{ "type": "URL", "indicator": "https://arena.ai/video", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://arena.ai/video", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4391469400, "indicator": "https://arena.ai/video", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6a2065e45134a29601c23d89", "name": "Social Media Platform | Mirai \u2022 IcedID | Ransomeare , Malware Packed | Malicious", "description": "", "modified": "2026-06-03T17:35:32.610000", "created": "2026-06-03T17:35:32.610000", "tags": [ "trojan", "backdoor", "ransom", "twitter", "trojandropper", "mtb apr", "mtb may", "lowfi", "all ipv4", "level", "smoke loader", "bb may", "win32cve apr", "win32cuegoe apr", "avast avg", "dynamicloader", "write c", "ms windows", "intel", "yara rule", "pe32", "high", "pe32 executable", "united", "format", "delphi", "win32", "write", "guard", "smartassembly", "malware", "stack", "error", "installer", "template", "unknown", "alerts", "pe file", "push", "top source", "top destination", "source source", "april", "trace", "extraction", "sc data", "extra data", "data upload", "failed", "extra", "include review", "port", "destination", "av detections", "ids detections", "yara detections", "mirai", "flag", "csc corporate", "markmonitor", "country", "usa windows", "november", "september", "input threat", "level analysis", "summary", "sweflag", "hwp support", "programfiles", "command decode", "windir", "ck id", "mitre att", "ck matrix", "comspec", "model", "encrypt", "loads", "general", "path", "click", "strings", "title", "meta", "learn", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "defense evasion", "sysv", "buildid", "windows nt", "msie", "germany as8560", "contacted", "accept", "elf executable", "linux", "elf64", "unix", "exec amd64", "elf info", "o metadata", "qnapcrypt", "testpaging", "upof6w.exe", "apple", "data", ".ai", "domains", "historical ssl", "certificates", "win32cve yara", "armadillo", "contacted domains" ], "references": [ "Twitter.com", "https://arena.ai/apple-touch-icon-dark.png", "Unix.Trojan.Mirai-7135916-0 Yara Detections: SUSP_XORed_Mozilla_Oct19 , is__elf", "Trojan.Systembc/yxgdgz Threat categories", "Yara Detections is__elf", "IP\u2019s Contacted: 104.17.118.12 57.144.248.1 176.114.120.24 80.12.24.14 95.163.61.73", "Domains Contacted: checkip.amazonaws.com vk.com arena.ai www.yandex.ru stripchat.com", "testpaging upof6w.exe 2026-04- 07_259af8b0d0bc540384a06bb730cee9cd_qnapcrypt ELF", "Ransom:Win32/CVE Yara Detections: Armadillov1xxv2xx Alerts contains_pe_overlay", "Related Pulses: Armadillo v1.xx - v2.xx" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Trojan.Ag-2", "display_name": "Win.Trojan.Ag-2", "target": null }, { "id": "Virtool:Win32/Injector.gen!BB", "display_name": "Virtool:Win32/Injector.gen!BB", "target": "/malware/Virtool:Win32/Injector.gen!BB" }, { "id": "Win.Malware.Vtflooder-9783271-0", "display_name": "Win.Malware.Vtflooder-9783271-0", "target": null }, { "id": "Win.Downloader.Icedid -9754950-0", "display_name": "Win.Downloader.Icedid -9754950-0", "target": null }, { "id": "#Lowfi:LUA:AutoItV3CraftedOverlay", "display_name": "#Lowfi:LUA:AutoItV3CraftedOverlay", "target": null }, { "id": "Win.Malware.Midie-6847893-0", "display_name": "Win.Malware.Midie-6847893-0", "target": null }, { "id": "Trojan:Win32/SmkLdr.H!MTB", "display_name": "Trojan:Win32/SmkLdr.H!MTB", "target": "/malware/Trojan:Win32/SmkLdr.H!MTB" }, { "id": "Win.Trojan.Gamarue-9832405-0", "display_name": "Win.Trojan.Gamarue-9832405-0", "target": null }, { "id": "TrojanDropper:Win32/Muldrop.V!MTB", "display_name": "TrojanDropper:Win32/Muldrop.V!MTB", "target": "/malware/TrojanDropper:Win32/Muldrop.V!MTB" }, { "id": "Win.Malware.Xred-9917120-0", "display_name": "Win.Malware.Xred-9917120-0", "target": null }, { "id": "Trojan:Win32/Pariham.A", "display_name": "Trojan:Win32/Pariham.A", "target": "/malware/Trojan:Win32/Pariham.A" }, { "id": "Win.Malware.Genpack-6989317-0", "display_name": "Win.Malware.Genpack-6989317-0", "target": null }, { "id": "TrojanDropper:Win32/VB.IL", "display_name": "TrojanDropper:Win32/VB.IL", "target": "/malware/TrojanDropper:Win32/VB.IL" }, { "id": "TrojanDropper:Win32/Cuegoe", "display_name": "TrojanDropper:Win32/Cuegoe", "target": "/malware/TrojanDropper:Win32/Cuegoe" }, { "id": "Win.Packed.Generic-9967832-0", "display_name": "Win.Packed.Generic-9967832-0", "target": null }, { "id": "Win.Trojan.VBGeneric-6735875-0", "display_name": "Win.Trojan.VBGeneric-6735875-0", "target": null }, { "id": "Worm:Win32/Mofksys.RND!MTB", "display_name": "Worm:Win32/Mofksys.RND!MTB", "target": "/malware/Worm:Win32/Mofksys.RND!MTB" }, { "id": "Win.Trojan.VBGeneric-6735875-0", "display_name": "Win.Trojan.VBGeneric-6735875-0", "target": null }, { "id": "Trojan:Win32/Vflooder.B", "display_name": "Trojan:Win32/Vflooder.B", "target": "/malware/Trojan:Win32/Vflooder.B" }, { "id": "Ransom:Win32/CVE", "display_name": "Ransom:Win32/CVE", "target": "/malware/Ransom:Win32/CVE" }, { "id": "Win.Trojan.Cuegoe-6336261-0", "display_name": "Win.Trojan.Cuegoe-6336261-0", "target": null }, { "id": "Unix.Trojan.Mirai-7135916-0", "display_name": "Unix.Trojan.Mirai-7135916-0", "target": null }, { "id": "Trojan.Systembc/yxgdgz", "display_name": "Trojan.Systembc/yxgdgz", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1553.002", "name": "Code Signing", "display_name": "T1553.002 - Code Signing" }, { "id": "T1518.001", "name": "Security Software Discovery", "display_name": "T1518.001 - Security Software Discovery" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1568.002", "name": "Domain Generation Algorithms", "display_name": "T1568.002 - Domain Generation Algorithms" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 328, "FileHash-SHA1": 229, "FileHash-SHA256": 942, "URL": 500, "domain": 124, "email": 3, "hostname": 192, "IPv4": 622, "SSLCertFingerprint": 16 }, "indicator_count": 2956, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "4 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a1fc3671bc3d0f5ce8b06e6", "name": "Grok \u2022 X \u2022 Twitter Vflooder | SystemBC | QNAPCrypt", "description": "I continue to research issues affecting iOS and other smart devices, browsers, search engines and targeted individuals.\nI will limit my comments as further evaluation is required. Twitter appears to be used as a weapon to abuse of several targeted persons and their schools or businesses. Research is required to determine how. Is Twitter / X a weapon or is it abused by threat actors. Ongoing attacks dating back at least 5 years. || \n*DESCRIPTION: Detects systembc RAT REFERENCE: https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior\n\n#malicious #spyware #twitter #x #ai_ agents #seen_before #systembc #vtflooder #qnapcrypt #cve #checkin #scripiting #injection #extraction #gobinary #operation", "modified": "2026-06-03T06:02:15.229000", "created": "2026-06-03T06:02:15.229000", "tags": [ "sysv", "buildid", "united", "windows nt", "msie", "germany as8560", "yara detections", "contacted", "z74457024643q1", "systembc", "trojan", "elf executable", "exec amd6464", "linux", "elf64 operation", "unix", "compiler", "debugging", "go binary", "injection", "header elf64", "v exec", "executable file", "advanced micro", "note", "strtab", "gmbh", "gandi sas", "group india", "private limited", "qnapcrypt", "hacktool", "chrome", "yandex", "stripchat", "amazonaws", "mal_elf_systembc", "apple ios", "ios", "apple", "telhash", "data upload", "cursor", "se data", "extraction", "n https", "data", "failed", "cve cve20246387", "log id", "gmtn", "path", "secure", "self", "samesitenone", "encrypt", "d8n timestamp", "timestamp", "organization", "false", "certificate", "search", "emails", "twitter", "twitter spyware", "twitter vtflooder", "x", "unknown aaaa", "present jun", "ip address", "belize unknown", "unknown ns", "grok x", "cursor agents", "ai", "url url", "url hostnams", "hostn url", "url data", "belize", "a domains", "moved", "alone email", "gmt server", "url analysis", "accept", "namecheap", "namecheap inc", "namesilo", "expim", "url https", "dynamicloader", "host", "ff d5", "yara rule", "ee fc", "generic http", "exe upload", "f0 ff", "eb e1", "write", "vflooder", "malware", "upload