{ "type": "URL", "indicator": "https://allegro.pl", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://allegro.pl", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #276", "name": "Listed on Alexa" }, { "source": "whitelist", "message": "Whitelisted domain allegro.pl", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain allegro.pl", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4086846144, "indicator": "https://allegro.pl", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69b10d1ce4563d38fbbc72d6", "name": "disable_duck clone Alberta", "description": "", "modified": "2026-03-11T07:40:56.177000", "created": "2026-03-11T06:35:08.464000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "white", "modified", "runtime data", "ansi", "public", "months ago", "filehashsha256", "hostname", "domain", "path", "green", "copy", "powershell", "general", "malicious", "pixel", "suspicious", "meta", "covenant", "virustotal", "click", "open", "cobalt strike", "probe", "first", "installer", "template", "crypto", "cobalt", "mozilla", "mirai", "false", "date", "title", "roboto", "arch", "android", "april", "drovorub", "squad", "baby", "geek", "tofsee", "redline stealer", "twitter", "service", "team", "killswitch", "mini", "cobaltstrike", "enterprise", "simda", "suppobox", "ransomware", "maldoc", "computrace", "february", "tetris", "hybrid", "body", "iframe", "qakbot", "double", "proton", "mark", "jakarta", "win32", "explorer", "union", "redirector", "xrat", "model", "rogue", "done", "python", "police", "thor", "xploit", "impact", "retro", "jeff", "oilrig", "sliver", "bypass", "info", "school", "miner", "phishing", "riots", "comment", "gafgyt", "bashlite", "calgary", "tech", "bitcoin", "test", "survey", "ukraine", "gamarue", "swisyn", "krucky", "systembc", "june", "dridex", "agent", "close", "format", "autodetect", "strings", "contact", "switch", "community", "limits", "inquest labs", "resources api", "cve list", "notes blog", "drop your", "file", "kaspersky threat intelligence portal", "online virus scan file", "online file scanner", "kaspersky online scanner", "online file virus scan", "scan file online", "scan file for virus", "file scanner", "online file virus scanner", "check link for virus", "kaspersky online scan", "check file for virus", "false alarm", "false detection", "false positive", "online virus", "scanner", "hybrid analysis", "api key", "vetting process", "please note", "please", "ualberta", "ualberta http", "xormozilla", "disableduck", "virus", "static", "indicator of compromise", "ioc", "extraction", "emulation", "platform", "triage", "report", "reported", "analyze", "filesize", "set value", "iocs", "process", "process key", "monitor", "resource", "config", "target", "generic", "javascript", "static analyzer", "analyzer", "Microsoft", "YEG", "UAlberta", "Google", "AHS", "Covenant Health" ], "references": [ "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d/68e01fdde76500b3c20326c4", "https://metadefender.com/results/file/bzI1MTAwMzhvTXdHbkVaZGItcW0tbnU2Nmkx_mdaas", "https://opentip.kaspersky.com/5E066617CC959DBAB123F23D5D36A4DC4D813358E43EDDBD1A6E7C87827C301D/?tab=upload", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d", "https://www.filescan.io/uploads/68e01279f377ab2310519c81/reports/02a0a465-8936-4b6d-99a2-6950b71ab1c5/ioc", "https://tria.ge/251003-x8c56azky6/behavioral2", "https://www.virustotal.com/gui/file/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d?nocache=1", "https://app.threat.zone/submission/db9c1a4a-a706-4ed9-9229-4190f02151bc/overview" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [ "Education", "Government", "Healthcare" ], "TLP": "white", "cloned_from": "68e02ab7156e79ecd34a4929", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4203, "CIDR": 8, "CVE": 13, "FileHash-MD5": 31, "FileHash-SHA1": 25, "FileHash-SHA256": 74, "domain": 117, "email": 14, "hostname": 76 }, "indicator_count": 4561, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "40 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68e02ab7156e79ecd34a4929", "name": "Samples