{ "type": "URL", "indicator": "https://austi.79-110-49-88.cprapid.com/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://austi.79-110-49-88.cprapid.com/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3959720546, "indicator": "https://austi.79-110-49-88.cprapid.com/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 17, "pulses": [ { "id": "69fd7b60289b73182e9a159c", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:52.129000", "created": "2026-05-08T05:57:52.129000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b5ed982a2ed94c12f67", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:50.241000", "created": "2026-05-08T05:57:50.241000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b5d484b29482fbe4cc2", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:49.464000", "created": "2026-05-08T05:57:49.464000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b5ab51dd45774eac47b", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:46.054000", "created": "2026-05-08T05:57:46.054000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b58e8a0903393ffdd7a", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:44.720000", "created": "2026-05-08T05:57:44.720000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b58b4b5d410557d3c34", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:44.086000", "created": "2026-05-08T05:57:44.086000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b3a63bbd9f424b1cbe0", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:14.484000", "created": "2026-05-08T05:57:14.484000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b3888a42bcf91770459", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:12.538000", "created": "2026-05-08T05:57:12.538000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b354f93bc9aed606930", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:09.991000", "created": "2026-05-08T05:57:09.991000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b35900d81ffc451da66", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:09.372000", "created": "2026-05-08T05:57:09.372000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b341c333a37e7a73ff2", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:08.912000", "created": "2026-05-08T05:57:08.912000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b332f6ea864283eef95", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:07.336000", "created": "2026-05-08T05:57:07.336000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "662e0a50715909a2ce36d1d5", "name": "Jeroen Gui lists (https://file.jeroengui.be)", "description": "A pulse fed with lists taken from https://file.jeroengui.be . I am not him. Visit his website jeroengui.be", "modified": "2025-09-21T05:30:59.802000", "created": "2024-04-28T08:35:28.934000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1089, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tomtomalien", "id": "258713", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_258713/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 161, "modified_text": "253 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6687495ad1e4ef814ec26c75", "name": "Remote Network Attack | JakyllHyde: Malicious Keyword Tool Index | Sabey Data Centers", "description": "Research shows compromise originated from Sabey Data Centers. High Priority 'Malicious' \nRemotely connects to victim network is injection,", "modified": "2024-09-05T06:26:17.295000", "created": "2024-07-05T01:16:10.251000", "tags": [ "read c", "get na", "sthubei", "otaokexing", "unknown", "write c", "outaokexing", "cntaokexing", "ms windows", "pe32", "win64", "write", "next", "win32", "malware", "copy", "keyword tool", "historical ssl", "referrer", "vs2010", "file", "sections", "signature", "file version", "windows system", "internal name", "version", "portable", "info compiler", "analyzer paste", "iocs", "url