{ "type": "URL", "indicator": "https://alberta.ca", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://alberta.ca", "type": "url", "type_title": "URL", "validation": [ { "source": "majestic", "message": "Whitelisted domain alberta.ca", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4066048713, "indicator": "https://alberta.ca", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6a191c2f71c868406024097f", "name": "\u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0439", "description": "\u041a \u0447\u0451\u0440\u0442\u0443 \u044d\u0442\u0443 \u043f\u0440\u043e\u0432\u0438\u043d\u0446\u0438\u044e. \u0417\u0430\u0445\u043e\u0434\u0438\u0442\u0435 \u0432\u0441\u0435, \u0432\u043e\u0434\u0430 \u043e\u0442\u043b\u0438\u0447\u043d\u0430\u044f.", "modified": "2026-05-29T04:55:11.325000", "created": "2026-05-29T04:55:11.325000", "tags": [ "tuca", "sct1", "seg0", "gaz1", "p1780029305477", "sid1780029305", "euaaaaagac", "nsi1", "p1780029178835", "ccc https", "locale" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "Poland" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 543, "FileHash-MD5": 3, "FileHash-SHA256": 3, "IPv4": 119, "domain": 44, "hostname": 86 }, "indicator_count": 798, "is_author": false, "is_subscribing": null, "subscriber_count": 18, "modified_text": "2 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69228447b9c71795633314df", "name": "Keep Corrupt - University of Alberta Incidents continue to escalate - 04.24.26", "description": "Recovered accounts that have been used & abused - courtesy of decisions by non-technical leadership = accounts for UAlberta students -> PW manager made inaccessible (tied to UAlberta account) during a Data-Breach.\nWhen PW manager & Accounts returned, was populated by these (many = fraudulent; some appear to be abuse of legitimate services, while others do not, yet don't know function or origin)\n\nNot representative of OG PW manager. Many (most) accts. used/abused (on-going). \n\nDon't have a backup of original = hard to compare. Don't quite know what the majority of these companies etc. are for and/or do exactly. Putting them together as they roll-in.\nCan't turn them off in most cases - I don't have access to the U of A accounts these originate from and/or original recovery methods. \n\n2 more batches to add to this pulse (Need to add into VT) 02.16.26\n\nCountries listed are where 2 victims (UAlberta Graduates) have citizenship or some tie with.", "modified": "2026-05-24T21:18:51.782000", "created": "2025-11-23T03:49:27.649000", "tags": [ "geoip", "as54113", "fastly", "as20940", "as15169", "google", "as214401", "maincubesas", "gmbh", "apache geoip", "facebook", "UAlberta", "AHS", "Treaty 8", "GoA", "Alberta", "Edmonton", "YEG" ], "references": [ "https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a", "URLscanio, FSio, vT", "03.11.14: https://www.virustotal.com/graph/embed/ge2e309eb8bd34fcca56398089b2291058dfe1fca69dc4e5aa66db0365caf735b?theme=dark", "https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/summary", "https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/iocs", "https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a (11.22.25)" ], "public": 1, "adversary": "", "targeted_countries": [ "Cura\u00e7ao", "Guatemala", "Sint Maarten (Dutch part)", "Tanzania, United Republic of", "Barbados", "United States of America", "Bahamas", "Anguilla", "Canada", "Saint Vincent and the Grenadines", "United Kingdom of Great Britain and Northern Ireland", "Kenya", "France", "Aruba", "Mexico", "Poland", "Costa Rica", "Ireland", "Trinidad and Tobago", "Netherlands", "Slovakia", "Spain", "Philippines" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Technology", "Telecommunications", "Education", "Healthcare", "Finance", "Retail", "Hospitality", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 