-SHA256": 107, "hostname": 64, "domain": 18, "FileHash-MD5": 2, "FileHash-SHA1": 1, "email": 2 }, "indicator_count": 447, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1517 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62280bb2008d7dee8fe905f3", "name": "#039;productfirefox-latest-ssloswin64langen-US&", "description": "", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-09T02:06:42.803000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "dropped file", "unicode", "runtime data", "threat level", "raw size", "virtual address", "virtual size", "sha256", "date", "mozilla", "win64", "accept", "suspicious", "updater", "glue", "locale", "install", "hybrid", "general", "malicious", "close", "click", "hosts", "baop", "union", "strings", "stop" ], "references": [ "https://hybrid-analysis.com/sample/131010821b48a065510fe549e686fdf0ddb1119677e6eabdb025ded0c8bfe70f/61e66f38ad324c267042213a", "http://detectportal.firefox.com/vkwf.txt.exe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1124", "name": "System Time Discovery", "display_name": "T1124 - System Time Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 198, "URL": 451, "domain": 66, "FileHash-SHA256": 250, "FileHash-MD5": 273, "FileHash-SHA1": 81, "SSLCertFingerprint": 3, "email": 3 }, "indicator_count": 1325, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1517 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/131010821b48a065510fe549e686fdf0ddb1119677e6eabdb025ded0c8bfe70f/61e66f38ad324c267042213a", "http://detectportal.firefox.com/vkwf.txt.exe", "http://ge-patch.hanbiton.com/liveserver/322793.zip", "019a4c52126edf46c9f22ea4245e13a440c81319019dbbc4596a36923f5ce76f 552b8d7f984f13dda61c0f143ebab6d7d8778742289297e63dd20abff1a7cefb 75e06a7f31cf2e01e8f837bd2fbf9b44bae49a2ebd96e5686d28e7603ec2a283 7ec1c1d073210f94dfdfea82b12729879f56be442ea93e2014ad6750ea681df5" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 1573 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/hanbiton.com", "whois": "http://whois.domaintools.com/hanbiton.com", "domain": "hanbiton.com", "hostname": "aika.hanbiton.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "657080e9f19d1d47ab3dc1e6", "name": "korean mail host - spamware hmmm not to sure here", "description": "", "modified": "2023-12-06T14:10:49.819000", "created": "2023-12-06T14:10:49.819000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 107, "hostname": 64, "URL": 253, "domain": 18, "FileHash-MD5": 2, "FileHash-SHA1": 1, "email": 2 }, "indicator_count": 447, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6227d2adede306e7d74b7800", "name": "korean mail host - spamware hmmm not to sure here", "description": "", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-08T22:03:25.647000", "tags": [ "date", "found" ], "references": [ "http://ge-patch.hanbiton.com/liveserver/322793.zip", "019a4c52126edf46c9f22ea4245e13a440c81319019dbbc4596a36923f5ce76f 552b8d7f984f13dda61c0f143ebab6d7d8778742289297e63dd20abff1a7cefb 75e06a7f31cf2e01e8f837bd2fbf9b44bae49a2ebd96e5686d28e7603ec2a283 7ec1c1d073210f94dfdfea82b12729879f56be442ea93e2014ad6750ea681df5" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 253, "FileHash-SHA256": 107, "hostname": 64, "domain": 18, "FileHash-MD5": 2, "FileHash-SHA1": 1, "email": 2 }, "indicator_count": 447, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1517 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62280bb2008d7dee8fe905f3", "name": "#039;productfirefox-latest-ssloswin64langen-US&", "description": "", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-09T02:06:42.803000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "dropped file", "unicode", "runtime data", "threat level", "raw size", "virtual address", "virtual size", "sha256", "date", "mozilla", "win64", "accept", "suspicious", "updater", "glue", "locale", "install", "hybrid", "general", "malicious", "close", "click", "hosts", "baop", "union", "strings", "stop" ], "references": [ "https://hybrid-analysis.com/sample/131010821b48a065510fe549e686fdf0ddb1119677e6eabdb025ded0c8bfe70f/61e66f38ad324c267042213a", "http://detectportal.firefox.com/vkwf.txt.exe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1124", "name": "System Time Discovery", "display_name": "T1124 - System Time Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 198, "URL": 451, "domain": 66, "FileHash-SHA256": 250, "FileHash-MD5": 273, "FileHash-SHA1": 81, "SSLCertFingerprint": 3, "email": 3 }, "indicator_count": 1325, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1517 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://aika.hanbiton.com/Home/Home.aspx", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://aika.hanbiton.com/Home/Home.aspx", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780414709.6798549 }