inbound", "av detections", "ids detections", "alerts", "analysis date", "checkin generic", "http exe", "upload inbound", "outbound yara", "nrv2x", "upxoepplace", "google", "adversaries", "adversarial attacks", "techniques", "create", "modify system", "process t1064", "t1543 systemd", "technir create", "full reports", "v tcp", "help", "ja3 digests", "hashes o", "et http", "get http", "post http", "dns resolutions", "cams", "adult content", "ff bb", "ff ff", "f7 b9", "c1 e8", "copy", "markus", "august", "title", "gamehack", "alberta.ca", "songculture", "lizardsquad" ], "references": [ "FileHash-SHA256 756f0b598741a6fdff640a158b6b490472e546d411da2850836b9a8ca76afdc1", "TelfHash t135324a7149bc74b5b6a6d910b3a3b4b8a6772d6566f434f51023ad84ffc1e801ce283b", "Names: testpaging \u2022 upof6w.exe \u2022 2026-04-07_259af8b0d0bc540384a06bb730cee9cd_qnapcrypt", "Yara Detections: is__elf IP\u2019s", "IP\u2019s Contacted: 104.17.118.12 57.144.248.1 176.114.120.24 80.12.24.14 95.163.61.73 142.251.98.113", "IP\u2019s Contacted: 212.227.17.162 77.88.44.55 142.93.142.17 104.18.14.206", "Domains Contacted: checkip.amazonaws.com vk.com arena.ai www.yandex.ru stripchat.com", "ELF - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked,", "Go BuildID=qBC61D7N3q3H7j2Pq55o/WsPsx2ArOJ0T24axAUMZ/K6isHEI8QMyAMkIM3HH8/QQevOAoeyrO7eZGdBARa,", "BuildID[sha1]=068f07f6460b85817e4be47c18c10d1a1fbef817, stripped", "motherlesslive.com", "blackbox21.shop", "passwordreset.gscs.ca \u2022 https://passwordreset.gscs.ca/", "alberta.ca impacts an OTX user", "https://stripchat.org/ \u2022 27bsmextreme.tech \u2022 35bsmextreme.tech \u2022 46bsmextreme.tech \u2022", "FileHash-SHA256 9da8632065cc24646086ff5fb769c452f777aa6c2470a02a16d209baabd1e4b5", "storage/analyses/1000549/network 9da8632065cc24646086f f5 fb769c45\"", "? Con*-cted jp-\u0661\u0660\u0661\u0660\u0660\u0660.--- \u0644\u062d\u0645\u0627", "https://arena.ai/apple-touch-icon-dark.png", "https://www.forbes.com/consent/ketch/?toURL=https://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html", "nr-data.net \u2022 push.apple.com", "https://twitter.com/PORNO_SEXYBABES \u2022 twitter.com", "Vtflooder-9783271-0 -> 7476476bdc93726f46f75f5bdd5ce6c619d73f7ee82b7d93ad835c993ff14661", "Win.Malware.Vtflooder-9783271-0 -> Domains Contacted twitter.com www.virustotal.com", "IP\u2019s Contacted 162.159.140.229 34.54.88.138", "IDS Detections: Win32/Vflooder.B Checkin \u2022 Generic HTTP EXE Upload Inbound \u2022 Generic HTTP EXE Upload Outbound", "Yara Detections: SUSP_Imphash_Mar23_2 , UPX , Nrv2x , UPX_OEP_place , , UPXv20MarkusLaszloReiser", "Yara Detections: UPX20030XMarkusOberhumerLaszloMolnarJohnReiser", "Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser", "Alerts: procmem_yara suricata_alert dynamic_function_loading network_cnc_https_generic reads_self", "Alerts: network_cnc_http network_http packer_unknown_pe_section_name injection_rwx dead_connect exec_crash", "Sigma: Matches rule Suspicious Outbound SMTP Connections by frack113", "Suspicious DNS Query for IP Lookup Service APls by Brandon George (blog post) Thomas Patzke", "Crowdsourced IDS: ET DROP Spamhaus Listed Traffic Inbound group 60", "Matches rule ET INFO External IP Lookup Domain in DNS Lookup (checkip amazonaws .com)", "Matches rule ET INFO External IP Check (checkip.amazonaws.com)", "ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "(Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "Matches rule SURICATA Applayer Detect protocol only one direction virustotal.com", "DESCRIPTION: Detects systembc RAT REFERENCE: https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "https://docs.cursor.com/en/cli/reference/slash-commands", "https://api.cursor.com/v0/agents/", "https://grok.com/imagine/agent/d5e99582-a7e7-4138-b129-780e171ba9ac", "beacons.bcp.gvt.com \u2022 http://vtboss.yolox.net/md5.php \u2022 finanse.mf.gov.pl", "cdn10.mypornvid.fun impacted a targeted individual", "https://click.italiansexclub.fun/click/HpdeyDt6", "https://sexfortokens.com/hotmilfbitch", "Win.Malware.Gamehack-6822792-0 IDS Detections Riskware/Cheathappens