{ "type": "URL", "indicator": "https://aka.ms/ke", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://aka.ms/ke", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #256", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain aka.ms", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain aka.ms", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3444518808, "indicator": "https://aka.ms/ke", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "65708e34d64c3320402789ef", "name": "SmartReceipt - Receipt marketing and transactional analytics software. install.receipt.com", "description": "", "modified": "2023-12-06T15:07:32.118000", "created": "2023-12-06T15:07:32.118000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 501, "domain": 358, "URL": 1779, "hostname": 962, "FileHash-MD5": 114, "FileHash-SHA1": 84, "email": 1 }, "indicator_count": 3801, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62ba1dad73da5f097bdafe01", "name": "http://webdisk.reactivate-my.com/ - RU", "description": "CVE-2021-22941", "modified": "2022-07-27T00:02:05.219000", "created": "2022-06-27T21:14:21.114000", "tags": [ "CVE-2021-22941" ], "references": [ "https://hybrid-analysis.com/sample/dca021fd5e58799c89739dacf36d11f68d2bcb0820b6640b46f660960856b038/62b7bbe2a6e26f1e7e55652b", "CVE-2021-22941" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 21, "domain": 28, "URL": 69, "FileHash-SHA256": 29, "FileHash-MD5": 20, "FileHash-SHA1": 18, "email": 2 }, "indicator_count": 187, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1405 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62ae2946eba75493f16b6bbb", "name": "www.internalfb.com/", "description": "pushing bad windows update disallow cert list", "modified": "2022-07-18T00:05:00.110000", "created": "2022-06-18T19:36:38.611000", "tags": [ "malware", "trojan", "apt", "decrypted ssl", "windows nt", "okvary", "runtime data", "hosts", "june", "malicious", "local", "serg", "kala", "february", "neural sub doms" ], "references": [ "https://hybrid-analysis.com/sample/5104dd16ffd51681daa3a9021cbd5828d0cfad56e37e4b47f131c5f863338ce0/62ae1e3e8e06564d06588803" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 134, "domain": 12, "hostname": 15, "URL": 74, "CVE": 1, "FileHash-MD5": 55, "FileHash-SHA1": 51 }, "indicator_count": 342, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6284d6cf7cd2ec0a82f3da8b", "name": "https://ipko.pl.cokhikiengiang.vn/ko/", "description": "CVE-2021-22941", "modified": "2022-06-17T00:01:43.273000", "created": "2022-05-18T11:21:51.541000", "tags": [ "trojan", "apt", "unicode", "malicious", "february", "streams hash", "pcap", "windows nt", "decrypted ssl", "mozilla", "syten", "wind", "trident", "protect", "mozi", "get meversion", "httpstatuscode", "hresult", "CVE-2021-22941" ], "references": [ "78-100.pdf", "https://cpcalendars.beranpainting.com/", "68/100 seeing a lot of cpcalendars.xxx", "100/100 ts - https://cpcalendars.beranpainting.com/", "68/100 - http://ag4food.com/yx125-engine-ujhfb/wifi-disabled-nvidia-", "70/100 - cokhikiengiang.vn/sccm-status-n9vyw/mercedes-benz-key-replacement-los-angeles.html", "https://hybrid-analysis.com/sample/795f6775fcacf16f39f59c6fe51c50fbfd743333a7f5dfa5ba26a0bba4e6af4a/6284c3afbf18a64d52186edc", "https://hybrid-analysis.com/sample/a5db33dddfc0349d93b6018181ef153b893c180738724a6362d4298f3be3223a/6284c9310a00c145c3085424", "https://hybrid-analysis.com/sample/825e5ce770821c0a06d08ae5ce2ddeac43cf143ec3abb0265f05e782a28bdd4d/6284c9bc64d4b579207e7fc0", "https://hybrid-analysis.com/sample/5580100dcf31430ef20c3648d17728059c0ab026ee6b8fbe0da24ae301b716ee/6284c8f54ebff305b769929d", "https://hybrid-analysis.com/sample/70f39824c5ac4d0c6b108bde5dca14556bbc895606008640b7bcf31a3b53df8a/6284c56f46debb4f583c52b1" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 149, "hostname": 36, "domain": 63, "FileHash-SHA256": 200, "FileHash-MD5": 135, "FileHash-SHA1": 128, "email": 1 }, "indicator_count": 712, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1445 