47, "FileHash-MD5": 53, "FileHash-SHA1": 16, "FileHash-SHA256": 1059, "URL": 6374, "domain": 3314, "email": 1395, "hostname": 3740, "CVE": 1 }, "indicator_count": 15999, "is_author": false, "is_subscribing": null, "subscriber_count": 136, "modified_text": "6 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67e709c0cfa1a1851d81a657", "name": "Government of Alberta ** Domain Analysis - 05.05.25", "description": "Domain Name: alberta.ca\nRegistry Domain ID: D198023-CIRA\nRegistrar WHOIS Server: whois.ca.fury.ca\nRegistrar URL: webnames.ca\nRegistrar: Webnames.ca Inc.\nRegistrar IANA ID: 456\nRegistrar Abuse Contact Email: abuse@webnames.ca\nRegistrar Abuse Contact Phone: +1.8662217878\n\nRegistry Registrant ID: R2532-CIRA\nRegistrant Name: Alberta Provincial Government\n3720 - 76 Avenue, Main Floor - Access Building\nEdmonton, AB T6B2N9, CA\nPh: +1.7806381828\nFax: +1.7806385949\nRegistrant Email: dutyweb@gov.ab.ca\nRegistry Admin ID: C851779-CIRA\nAdmin Name: CERTS Analyst\nAdmin Email: certs@gov.ab.ca\nRegistry Tech ID: C851781-CIRA\n\nName Server: is-dns1.gov.ab.ca\nName Server: is-dns3.gov.ab.ca\nDNSSEC: unsigned", "modified": "2025-06-05T02:05:37.765000", "created": "2025-03-28T20:42:40.389000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "symbol", "memoryfile scan", "path", "alberta", "prefetch8 ansi", "please", "show process", "date", "span", "find", "facebook", "twitter", "footer", "iframe", "suspicious", "body", "generator", "april", "energy", "comspec", "hybrid", "form", "main", "model", "close", "click", "hosts", "general", "starfield", "strings", "contact", "triage", "report", "reported", "analyze", "download submit", "sha512", "sha256", "prefetch8", "sha1", "filesize", "file", "prefetch1", "dataedge cloud", "process key", "config", "copy", "target", "impact", "javascript", "threat intelligence", "feed", "ioc", "change theme", "contact us", "intelligence", "threats api", "analyze api", "overview", "threats explore", "rate limits", "stixtaxii", "bulk export", "virus", "ransomware", "static", "indicator of compromise", "extraction", "emulation", "platform", "eid2", "eid3", "uaaaaaaai", "eid104", "malcore", "file analysis", "historical dns", "info", "login", "scan", "domain analysis", "discovered ip", "subdomains", "info malcore", "simple file", "policy terms", "intelligence x", "results", "product blog", "sign", "most relevant", "darknet", "please search", "search advanced", "categories date", "term", "slow", "scroll", "schedule", "cavalier", "bayonet", "full report", "users", "free report", "hudson rock", "attack surface", "customers", "demo explore", "tools", "third", "protect", "over", "rock", "service" ], "references": [ "https://hybrid-analysis.com/sample/b0221df98cf7c8cbb752166c2942167038905c6ce60cd4289bee7d6c9d9c9981/67e70010db76da6d2704fa75", "https://tria.ge/250328-yq3hrsz1c1/behavioral1", "https://www.virustotal.com/gui/domain/alberta.ca", "https://pulsedive.com/indicator/?iid=9866511", "https://www.filescan.io/uploads/67e70367631830704a8a8a0c/reports/0cb06032-68da-40e4-8f2a-f2ef06384df8/ioc", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce = Domain Analysis (refer to databreaches)", "https://intelx.io/?s=alberta.ca", "https://www.hudsonrock.com/search?domain=alberta.ca", "https://polyswarm.network/scan/results/url/8f3e04dffd9a4447667ca0135138ca8da321c66c9dbd6be815c17e2aa6e6f292", "https://www.urlvoid.com/whois-lookup/", "https://app.pentester.com/scans/U2NhblR5cGU6NjM1NDk1OA==", "https://cwe.mitre.org/data/definitions/79.html", "https://www.virustotal.com/gui/domain/alberta.ca/relations", "http://ci-www.threatcrowd.org/domain.php?domain=alberta.ca", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce", "https://www.hybrid-analysis.com/sample/9b22c3771c435ce35bd0d8c766594a7e01156167829b60155e028d8852c69ba2/681974f451849933040662f6", "https://www.filescan.io/uploads/68197523c7418694c8a5dcd3/reports/ae06283d-f5d8-426d-a32c-1a04566e7635/ioc" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1217", "name": "Browser