{ "type": "URL", "indicator": "https://api.passport-rc.yandex.co.il", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://api.passport-rc.yandex.co.il", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3396787486, "indicator": "https://api.passport-rc.yandex.co.il", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 12, "pulses": [ { "id": "6570a8bf416a1c314819ea53", "name": "Remote Access Related | APK attack targets independent artists", "description": "", "modified": "2023-12-06T17:00:47.888000", "created": "2023-12-06T17:00:47.888000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 5, "FileHash-SHA256": 2385, "hostname": 1054, "domain": 713, "URL": 3595, "FileHash-MD5": 1104, "FileHash-SHA1": 585, "FilePath": 1 }, "indicator_count": 9442, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709a0e8c20860fea88779a", "name": "https://surveyheart.com/form/619fb5dc68ff1721fc915f81", "description": "", "modified": "2023-12-06T15:58:06.293000", "created": "2023-12-06T15:58:06.293000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3624, "FileHash-SHA256": 1584, "domain": 871, "hostname": 1290, "FileHash-MD5": 20, "FileHash-SHA1": 20 }, "indicator_count": 7409, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709510e5b078aa5f09ca51", "name": "widevinecdm.dll seemingly problematic - supply chain holy god mother of fu.k", "description": "", "modified": "2023-12-06T15:36:48.409000", "created": "2023-12-06T15:36:48.409000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1447, "FileHash-MD5": 199, "FileHash-SHA1": 197, "domain": 267, "hostname": 871, "URL": 1930, "email": 2 }, "indicator_count": 4913, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570819e75a6b853df509785", "name": "http://projectorworld.ru/blog/770.htm", "description": "", "modified": "2023-12-06T14:13:50.518000", "created": "2023-12-06T14:13:50.518000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 447, "domain": 151, "URL": 991, "hostname": 334, "FileHash-MD5": 61, "FileHash-SHA1": 50, "email": 2, "SSLCertFingerprint": 2 }, "indicator_count": 2038, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6528fa2179cc1554d7f434c6", "name": "Remote Access Related | APK attack targets independent artists", "description": "Suppression, malware,\nPassword,Exploit/Shellcode *Defacement *Unsafe.AI_Score_ * FileRepMetagen [PUP]\nrevenge-rat,stealer,, Steganos Software GmbH Privacy Suite, Ransom_WannaCrypt.R002C0DJO20,\nWacatac.B, Trojan.HideLink, SuppoBox,Trojan.Downloader.Generic, TrojWare.JS.Obfuscated, Phish.HHH, Phishing_Netflix.EVT, Phishing.Microsoft,Trojan.AvsHepter, HTML:PhishingBank, Phishing.fz, Probably, Heur.HTMLUnescapeF, BehavesLike.HTML.SMSSendPhishing.S23, Gen:Variant.Zbot, BehavesLike.HTML.Faceliker", "modified": "2023-11-12T07:01:14.580000", "created": "2023-10-13T08:04:49.722000", "tags": [ "alexa top", "blacklist", "phishing", "million", "site", "cisco umbrella", "path", "maxage31536000", "expiressat", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "pragma", "html info", "title kedence", "official apk", "meta tags", "apk download", "android", "google tag", "utc google", "utc na", "whois record", "contacted", "ssl certificate", "communicating", "referrer", "historical ssl", "bundled", "resolutions", "contacted urls", "hackers install", "malware", "fakedout threat", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "united", "phishing site", "malware site", "malicious site", "heur", "anonymizer", "malicious host", "crack", "maltiverse", "driverpack", "ransomware", "opencandy", "artemis", "riskware", "installcore", "suppobox", "bank", "agent", "patcher", "generic", "t", "safe site", "iframe", "downldr", "presenoker", "exploit", "genkryptik", "dropper", "fakealert", "quasar rat", "xtrat", "softcnapp", "cleaner", "xrat", "applicunwnt", "mimikatz", "team", "azorult", "service", "runescape", "facebook", "download", "logo analysis", "size81b type", "mime", "scan10132023", "results", "multi scan", "analysis", "update", "view details", "na visit", "sansx22", "3px 3px", "indicator", "file", "general", "email address", "pattern match", "ck id", "t1114", "show technique", "mitre att", "ck matrix", "script", "antivirus", "svg scalable", "vector graphics", "span", "twitter", "hybrid", "ascii text", "appdata", "windows nt", "png image", "jpeg image", "jfif", "date", "flag", "markmonitor", "name