https", "samples", "cisco umbrella", "site", "safe site", "alexa top", "million", "heur", "malware site", "malicious site", "iframe", "alexa", "deepscan", "crack", "fusioncore", "cleaner", "riskware", "jakyllhyde", "china unknown", "asnone china", "cname", "as4812 china", "as4134 chinanet", "date", "moved", "search", "status", "body", "as4837 china", "bad request", "passive dns", "gmt content", "type", "scan endpoints", "all scoreblue", "twitter", "trojan", "urls", "machinename", "alibaba cloud", "computing", "beijing", "domains", "contacted", "ip detections", "country", "files", "file type", "signals mutexes", "local", "localc", "mutexes", "as31122 digiweb", "ireland unknown", "a domains", "gmt server", "pulse pulses", "pragma", "ipv4", "apache", "get http", "request", "host", "accept", "response", "date mon", "http requests", "connection", "server", "pluginrun", "ip traffic", "hashes", "user", "dns resolutions", "ff ff", "lowdatetime", "mofresourcename", "portclsmof", "hdaudiomofname", "processorwmi", "acpimofresource", "mofresource", "registry keys", "counter", "files written", "files dropped", "registry", "samplepath", "windir", "created c", "shell commands", "monitor", "arg0", "tree", "synchronization", "yara signature", "match", "thor apt", "scanner rule", "livehunt", "ruletype", "rule feed", "rulelink", "microsoft", "ruleauthor", "backdoor", "injection", "sabey data centers", "vbs", "remote attack", "extreme targeting", "116.207.118.87", "192.168.56.103", "linux", "locate linux deployed", "track", "tracking", "track all devices", "android", "apple", "apple webkit" ], "references": [ "Win32/JakyllHyde - RUNDLL32.EXE FileHash-SHA1 01021c698664f7567b787d7bce266124ec0a226fb2e586125d109beb0ad0ba17", "Found in a malicious keyword index: http://m.xiang5.com/keyword/17655.html&htE5-: Family", "IDS Detections: Win32/JakyllHyde C2 Activity Win32/JakyllHyde C2 Activity M2 PE EXE or DLL Windows file download HTTP", "Alerts: dead_host injection_runpe network_icmp allocates_execute_remote_process disables_proxy injection_modifies_memory modifies_proxy_wpad", "Alerts: origin_langid multiple_useragents process_interest recon_beacon injection_resumethread antivm_vmware_in_instruction dumped_buffer network_bind network_http allocates_rwx antisandbox_foregroundwindows antisandbox_sleep antivm_disk_size", "Trojan:Win32/JakyllHyde: CnC IP's -183.95.89.203 116.211.100.182 Exploit Source: IPv4 116.207.118.87 163.171.134.109", "Trojan:Win32/JakyllHyde: FileHash-SHA256 01021c698664f7567b787d7bce266124ec0a226fb2e586125d109beb0ad0ba17 - trojan", "Trojan:Win32/JakyllHyde: FileHash-SHA256 37a641988cfb33066c12b68b23bec0623e3d0715d21d6e3b7304bdd7238c8790 - trojan", "Trojan:Win32/JakyllHyde: FileHash-SHA256 002d9916a54c7ea70c931dca29c0a4500020d8040b9e446a5472b9089c29c8bc - trojan", "Trojan:Win32/JakyllHyde: FileHash-SHA256 440165588e14516e1ef13b6240aad27a0e8c49744c8383590425b3cc9d7f23f1 - trojan", "Trojan:Win32/JakyllHyde: FileHash-SHA256 47d9e427da3dfe5253d0047c40fb773db59dbccb0ff650e86ce7490b2c520c2d - trojan", "Trojan:Win32/JakyllHyde: FileHash-SHA256 7512f88162744b57efd14cc5fb98bc7cf5588fa25c218a1e92fe8048932450a8 -trojan", "Trojan:Win32/JakyllHyde: FileHash-SHA1 0c795954123ebf1806cdafef2b66322f8d40d3ac - trojan", "Trojan:Win32/JakyllHyde: FileHash-SHA1 f971b96cd514dc62a43b51f32e3a440fe3e0c6d4 - trojan", "Trojan:Win32/JakyllHyde: FileHash-SHA1 732198087c6a88afa356ea729bd3b8bb16c41901 - trojan", "Trojan:Win32/JakyllHyde: FileHash-SHA1 f02ebf4d8955c363d615a53cc44b048d75b7cefb - adware", "Trojan:Win32/JakyllHyde: FileHash-SHA1 800c8a5f93b04d6c5dc491ab582cd75165918f5f - trojan", "Trojan:Win32/JakyllHyde: FileHash-SHA1 b45c02987811425c672f56e011f394f94cc29a7b - trojan", "Trojan:Win32/JakyllHyde: FileHash-SHA1 be97e5638139ee689312e23022d2e55e58d123c6 - trojan", "Trojan:Win32/JakyllHyde: FileHash-MD5: 0dd69941b0f01d1ee4d49c228f832bed - trojan", "Trojan:Win32/JakyllHyde: FileHash-MD5: 2f237a35379a5fa46168e3a01667f32c - trojan", "Trojan:Win32/JakyllHyde: FileHash-MD5: 35fc2b92d534f652ffe4ec3cbc3347b6 - adware", "Trojan:Win32/JakyllHyde: FileHash-MD5: 4d4cd0582109e110967bce75534031ed -trojan", "Trojan:Win32/JakyllHyde: FileHash-MD5: 8eeda8077a13f12aa72c8b7b5f457734 -trojan", "Trojan:Win32/JakyllHyde: FileHash-MD5: d6d906a1c4061d3f41053b4548c7ea69 - trojan", "Trojan:Win32/JakyllHyde: FileHash-MD5: fa7d0ef6c2c634e4f0e890c3d5b4cf4f - trojan", "YARA Signature Match - THOR APT Scanner: RULE_TYPE: Valhalla Rule Feed Only \u26a1", "RULE_LINK: https://valhalla.nextron-systems.com/info/rule/Malformed_Copyright_Statements RULE_AUTHOR: Florian Roth", "DESCRIPTION: Detects malformed Microsoft copyright statements in executables RULE_AUTHOR: Florian Roth", "RULE_LINK: https://valhalla.nextron-systems.com/info/rule/Malformed_Copyright_Statements RULE_AUTHOR: Florian Roth", "More information: https://www.nextron-systems.com/notes-on-virustotal-matches/ RULE_AUTHOR: Florian Roth", "#copyright #statements #malformed_copyright_statements", "ETPRO MALWARE Win32/JakyllHyde C2: https://www.joesandbox.com/analysis/754158/0/html", "Snort IDS: 2836073 ETPRO MALWARE Win32/JakyllHyde C2 Activity 192.168.2.3:49698 ->", "ETPRO MALWARE Win32/JakyllHyde C2 Activity M2 - Source IP: 116.211.100.21 - Destination IP: 192.168.2.3", "ETPRO MALWARE Win32/JakyllHyde C2 Activity - Source IP: 192.168.2.3 - Destination IP: 116.211.100.21", "ET MALWARE Win32/Eyoorun.D Variant Checkin - Source IP: 192.168.2.3 - Destination IP: 116.211.100.21", "ETPRO MALWARE Win32/JakyllHyde C2 Activity - Source IP: 192.168.2.3 - Destination IP: 116.211.100.21", "ET MALWARE Win32/Eyoorun.D Variant Checkin - Source IP: 192.168.2.3 - Destination IP: 116.211.100.21", "ET TROJAN W32/Witch.3FA0!tr CnC Actiivty M2 - Source IP: 192.168.2.3 - Destination IP: 116.211.100.21", "ETPRO MALWARE Win32/JakyllHyde C2 Activity M2 - Source IP: 116.211.100.21 - Destination IP: 192.168.2.3", "System process connects to network (likely due to code injection or exploit)", "Snort IDS alert for network traffic | Detected VMProtect packer", "W32/Witch.3FA0!tr: FileHash-MD5 38be6c6b799140f435bc1b1d42275d7c", "W32/Witch.3FA0!tr: FileHash-SHA1 13ed578302cc1f302a8a9df9308859486aeb4d0b", "W32/Witch.3FA0!tr: 601928c4508162aed7491ea4995eca7361be6faeac3c06ee5fc5302e686e26448", "http://tuijian.adhei.com/douyu/v1/encrypt/gamebox_m.cs", "http://tuijian.adhei.com/douyu/v1/encrypt/gamebox_m.css", "http://tuijian.adhei.com/douyu/v /encrypt/gamebox_m.css", "http://ssp.1rtb.com/imp?ua=Mozilla/5.0+(Linux;+U;+Android+4.3.1;+en-us;+GT-I8190+Build/JZO54K)+AppleWebKit/534.30+", "http://57d7.zhanyu66.com/air.thinlinuxforandroid.apk", "http://sdk.1rtb.com/sdk/req_ad?app_package=com.scpp.plus&device_type=1&device_adid=92841014150fc3fd&device_geo_lat=&app_name=%E8%B", "http://ssp.1rtb.com/tracker?ua=Mozilla/5.0+(Linux;+Android+7.1.2;+SM-T555+Build/NMF26X;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)", "https://simulator-api.666phonemanager.com/advert/gamebox_winpop/online", "http://ssp.1rtb.com/imp?ua=Mozilla/5.0+(Linux;+Android+7.1.2;+SM-T555+Build/NMF26X;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Version/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "China", "Hong Kong", "Singapore" ], "malware_families": [ { "id": "Trojan:Win32/JakyllHyde", "display_name": "Trojan:Win32/JakyllHyde", "target": "/malware/Trojan:Win32/JakyllHyde" }, { "id": "SecuriteInfo.com.Trojan.GenericKD.32885218.16582.30886.dll", "display_name": "SecuriteInfo.com.Trojan.GenericKD.32885218.16582.30886.dll", "target": null }, { "id": "W32/Witch.3FA0!tr", "display_name": "W32/Witch.3FA0!tr", "target": null } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1037", "name": "Boot or Logon Initialization Scripts", "display_name": "T1037 - Boot or Logon Initialization