Bookmark Discovery", "display_name": "T1217 - Browser Bookmark Discovery" } ], "industries": [ "Education", "Technology", "Government", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 62, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 126, "FileHash-SHA1": 118, "FileHash-SHA256": 347, "SSLCertFingerprint": 18, "domain": 149, "email": 16, "URL": 478, "hostname": 1562, "CVE": 7 }, "indicator_count": 2821, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "360 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/gui/domain/alberta.ca/relations", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce = Domain Analysis (refer to databreaches)", "https://www.filescan.io/uploads/67e70367631830704a8a8a0c/reports/0cb06032-68da-40e4-8f2a-f2ef06384df8/ioc", "https://intelx.io/?s=alberta.ca", "https://www.filescan.io/uploads/68197523c7418694c8a5dcd3/reports/ae06283d-f5d8-426d-a32c-1a04566e7635/ioc", "https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/summary", "https://polyswarm.network/scan/results/url/8f3e04dffd9a4447667ca0135138ca8da321c66c9dbd6be815c17e2aa6e6f292", "03.11.14: https://www.virustotal.com/graph/embed/ge2e309eb8bd34fcca56398089b2291058dfe1fca69dc4e5aa66db0365caf735b?theme=dark", "https://www.urlvoid.com/whois-lookup/", "https://tria.ge/250328-yq3hrsz1c1/behavioral1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce", "http://ci-www.threatcrowd.org/domain.php?domain=alberta.ca", "https://hybrid-analysis.com/sample/b0221df98cf7c8cbb752166c2942167038905c6ce60cd4289bee7d6c9d9c9981/67e70010db76da6d2704fa75", "https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/iocs", "https://app.pentester.com/scans/U2NhblR5cGU6NjM1NDk1OA==", "https://www.hudsonrock.com/search?domain=alberta.ca", "URLscanio, FSio, vT", "https://pulsedive.com/indicator/?iid=9866511", "https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a", "https://www.hybrid-analysis.com/sample/9b22c3771c435ce35bd0d8c766594a7e01156167829b60155e028d8852c69ba2/681974f451849933040662f6", "https://cwe.mitre.org/data/definitions/79.html", "https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a (11.22.25)", "https://www.virustotal.com/gui/domain/alberta.ca" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Telecommunications", "Finance", "Hospitality", "Healthcare", "Education", "Retail", "Technology", "Transportation", "Government" ], "unique_indicators": 12039 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/alberta.ca", "whois": "http://whois.domaintools.com/alberta.ca", "domain": "alberta.ca", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6a191c2f71c868406024097f", "name": "\u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0439", "description": "\u041a \u0447\u0451\u0440\u0442\u0443 \u044d\u0442\u0443 \u043f\u0440\u043e\u0432\u0438\u043d\u0446\u0438\u044e. \u0417\u0430\u0445\u043e\u0434\u0438\u0442\u0435 \u0432\u0441\u0435, \u0432\u043e\u0434\u0430 \u043e\u0442\u043b\u0438\u0447\u043d\u0430\u044f.", "modified": "2026-05-29T04:55:11.325000", "created": "2026-05-29T04:55:11.325000", "tags": [ "tuca", "sct1", "seg0", "gaz1", "p1780029305477", "sid1780029305", "euaaaaagac", "nsi1", "p1780029178835", "ccc https", "locale" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "Poland" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 