of OTX 2096 Libraries - up to 10.03.25", "description": "An attempt to skim over a little bit of everything in OTX 2096 for another project in the works\n\nUAlberta sighhh", "modified": "2025-11-02T19:00:47.473000", "created": "2025-10-03T19:57:43.609000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "white", "modified", "runtime data", "ansi", "public", "months ago", "filehashsha256", "hostname", "domain", "path", "green", "copy", "powershell", "general", "malicious", "pixel", "suspicious", "meta", "covenant", "virustotal", "click", "open", "cobalt strike", "probe", "first", "installer", "template", "crypto", "cobalt", "mozilla", "mirai", "false", "date", "title", "roboto", "arch", "android", "april", "drovorub", "squad", "baby", "geek", "tofsee", "redline stealer", "twitter", "service", "team", "killswitch", "mini", "cobaltstrike", "enterprise", "simda", "suppobox", "ransomware", "maldoc", "computrace", "february", "tetris", "hybrid", "body", "iframe", "qakbot", "double", "proton", "mark", "jakarta", "win32", "explorer", "union", "redirector", "xrat", "model", "rogue", "done", "python", "police", "thor", "xploit", "impact", "retro", "jeff", "oilrig", "sliver", "bypass", "info", "school", "miner", "phishing", "riots", "comment", "gafgyt", "bashlite", "calgary", "tech", "bitcoin", "test", "survey", "ukraine", "gamarue", "swisyn", "krucky", "systembc", "june", "dridex", "agent", "close", "format", "autodetect", "strings", "contact", "switch", "community", "limits", "inquest labs", "resources api", "cve list", "notes blog", "drop your", "file", "kaspersky threat intelligence portal", "online virus scan file", "online file scanner", "kaspersky online scanner", "online file virus scan", "scan file online", "scan file for virus", "file scanner", "online file virus scanner", "check link for virus", "kaspersky online scan", "check file for virus", "false alarm", "false detection", "false positive", "online virus", "scanner", "hybrid analysis", "api key", "vetting process", "please note", "please", "ualberta", "ualberta http", "xormozilla", "disableduck", "virus", "static", "indicator of compromise", "ioc", "extraction", "emulation", "platform", "triage", "report", "reported", "analyze", "filesize", "set value", "iocs", "process", "process key", "monitor", "resource", "config", "target", "generic", "javascript", "static analyzer", "analyzer", "Microsoft", "YEG", "UAlberta", "Google", "AHS", "Covenant Health" ], "references": [ "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d/68e01fdde76500b3c20326c4", "https://metadefender.com/results/file/bzI1MTAwMzhvTXdHbkVaZGItcW0tbnU2Nmkx_mdaas", "https://opentip.kaspersky.com/5E066617CC959DBAB123F23D5D36A4DC4D813358E43EDDBD1A6E7C87827C301D/?tab=upload", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d", "https://www.filescan.io/uploads/68e01279f377ab2310519c81/reports/02a0a465-8936-4b6d-99a2-6950b71ab1c5/ioc", "https://tria.ge/251003-x8c56azky6/behavioral2", "https://www.virustotal.com/gui/file/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d?nocache=1", "https://app.threat.zone/submission/db9c1a4a-a706-4ed9-9229-4190f02151bc/overview" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [ "Education", "Government", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4203, "CIDR": 8, "CVE": 13, "FileHash-MD5": 31, "FileHash-SHA1": 25, "FileHash-SHA256": 74, "domain": 115, "email": 14, "hostname": 76 }, "indicator_count": 4559, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "169 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "686ea022f2d0e77690299a69", "name": "ginko garden assets.allegrostatic.com/bundle/v3-54203a750607c1f8005bfa4f30210fc496ff082fa5955ab5c25297957b245cbb.css", "description": "", "modified": "2025-10-01T00:01:22.860000", "created": "2025-07-09T17:00:18.854000", "tags": [ "bd poczenia", "samochodowe", "nawigacja", "garmin nuvi", "yoga tab", "dekoracyjna na", "imitacja starej", "okoliczno", "kot kot", "peugeot", "do mini", "payout", "bcaluzje", "do