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62817f1b91113f114df6d446", "name": "SmartReceipt - Receipt marketing and transactional analytics software. install.receipt.com", "description": "", "modified": "2022-06-14T00:00:05.659000", "created": "2022-05-15T22:30:51.437000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "dropped file", "unicode", "path", "n ansi", "q ansi", "k ansi", "t ansi", "j ansi", "explorer", "winrar", "suspicious", "info", "installer", "body", "install", "template", "hybrid", "general", "little", "close", "click", "obsolete", "win32", "delphi", "class", "strings", "malicious", "team", "february", "novo dicionrio", "hybrid analysis", "api key", "vetting process", "please note", "please", "runtime data", "size", "sha256", "sha1", "hkcuclsid", "threat level", "seen", "date", "hosts", "factory", "accept", "found", "local", "mozilla", "network related", "network traffic", "data", "decrypted ssl", "windows nt", "pcap", "pcap processing", "core", "personalized marketing", "coupon marketing", "marketing solutions software", "receipt advertising", "smartreceipt", "increase ave", "learn", "conditions", "privacy policy" ], "references": [ "https://receipt.com/", "https://hybrid-analysis.com/sample/00fa255f524660ffa461a44b9ae6715b254f1ab51e818439547ad4ae805351be/627e3e1fed152c27dc0ef614", "https://hybrid-analysis.com/sample/a8183b1c3d75f7fbf3353f8c0f8fb21ff973a260e72f24de64a86926a2aa8bb5/6280f05d68d40e7cb006d8dd", "https://hybrid-analysis.com/sample/c7a96105da4991cb58d47f15aac375f2d91ea033660a85b89a442852d5fa3e48/6281316b07368855823e564a", "https://hybrid-analysis.com/sample/f71e0ac05ae415be952b5f2d55689b10085395def7e132c27dca3fe60ed487f7/62348a15e307d42349571684" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1001.002", "name": "Steganography", "display_name": "T1001.002 - Steganography" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1011.001", "name": "Exfiltration Over Bluetooth", "display_name": "T1011.001 - Exfiltration Over Bluetooth" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1015", "name": "Accessibility Features", "display_name": "T1015 - Accessibility Features" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1034", "name": "Path Interception", "display_name": "T1034 - Path Interception" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1052.001", "name": "Exfiltration over USB", "display_name": "T1052.001 - Exfiltration over USB" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1067", "name": "Bootkit", "display_name": "T1067 - Bootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" }, { "id": "T1070.006", "name": "Timestomp", "display_name": "T1070.006 - Timestomp" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 358, "URL": 1779, "FileHash-SHA256": 501, "hostname": 962, "email": 1, "CVE": 2, "FileHash-MD5": 114, "FileHash-SHA1": 84 }, "indicator_count": 3801, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "627cf98684b454f303d33e38", "name": "hot-dates.life - 95.217.244.250", "description": "", "modified": "2022-06-11T00:03:07.696000", "created": "2022-05-12T12:11:50.224000", "tags": [ "date", "frage", "nein ja", "du kannst", "die frauen", "identitt geheim", "frauen aus", "umgebung", "dies", "achtung", "frauen treffen", "Effective URL: https://hot-dates.life/?u=g8xp605&o=59ykrgm&t=pb", "Submitted URL: https://businesscityscompanys.bar/vid/54813559.h", "https://urlscan.io/dom/b20cc78d-bf2d-448e-9063-b8ad737ebfb3/" ], "references": [ "Submitted URL: https://businesscityscompanys.bar/vid/54813559.html", "Effective URL: https://hot-dates.life/?u=g8xp605&o=59ykrgm&t=pb&cid=tycrd627ce1cc000bac97", "https://urlscan.io/dom/b20cc78d-bf2d-448e-9063-b8ad737ebfb3/", "https://hybrid-analysis.com/sample/02e3e07bebd419d438ee0023d75b9f14534b7e6ea08e38b03f02b9f25fe2c6f3/627ce1c970f9212cd5513fc7" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 86, "hostname": 14, "URI": 1, "domain": 64, "FileHash-SHA256": 25 }, "indicator_count": 190, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1451 