{ "type": "URL", "indicator": "https://apps.ualberta.ca/directory", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://apps.ualberta.ca/directory", "type": "url", "type_title": "URL", "validation": [ { "source": "majestic", "message": "Whitelisted domain ualberta.ca", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3894831399, "indicator": "https://apps.ualberta.ca/directory", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "69cf54dc2c334d92d90ad45b", "name": "University of Alberta - Active Exploits in the Wild", "description": "These are active exploits currently being used in the wild by multiple TAs.\nReport was presented to dosdean & CISO ( \"No Problems\" ).\nReport presented to AlbertaNDP Nenshi (similar infrastructure) of Gov. Alberta", "modified": "2026-04-03T06:02:28.790000", "created": "2026-04-03T05:49:13.607000", "tags": [ "http security", "source", "detection", "informational", "vulnerable url", "checks", "http missing", "ssltls", "n description", "ssl certificate", "score", "impact", "apache", "speed", "test", "form", "find", "coldfusion", "unknown", "malware", "false", "encrypt", "critical", "bypass", "generator", "project" ], "references": [ "https://app.threat.zone/submission/15cdf13c-df91-427a-bef3-e58bc78e5d06/overview", "https://pastebin.com/fqfVmTSv", "https://pastes.io/3XO0mF9Q", "https://www.virustotal.com/gui/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d/detection", "https://www.filescan.io/uploads/69cf553c2346b9da57bab574/reports/94ee293e-60a9-4d72-9f74-ec3157c5c26b/ioc", "https://traceix.com/search?sha256=a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d&wait=1&tab=capa", "https://polyswarm.network/scan/results/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d", "https://metadefender.com/results/file/bzI2MDQwMzJNaU1Wd1k1RVJYcUpBeW5NMWpl", "https://opentip.kaspersky.com/A3E43F4F6F2597A450677BCD6833E4EF0015CEB7C9110D9BACC73AC12D8E4D0D/results?tab=upload" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2510, "CVE": 31, "FileHash-MD5": 1, "domain": 29, "email": 1, "hostname": 541 }, "indicator_count": 3113, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cf54e17e5745f45ea8a996", "name": "University of Alberta - Active Exploits in the Wild", "description": "These are active exploits currently being used in the wild by multiple TAs.\nReport was presented to dosdean & CISO ( \"No Problems\" ).\nReport presented to AlbertaNDP Nenshi (similar infrastructure) of Gov. Alberta", "modified": "2026-04-03T05:49:17.778000", "created": "2026-04-03T05:49:17.778000", "tags": [ "http security", "source", "detection", "informational", "vulnerable url", "checks", "http missing", "ssltls", "n description", "ssl certificate", "score", "impact", "apache", "speed", "test", "form", "find", "coldfusion", "unknown", "malware", "false", "encrypt", "critical", "bypass", "generator", "project" ], "references": [ "https://app.threat.zone/submission/15cdf13c-df91-427a-bef3-e58bc78e5d06/overview", "https://pastebin.com/fqfVmTSv", "https://pastes.io/3XO0mF9Q" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2510, "CVE": 31, "FileHash-MD5": 1, "domain": 29, "email": 1, "hostname": 541 }, "indicator_count": 3113, "is_author": false, "is_subscribing": null, "subscriber_count": 18, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68b60cdecf42fb532f2ceb12", "name": "U of A DataBreach Update - 11.13.25", "description": "Domain Analysis that serves as evidence of an on-going DataBreaches at the University of Alberta with associated references.\nAnalysis demonstrates abused critical infrastructure in the Province of Alberta stemming from UAlberta as detailed in this Pulse.", "modified": "2025-12-13T22:01:27.739000", "created": "2025-09-01T21:15:10.117000", "tags": [ "as16509", "amazon02", "redirect", "tags", "as14618", "amazonaes", "search", "public", "search live", "api blog", "patch http", "please", "javascript", "url", "website", "web", "scanner", "analyze", "analyzer", "search api", "make sure", "domain", "and not", "page", "home search", "live api", "blog docs", "pricing login", "greynoise", "visualizer skip", "service status", "company blog", "us careers", "policies vpat", "slo privacy", "cookie patent", "copyright", "google privacy", "sandbox", "reputation", "phishing", "malware", "amazon web", "services", "warning icon", "share