dekodera", "fiat stilo", "zewn", "bcem", "b3jpozosta", "bcubr", "b3wka", "osversionwin8", "morfikownia", "nieobecny", "gdpr", "gdprconsent755", "nieznany", "aaaaa", "a nxdomena", "nazwa rekordu", "url pokazywa", "adres url", "nazwa hosta", "adres ip", "as14061", "as22616 zscaler", "poprzedni", "powizane adresy", "as13335 chmura", "google wyniki", "win32", "narzdzie", "trojan", "tylne drzwi", "robak", "imponex", "wygraj trojan", "delf1033 robak", "win32wanex", "zawieszenie", "user", "xml process", "text process", "k netsvcs", "chrome", "typ pliku", "wpis", "rgba", "web open", "font format", "truetype", "unicode", "wpis pamici", "unix", "function", "silent failure", "regexp", "gethostname", "date", "saves", "return", "cmsg", "iframe", "issafari", "null", "meta" ], "references": [ "https://allegro.pl/oferta/solidna-szklana-kula-bombka-do-zawieszenia-9cm-niebieska-metaliczna-17158975307#parametry", "https://allegro.pl/oferta/poidelko-dla-ptakow-10-cm-figurka-ogrodowa-z-metalu-rdza-16510231991", "https://ct.captcha-delivery.com/c.js", "https://assets.allegrostatic.com/bundle/v3-54203a750607c1f8005bfa4f30210fc496ff082fa5955ab5c25297957b245cbb.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 467, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3583, "domain": 246, "hostname": 456, "FileHash-SHA1": 137, "FileHash-MD5": 342, "FileHash-SHA256": 1367, "email": 1 }, "indicator_count": 6132, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "201 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://opentip.kaspersky.com/5E066617CC959DBAB123F23D5D36A4DC4D813358E43EDDBD1A6E7C87827C301D/?tab=upload", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d/68e01fdde76500b3c20326c4", "https://www.virustotal.com/gui/file/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d?nocache=1", "https://allegro.pl/oferta/poidelko-dla-ptakow-10-cm-figurka-ogrodowa-z-metalu-rdza-16510231991", "https://www.filescan.io/uploads/68e01279f377ab2310519c81/reports/02a0a465-8936-4b6d-99a2-6950b71ab1c5/ioc", "https://app.threat.zone/submission/db9c1a4a-a706-4ed9-9229-4190f02151bc/overview", "https://tria.ge/251003-x8c56azky6/behavioral2", "https://metadefender.com/results/file/bzI1MTAwMzhvTXdHbkVaZGItcW0tbnU2Nmkx_mdaas", "https://allegro.pl/oferta/solidna-szklana-kula-bombka-do-zawieszenia-9cm-niebieska-metaliczna-17158975307#parametry", "https://ct.captcha-delivery.com/c.js", "https://assets.allegrostatic.com/bundle/v3-54203a750607c1f8005bfa4f30210fc496ff082fa5955ab5c25297957b245cbb.css" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Healthcare", "Education", "Government" ], "unique_indicators": 10756 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/allegro.pl", "whois": "http://whois.domaintools.com/allegro.pl", "domain": "allegro.pl", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69b10d1ce4563d38fbbc72d6", "name": "disable_duck clone Alberta", "description": "", "modified": "2026-03-11T07:40:56.177000", "created": "2026-03-11T06:35:08.464000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "white", "modified", "runtime data", "ansi", "public", "months ago", "filehashsha256", "hostname", "domain", "path", "green", "copy", "powershell", "general", "malicious", "pixel", "suspicious", "meta", "covenant", "virustotal", "click", "open", "cobalt strike", "probe", "first", "installer", "template", "crypto", "cobalt", "mozilla", "mirai", "false", "date", "title", "roboto", "arch", "android", "april", "drovorub", "squad", "baby", "geek", "tofsee", "redline stealer", "twitter", "service", "team", "killswitch", "mini", "cobaltstrike", "enterprise", "simda", "suppobox", "ransomware", "maldoc", "computrace", "february", "tetris", "hybrid", "body", "iframe", "qakbot", "double", "proton", "mark", "jakarta", "win32", "explorer", "union", "redirector", "xrat", "model", "rogue", "done", "python", "police", "thor", "xploit", "impact", "retro", "jeff", "oilrig", "sliver", "bypass", "info", "school", "miner", "phishing", "riots", "comment", "gafgyt", "bashlite", "calgary", "tech", "bitcoin", "test", "survey", "ukraine", "gamarue", "swisyn", "krucky", "systembc", "june", "dridex", "agent", "close", "format", "autodetect", "strings", "contact", "switch", "community", "limits", "inquest