Checkin (songculture attack)" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Trojan.Systembc/yxgdgz", "display_name": "Trojan.Systembc/yxgdgz", "target": null }, { "id": "CVE-2023-22518", "display_name": "CVE-2023-22518", "target": null }, { "id": "CVE-2024-6387", "display_name": "CVE-2024-6387", "target": null }, { "id": "CVE-2025-20393", "display_name": "CVE-2025-20393", "target": null }, { "id": "Win.Malware.Vtflooder-6722904-1", "display_name": "Win.Malware.Vtflooder-6722904-1", "target": null }, { "id": "Trojan:Win32/Vflooder", "display_name": "Trojan:Win32/Vflooder", "target": "/malware/Trojan:Win32/Vflooder" }, { "id": "QNAPCrypt", "display_name": "QNAPCrypt", "target": null }, { "id": "Win.Malware.Gamehack-6822792-0", "display_name": "Win.Malware.Gamehack-6822792-0", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "TA0028", "name": "Persistence", "display_name": "TA0028 - Persistence" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1543.002", "name": "Systemd Service", "display_name": "T1543.002 - Systemd Service" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1468", "name": "Remotely Track Device Without Authorization", "display_name": "T1468 - Remotely Track Device Without Authorization" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1262, "FileHash-MD5": 164, "FileHash-SHA1": 207, "IPv4": 180, "URL": 1780, "domain": 370, "hostname": 708, "CVE": 3, "email": 4, "SSLCertFingerprint": 4 }, "indicator_count": 4682, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "16 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "Yara Detections is__elf", "Trojan.Systembc/yxgdgz Threat categories", "https://sexfortokens.com/hotmilfbitch", "Unix.Trojan.Mirai-7135916-0 Yara Detections: SUSP_XORed_Mozilla_Oct19 , is__elf", "Vtflooder-9783271-0 -> 7476476bdc93726f46f75f5bdd5ce6c619d73f7ee82b7d93ad835c993ff14661", "Yara Detections: SUSP_Imphash_Mar23_2 , UPX , Nrv2x , UPX_OEP_place , , UPXv20MarkusLaszloReiser", "Win.Malware.Gamehack-6822792-0 IDS Detections Riskware/Cheathappens Checkin (songculture attack)", "testpaging upof6w.exe 2026-04- 07_259af8b0d0bc540384a06bb730cee9cd_qnapcrypt ELF", "? Con*-cted jp-\u0661\u0660\u0661\u0660\u0660\u0660.--- \u0644\u062d\u0645\u0627", "ELF - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked,", "Sigma: Matches rule Suspicious Outbound SMTP Connections by frack113", "alberta.ca impacts an OTX user", "Yara Detections: UPX20030XMarkusOberhumerLaszloMolnarJohnReiser", "cdn10.mypornvid.fun impacted a targeted individual", "BuildID[sha1]=068f07f6460b85817e4be47c18c10d1a1fbef817, stripped", "Crowdsourced IDS: ET DROP Spamhaus Listed Traffic Inbound group 60", "Suspicious DNS Query for IP Lookup Service APls by Brandon George (blog post) Thomas Patzke", "https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "Alerts: network_cnc_http network_http packer_unknown_pe_section_name injection_rwx dead_connect exec_crash", "blackbox21.shop", "nr-data.net \u2022 push.apple.com", "IP\u2019s Contacted 162.159.140.229 34.54.88.138", "Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser", "Yara Detections: is__elf IP\u2019s", "IDS Detections: Win32/Vflooder.B Checkin \u2022 Generic HTTP EXE Upload Inbound \u2022 Generic HTTP EXE Upload Outbound", "https://docs.cursor.com/en/cli/reference/slash-commands", "https://grok.com/imagine/agent/d5e99582-a7e7-4138-b129-780e171ba9ac", "storage/analyses/1000549/network 9da8632065cc24646086f f5 fb769c45\"", "(Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "IP\u2019s Contacted: 104.17.118.12 57.144.248.1 176.114.120.24 80.12.24.14 95.163.61.73", "Win.Malware.Vtflooder-9783271-0 -> Domains Contacted twitter.com www.virustotal.com", "FileHash-SHA256 756f0b598741a6fdff640a158b6b490472e546d411da2850836b9a8ca76afdc1", "Matches rule ET INFO External IP Check (checkip.amazonaws.com)", "passwordreset.gscs.ca \u2022 https://passwordreset.gscs.ca/", "Go BuildID=qBC61D7N3q3H7j2Pq55o/WsPsx2ArOJ0T24axAUMZ/K6isHEI8QMyAMkIM3HH8/QQevOAoeyrO7eZGdBARa,", "DESCRIPTION: Detects systembc RAT REFERENCE: https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "motherlesslive.com", "ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "Related Pulses: Armadillo v1.xx - v2.xx", "https://api.cursor.com/v0/agents/", "TelfHash t135324a7149bc74b5b6a6d910b3a3b4b8a6772d6566f434f51023ad84ffc1e801ce283b", "Ransom:Win32/CVE Yara Detections: Armadillov1xxv2xx Alerts contains_pe_overlay", "https://arena.ai/apple-touch-icon-dark.png", "Matches rule ET INFO External IP Lookup Domain in DNS Lookup (checkip amazonaws .com)", "https://stripchat.org/ \u2022 27bsmextreme.tech \u2022 35bsmextreme.tech \u2022 46bsmextreme.tech \u2022", "Domains Contacted: checkip.amazonaws.com vk.com arena.ai www.yandex.ru stripchat.com", "Names: testpaging \u2022 upof6w.exe \u2022 2026-04-07_259af8b0d0bc540384a06bb730cee9cd_qnapcrypt", "IP\u2019s Contacted: 212.227.17.162 77.88.44.55 142.93.142.17 104.18.14.206", "https://www.forbes.com/consent/ketch/?toURL=https://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html", "https://twitter.com/PORNO_SEXYBABES \u2022 twitter.com", "Twitter.com", "IP\u2019s Contacted: 104.17.118.12 57.144.248.1 176.114.120.24 80.12.24.14 95.163.61.73 142.251.98.113", "FileHash-SHA256 9da8632065cc24646086ff5fb769c452f777aa6c2470a02a16d209baabd1e4b5", "Matches rule SURICATA Applayer Detect protocol only one direction virustotal.com", "https://click.italiansexclub.fun/click/HpdeyDt6", "beacons.bcp.gvt.com \u2022 http://vtboss.yolox.net/md5.php \u2022 finanse.mf.gov.pl", "Alerts: procmem_yara suricata_alert dynamic_function_loading network_cnc_https_generic reads_self" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Ransom:win32/cve", "Trojandropper:win32/vb.il", "Trojan:win32/smkldr.h!mtb", "Win.malware.vtflooder-6722904-1", "Unix.trojan.mirai-7135916-0", "Win.trojan.ag-2", "Trojan:win32/pariham.a", "Win.packed.generic-9967832-0", "Win.malware.midie-6847893-0", "Worm:win32/mofksys.rnd!mtb", "Win.malware.xred-9917120-0", "Trojandropper:win32/muldrop.v!mtb", "Win.trojan.gamarue-9832405-0", "Trojan.systembc/yxgdgz", "Qnapcrypt", "Trojandropper:win32/cuegoe", "Cve-2024-6387", "Trojan:win32/vflooder.b", "Trojan:win32/vflooder", "Virtool:win32/injector.gen!bb", "Win.trojan.cuegoe-6336261-0", "Cve-2025-20393", "Win.malware.vtflooder-9783271-0", "Win.downloader.icedid -9754950-0", "Win.malware.genpack-6989317-0", "Win.trojan.vbgeneric-6735875-0", "Cve-2023-22518", "Win.malware.gamehack-6822792-0", "#lowfi:lua:autoitv3craftedoverlay" ], "industries": [], "unique_indicators": 6916 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/arena.ai", "whois": "http://whois.domaintools.com/arena.ai", "domain": "arena.ai", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6a2065e45134a29601c23d89", "name": "Social Media Platform | Mirai \u2022 IcedID | Ransomeare , Malware Packed | Malicious", "description": "", "modified": "2026-06-03T17:35:32.610000", "created": "2026-06-03T17:35:32.610000", "tags": [ "trojan", "backdoor", "ransom", "twitter", "trojandropper", "mtb apr", "mtb may", "lowfi", "all ipv4", "level", "smoke loader", "bb may", "win32cve apr", "win32cuegoe apr", "avast avg", "dynamicloader", "write c", "ms windows", "intel", "yara rule", "pe32", "high", "pe32 executable", "united", "format", "delphi", "win32", "write", "guard", "smartassembly", "malware", "stack", "error", "installer", "template", "unknown", "alerts", "pe file", "push", "top source", "top destination", "source source", "april", "trace", "extraction", "sc data", "extra data", "data upload", "failed", "extra", "include review", "port", "destination", "av detections", "ids detections", "yara detections", "mirai", "flag", "csc corporate", "markmonitor", "country", "usa windows", "november", "september", "input threat", "level analysis", "summary", "sweflag", "hwp support", "programfiles", "command decode", "windir", "ck id", "mitre att", "ck matrix", "comspec", "model", "encrypt", "loads", "general", "path", "click", "strings", "title", "meta", "learn", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "defense evasion", "sysv", "buildid", "windows nt", "msie", "germany as8560", "contacted", "accept", "elf