report", "systems", "cloudflare", "varnish", "nginx", "apache", "write", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "course", "program", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "UAlberta" ], "references": [ "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/iocs", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/summary", "https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://viz.greynoise.io/ip/analysis/d90b0bd7-aaa1-4ea6-93c1-92bfd2d8f930", "https://urlquery.net/report/e9f9c430-fb2f-4166-8bfb-500339fdb9c0", "https://www.filescan.io/uploads/68b608d639a6221faa7935aa/reports/dd218cea-f81d-43ed-97fe-dd8c5aec52a3/ioc", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43", "https://viz.greynoise.io/query/AS3359", "https://www.virustotal.com/graph/embed/g4022b02acb3b46ddb4b24043845853d9f56a84d80b5849188fee79c90217d4ca?theme=dark", "http://ci-www.threatcrowd.org/domain.php?domain=ualberta.ca", "https://www.urlvoid.com/dns-records-lookup/", "https://www.shodan.io/search?query=ualberta.ca", "https://dnsdumpster.com/", "https://bgpview.io/asn/3359#whois", "https://centralops.net/co/", "https://app.netlas.io/domains/stats/?facets=domain&indices=&q=domain%3A%2A.ualberta.ca&size=1100", "09.10.25 - https://viz.greynoise.io/ip/analysis/df2c8c37-f8f2-4398-b709-7c716b03b697", "09.10.25 - https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43/680e723df123be6c63004290", "https://www.criminalip.io/asset/search?query=ualberta.ca", "09.20.25 - https://urlscan.io/search/#page.domain%3Aualberta.ca", "https://app.threat.zone/submission/c70698bf-881e-491a-a582-eee634b4bf73/url-analysis-report", "https://whois.domaintools.com/ualberta.ca", "https://research.domaintools.com/research/whois-history/search/?q=ualberta.ca", "https://viewdns.info/iphistory/?domain=ualberta.ca", "https://viewdns.info/portscan/?host=ualberta.ca", "https://whois.easycounter.com/ualberta.ca", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=ualberta.ca", "https://who.is/whois/ualberta.ca", "https://www.robtex.com/en/dns-lookup/ca/ualberta", "https://www.whoxy.com/ualberta.ca", "https://reverseip.domaintools.com/search/?q=ualberta.ca", "https://bgp.he.net/dns/ualberta.ca", "https://intelx.io/?s=ualberta.ca", "https://pulsedive.com/indicator/?indicator=ualberta.ca", "https://web.archive.org/web/20250000000000*/ualberta.ca", "https://crt.sh/?q=ualberta.ca&exclude=expired&group=none", "https://viewdns.info/traceroute/?domain=ualberta.ca", "https://centralops.net/co/DomainDossier.aspx", "https://search.odin.io/hosts?query=ualberta.ca", "https://www.merklemap.com/search?query=ualberta.ca&page=0" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 92, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 9901, "domain": 790, "email": 982, "hostname": 10520, "FileHash-MD5": 550, "FileHash-SHA256": 1726, "FileHash-SHA1": 519, "SSLCertFingerprint": 64, "CIDR": 26, "CVE": 12 }, "indicator_count": 25090, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "126 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66538f4db3a8cf5fb35edbd7", "name": "IOCs sampled w. Any[.]runs sandbox from 'logging into my UAlberta account'", "description": "UAlberta - IOCs sampled from Any[.]Runs VM Sandbox to extract IOCs from the act of 'logging into my U of A Gmail Account' (Rogue), further analysis conducted on pcap file.\n\n-05.26.24: Need to upload pcap file IOCs (Done & Retested on 06.04.24)\n\n-CVE 2016-0101, CVE 2004-0932", "modified": "2025-10-16T15:04:01.169000", "created": "2024-05-26T19:36:45.007000", "tags": [ "please", "javascript", "relaystatehttps", "UAlberta" ], "references": [ "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e/iocs", "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e/graph", "https://www.virustotal.com/gui/collection/7282647dbf53915db766e8afd03c485ab3596962670c15c427206ce174ca78f0/iocs", "hxxps://tria[.]ge/240604-tnwvzsce3s", "hxxps://viz[.]greynoise[.]io/analysis/02c0537c-d5b6-4881-bdde-9ed84a978cfe", "Report ID: ca0154b1-39cc-44f5-9f54-a669132dff60", "hxxps://lab[.]dynamite[.]ai/pcaps/ae3b422f-4d10-4ebc-bf35-5e19d0aaae75", "hxxps://app[.]any[.]run/tasks/60a27c5e-ddd3-44d8-a4af-a5f90cdd4660", "https://www.virustotal.com/graph/embed/g1283d60e0d064912af05e1ed528df7b7d1af3298065040ce9863afbea677becd?theme=dark", "hxxps://viz.greynoise.io/analysis/0ec05e79-be67-4f45-82c4-96ca96aa007c", "https://urlscan.io/user/submit/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 128, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 635, "URL": 250, "hostname": 235, "CIDR": 27 }, "indicator_count": 1299, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "185 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68198fe998b6e1fd28c5599c", "name": "The Open House that opens doors. Opublikuj Odpowiedz Saturday, October 15", "description": "The full text of the text-free version of Google Tag Manager, which was published on Wednesday, has been published online by Google's parent company, Alphabet, for the first time in its history.", "modified": "2025-06-05T00:04:02.181000", "created": "2025-05-06T04:28:25.685000", "tags": [ "span", "script", "button", "university", "programs", "research", "alberta", "date", "back", "main menu", "union", "tools", "main", "canvas", "crisis", "footer", "iframe", "meta", "body", "school", "sport", "life", "energy", "contact", "small", "find", "null", "calendar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 262, "domain": 11, "FileHash-MD5": 2, "FileHash-SHA1": 1, "URL": 190, "hostname": 23 }, "indicator_count": 489, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "318 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67db9be18168bc23126a0f17", "name": "Falcon Sandbox (Hybrid Analysis), FileScan[.]io & URLScan[.]io - UAlberta[.]ca domain analysis", "description": "Domain Analysis of hxxp://ualberta[.]ca w. Hybrid Analysis, Filescan, URLscan\n-Followed up w. analysis of previously submitted URLscan submissions w. an analysis by Greynoise[.]io (up to 03.19.25)\n-Greynoise yielded (from URLScan 120 Identified & 10 Unknowns) - the results classified as RIOTS appear to be confounded (potential abuse of Amazon Web Services in combination w. other cloud provider services.\n-It appears just visiting and/or touching this domain is - generally not recommended\n-Results from PulseDive -> Redirects to: https://www.ualberta[.]ca/en/index.html // SSL certificate found: ualberta[.]ca and 239 more. Edmonton, Canada, University of Alberta. dnsmaster@ualberta.ca\neasyDNS Technologies Inc. Amazon ALB, Amazon Cloudfront, Apache HTTP Server, Bootstrap, Coveo, Crazy Egg, Facebook Pixel, Font Awesome, Google Analytics, Google Font API, jQuery, Linkedin Insight Tag, Microsoft Clarity, Open Graph, TikTok Pixel, Twitter Ads", "modified": "2025-04-19T04:02:16.037000", "created": "2025-03-20T04:38:57.551000", "tags": [ "as16509", "amazon02", "redirect", "as14618", "amazonaes", "search", "public", "home search", "live api", "blog docs", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "pcap processing", "ansi", "pcap", "gecko", "win64", "khtml", "windows nt", "brand", "prefetch8 ansi", "microsoft edge", "date", "cookie", "mozilla", "suspicious", "comspec", "window", "model", "hybrid", "accept", "hacked", "starfield", "encrypt", "close", "click", "twitter", "hosts", "service", "general", "path", "union", "dest", "strings", "contact" ], "references": [ "https://hybrid-analysis.com/sample/dea64c4ce5cd9b55fb634888e4c6530728e266c8cb6d2bf670a9fe9e3f712c43/67db93032dc368d2d80c3df1", "https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://www.filescan.io/uploads/67db2f67b93e688233ef36e9/reports/7e4e4377-5eb9-48a7-848d-bfdca4fb244c/ioc", "https://hybrid-analysis.com/sample/dea64c4ce5cd9b55fb634888e4c6530728e266c8cb6d2bf670a9fe9e3f712c43", "https://hybrid-analysis.com/sample/dea64c4ce5cd9b55fb634888e4c6530728e266c8cb6d2bf670a9fe9e3f712c43/67db93032dc368d2d80c3df1", "https://viz.greynoise.io/analysis/5692e934-322f-48b9-bd9b-556e653ff5b6", "https://pulsedive.com/ioc/ualberta.ca" ], "public": 1, "adversary": "dosdean@ualberta[.]ca // ciso@ualberta[.]ca", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [ "Education", "Technology", "Government", "Agriculture", "Healthcare", "Chemical", "Finance", "Media" ], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 897, "domain": 37, "email": 34, "hostname": 396, "FileHash-MD5": 71, "FileHash-SHA1": 69, "FileHash-SHA256": 69, "SSLCertFingerprint": 23 }, "indicator_count": 1596, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "365 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "660b176a98b0c92ba5a962bc", "name": "\"No Problems\" - UAlberta TLD (Confirmed TLD - 08.04.24) & Subdomain compromise", "description": "Basically the above\n\n\"No Problems\", \"We are Unhackable\", etc. etc. causing