server", "server", "enom", "whois privacy", "cloudflare", "domain address", "show", "osint", "f8f9fa", "eeeeee", "click", "unknown", "open", "error", "body", "hosts", "strings", "class", "critical", "meta", "scroll", "atom" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "T", "display_name": "T", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 713, "FileHash-MD5": 1104, "FileHash-SHA1": 585, "FileHash-SHA256": 2385, "hostname": 1054, "URL": 3596, "CVE": 5, "FilePath": 1 }, "indicator_count": 9443, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "931 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f1d23d050527b7aa07cfd", "name": "Remote Access Related | APK attack targets independent artists", "description": "", "modified": "2023-11-12T07:01:14.580000", "created": "2023-10-30T03:04:03.323000", "tags": [ "alexa top", "blacklist", "phishing", "million", "site", "cisco umbrella", "path", "maxage31536000", "expiressat", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "pragma", "html info", "title kedence", "official apk", "meta tags", "apk download", "android", "google tag", "utc google", "utc na", "whois record", "contacted", "ssl certificate", "communicating", "referrer", "historical ssl", "bundled", "resolutions", "contacted urls", "hackers install", "malware", "fakedout threat", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "united", "phishing site", "malware site", "malicious site", "heur", "anonymizer", "malicious host", "crack", "maltiverse", "driverpack", "ransomware", "opencandy", "artemis", "riskware", "installcore", "suppobox", "bank", "agent", "patcher", "generic", "t", "safe site", "iframe", "downldr", "presenoker", "exploit", "genkryptik", "dropper", "fakealert", "quasar rat", "xtrat", "softcnapp", "cleaner", "xrat", "applicunwnt", "mimikatz", "team", "azorult", "service", "runescape", "facebook", "download", "logo analysis", "size81b type", "mime", "scan10132023", "results", "multi scan", "analysis", "update", "view details", "na visit", "sansx22", "3px 3px", "indicator", "file", "general", "email address", "pattern match", "ck id", "t1114", "show technique", "mitre att", "ck matrix", "script", "antivirus", "svg scalable", "vector graphics", "span", "twitter", "hybrid", "ascii text", "appdata", "windows nt", "png image", "jpeg image", "jfif", "date", "flag", "markmonitor", "name server", "server", "enom", "whois privacy", "cloudflare", "domain address", "show", "osint", "f8f9fa", "eeeeee", "click", "unknown", "open", "error", "body", "hosts", "strings", "class", "critical", "meta", "scroll", "atom" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "T", "display_name": "T", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" } ], "industries": [], "TLP": "green", "cloned_from": "6528fa2179cc1554d7f434c6", "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 713, "FileHash-MD5": 1104, "FileHash-SHA1": 585, "FileHash-SHA256": 2385, "hostname": 1054, "URL": 3596, "CVE": 5, "FilePath": 1 }, "indicator_count": 9443, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "931 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6451ac22105fabd34fbdf476", "name": "https://surveyheart.com/form/619fb5dc68ff1721fc915f81", "description": "Albert Hill fake profile has 1 follower and 1 follow. the one follow has this url in the p rofile", "modified": "2023-05-03T00:34:42.633000", "created": "2023-05-03T00:34:42.633000", "tags": [ "entity" ], "references": [ "https://www.virustotal.com/graph/g5cc372545fb241bdab97ceedfdc72d87d6ec1e42c9a545ae9f824ed1e99521d9", "g5cc372545fb241bdab97ceedfdc72d87d6ec1e42c9a545ae9f824ed1e99521d9.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3624, "FileHash-SHA256": 1584, "hostname": 1290, "domain": 871, "IPv4": 95, "FileHash-MD5": 20, "FileHash-SHA1": 20 }, "indicator_count": 7504, "is_author": false, "is_subscribing": null, "subscriber_count": 93, "modified_text": "1125 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63994429139dc965346ecad6", "name": "think of it like supply chain but using consumer infrastructure instead of corp data", "description": "[object Object", "modified": "2023-01-13T00:01:55.237000", "created": "2022-12-14T03:34:01.804000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "hash seen", "size", "runtime