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "627a551a774890fb2cce7585", "name": "online file analysis results for 'http://dhli7o63akmi8.cloudfront.net/files/02y7game.exe", "description": "", "modified": "2022-06-09T00:00:13.607000", "created": "2022-05-10T12:05:46.810000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "threat level", "sha256", "runtime data", "date", "path", "unicode", "ansi", "size", "sha1", "seen", "suspicious", "malicious", "hybrid", "close", "click", "hosts", "general", "local", "factory", "accept", "trident", "strings", "team", "february", "found" ], "references": [ "https://hybrid-analysis.com/sample/29f53eb067711edb691801782b6a2cc794041f5ff49a2632c27a51ed4ea17851/627a3654c936df573e680c52" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 29, "URL": 77, "domain": 15, "FileHash-SHA256": 33, "CVE": 1, "FileHash-MD5": 23, "FileHash-SHA1": 19, "email": 1 }, "indicator_count": 198, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/5104dd16ffd51681daa3a9021cbd5828d0cfad56e37e4b47f131c5f863338ce0/62ae1e3e8e06564d06588803", "https://hybrid-analysis.com/sample/5580100dcf31430ef20c3648d17728059c0ab026ee6b8fbe0da24ae301b716ee/6284c8f54ebff305b769929d", "https://hybrid-analysis.com/sample/f71e0ac05ae415be952b5f2d55689b10085395def7e132c27dca3fe60ed487f7/62348a15e307d42349571684", "CVE-2021-22941", "68/100 seeing a lot of cpcalendars.xxx", "https://hybrid-analysis.com/sample/29f53eb067711edb691801782b6a2cc794041f5ff49a2632c27a51ed4ea17851/627a3654c936df573e680c52", "https://hybrid-analysis.com/sample/00fa255f524660ffa461a44b9ae6715b254f1ab51e818439547ad4ae805351be/627e3e1fed152c27dc0ef614", "https://hybrid-analysis.com/sample/825e5ce770821c0a06d08ae5ce2ddeac43cf143ec3abb0265f05e782a28bdd4d/6284c9bc64d4b579207e7fc0", "78-100.pdf", "100/100 ts - https://cpcalendars.beranpainting.com/", "https://hybrid-analysis.com/sample/dca021fd5e58799c89739dacf36d11f68d2bcb0820b6640b46f660960856b038/62b7bbe2a6e26f1e7e55652b", "70/100 - cokhikiengiang.vn/sccm-status-n9vyw/mercedes-benz-key-replacement-los-angeles.html", "https://urlscan.io/dom/b20cc78d-bf2d-448e-9063-b8ad737ebfb3/", "https://hybrid-analysis.com/sample/795f6775fcacf16f39f59c6fe51c50fbfd743333a7f5dfa5ba26a0bba4e6af4a/6284c3afbf18a64d52186edc", "https://hybrid-analysis.com/sample/02e3e07bebd419d438ee0023d75b9f14534b7e6ea08e38b03f02b9f25fe2c6f3/627ce1c970f9212cd5513fc7", "https://cpcalendars.beranpainting.com/", "https://hybrid-analysis.com/sample/a8183b1c3d75f7fbf3353f8c0f8fb21ff973a260e72f24de64a86926a2aa8bb5/6280f05d68d40e7cb006d8dd", "https://receipt.com/", "Effective URL: https://hot-dates.life/?u=g8xp605&o=59ykrgm&t=pb&cid=tycrd627ce1cc000bac97", "https://hybrid-analysis.com/sample/c7a96105da4991cb58d47f15aac375f2d91ea033660a85b89a442852d5fa3e48/6281316b07368855823e564a", "https://hybrid-analysis.com/sample/a5db33dddfc0349d93b6018181ef153b893c180738724a6362d4298f3be3223a/6284c9310a00c145c3085424", "Submitted URL: https://businesscityscompanys.bar/vid/54813559.html", "https://hybrid-analysis.com/sample/70f39824c5ac4d0c6b108bde5dca14556bbc895606008640b7bcf31a3b53df8a/6284c56f46debb4f583c52b1", "68/100 - http://ag4food.com/yx125-engine-ujhfb/wifi-disabled-nvidia-" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 5429 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/aka.ms", "whois": "http://whois.domaintools.com/aka.ms", "domain": "aka.ms", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "65708e34d64c3320402789ef", "name": "SmartReceipt - Receipt marketing and transactional analytics software. install.receipt.com", "description": "", "modified": "2023-12-06T15:07:32.118000", "created": "2023-12-06T15:07:32.118000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 501, "domain": 358, "URL": 1779, "hostname": 962, "FileHash-MD5": 114, "FileHash-SHA1": 84, "email": 1 }, "indicator_count": 3801, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62ba1dad73da5f097bdafe01", "name": "http://webdisk.reactivate-my.com/ - RU", "description": "CVE-2021-22941", "modified": "2022-07-27T00:02:05.219000", "created": "2022-06-27T21:14:21.114000", "tags": [ "CVE-2021-22941" ], "references": [ "https://hybrid-analysis.com/sample/dca021fd5e58799c89739dacf36d11f68d2bcb0820b6640b46f660960856b038/62b7bbe2a6e26f1e7e55652b", "CVE-2021-22941" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 21, "domain": 28, "URL": 69, "FileHash-SHA256": 29, "FileHash-MD5": 20, "FileHash-SHA1": 18, "email": 2 }, "indicator_count": 187, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1405 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62ae2946eba75493f16b6bbb", "name": "www.internalfb.com/", "description": "pushing bad windows update disallow cert list", "modified": "2022-07-18T00:05:00.110000", "created": "2022-06-18T19:36:38.611000", "tags": [ "malware", "trojan", "apt", "decrypted ssl", "windows nt", "okvary", "runtime data", "hosts", "june", "malicious", "local", "serg", "kala", "february", "neural sub doms" ], "references": [ "https://hybrid-analysis.com/sample/5104dd16ffd51681daa3a9021cbd5828d0cfad56e37e4b47f131c5f863338ce0/62ae1e3e8e06564d06588803" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 134, "domain": 12, "hostname": 15, "URL": 74, "CVE": 1, "FileHash-MD5": 55, "FileHash-SHA1": 51 }, "indicator_count": 342, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6284d6cf7cd2ec0a82f3da8b", "name": "https://ipko.pl.cokhikiengiang.vn/ko/", "description": "CVE-2021-22941", "modified": "2022-06-17T00:01:43.273000", "created": "2022-05-18T11:21:51.541000", "tags": [ "trojan", "apt", "unicode", "malicious", "february", "streams hash", "pcap", "windows nt", "decrypted ssl", "mozilla", "syten", "wind", "trident", "protect", "mozi", "get meversion", "httpstatuscode", "hresult", "CVE-2021-22941" ], "references": [ "78-100.pdf", "https://cpcalendars.beranpainting.com/", "68/100 seeing a lot of cpcalendars.xxx", "100/100 ts - https://cpcalendars.beranpainting.com/", "68/100 - http://ag4food.com/yx125-engine-ujhfb/wifi-disabled-nvidia-", "70/100 - cokhikiengiang.vn/sccm-status-n9vyw/mercedes-benz-key-replacement-los-angeles.html", "https://hybrid-analysis.com/sample/795f6775fcacf16f39f59c6fe51c50fbfd743333a7f5dfa5ba26a0bba4e6af4a/6284c3afbf18a64d52186edc", "https://hybrid-analysis.com/sample/a5db33dddfc0349d93b6018181ef153b893c180738724a6362d4298f3be3223a/6284c9310a00c145c3085424", "https://hybrid-analysis.com/sample/825e5ce770821c0a06d08ae5ce2ddeac43cf143ec3abb0265f05e782a28bdd4d/6284c9bc64d4b579207e7fc0", "https://hybrid-analysis.com/sample/5580100dcf31430ef20c3648d17728059c0ab026ee6b8fbe0da24ae301b716ee/6284c8f54ebff305b769929d", "https://hybrid-analysis.com/sample/70f39824c5ac4d0c6b108bde5dca14556bbc895606008640b7bcf31a3b53df8a/6284c56f46debb4f583c52b1" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 149, "hostname": 36, "domain": 63, "FileHash-SHA256": 200, "FileHash-MD5": 135, "FileHash-SHA1": 128, "email": 1 }, "indicator_count": 712, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1445 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62817f1b91113f114df6d446", "name": "SmartReceipt - Receipt marketing and transactional analytics software. install.receipt.com", "description": "", "modified": "2022-06-14T00:00:05.659000", "created": "2022-05-15T22:30:51.437000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "dropped file", "unicode", "path", "n ansi", "q ansi", "k ansi", "t ansi", "j ansi", "explorer", "winrar", "suspicious", "info", "installer", "body", "install", "template", "hybrid", "general", "little", "close", "click", "obsolete", "win32", "delphi", "class", "strings", "malicious", "team", "february", "novo dicionrio", "hybrid analysis", "api key", "vetting process", "please note", "please", "runtime data", "size", "sha256", "sha1", "hkcuclsid", "threat level", "seen", "date", "hosts", "factory", "accept", "found", "local", "mozilla", "network related", "network traffic", "data", "decrypted ssl", "windows nt", "pcap", "pcap processing", "core", "personalized marketing", "coupon marketing", "marketing solutions software", "receipt advertising", "smartreceipt", "increase