problems.", "modified": "2024-09-04T05:01:56.993000", "created": "2024-04-01T20:22:02.851000", "tags": [ "BEC" ], "references": [ "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/summary", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/iocs", "https://www.virustotal.com/graph/embed/gead337f35cdd4241b225b68ff0528a3834be5d60876745fa99254ff7f8a0df22?theme=dark", "https://www.virustotal.com/graph/embed/g1e31eca6803a433a9a33437d593a2bbdf979ff77c91340d1ab624d10dc8732b3?theme=dark", "https://dnstwist.it/#ea665d15-6507-4057-b2c9-18a2e546ee95", "https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore", "https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/", "https://malpedia.caad.fkie.fraunhofer.de/details/win.mydoom", "https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 233, "FileHash-SHA1": 230, "FileHash-SHA256": 6703, "URL": 4450, "CIDR": 3, "domain": 6223, "hostname": 2863, "email": 7, "CVE": 53 }, "indicator_count": 20765, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "592 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/graph/embed/g1e31eca6803a433a9a33437d593a2bbdf979ff77c91340d1ab624d10dc8732b3?theme=dark", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://who.is/whois/ualberta.ca", "https://centralops.net/co/DomainDossier.aspx", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://www.merklemap.com/search?query=ualberta.ca&page=0", "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e/graph", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://viz.greynoise.io/query/AS3359", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://traceix.com/search?sha256=a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d&wait=1&tab=capa", "https://centralops.net/co/", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://pastebin.com/fqfVmTSv", "https://viz.greynoise.io/analysis/5692e934-322f-48b9-bd9b-556e653ff5b6", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://intelx.io/?s=ualberta.ca", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "https://dnsdumpster.com/", "http://ci-www.threatcrowd.org/domain.php?domain=ualberta.ca", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://hybrid-analysis.com/sample/dea64c4ce5cd9b55fb634888e4c6530728e266c8cb6d2bf670a9fe9e3f712c43", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "hxxps://tria[.]ge/240604-tnwvzsce3s", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://dnstwist.it/#ea665d15-6507-4057-b2c9-18a2e546ee95", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/iocs", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "https://whois.domaintools.com/ualberta.ca", "https://web.archive.org/web/20250000000000*/ualberta.ca", "https://urlquery.net/report/e9f9c430-fb2f-4166-8bfb-500339fdb9c0", "https://www.virustotal.com/gui/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d/detection", "09.10.25 - https://viz.greynoise.io/ip/analysis/df2c8c37-f8f2-4398-b709-7c716b03b697", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://www.filescan.io/uploads/67db2f67b93e688233ef36e9/reports/7e4e4377-5eb9-48a7-848d-bfdca4fb244c/ioc", "https://www.urlvoid.com/dns-records-lookup/", "https://www.filescan.io/uploads/69cf553c2346b9da57bab574/reports/94ee293e-60a9-4d72-9f74-ec3157c5c26b/ioc", "https://viewdns.info/traceroute/?domain=ualberta.ca", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://www.robtex.com/en/dns-lookup/ca/ualberta", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://app.netlas.io/domains/stats/?facets=domain&indices=&q=domain%3A%2A.ualberta.ca&size=1100", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "Report ID: ca0154b1-39cc-44f5-9f54-a669132dff60", "https://viewdns.info/portscan/?host=ualberta.ca", "https://www.filescan.io/uploads/68b608d639a6221faa7935aa/reports/dd218cea-f81d-43ed-97fe-dd8c5aec52a3/ioc", "Thor Scan: S-I9VvMTB6cZU", "https://opentip.kaspersky.com/A3E43F4F6F2597A450677BCD6833E4EF0015CEB7C9110D9BACC73AC12D8E4D0D/results?tab=upload", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://www.virustotal.com/graph/embed/g1283d60e0d064912af05e1ed528df7b7d1af3298065040ce9863afbea677becd?theme=dark", "https://www.virustotal.com/graph/embed/gead337f35cdd4241b225b68ff0528a3834be5d60876745fa99254ff7f8a0df22?theme=dark", "09.10.25 - https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://viewdns.info/iphistory/?domain=ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/summary", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43/680e723df123be6c63004290", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://app.threat.zone/submission/c70698bf-881e-491a-a582-eee634b4bf73/url-analysis-report", "All - EnterpriseAppsList.csv", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43", "https://www.whoxy.com/ualberta.ca", "https://hybrid-analysis.com/sample/dea64c4ce5cd9b55fb634888e4c6530728e266c8cb6d2bf670a9fe9e3f712c43/67db93032dc368d2d80c3df1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://www.virustotal.com/gui/collection/7282647dbf53915db766e8afd03c485ab3596962670c15c427206ce174ca78f0/iocs", "https://pastes.io/3XO0mF9Q", "https://www.shodan.io/search?query=ualberta.ca", "https://bgp.he.net/dns/ualberta.ca", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=ualberta.ca", "https://polyswarm.network/scan/results/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d", "https://whois.easycounter.com/ualberta.ca", "https://malpedia.caad.fkie.fraunhofer.de/details/win.mydoom", "https://www.virustotal.com/graph/embed/g4022b02acb3b46ddb4b24043845853d9f56a84d80b5849188fee79c90217d4ca?theme=dark", "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e/iocs", "https://urlscan.io/user/submit/", "https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate", "https://research.domaintools.com/research/whois-history/search/?q=ualberta.ca", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://tria.ge/240521-q4s79agb25/static1", "https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/", "hxxps://viz[.]greynoise[.]io/analysis/02c0537c-d5b6-4881-bdde-9ed84a978cfe", "09.20.25 - https://urlscan.io/search/#page.domain%3Aualberta.ca", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://bgpview.io/asn/3359#whois", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://viz.greynoise.io/ip/analysis/d90b0bd7-aaa1-4ea6-93c1-92bfd2d8f930", "hxxps://lab[.]dynamite[.]ai/pcaps/ae3b422f-4d10-4ebc-bf35-5e19d0aaae75", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore", "https://crt.sh/?q=ualberta.ca&exclude=expired&group=none", "hxxps://viz.greynoise.io/analysis/0ec05e79-be67-4f45-82c4-96ca96aa007c", "https://pulsedive.com/indicator/?indicator=ualberta.ca", "AppRegistrationList.csv", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/summary", "https://search.odin.io/hosts?query=ualberta.ca", "https://tria.ge/240517-t9pc2ahb2t", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://reverseip.domaintools.com/search/?q=ualberta.ca", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.threat.zone/submission/15cdf13c-df91-427a-bef3-e58bc78e5d06/overview", "https://urlscan.io/search/#ualberta.ca", "hxxps://app[.]any[.]run/tasks/60a27c5e-ddd3-44d8-a4af-a5f90cdd4660", "https://www.criminalip.io/asset/search?query=ualberta.ca", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://metadefender.com/results/file/bzI2MDQwMzJNaU1Wd1k1RVJYcUpBeW5NMWpl", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://pulsedive.com/ioc/ualberta.ca" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "dosdean@ualberta[.]ca // ciso@ualberta[.]ca" ], "malware_families": [], "industries": [ "Media", "Technology", "Healthcare", "Telecommunications", "Government", "Agriculture", "Chemical", "Finance", "Education" ], "unique_indicators": 61210 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/ualberta.ca", "whois": "http://whois.domaintools.com/ualberta.ca", "domain": "ualberta.ca", "hostname": "apps.ualberta.ca" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "69cf54dc2c334d92d90ad45b", "name": "University of Alberta - Active Exploits in the Wild", "description": "These are active exploits currently being used in the wild by multiple TAs.\nReport was presented to dosdean & CISO ( \"No Problems\" ).