process", "temp", "sha256", "sha1", "hybrid", "close", "click", "hosts", "ransomware", "general", "strings", "suspicious", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://hybrid-analysis.com/sample/5e5db92f90d6ccdd7dc1eca0c1a9cd6b54493e873d07c90f72da6478ac5f24cb", "https://hybrid-analysis.com/sample/5e5db92f90d6ccdd7dc1eca0c1a9cd6b54493e873d07c90f72da6478ac5f24cb/6398ed7852c7e131d0022430" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 576, "hostname": 282, "domain": 51, "FileHash-SHA256": 85, "FileHash-MD5": 51, "FileHash-SHA1": 50, "email": 2 }, "indicator_count": 1097, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1235 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6398fe16df6290d8fcac2f77", "name": "widevinecdm.dll seemingly problematic - supply chain holy god mother of fu.k", "description": "https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf", "modified": "2023-01-12T21:02:22.235000", "created": "2022-12-13T22:35:02.021000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "threat level", "date", "sha256", "unicode", "size", "pcap", "pcap processing", "runtime process", "accept", "suspicious", "hybrid", "malicious", "close", "click", "hosts", "ransomware", "general", "local", "path", "mozilla", "strings", "localappdata", "temp", "prefetch8 ansi", "entropy", "win64", "disabled hash", "friendly", "mozi", "trident", "copy md5", "copy sha1", "copy sha256", "file", "type data", "download file", "db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf", "widevinecdm.dll", "https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c2" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 871, "URL": 1930, "domain": 267, "FileHash-SHA256": 1447, "FileHash-MD5": 199, "FileHash-SHA1": 197, "email": 2 }, "indicator_count": 4913, "is_author": false, "is_subscribing": null, "subscriber_count": 397, "modified_text": "1235 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "638c0d9d17099aad3e3dcc94", "name": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "description": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "modified": "2023-01-03T02:02:59.827000", "created": "2022-12-04T03:01:49.626000", "tags": [ "hash seen", "size", "copy md5", "sha1", "copy sha1", "copy sha256", "sha256", "united", "runtime process", "osint", "date", "accept", "malicious", "strings", "hybrid", "general", "click", "hosts", "exim", "info", "subject", "twitter ads", "mimeversion", "feedbackid", "Russian", "twitter", "headers", "paymentsense.cloud" ], "references": [ "text.txt", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "yandex.uz", "smart tv", "payment connector - paymentsense.cloud", "Russian" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "hostname": 250, "FileHash-SHA256": 640, "domain": 127, "email": 6, "FileHash-MD5": 13, "FileHash-SHA1": 8 }, "indicator_count": 1528, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1244 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "638c0d9fbdf2a9311be4ec4a", "name": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "description": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "modified": "2023-01-03T02:02:59.827000", "created": "2022-12-04T03:01:51.801000", "tags": [ "hash seen", "size", "copy md5", "sha1", "copy sha1", "copy sha256", "sha256", "united", "runtime process", "osint", "date", "accept", "malicious", "strings", "hybrid", "general", "click", "hosts", "exim", "info", "subject", "twitter ads", "mimeversion", "feedbackid", "Russian", "twitter", "headers", "paymentsense.cloud" ], "references": [ "text.txt", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "yandex.uz", "smart tv", "payment connector - paymentsense.cloud", "Russian" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "hostname": 250, "FileHash-SHA256": 640, "domain": 127, "email": 6, "FileHash-MD5": 13, "FileHash-SHA1": 8 }, "indicator_count": 1528, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1244 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622d0de8dc376a8b02b4e32c", "name": "http://projectorworld.ru/blog/770.htm", "description": "", "modified": "2022-04-11T00:04:29.819000", "created": "2022-03-12T21:17:28.098000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "data", "decrypted ssl", "windows nt", "threat level", "date", "sha256", "pcap", "pcap