ave", "learn", "conditions", "privacy policy" ], "references": [ "https://receipt.com/", "https://hybrid-analysis.com/sample/00fa255f524660ffa461a44b9ae6715b254f1ab51e818439547ad4ae805351be/627e3e1fed152c27dc0ef614", "https://hybrid-analysis.com/sample/a8183b1c3d75f7fbf3353f8c0f8fb21ff973a260e72f24de64a86926a2aa8bb5/6280f05d68d40e7cb006d8dd", "https://hybrid-analysis.com/sample/c7a96105da4991cb58d47f15aac375f2d91ea033660a85b89a442852d5fa3e48/6281316b07368855823e564a", "https://hybrid-analysis.com/sample/f71e0ac05ae415be952b5f2d55689b10085395def7e132c27dca3fe60ed487f7/62348a15e307d42349571684" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1001.002", "name": "Steganography", "display_name": "T1001.002 - Steganography" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1011.001", "name": "Exfiltration Over Bluetooth", "display_name": "T1011.001 - Exfiltration Over Bluetooth" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1015", "name": "Accessibility Features", "display_name": "T1015 - Accessibility Features" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1034", "name": "Path Interception", "display_name": "T1034 - Path Interception" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1052.001", "name": "Exfiltration over USB", "display_name": "T1052.001 - Exfiltration over USB" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1067", "name": "Bootkit", "display_name": "T1067 - Bootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" }, { "id": "T1070.006", "name": "Timestomp", "display_name": "T1070.006 - Timestomp" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 358, "URL": 1779, "FileHash-SHA256": 501, "hostname": 962, "email": 1, "CVE": 2, "FileHash-MD5": 114, "FileHash-SHA1": 84 }, "indicator_count": 3801, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "627cf98684b454f303d33e38", "name": "hot-dates.life - 95.217.244.250", "description": "", "modified": "2022-06-11T00:03:07.696000", "created": "2022-05-12T12:11:50.224000", "tags": [ "date", "frage", "nein ja", "du kannst", "die frauen", "identitt geheim", "frauen aus", "umgebung", "dies", "achtung", "frauen treffen", "Effective URL: https://hot-dates.life/?u=g8xp605&o=59ykrgm&t=pb", "Submitted URL: https://businesscityscompanys.bar/vid/54813559.h", "https://urlscan.io/dom/b20cc78d-bf2d-448e-9063-b8ad737ebfb3/" ], "references": [ "Submitted URL: https://businesscityscompanys.bar/vid/54813559.html", "Effective URL: https://hot-dates.life/?u=g8xp605&o=59ykrgm&t=pb&cid=tycrd627ce1cc000bac97", "https://urlscan.io/dom/b20cc78d-bf2d-448e-9063-b8ad737ebfb3/", "https://hybrid-analysis.com/sample/02e3e07bebd419d438ee0023d75b9f14534b7e6ea08e38b03f02b9f25fe2c6f3/627ce1c970f9212cd5513fc7" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 86, "hostname": 14, "URI": 1, "domain": 64, "FileHash-SHA256": 25 }, "indicator_count": 190, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1451 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "627a551a774890fb2cce7585", "name": "online file analysis results for 'http://dhli7o63akmi8.cloudfront.net/files/02y7game.exe", "description": "", "modified": "2022-06-09T00:00:13.607000", "created": "2022-05-10T12:05:46.810000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "threat level", "sha256", "runtime data", "date", "path", "unicode", "ansi", "size", "sha1", "seen", "suspicious", "malicious", "hybrid", "close", "click", "hosts", "general", "local", "factory", "accept", "trident", "strings", "team", "february", "found" ], "references": [ "https://hybrid-analysis.com/sample/29f53eb067711edb691801782b6a2cc794041f5ff49a2632c27a51ed4ea17851/627a3654c936df573e680c52" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 29, "URL": 77, "domain": 15, "FileHash-SHA256": 33, "CVE": 1, "FileHash-MD5": 23, "FileHash-SHA1": 19, "email": 1 }, "indicator_count": 198, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://aka.ms/ke", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://aka.ms/ke", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780292194.041282 }