543, "FileHash-MD5": 3, "FileHash-SHA256": 3, "IPv4": 119, "domain": 44, "hostname": 86 }, "indicator_count": 798, "is_author": false, "is_subscribing": null, "subscriber_count": 18, "modified_text": "2 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69228447b9c71795633314df", "name": "Keep Corrupt - University of Alberta Incidents continue to escalate - 04.24.26", "description": "Recovered accounts that have been used & abused - courtesy of decisions by non-technical leadership = accounts for UAlberta students -> PW manager made inaccessible (tied to UAlberta account) during a Data-Breach.\nWhen PW manager & Accounts returned, was populated by these (many = fraudulent; some appear to be abuse of legitimate services, while others do not, yet don't know function or origin)\n\nNot representative of OG PW manager. Many (most) accts. used/abused (on-going). \n\nDon't have a backup of original = hard to compare. Don't quite know what the majority of these companies etc. are for and/or do exactly. Putting them together as they roll-in.\nCan't turn them off in most cases - I don't have access to the U of A accounts these originate from and/or original recovery methods. \n\n2 more batches to add to this pulse (Need to add into VT) 02.16.26\n\nCountries listed are where 2 victims (UAlberta Graduates) have citizenship or some tie with.", "modified": "2026-05-24T21:18:51.782000", "created": "2025-11-23T03:49:27.649000", "tags": [ "geoip", "as54113", "fastly", "as20940", "as15169", "google", "as214401", "maincubesas", "gmbh", "apache geoip", "facebook", "UAlberta", "AHS", "Treaty 8", "GoA", "Alberta", "Edmonton", "YEG" ], "references": [ "https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a", "URLscanio, FSio, vT", "03.11.14: https://www.virustotal.com/graph/embed/ge2e309eb8bd34fcca56398089b2291058dfe1fca69dc4e5aa66db0365caf735b?theme=dark", "https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/summary", "https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/iocs", "https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a (11.22.25)" ], "public": 1, "adversary": "", "targeted_countries": [ "Cura\u00e7ao", "Guatemala", "Sint Maarten (Dutch part)", "Tanzania, United Republic of", "Barbados", "United States of America", "Bahamas", "Anguilla", "Canada", "Saint Vincent and the Grenadines", "United Kingdom of Great Britain and Northern Ireland", "Kenya", "France", "Aruba", "Mexico", "Poland", "Costa Rica", "Ireland", "Trinidad and Tobago", "Netherlands", "Slovakia", "Spain", "Philippines" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Technology", "Telecommunications", "Education", "Healthcare", "Finance", "Retail", "Hospitality", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 47, "FileHash-MD5": 53, "FileHash-SHA1": 16, "FileHash-SHA256": 1059, "URL": 6374, "domain": 3314, "email": 1395, "hostname": 3740, "CVE": 1 }, "indicator_count": 15999, "is_author": false, "is_subscribing": null, "subscriber_count": 136, "modified_text": "6 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67e709c0cfa1a1851d81a657", "name": "Government of Alberta ** Domain Analysis - 05.05.25", "description": "Domain Name: alberta.ca\nRegistry Domain ID: D198023-CIRA\nRegistrar WHOIS Server: whois.ca.fury.ca\nRegistrar URL: webnames.ca\nRegistrar: Webnames.ca Inc.