processing", "reference", "path", "accept", "suspicious", "malicious", "kcor", "nenet", "mumo", "hybrid", "close", "click", "hosts", "general", "local", "factory", "strings", "format" ], "references": [ "https://hybrid-analysis.com/sample/09e8201ad88a17ad98b0b47f25e9e60b54a15830420811927f1125463a5efab5?environmentId=100" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 334, "URL": 991, "FileHash-SHA256": 447, "domain": 151, "email": 2, "FileHash-MD5": 61, "FileHash-SHA1": 50, "SSLCertFingerprint": 2 }, "indicator_count": 2038, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1512 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "text.txt", "Russian", "https://hybrid-analysis.com/sample/5e5db92f90d6ccdd7dc1eca0c1a9cd6b54493e873d07c90f72da6478ac5f24cb", "yandex.uz", "payment connector - paymentsense.cloud", "https://hybrid-analysis.com/sample/09e8201ad88a17ad98b0b47f25e9e60b54a15830420811927f1125463a5efab5?environmentId=100", "https://www.virustotal.com/graph/g5cc372545fb241bdab97ceedfdc72d87d6ec1e42c9a545ae9f824ed1e99521d9", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "g5cc372545fb241bdab97ceedfdc72d87d6ec1e42c9a545ae9f824ed1e99521d9.json", "https://hybrid-analysis.com/sample/5e5db92f90d6ccdd7dc1eca0c1a9cd6b54493e873d07c90f72da6478ac5f24cb/6398ed7852c7e131d0022430", "smart tv" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "T", "Maltiverse" ], "industries": [], "unique_indicators": 24970 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/yandex.co.il", "whois": "http://whois.domaintools.com/yandex.co.il", "domain": "yandex.co.il", "hostname": "api.passport-rc.yandex.co.il" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 12, "pulses": [ { "id": "6570a8bf416a1c314819ea53", "name": "Remote Access Related | APK attack targets independent artists", "description": "", "modified": "2023-12-06T17:00:47.888000", "created": "2023-12-06T17:00:47.888000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 5, "FileHash-SHA256": 2385, "hostname": 1054, "domain": 713, "URL": 3595, "FileHash-MD5": 1104, "FileHash-SHA1": 585, "FilePath": 1 }, "indicator_count": 9442, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709a0e8c20860fea88779a", "name": "https://surveyheart.com/form/619fb5dc68ff1721fc915f81", "description": "", "modified": "2023-12-06T15:58:06.293000", "created": "2023-12-06T15:58:06.293000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3624, "FileHash-SHA256": 1584, "domain": 871, "hostname": 1290, "FileHash-MD5": 20, "FileHash-SHA1": 20 }, "indicator_count": 7409, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709510e5b078aa5f09ca51", "name": "widevinecdm.dll seemingly problematic - supply chain holy god mother of fu.k", "description": "", "modified": "2023-12-06T15:36:48.409000", "created": "2023-12-06T15:36:48.409000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1447, "FileHash-MD5": 199, "FileHash-SHA1": 197, "domain": 267, "hostname": 871, "URL": 1930, "email": 2 }, "indicator_count": 4913, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570819e75a6b853df509785", "name": "http://projectorworld.ru/blog/770.htm", "description": "", "modified": "2023-12-06T14:13:50.518000", "created": "2023-12-06T14:13:50.518000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 447, "domain": 151, "URL": 991, "hostname": 334, "FileHash-MD5": 61, "FileHash-SHA1": 50, "email": 2, "SSLCertFingerprint": 2 }, "indicator_count": 2038, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6528fa2179cc1554d7f434c6", "name": "Remote Access Related | APK attack targets independent artists", "description": "Suppression, malware,\nPassword,Exploit/Shellcode *Defacement *Unsafe.AI_Score_ * FileRepMetagen [PUP]\nrevenge-rat,stealer,, Steganos Software GmbH Privacy Suite, Ransom_WannaCrypt.R002C0DJO20,\nWacatac.B, Trojan.HideLink, SuppoBox,Trojan.Downloader.Generic, TrojWare.JS.Obfuscated, Phish.HHH, Phishing_Netflix.EVT, Phishing.Microsoft,Trojan.AvsHepter, HTML:PhishingBank, Phishing.fz, Probably, Heur.HTMLUnescapeF, BehavesLike.HTML.SMSSendPhishing.S23, Gen:Variant.Zbot, BehavesLike.HTML.Faceliker", "modified": "2023-11-12T07:01:14.580000", "created": "2023-10-13T08:04:49.722000", "tags": [ "alexa top", "blacklist", "phishing", "million", "site", "cisco umbrella", "path", "maxage31536000", "expiressat", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "pragma", "html info", "title kedence", "official apk", "meta tags", "apk download", "android", "google