\nReport presented to AlbertaNDP Nenshi (similar infrastructure) of Gov. Alberta", "modified": "2026-04-03T06:02:28.790000", "created": "2026-04-03T05:49:13.607000", "tags": [ "http security", "source", "detection", "informational", "vulnerable url", "checks", "http missing", "ssltls", "n description", "ssl certificate", "score", "impact", "apache", "speed", "test", "form", "find", "coldfusion", "unknown", "malware", "false", "encrypt", "critical", "bypass", "generator", "project" ], "references": [ "https://app.threat.zone/submission/15cdf13c-df91-427a-bef3-e58bc78e5d06/overview", "https://pastebin.com/fqfVmTSv", "https://pastes.io/3XO0mF9Q", "https://www.virustotal.com/gui/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d/detection", "https://www.filescan.io/uploads/69cf553c2346b9da57bab574/reports/94ee293e-60a9-4d72-9f74-ec3157c5c26b/ioc", "https://traceix.com/search?sha256=a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d&wait=1&tab=capa", "https://polyswarm.network/scan/results/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d", "https://metadefender.com/results/file/bzI2MDQwMzJNaU1Wd1k1RVJYcUpBeW5NMWpl", "https://opentip.kaspersky.com/A3E43F4F6F2597A450677BCD6833E4EF0015CEB7C9110D9BACC73AC12D8E4D0D/results?tab=upload" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2510, "CVE": 31, "FileHash-MD5": 1, "domain": 29, "email": 1, "hostname": 541 }, "indicator_count": 3113, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cf54e17e5745f45ea8a996", "name": "University of Alberta - Active Exploits in the Wild", "description": "These are active exploits currently being used in the wild by multiple TAs.\nReport was presented to dosdean & CISO ( \"No Problems\" ).\nReport presented to AlbertaNDP Nenshi (similar infrastructure) of Gov. Alberta", "modified": "2026-04-03T05:49:17.778000", "created": "2026-04-03T05:49:17.778000", "tags": [ "http security", "source", "detection", "informational", "vulnerable url", "checks", "http missing", "ssltls", "n description", "ssl certificate", "score", "impact", "apache", "speed", "test", "form", "find", "coldfusion", "unknown", "malware", "false", "encrypt", "critical", "bypass", "generator", "project" ], "references": [ "https://app.threat.zone/submission/15cdf13c-df91-427a-bef3-e58bc78e5d06/overview", "https://pastebin.com/fqfVmTSv", "https://pastes.io/3XO0mF9Q" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2510, "CVE": 31, "FileHash-MD5": 1, "domain": 29, "email": 1, "hostname": 541 }, "indicator_count": 3113, "is_author": false, "is_subscribing": null, "subscriber_count": 18, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68b60cdecf42fb532f2ceb12", "name": "U of A DataBreach Update - 11.13.25", "description": "Domain Analysis that serves as evidence of an on-going DataBreaches at the University of Alberta with associated references.\nAnalysis demonstrates abused critical infrastructure in the Province of Alberta stemming from UAlberta as detailed in this Pulse.", "modified": "2025-12-13T22:01:27.739000", "created": "2025-09-01T21:15:10.117000", "tags": [ "as16509", "amazon02", "redirect", "tags", "as14618", "amazonaes", "search", "public", "search live", "api blog", "patch http", "please", "javascript", "url", "website", "web", "scanner", "analyze", "analyzer", "search api", "make sure", "domain", "and not", "page", "home search", "live api", "blog docs", "pricing login", "greynoise", "visualizer skip", "service status", "company blog", "us careers", "policies vpat", "slo privacy", "cookie patent", "copyright", "google privacy", "sandbox", "reputation", "phishing", "malware", "amazon web", "services", "warning icon", "share report", "systems", "cloudflare", "varnish", "nginx", "apache", "write", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "course", "program", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "UAlberta" ], "references": [ "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/iocs", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/summary", "https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://viz.greynoise.io/ip/analysis/d90b0bd7-aaa1-4ea6-93c1-92bfd2d8f930", "https://urlquery.net/report/e9f9c430-fb2f-4166-8bfb-500339fdb9c0", "https://www.filescan.io/uploads/68b608d639a6221faa7935aa/reports/dd218cea-f81d-43ed-97fe-dd8c5aec52a3/ioc", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43", "https://viz.greynoise.io/query/AS3359", "https://www.virustotal.com/graph/embed/g4022b02acb3b46ddb4b24043845853d9f56a84d80b5849188fee79c90217d4ca?theme=dark", "http://ci-www.threatcrowd.org/domain.php?domain=ualberta.ca", "https://www.urlvoid.com/dns-records-lookup/", "https://www.shodan.io/search?query=ualberta.ca", "https://dnsdumpster.com/", "https://bgpview.io/asn/3359#whois", "https://centralops.net/co/", "https://app.netlas.io/domains/stats/?facets=domain&indices=&q=domain%3A%2A.ualberta.ca&size=1100", "09.10.25 - https://viz.greynoise.io/ip/analysis/df2c8c37-f8f2-4398-b709-7c716b03b697", "09.10.25 - https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43/680e723df123be6c63004290", "https://www.criminalip.io/asset/search?query=ualberta.ca", "09.20.25 - https://urlscan.io/search/#page.domain%3Aualberta.ca", "https://app.threat.zone/submission/c70698bf-881e-491a-a582-eee634b4bf73/url-analysis-report", "https://whois.domaintools.com/ualberta.ca", "https://research.domaintools.com/research/whois-history/search/?q=ualberta.ca", "https://viewdns.info/iphistory/?domain=ualberta.ca", "https://viewdns.info/portscan/?host=ualberta.ca", "https://whois.easycounter.com/ualberta.ca", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=ualberta.ca", "https://who.is/whois/ualberta.ca", "https://www.robtex.com/en/dns-lookup/ca/ualberta", "https://www.whoxy.com/ualberta.ca", "https://reverseip.domaintools.com/search/?q=ualberta.ca", "https://bgp.he.net/dns/ualberta.ca", "https://intelx.io/?s=ualberta.ca", "https://pulsedive.com/indicator/?indicator=ualberta.ca", "https://web.archive.org/web/20250000000000*/ualberta.ca", "https://crt.sh/?q=ualberta.ca&exclude=expired&group=none", "https://viewdns.info/traceroute/?domain=ualberta.ca", "https://centralops.net/co/DomainDossier.aspx", "https://search.odin.io/hosts?query=ualberta.ca", "https://www.merklemap.com/search?query=ualberta.ca&page=0" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 92, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 9901, "domain": 790, "email": 982, "hostname": 10520, "FileHash-MD5": 550, "FileHash-SHA256": 1726, "FileHash-SHA1": 519, "SSLCertFingerprint": 64, "CIDR": 26, "CVE": 12 }, "indicator_count": 25090, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "126 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66538f4db3a8cf5fb35edbd7", "name": "IOCs sampled w. Any[.]runs sandbox from 'logging into my UAlberta account'", "description": "UAlberta - IOCs sampled from Any[.]Runs VM Sandbox to extract IOCs from the act of 'logging into my U of A Gmail Account' (Rogue), further analysis conducted on pcap file.\n\n-05.26.24: Need to upload pcap file IOCs (Done & Retested on 06.04.24)\n\n-CVE 2016-0101, CVE 2004-0932", "modified": "2025-10-16T15:04:01.169000", "created": "2024-05-26T19:36:45.007000", "tags": [ "please", "javascript", "relaystatehttps", "UAlberta" ], "references": [ "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e/iocs", "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e/graph", "https://www.virustotal.com/gui/collection/7282647dbf53915db766e8afd03c485ab3596962670c15c427206ce174ca78f0/iocs", "hxxps://tria[.]ge/240604-tnwvzsce3s", "hxxps://viz[.]greynoise[.]io/analysis/02c0537c-d5b6-4881-bdde-9ed84a978cfe", "Report ID: ca0154b1-39cc-44f5-9f54-a669132dff60", "hxxps://lab[.]dynamite[.]ai/pcaps/ae3b422f-4d10-4ebc-bf35-5e19d0aaae75", "hxxps://app[.]any[.]run/tasks/60a27c5e-ddd3-44d8-a4af-a5f90cdd4660", "https://www.virustotal.com/graph/embed/g1283d60e0d064912af05e1ed528df7b7d1af3298065040ce9863afbea677becd?theme=dark", "hxxps://viz.greynoise.io/analysis/0ec05e79-be67-4f45-82c4-96ca96aa007c", "https://urlscan.io/user/submit/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 128, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 635, "URL": 250, "hostname": 235, "CIDR": 27 }, "indicator_count": 1299, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "185 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68198fe998b6e1fd28c5599c", "name": "The Open House that opens doors. Opublikuj Odpowiedz Saturday, October 15", "description": "The full text of the text-free version of Google Tag Manager, which was published on Wednesday, has been published online by Google's parent company, Alphabet, for the first time in its history.", "modified": "2025-06-05T00:04:02.181000", "created": "2025-05-06T04:28:25.685000", "tags": [ "span", "script", "button", "university", "programs", "research", "alberta", "date", "back", "main menu", "union", "tools", "main", "canvas", "crisis", "footer", "iframe", "meta", "body", "school", "sport", "life", "energy", "contact", "small", "find", "null", "calendar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 262, "domain": 11, "FileHash-MD5": 2, "FileHash-SHA1": 1, "URL": 190, "hostname": 23 }, "indicator_count": 489, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "318 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67db9be18168bc23126a0f17", "name": "Falcon Sandbox (Hybrid Analysis), FileScan[.]io & URLScan[.]io - UAlberta[.]ca domain analysis", "description": "Domain Analysis of hxxp://ualberta[.]ca w. Hybrid Analysis, Filescan, URLscan\n-Followed up w. analysis of previously submitted URLscan submissions w. an analysis by Greynoise[.]io (up to 03.19.25)\n-Greynoise yielded (from URLScan 120 Identified & 10 Unknowns) - the results classified as RIOTS appear to be confounded (potential abuse of Amazon Web Services in combination w. other cloud provider services.