\nRegistrar IANA ID: 456\nRegistrar Abuse Contact Email: abuse@webnames.ca\nRegistrar Abuse Contact Phone: +1.8662217878\n\nRegistry Registrant ID: R2532-CIRA\nRegistrant Name: Alberta Provincial Government\n3720 - 76 Avenue, Main Floor - Access Building\nEdmonton, AB T6B2N9, CA\nPh: +1.7806381828\nFax: +1.7806385949\nRegistrant Email: dutyweb@gov.ab.ca\nRegistry Admin ID: C851779-CIRA\nAdmin Name: CERTS Analyst\nAdmin Email: certs@gov.ab.ca\nRegistry Tech ID: C851781-CIRA\n\nName Server: is-dns1.gov.ab.ca\nName Server: is-dns3.gov.ab.ca\nDNSSEC: unsigned", "modified": "2025-06-05T02:05:37.765000", "created": "2025-03-28T20:42:40.389000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "symbol", "memoryfile scan", "path", "alberta", "prefetch8 ansi", "please", "show process", "date", "span", "find", "facebook", "twitter", "footer", "iframe", "suspicious", "body", "generator", "april", "energy", "comspec", "hybrid", "form", "main", "model", "close", "click", "hosts", "general", "starfield", "strings", "contact", "triage", "report", "reported", "analyze", "download submit", "sha512", "sha256", "prefetch8", "sha1", "filesize", "file", "prefetch1", "dataedge cloud", "process key", "config", "copy", "target", "impact", "javascript", "threat intelligence", "feed", "ioc", "change theme", "contact us", "intelligence", "threats api", "analyze api", "overview", "threats explore", "rate limits", "stixtaxii", "bulk export", "virus", "ransomware", "static", "indicator of compromise", "extraction", "emulation", "platform", "eid2", "eid3", "uaaaaaaai", "eid104", "malcore", "file analysis", "historical dns", "info", "login", "scan", "domain analysis", "discovered ip", "subdomains", "info malcore", "simple file", "policy terms", "intelligence x", "results", "product blog", "sign", "most relevant", "darknet", "please search", "search advanced", "categories date", "term", "slow", "scroll", "schedule", "cavalier", "bayonet", "full report", "users", "free report", "hudson rock", "attack surface", "customers", "demo explore", "tools", "third", "protect", "over", "rock", "service" ], "references": [ "https://hybrid-analysis.com/sample/b0221df98cf7c8cbb752166c2942167038905c6ce60cd4289bee7d6c9d9c9981/67e70010db76da6d2704fa75", "https://tria.ge/250328-yq3hrsz1c1/behavioral1", "https://www.virustotal.com/gui/domain/alberta.ca", "https://pulsedive.com/indicator/?iid=9866511", "https://www.filescan.io/uploads/67e70367631830704a8a8a0c/reports/0cb06032-68da-40e4-8f2a-f2ef06384df8/ioc", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce = Domain Analysis (refer to databreaches)", "https://intelx.io/?s=alberta.ca", "https://www.hudsonrock.com/search?domain=alberta.ca", "https://polyswarm.network/scan/results/url/8f3e04dffd9a4447667ca0135138ca8da321c66c9dbd6be815c17e2aa6e6f292", "https://www.urlvoid.com/whois-lookup/", "https://app.pentester.com/scans/U2NhblR5cGU6NjM1NDk1OA==", "https://cwe.mitre.org/data/definitions/79.html", "https://www.virustotal.com/gui/domain/alberta.ca/relations", "http://ci-www.threatcrowd.org/domain.php?domain=alberta.ca", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce", "https://www.hybrid-analysis.com/sample/9b22c3771c435ce35bd0d8c766594a7e01156167829b60155e028d8852c69ba2/681974f451849933040662f6", "https://www.filescan.io/uploads/68197523c7418694c8a5dcd3/reports/ae06283d-f5d8-426d-a32c-1a04566e7635/ioc" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1217", "name": "Browser Bookmark Discovery", "display_name": "T1217 - Browser Bookmark Discovery" } ], "industries": [ "Education", "Technology", "Government", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 62, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 126, "FileHash-SHA1": 118, "FileHash-SHA256": 347, "SSLCertFingerprint": 18, "domain": 149, "email": 16, "URL": 478, "hostname": 1562, "CVE": 7 }, "indicator_count": 2821, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "360 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://alberta.ca", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://alberta.ca", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780256991.3251083 }