labs", "resources api", "cve list", "notes blog", "drop your", "file", "kaspersky threat intelligence portal", "online virus scan file", "online file scanner", "kaspersky online scanner", "online file virus scan", "scan file online", "scan file for virus", "file scanner", "online file virus scanner", "check link for virus", "kaspersky online scan", "check file for virus", "false alarm", "false detection", "false positive", "online virus", "scanner", "hybrid analysis", "api key", "vetting process", "please note", "please", "ualberta", "ualberta http", "xormozilla", "disableduck", "virus", "static", "indicator of compromise", "ioc", "extraction", "emulation", "platform", "triage", "report", "reported", "analyze", "filesize", "set value", "iocs", "process", "process key", "monitor", "resource", "config", "target", "generic", "javascript", "static analyzer", "analyzer", "Microsoft", "YEG", "UAlberta", "Google", "AHS", "Covenant Health" ], "references": [ "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d/68e01fdde76500b3c20326c4", "https://metadefender.com/results/file/bzI1MTAwMzhvTXdHbkVaZGItcW0tbnU2Nmkx_mdaas", "https://opentip.kaspersky.com/5E066617CC959DBAB123F23D5D36A4DC4D813358E43EDDBD1A6E7C87827C301D/?tab=upload", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d", "https://www.filescan.io/uploads/68e01279f377ab2310519c81/reports/02a0a465-8936-4b6d-99a2-6950b71ab1c5/ioc", "https://tria.ge/251003-x8c56azky6/behavioral2", "https://www.virustotal.com/gui/file/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d?nocache=1", "https://app.threat.zone/submission/db9c1a4a-a706-4ed9-9229-4190f02151bc/overview" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [ "Education", "Government", "Healthcare" ], "TLP": "white", "cloned_from": "68e02ab7156e79ecd34a4929", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4203, "CIDR": 8, "CVE": 13, "FileHash-MD5": 31, "FileHash-SHA1": 25, "FileHash-SHA256": 74, "domain": 117, "email": 14, "hostname": 76 }, "indicator_count": 4561, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "40 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68e02ab7156e79ecd34a4929", "name": "Samples of OTX 2096 Libraries - up to 10.03.25", "description": "An attempt to skim over a little bit of everything in OTX 2096 for another project in the works\n\nUAlberta sighhh", "modified": "2025-11-02T19:00:47.473000", "created": "2025-10-03T19:57:43.609000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "white", "modified", "runtime data", "ansi", "public", "months ago", "filehashsha256", "hostname", "domain", "path", "green", "copy", "powershell", "general", "malicious", "pixel", "suspicious", "meta", "covenant", "virustotal", "click", "open", "cobalt strike", "probe", "first", "installer", "template", "crypto", "cobalt", "mozilla", "mirai", "false", "date", "title", "roboto", "arch", "android", "april", "drovorub", "squad", "baby", "geek", "tofsee", "redline stealer", "twitter", "service", "team", "killswitch", "mini", "cobaltstrike", "enterprise", "simda", "suppobox", "ransomware", "maldoc", "computrace", "february", "tetris", "hybrid", "body", "iframe", "qakbot", "double", "proton", "mark", "jakarta", "win32", "explorer", "union", "redirector", "xrat", "model", "rogue", "done", "python", "police", "thor", "xploit", "impact", "retro", "jeff", "oilrig", "sliver", "bypass", "info", "school", "miner", "phishing", "riots", "comment", "gafgyt", "bashlite", "calgary", "tech", "bitcoin", "test", "survey", "ukraine", "gamarue", "swisyn", "krucky", "systembc", "june", "dridex", "agent", "close", "format", "autodetect", "strings", "contact", "switch", "community", "limits", "inquest labs", "resources api", "cve list", "notes blog", "drop your", "file", "kaspersky threat intelligence portal", "online virus scan file", "online