Scripts" }, { "id": "T1037.001", "name": "Logon Script (Windows)", "display_name": "T1037.001 - Logon Script (Windows)" }, { "id": "T1037.002", "name": "Logon Script (Mac)", "display_name": "T1037.002 - Logon Script (Mac)" }, { "id": "T1037.003", "name": "Network Logon Script", "display_name": "T1037.003 - Network Logon Script" }, { "id": "T1003.001", "name": "LSASS Memory", "display_name": "T1003.001 - LSASS Memory" }, { "id": "T1003.003", "name": "NTDS", "display_name": "T1003.003 - NTDS" }, { "id": "T1003.002", "name": "Security Account Manager", "display_name": "T1003.002 - Security Account Manager" }, { "id": "T1003.004", "name": "LSA Secrets", "display_name": "T1003.004 - LSA Secrets" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1021.001", "name": "Remote Desktop Protocol", "display_name": "T1021.001 - Remote Desktop Protocol" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1039", "name": "Data from Network Shared Drive", "display_name": "T1039 - Data from Network Shared Drive" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 682, "FileHash-SHA1": 327, "FileHash-SHA256": 2911, "SSLCertFingerprint": 4, "URL": 13039, "domain": 1038, "hostname": 2764, "email": 2, "CVE": 2 }, "indicator_count": 20769, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b85e73efe2e053366ed972", "name": "https://www.hallrender.com/attorney/brian-sabey/", "description": "", "modified": "2024-09-05T06:21:34.047000", "created": "2024-01-30T02:26:59.218000", "tags": [ "ioc search", "new ioc", "teams api", "contact", "threat analyzer", "threat", "paste", "iocs", "hostnames", "urls https", "sample", "ssl certificate", "feeds ioc", "analyze", "whois record", "contacted", "historical ssl", "resolutions", "threat roundup", "referrer", "contacted urls", "august", "execution", "njrat", "ransomware", "gopher", "formbook", "whois ssl", "communicating", "obz4usfn0 url", "cfqirgdhj5 url", "obz4usfn0", "sfqh4dt74w0 url", "cfqirgdhj5", "localappdata", "temp", "getprocaddress", "windir", "ascii text", "mitre att", "file", "ck id", "show technique", "path", "factory", "hybrid", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers date", "gmt connection", "obz4usfn0 http", "cfqirgdhj5 http", "bundled", "dropped", "putty", "february", "july", "whois whois", "malware", "urls", "post", "vj87", "passive dns", "http", "unique", "ukhdaauqaaaaaac", "screenshot", "scan endpoints", "all octoseek", "code" ], "references": [ "https://www.hallrender.com/attorney/brian-sabey/", "https://hybrid-analysis.com/sample/ba72877899dffe3cfb08ab3b61d24e45325f0c27f3cec81e88e9dcf3f84f7098", "business-support.intel.com", "00000000000.cloudfront.net", "mobileaccess.intel.com", "artificial-legal-intelligence.com", "http://intel.net/.about.html", "http://medlineplus.gov.https.sci-hub.st", "https://hybrid-analysis.com/sample/ba72877899dffe3cfb08ab3b61d24e45325f0c27f3cec81e88e9dcf3f84f7098", "http://pl.gov-zaloguj.info", "http://apple.helptechnicalsupport.com/favicon.ico", "https://www.journaldev.com/41403/regex" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "NjRAT", "display_name": "NjRAT", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Gopher", "display_name": "Gopher", "target": null }, { "id": "Ransomware", "display_name": "Ransomware", "target": null }, { "id": "Ascii Exploit", "display_name": "Ascii Exploit", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "658b74ee93a0b0dc9c960cee", "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 184, "FileHash-SHA1": 168, "FileHash-SHA256": 6145, "URL": 14252, "hostname": 4778, "domain": 6809, "CVE": 3 }, "indicator_count": 32339, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "665bb7679843a6dabe4560e3", "name": "USZoom [New York , USA] | iPostal1 | Where's my check & mailbox?", "description": "According to some victims, malicious activities including/ not limited to mail filtering fulfillment center resulting