tag", "utc google", "utc na", "whois record", "contacted", "ssl certificate", "communicating", "referrer", "historical ssl", "bundled", "resolutions", "contacted urls", "hackers install", "malware", "fakedout threat", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "united", "phishing site", "malware site", "malicious site", "heur", "anonymizer", "malicious host", "crack", "maltiverse", "driverpack", "ransomware", "opencandy", "artemis", "riskware", "installcore", "suppobox", "bank", "agent", "patcher", "generic", "t", "safe site", "iframe", "downldr", "presenoker", "exploit", "genkryptik", "dropper", "fakealert", "quasar rat", "xtrat", "softcnapp", "cleaner", "xrat", "applicunwnt", "mimikatz", "team", "azorult", "service", "runescape", "facebook", "download", "logo analysis", "size81b type", "mime", "scan10132023", "results", "multi scan", "analysis", "update", "view details", "na visit", "sansx22", "3px 3px", "indicator", "file", "general", "email address", "pattern match", "ck id", "t1114", "show technique", "mitre att", "ck matrix", "script", "antivirus", "svg scalable", "vector graphics", "span", "twitter", "hybrid", "ascii text", "appdata", "windows nt", "png image", "jpeg image", "jfif", "date", "flag", "markmonitor", "name server", "server", "enom", "whois privacy", "cloudflare", "domain address", "show", "osint", "f8f9fa", "eeeeee", "click", "unknown", "open", "error", "body", "hosts", "strings", "class", "critical", "meta", "scroll", "atom" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "T", "display_name": "T", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 713, "FileHash-MD5": 1104, "FileHash-SHA1": 585, "FileHash-SHA256": 2385, "hostname": 1054, "URL": 3596, "CVE": 5, "FilePath": 1 }, "indicator_count": 9443, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "931 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f1d23d050527b7aa07cfd", "name": "Remote Access Related | APK attack targets independent artists", "description": "", "modified": "2023-11-12T07:01:14.580000", "created": "2023-10-30T03:04:03.323000", "tags": [ "alexa top", "blacklist", "phishing", "million", "site", "cisco umbrella", "path", "maxage31536000", "expiressat", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "pragma", "html info", "title kedence", "official apk", "meta tags", "apk download", "android", "google tag", "utc google", "utc na", "whois record", "contacted", "ssl certificate", "communicating", "referrer", "historical ssl", "bundled", "resolutions", "contacted urls", "hackers install", "malware", "fakedout threat", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "united", "phishing site", "malware site", "malicious site", "heur", "anonymizer", "malicious host", "crack", "maltiverse", "driverpack", "ransomware", "opencandy", "artemis", "riskware", "installcore", "suppobox", "bank", "agent", "patcher", "generic", "t", "safe site", "iframe", "downldr", "presenoker", "exploit", "genkryptik", "dropper", "fakealert", "quasar rat", "xtrat", "softcnapp", "cleaner", "xrat", "applicunwnt", "mimikatz", "team", "azorult", "service", "runescape", "facebook", "download", "logo analysis", "size81b type", "mime", "scan10132023", "results", "multi scan", "analysis", "update", "view details", "na visit", "sansx22", "3px 3px", "indicator", "file", "general", "email address", "pattern match", "ck id", "t1114", "show technique", "mitre att", "ck matrix", "script", "antivirus", "svg scalable", "vector graphics", "span", "twitter", "hybrid", "ascii text", "appdata", "windows nt", "png image", "jpeg image", "jfif", "date", "flag", "markmonitor", "name server", "server", "enom", "whois privacy", "cloudflare", "domain address", "show", "osint", "f8f9fa", "eeeeee", "click", "unknown", "open", "error", "body", "hosts", "strings", "class", "critical", "meta", "scroll", "atom" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "T", "display_name": "T", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" } ], "industries": [], "TLP": "green", "cloned_from": "6528fa2179cc1554d7f434c6", "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 713, "FileHash-MD5": 1104, "FileHash-SHA1": 585, "FileHash-SHA256": 2385, "hostname": 1054, "URL": 3596, "CVE": 5, "FilePath": 1 }, "indicator_count": 9443, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "931 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6451ac22105fabd34fbdf476", "name": "https://surveyheart.com/form/619fb5dc68ff1721fc915f81", "description": "Albert Hill fake profile has 1 follower and 1 follow. the one follow has this url in the p rofile", "modified": "2023-05-03T00:34:42.633000", "created": "2023-05-03T00:34:42.633000", "tags": [ "entity" ], "references": [ "https://www.virustotal.com/graph/g5cc372545fb241bdab97ceedfdc72d87d6ec1e42c9a545ae9f824ed1e99521d9", "g5cc372545fb241bdab97ceedfdc72d87d6ec1e42c9a545ae9f824ed1e99521d9.