executable", "linux", "elf64", "unix", "exec amd64", "elf info", "o metadata", "qnapcrypt", "testpaging", "upof6w.exe", "apple", "data", ".ai", "domains", "historical ssl", "certificates", "win32cve yara", "armadillo", "contacted domains" ], "references": [ "Twitter.com", "https://arena.ai/apple-touch-icon-dark.png", "Unix.Trojan.Mirai-7135916-0 Yara Detections: SUSP_XORed_Mozilla_Oct19 , is__elf", "Trojan.Systembc/yxgdgz Threat categories", "Yara Detections is__elf", "IP\u2019s Contacted: 104.17.118.12 57.144.248.1 176.114.120.24 80.12.24.14 95.163.61.73", "Domains Contacted: checkip.amazonaws.com vk.com arena.ai www.yandex.ru stripchat.com", "testpaging upof6w.exe 2026-04- 07_259af8b0d0bc540384a06bb730cee9cd_qnapcrypt ELF", "Ransom:Win32/CVE Yara Detections: Armadillov1xxv2xx Alerts contains_pe_overlay", "Related Pulses: Armadillo v1.xx - v2.xx" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Trojan.Ag-2", "display_name": "Win.Trojan.Ag-2", "target": null }, { "id": "Virtool:Win32/Injector.gen!BB", "display_name": "Virtool:Win32/Injector.gen!BB", "target": "/malware/Virtool:Win32/Injector.gen!BB" }, { "id": "Win.Malware.Vtflooder-9783271-0", "display_name": "Win.Malware.Vtflooder-9783271-0", "target": null }, { "id": "Win.Downloader.Icedid -9754950-0", "display_name": "Win.Downloader.Icedid -9754950-0", "target": null }, { "id": "#Lowfi:LUA:AutoItV3CraftedOverlay", "display_name": "#Lowfi:LUA:AutoItV3CraftedOverlay", "target": null }, { "id": "Win.Malware.Midie-6847893-0", "display_name": "Win.Malware.Midie-6847893-0", "target": null }, { "id": "Trojan:Win32/SmkLdr.H!MTB", "display_name": "Trojan:Win32/SmkLdr.H!MTB", "target": "/malware/Trojan:Win32/SmkLdr.H!MTB" }, { "id": "Win.Trojan.Gamarue-9832405-0", "display_name": "Win.Trojan.Gamarue-9832405-0", "target": null }, { "id": "TrojanDropper:Win32/Muldrop.V!MTB", "display_name": "TrojanDropper:Win32/Muldrop.V!MTB", "target": "/malware/TrojanDropper:Win32/Muldrop.V!MTB" }, { "id": "Win.Malware.Xred-9917120-0", "display_name": "Win.Malware.Xred-9917120-0", "target": null }, { "id": "Trojan:Win32/Pariham.A", "display_name": "Trojan:Win32/Pariham.A", "target": "/malware/Trojan:Win32/Pariham.A" }, { "id": "Win.Malware.Genpack-6989317-0", "display_name": "Win.Malware.Genpack-6989317-0", "target": null }, { "id": "TrojanDropper:Win32/VB.IL", "display_name": "TrojanDropper:Win32/VB.IL", "target": "/malware/TrojanDropper:Win32/VB.IL" }, { "id": "TrojanDropper:Win32/Cuegoe", "display_name": "TrojanDropper:Win32/Cuegoe", "target": "/malware/TrojanDropper:Win32/Cuegoe" }, { "id": "Win.Packed.Generic-9967832-0", "display_name": "Win.Packed.Generic-9967832-0", "target": null }, { "id": "Win.Trojan.VBGeneric-6735875-0", "display_name": "Win.Trojan.VBGeneric-6735875-0", "target": null }, { "id": "Worm:Win32/Mofksys.RND!MTB", "display_name": "Worm:Win32/Mofksys.RND!MTB", "target": "/malware/Worm:Win32/Mofksys.RND!MTB" }, { "id": "Win.Trojan.VBGeneric-6735875-0", "display_name": "Win.Trojan.VBGeneric-6735875-0", "target": null }, { "id": "Trojan:Win32/Vflooder.B", "display_name": "Trojan:Win32/Vflooder.B", "target": "/malware/Trojan:Win32/Vflooder.B" }, { "id": "Ransom:Win32/CVE", "display_name": "Ransom:Win32/CVE", "target": "/malware/Ransom:Win32/CVE" }, { "id": "Win.Trojan.Cuegoe-6336261-0", "display_name": "Win.Trojan.Cuegoe-6336261-0", "target": null }, { "id": "Unix.Trojan.Mirai-7135916-0", "display_name": "Unix.Trojan.Mirai-7135916-0", "target": null }, { "id": "Trojan.Systembc/yxgdgz", "display_name": "Trojan.Systembc/yxgdgz", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1553.002", "name": "Code Signing", "display_name": "T1553.002 - Code Signing" }, { "id": "T1518.001", "name": "Security Software Discovery", "display_name": "T1518.001 - Security Software Discovery" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1568.002", "name": "Domain Generation Algorithms", "display_name": "T1568.002 - Domain Generation Algorithms" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 328, "FileHash-SHA1": 229, "FileHash-SHA256": 942, "URL": 500, "domain": 124, "email": 3, "hostname": 192, "IPv4": 622, "SSLCertFingerprint": 16 }, "indicator_count": 2956, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "4 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a1fc3671bc3d0f5ce8b06e6", "name": "Grok \u2022 X \u2022 Twitter Vflooder | SystemBC | QNAPCrypt", "description": "I continue to research issues affecting iOS and other smart devices, browsers, search engines and targeted individuals.