\n-It appears just visiting and/or touching this domain is - generally not recommended\n-Results from PulseDive -> Redirects to: https://www.ualberta[.]ca/en/index.html // SSL certificate found: ualberta[.]ca and 239 more. Edmonton, Canada, University of Alberta. dnsmaster@ualberta.ca\neasyDNS Technologies Inc. Amazon ALB, Amazon Cloudfront, Apache HTTP Server, Bootstrap, Coveo, Crazy Egg, Facebook Pixel, Font Awesome, Google Analytics, Google Font API, jQuery, Linkedin Insight Tag, Microsoft Clarity, Open Graph, TikTok Pixel, Twitter Ads", "modified": "2025-04-19T04:02:16.037000", "created": "2025-03-20T04:38:57.551000", "tags": [ "as16509", "amazon02", "redirect", "as14618", "amazonaes", "search", "public", "home search", "live api", "blog docs", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "pcap processing", "ansi", "pcap", "gecko", "win64", "khtml", "windows nt", "brand", "prefetch8 ansi", "microsoft edge", "date", "cookie", "mozilla", "suspicious", "comspec", "window", "model", "hybrid", "accept", "hacked", "starfield", "encrypt", "close", "click", "twitter", "hosts", "service", "general", "path", "union", "dest", "strings", "contact" ], "references": [ "https://hybrid-analysis.com/sample/dea64c4ce5cd9b55fb634888e4c6530728e266c8cb6d2bf670a9fe9e3f712c43/67db93032dc368d2d80c3df1", "https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://www.filescan.io/uploads/67db2f67b93e688233ef36e9/reports/7e4e4377-5eb9-48a7-848d-bfdca4fb244c/ioc", "https://hybrid-analysis.com/sample/dea64c4ce5cd9b55fb634888e4c6530728e266c8cb6d2bf670a9fe9e3f712c43", "https://hybrid-analysis.com/sample/dea64c4ce5cd9b55fb634888e4c6530728e266c8cb6d2bf670a9fe9e3f712c43/67db93032dc368d2d80c3df1", "https://viz.greynoise.io/analysis/5692e934-322f-48b9-bd9b-556e653ff5b6", "https://pulsedive.com/ioc/ualberta.ca" ], "public": 1, "adversary": "dosdean@ualberta[.]ca // ciso@ualberta[.]ca", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [ "Education", "Technology", "Government", "Agriculture", "Healthcare", "Chemical", "Finance", "Media" ], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 897, "domain": 37, "email": 34, "hostname": 396, "FileHash-MD5": 71, "FileHash-SHA1": 69, "FileHash-SHA256": 69, "SSLCertFingerprint": 23 }, "indicator_count": 1596, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "365 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "660b176a98b0c92ba5a962bc", "name": "\"No Problems\" - UAlberta TLD (Confirmed TLD - 08.04.24) & Subdomain compromise", "description": "Basically the above\n\n\"No Problems\", \"We are Unhackable\", etc. etc. causing problems.", "modified": "2024-09-04T05:01:56.993000", "created": "2024-04-01T20:22:02.851000", "tags": [ "BEC" ], "references": [ "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/summary", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/iocs", "https://www.virustotal.com/graph/embed/gead337f35cdd4241b225b68ff0528a3834be5d60876745fa99254ff7f8a0df22?theme=dark", "https://www.virustotal.com/graph/embed/g1e31eca6803a433a9a33437d593a2bbdf979ff77c91340d1ab624d10dc8732b3?theme=dark", "https://dnstwist.it/#ea665d15-6507-4057-b2c9-18a2e546ee95", "https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore", "https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/", "https://malpedia.caad.fkie.fraunhofer.de/details/win.mydoom", "https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 233, "FileHash-SHA1": 230, "FileHash-SHA256": 6703, "URL": 4450, "CIDR": 3, "domain": 6223, "hostname": 2863, "email": 7, "CVE": 53 }, "indicator_count": 20765, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "592 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://apps.ualberta.ca/directory", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://apps.ualberta.ca/directory", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776620261.7122781 }