file scanner", "kaspersky online scanner", "online file virus scan", "scan file online", "scan file for virus", "file scanner", "online file virus scanner", "check link for virus", "kaspersky online scan", "check file for virus", "false alarm", "false detection", "false positive", "online virus", "scanner", "hybrid analysis", "api key", "vetting process", "please note", "please", "ualberta", "ualberta http", "xormozilla", "disableduck", "virus", "static", "indicator of compromise", "ioc", "extraction", "emulation", "platform", "triage", "report", "reported", "analyze", "filesize", "set value", "iocs", "process", "process key", "monitor", "resource", "config", "target", "generic", "javascript", "static analyzer", "analyzer", "Microsoft", "YEG", "UAlberta", "Google", "AHS", "Covenant Health" ], "references": [ "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d/68e01fdde76500b3c20326c4", "https://metadefender.com/results/file/bzI1MTAwMzhvTXdHbkVaZGItcW0tbnU2Nmkx_mdaas", "https://opentip.kaspersky.com/5E066617CC959DBAB123F23D5D36A4DC4D813358E43EDDBD1A6E7C87827C301D/?tab=upload", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d", "https://www.filescan.io/uploads/68e01279f377ab2310519c81/reports/02a0a465-8936-4b6d-99a2-6950b71ab1c5/ioc", "https://tria.ge/251003-x8c56azky6/behavioral2", "https://www.virustotal.com/gui/file/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d?nocache=1", "https://app.threat.zone/submission/db9c1a4a-a706-4ed9-9229-4190f02151bc/overview" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [ "Education", "Government", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4203, "CIDR": 8, "CVE": 13, "FileHash-MD5": 31, "FileHash-SHA1": 25, "FileHash-SHA256": 74, "domain": 115, "email": 14, "hostname": 76 }, "indicator_count": 4559, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "169 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "686ea022f2d0e77690299a69", "name": "ginko garden assets.allegrostatic.com/bundle/v3-54203a750607c1f8005bfa4f30210fc496ff082fa5955ab5c25297957b245cbb.css", "description": "", "modified": "2025-10-01T00:01:22.860000", "created": "2025-07-09T17:00:18.854000", "tags": [ "bd poczenia", "samochodowe", "nawigacja", "garmin nuvi", "yoga tab", "dekoracyjna na", "imitacja starej", "okoliczno", "kot kot", "peugeot", "do mini", "payout", "bcaluzje", "do dekodera", "fiat stilo", "zewn", "bcem", "b3jpozosta", "bcubr", "b3wka", "osversionwin8", "morfikownia", "nieobecny", "gdpr", "gdprconsent755", "nieznany", "aaaaa", "a nxdomena", "nazwa rekordu", "url pokazywa", "adres url", "nazwa hosta", "adres ip", "as14061", "as22616 zscaler", "poprzedni", "powizane adresy", "as13335 chmura", "google wyniki", "win32", "narzdzie", "trojan", "tylne drzwi", "robak", "imponex", "wygraj trojan", "delf1033 robak", "win32wanex", "zawieszenie", "user", "xml process", "text process", "k netsvcs", "chrome", "typ pliku", "wpis", "rgba", "web open", "font format", "truetype", "unicode", "wpis pamici", "unix", "function", "silent failure", "regexp", "gethostname", "date", "saves", "return", "cmsg", "iframe", "issafari", "null", "meta" ], "references": [ "https://allegro.pl/oferta/solidna-szklana-kula-bombka-do-zawieszenia-9cm-niebieska-metaliczna-17158975307#parametry", "https://allegro.pl/oferta/poidelko-dla-ptakow-10-cm-figurka-ogrodowa-z-metalu-rdza-16510231991", "https://ct.captcha-delivery.com/c.js", "https://assets.allegrostatic.com/bundle/v3-54203a750607c1f8005bfa4f30210fc496ff082fa5955ab5c25297957b245cbb.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 467, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3583, "domain": 246, "hostname": 456, "FileHash-SHA1": 137, "FileHash-MD5": 342, "FileHash-SHA256": 1367, "email": 1 }, "indicator_count": 6132, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "201 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://allegro.pl", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://allegro.pl", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776726012.5482652 }