\nI will limit my comments as further evaluation is required. Twitter appears to be used as a weapon to abuse of several targeted persons and their schools or businesses. Research is required to determine how. Is Twitter / X a weapon or is it abused by threat actors. Ongoing attacks dating back at least 5 years. || \n*DESCRIPTION: Detects systembc RAT REFERENCE: https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior\n\n#malicious #spyware #twitter #x #ai_ agents #seen_before #systembc #vtflooder #qnapcrypt #cve #checkin #scripiting #injection #extraction #gobinary #operation", "modified": "2026-06-03T06:02:15.229000", "created": "2026-06-03T06:02:15.229000", "tags": [ "sysv", "buildid", "united", "windows nt", "msie", "germany as8560", "yara detections", "contacted", "z74457024643q1", "systembc", "trojan", "elf executable", "exec amd6464", "linux", "elf64 operation", "unix", "compiler", "debugging", "go binary", "injection", "header elf64", "v exec", "executable file", "advanced micro", "note", "strtab", "gmbh", "gandi sas", "group india", "private limited", "qnapcrypt", "hacktool", "chrome", "yandex", "stripchat", "amazonaws", "mal_elf_systembc", "apple ios", "ios", "apple", "telhash", "data upload", "cursor", "se data", "extraction", "n https", "data", "failed", "cve cve20246387", "log id", "gmtn", "path", "secure", "self", "samesitenone", "encrypt", "d8n timestamp", "timestamp", "organization", "false", "certificate", "search", "emails", "twitter", "twitter spyware", "twitter vtflooder", "x", "unknown aaaa", "present jun", "ip address", "belize unknown", "unknown ns", "grok x", "cursor agents", "ai", "url url", "url hostnams", "hostn url", "url data", "belize", "a domains", "moved", "alone email", "gmt server", "url analysis", "accept", "namecheap", "namecheap inc", "namesilo", "expim", "url https", "dynamicloader", "host", "ff d5", "yara rule", "ee fc", "generic http", "exe upload", "f0 ff", "eb e1", "write", "vflooder", "malware", "upload inbound", "av detections", "ids detections", "alerts", "analysis date", "checkin generic", "http exe", "upload inbound", "outbound yara", "nrv2x", "upxoepplace", "google", "adversaries", "adversarial attacks", "techniques", "create", "modify system", "process t1064", "t1543 systemd", "technir create", "full reports", "v tcp", "help", "ja3 digests", "hashes o", "et http", "get http", "post http", "dns resolutions", "cams", "adult content", "ff bb", "ff ff", "f7 b9", "c1 e8", "copy", "markus", "august", "title", "gamehack", "alberta.ca", "songculture", "lizardsquad" ], "references": [ "FileHash-SHA256 756f0b598741a6fdff640a158b6b490472e546d411da2850836b9a8ca76afdc1", "TelfHash t135324a7149bc74b5b6a6d910b3a3b4b8a6772d6566f434f51023ad84ffc1e801ce283b", "Names: testpaging \u2022 upof6w.exe \u2022 2026-04-07_259af8b0d0bc540384a06bb730cee9cd_qnapcrypt", "Yara Detections: is__elf IP\u2019s", "IP\u2019s Contacted: 104.17.118.12 57.144.248.1 176.114.120.24 80.12.24.14 95.163.61.73 142.251.98.113", "IP\u2019s Contacted: 212.227.17.162 77.88.44.55 142.93.142.17 104.18.14.206", "Domains Contacted: checkip.amazonaws.com vk.com arena.ai www.yandex.ru stripchat.com", "ELF - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked,", "Go BuildID=qBC61D7N3q3H7j2Pq55o/WsPsx2ArOJ0T24axAUMZ/K6isHEI8QMyAMkIM3HH8/QQevOAoeyrO7eZGdBARa,", "BuildID[sha1]=068f07f6460b85817e4be47c18c10d1a1fbef817, stripped", "motherlesslive.com", "blackbox21.shop", "passwordreset.gscs.ca \u2022 https://passwordreset.gscs.ca/", "alberta.ca impacts an OTX user", "https://stripchat.org/ \u2022 27bsmextreme.tech \u2022 35bsmextreme.tech \u2022 46bsmextreme.tech \u2022", "FileHash-SHA256 9da8632065cc24646086ff5fb769c452f777aa6c2470a02a16d209baabd1e4b5", "storage/analyses/1000549/network 9da8632065cc24646086f f5 fb769c45\"", "? Con*-cted jp-\u0661\u0660\u0661\u0660\u0660\u0660.