in lost, tampered with, opened and glue sealed mail. Missing private documents, payment scams, needless recurring monthly fees, CSR call redirections to unaffiliated personnel. The system has been in the DW for several years. This is due to no fault of franchise owners. Bounty hunters, hackers, and cyber and mail thieves, potential aggressive law enforcement tacticts. Some use mailbox addresses for nefarious purposes, while others use it for business and address confidentiality. \n\nAuto generated: iPostal1 is the largest digital mailbox provider in the world, providing secure, easy-to-use digital mail solutions for individuals, small businesses and large businesses, and driving revenue for Workspaces.", "modified": "2024-09-05T06:11:17.325000", "created": "2024-06-02T00:05:59.160000", "tags": [ "strong", "story contact", "us leadership", "open menu", "close menu", "digital", "thank", "us zoom", "skip", "content home", "enterprise", "contact", "threat roundup", "august", "historical ssl", "april", "referrer", "formbook", "ip check", "vt graph", "relacionada", "cobalt strike", "hiddentear", "life", "malware", "open", "mumblehard", "sparkrat", "attack", "uszoom og", "submission", "analysis", "utc http", "response final", "url https", "ip address", "status code", "body length", "kb body", "graph api", "status", "content type", "date", "anchor hrefs", "hrefs", "cart contact", "leadership", "html info", "title uszoom", "meta tags", "uszoom twitter", "script tags", "vhash htm", "ssdeep", "file type", "html internet", "magic html", "ascii text", "trid file", "magika cttxt", "file size", "united", "as20940", "aaaa", "canada", "search", "showing", "cname", "as35994 akamai", "passive dns", "next", "as21928", "unknown", "urls", "domain", "creation date", "emails", "ipcounsel", "scan endpoints", "all scoreblue", "ipv4", "pulse submit", "url analysis", "files", "invalid url", "body", "name servers", "akamai", "expiration date", "asnone united", "a nxdomain", "india", "as15224 adobe", "bdclid", "meta name", "robots content", "x ua", "ieedge chrome1", "incapsula", "yara rule", "high", "explorer", "alerts", "less see", "contacted", "service", "attempts", "guard", "url http", "pulse pulses", "http", "related nids", "files location", "ip related", "hostname", "files ip", "address domain", "as46606", "td td", "script script", "gmt path", "create", "website", "set cookie", "a td", "win32", "flash", "pragma", "cookie", "xmpmm", "png image", "rgba", "documentid", "instanceid", "creatortool", "pattern match", "adobe photoshop", "macintosh", "june", "hybrid", "local", "encrypt", "click", "strings", "anomalous_deletefile", "info_stealer", "et trojan", "banload http", "banload", "ids detections", "yara detections", "bancos variant", "c2 checkin", "ntkrnlpacker", "copy", "meredrop", "injection", "e0e2edee", "push", "read", "write", "delete", "entries", "crlf line", "anomalous file", "medium", "filehash", "av detections", "analysis date", "file score", "medium risk", "detections none", "related pulses", "apple", "apple id", "apple private data collection", "apple staging", "t-mobile", "metroby", "keylogger" ], "references": [ "https://uszoom.com/", "http://www.dead-speak.com/ElectronicVoicePhenomena_EVP.htm", "Malicious Score: 10", "Yara Detections: DotNET_Reactor", "Alerts: procmem_yara antisandbox_sleep persistence_autorun cape_detected_threat infostealer_cookies recon_fingerprint", "Alerts: stealth_hidden_extension stealth_hiddenreg antidebug_guardpages dead_connect", "Alerts: encrypted_ioc http_request powershell_download powershell_request dynamic_function_loading cape_extracted_content", "Alerts: dropper injection_rwx network_dns_doh_tls network_http", "DotNET_Reactor: System.Security.Cryptography.AesCryptoServiceProvider System.Security.Cryptography", "DotNET_Reactor: System.Security.Cryptography ICryptoTransform", "High Priority