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3624, "FileHash-SHA256": 1584, "hostname": 1290, "domain": 871, "IPv4": 95, "FileHash-MD5": 20, "FileHash-SHA1": 20 }, "indicator_count": 7504, "is_author": false, "is_subscribing": null, "subscriber_count": 93, "modified_text": "1125 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63994429139dc965346ecad6", "name": "think of it like supply chain but using consumer infrastructure instead of corp data", "description": "[object Object", "modified": "2023-01-13T00:01:55.237000", "created": "2022-12-14T03:34:01.804000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "hash seen", "size", "runtime process", "temp", "sha256", "sha1", "hybrid", "close", "click", "hosts", "ransomware", "general", "strings", "suspicious", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://hybrid-analysis.com/sample/5e5db92f90d6ccdd7dc1eca0c1a9cd6b54493e873d07c90f72da6478ac5f24cb", "https://hybrid-analysis.com/sample/5e5db92f90d6ccdd7dc1eca0c1a9cd6b54493e873d07c90f72da6478ac5f24cb/6398ed7852c7e131d0022430" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 576, "hostname": 282, "domain": 51, "FileHash-SHA256": 85, "FileHash-MD5": 51, "FileHash-SHA1": 50, "email": 2 }, "indicator_count": 1097, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1235 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6398fe16df6290d8fcac2f77", "name": "widevinecdm.dll seemingly problematic - supply chain holy god mother of fu.k", "description": "https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf", "modified": "2023-01-12T21:02:22.235000", "created": "2022-12-13T22:35:02.021000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "threat level", "date", "sha256", "unicode", "size", "pcap", "pcap processing", "runtime process", "accept", "suspicious", "hybrid", "malicious", "close", "click", "hosts", "ransomware", "general", "local", "path", "mozilla", "strings", "localappdata", "temp", "prefetch8 ansi", "entropy", "win64", "disabled hash", "friendly", "mozi", "trident", "copy md5", "copy sha1", "copy sha256", "file", "type data", "download file", "db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf", "widevinecdm.dll", "https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c2" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 871, "URL": 1930, "domain": 267, "FileHash-SHA256": 1447, "FileHash-MD5": 199, "FileHash-SHA1": 197, "email": 2 }, "indicator_count": 4913, "is_author": false, "is_subscribing": null, "subscriber_count": 397, "modified_text": "1235 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "638c0d9d17099aad3e3dcc94", "name": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "description": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "modified": "2023-01-03T02:02:59.827000", "created": "2022-12-04T03:01:49.626000", "tags": [ "hash seen", "size", "copy md5", "sha1", "copy sha1", "copy sha256", "sha256", "united", "runtime process", "osint", "date", "accept", "malicious", "strings", "hybrid", "general", "click", "hosts", "exim", "info", "subject", "twitter ads", "mimeversion", "feedbackid", "Russian", "twitter", "headers", "paymentsense.cloud" ], "references": [ "text.txt", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "yandex.uz", "smart tv", "payment connector - paymentsense.cloud", "Russian" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "hostname": 250, "FileHash-SHA256": 640, "domain": 127, "email": 6, "FileHash-MD5": 13, "FileHash-SHA1": 8 }, "indicator_count": 1528, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1244 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://api.passport-rc.yandex.co.il", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://api.passport-rc.yandex.co.il", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780278781.3090532 }