--- \u0644\u062d\u0645\u0627", "https://arena.ai/apple-touch-icon-dark.png", "https://www.forbes.com/consent/ketch/?toURL=https://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html", "nr-data.net \u2022 push.apple.com", "https://twitter.com/PORNO_SEXYBABES \u2022 twitter.com", "Vtflooder-9783271-0 -> 7476476bdc93726f46f75f5bdd5ce6c619d73f7ee82b7d93ad835c993ff14661", "Win.Malware.Vtflooder-9783271-0 -> Domains Contacted twitter.com www.virustotal.com", "IP\u2019s Contacted 162.159.140.229 34.54.88.138", "IDS Detections: Win32/Vflooder.B Checkin \u2022 Generic HTTP EXE Upload Inbound \u2022 Generic HTTP EXE Upload Outbound", "Yara Detections: SUSP_Imphash_Mar23_2 , UPX , Nrv2x , UPX_OEP_place , , UPXv20MarkusLaszloReiser", "Yara Detections: UPX20030XMarkusOberhumerLaszloMolnarJohnReiser", "Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser", "Alerts: procmem_yara suricata_alert dynamic_function_loading network_cnc_https_generic reads_self", "Alerts: network_cnc_http network_http packer_unknown_pe_section_name injection_rwx dead_connect exec_crash", "Sigma: Matches rule Suspicious Outbound SMTP Connections by frack113", "Suspicious DNS Query for IP Lookup Service APls by Brandon George (blog post) Thomas Patzke", "Crowdsourced IDS: ET DROP Spamhaus Listed Traffic Inbound group 60", "Matches rule ET INFO External IP Lookup Domain in DNS Lookup (checkip amazonaws .com)", "Matches rule ET INFO External IP Check (checkip.amazonaws.com)", "ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "(Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "Matches rule SURICATA Applayer Detect protocol only one direction virustotal.com", "DESCRIPTION: Detects systembc RAT REFERENCE: https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "https://docs.cursor.com/en/cli/reference/slash-commands", "https://api.cursor.com/v0/agents/", "https://grok.com/imagine/agent/d5e99582-a7e7-4138-b129-780e171ba9ac", "beacons.bcp.gvt.com \u2022 http://vtboss.yolox.net/md5.php \u2022 finanse.mf.gov.pl", "cdn10.mypornvid.fun impacted a targeted individual", "https://click.italiansexclub.fun/click/HpdeyDt6", "https://sexfortokens.com/hotmilfbitch", "Win.Malware.Gamehack-6822792-0 IDS Detections Riskware/Cheathappens Checkin (songculture attack)" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Trojan.Systembc/yxgdgz", "display_name": "Trojan.Systembc/yxgdgz", "target": null }, { "id": "CVE-2023-22518", "display_name": "CVE-2023-22518", "target": null }, { "id": "CVE-2024-6387", "display_name": "CVE-2024-6387", "target": null }, { "id": "CVE-2025-20393", "display_name": "CVE-2025-20393", "target": null }, { "id": "Win.Malware.Vtflooder-6722904-1", "display_name": "Win.Malware.Vtflooder-6722904-1", "target": null }, { "id": "Trojan:Win32/Vflooder", "display_name": "Trojan:Win32/Vflooder", "target": "/malware/Trojan:Win32/Vflooder" }, { "id": "QNAPCrypt", "display_name": "QNAPCrypt", "target": null }, { "id": "Win.Malware.Gamehack-6822792-0", "display_name": "Win.Malware.Gamehack-6822792-0", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "TA0028", "name": "Persistence", "display_name": "TA0028 - Persistence" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1543.002", "name": "Systemd Service", "display_name": "T1543.002 - Systemd Service" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1468", "name": "Remotely Track Device Without Authorization", "display_name": "T1468 - Remotely Track Device Without Authorization" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1262, "FileHash-MD5": 164, "FileHash-SHA1": 207, "IPv4": 180, "URL": 1780, "domain": 370, "hostname": 708, "CVE": 3, "email": 4, "SSLCertFingerprint": 4 }, "indicator_count": 4682, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "16 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://arena.ai/video", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://arena.ai/video", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780524347.2997277 }