Check-ins: Banload HTTP Checkin Detected (envia.php) Win32.Meredrop Checkin Bancos Variant C2 Checkin 1", "High Priority Alerts: spawns_dev_util modify_proxy infostealer_cookies", "Yara Detections: NTKrnlPacker, NTkrnlSecureSuite01015NTkrnlSoftware, NTkrnlSecureSuiteNTkrnlteam", "https://otx.alienvault.com/indicator/file/01accdb2c75f7b75e5f9744461fe927e6e1378e3bc1f943d02b0aa441bf65317", "https://www.hybrid-analysis.com/sample/79cab9c299164fb9a6d8f009adc2529ee79feeb0b4ad383eedee0c36bbe041ec/665b7ebee6b33f252d0e64ec", "Yara Detections stack_string , Armadillov1xxv2xx", "https://otx.alienvault.com/indicator/file/4d1dbf5ccc25a7f5fa24bd48d92987ff6d4dba35", "apple.finder-idevice.com | nr-data.net | https://appleid.com-dispositivo-perdido.com/ |" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Keylogger.Susppack-9876601-0", "display_name": "Win.Keylogger.Susppack-9876601-0", "target": null }, { "id": "Win.Trojan.Sdum-9807706-0", "display_name": "Win.Trojan.Sdum-9807706-0", "target": null }, { "id": "Win32.Meredrop Checkin", "display_name": "Win32.Meredrop Checkin", "target": null }, { "id": "#Lowfi:HSTR:TrojanSpy:Win32/Bancos", "display_name": "#Lowfi:HSTR:TrojanSpy:Win32/Bancos", "target": null }, { "id": "Pdf.Phishing.TtraffRobotInstall-7605656-0", "display_name": "Pdf.Phishing.TtraffRobotInstall-7605656-0", "target": null } ], "attack_ids": [ { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1553.002", "name": "Code Signing", "display_name": "T1553.002 - Code Signing" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1568.002", "name": "Domain Generation Algorithms", "display_name": "T1568.002 - Domain Generation Algorithms" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1048.002", "name": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", "display_name": "T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1184", "name": "SSH Hijacking", "display_name": "T1184 - SSH Hijacking" }, { "id": "T1198", "name": "SIP and Trust Provider Hijacking", "display_name": "T1198 - SIP and Trust Provider Hijacking" }, { "id": "T1416", "name": "URI Hijacking", "display_name": "T1416 - URI Hijacking" }, { "id": "T1415", "name": "URL Scheme Hijacking", "display_name": "T1415 - URL Scheme Hijacking" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1434", "name": "App Delivered via Email Attachment", "display_name": "T1434 - App Delivered via Email Attachment" } ], "industries": [ "Technology", "Telecommunications", "Civil Society" ], "TLP": "green", "cloned_from": null, "export_count": 45, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 8, "FileHash-MD5": 167, "FileHash-SHA1": 129, "FileHash-SHA256": 2008, "URL": 11241, "domain": 1853, "hostname": 4198, "SSLCertFingerprint": 10, "CVE": 1 }, "indicator_count": 19615, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6674e062afd192ab545b1a04", "name": "Lazarus Group", "description": "Everyone? Why Brashears? You are all so brilliant! It's not to surprising. I acted on behalf of target to follow your report. I am not anywhere close to ever being as clever as thee. Are you hiring snoops? This took form in October 2013.\nThen a follower. Next hell week-years. Just because you can. Well toasts yourselves. It must be amazing to be able to live without the fear of consequences, with knowledge that you're probably right. You know the odds or even better, the government pays you to do it!\nI am truly fascinated as well as humbled by your abilities. You made her so very sad. If that's what you need. Really rethink you choices, it's so otherworldly; again making you all so \nbright. She's met some of you, spoken to some of you, shopped alongside, was surveilled, viewed. More popular than the Kardashian on your rogue channels. Now THAT'S Reality TV. Bieber & Tori Kelley got her song chops, Sony was hacked. Okay. I'm so impressed, Hire me.\n\nsmph. I don't get it. No one does. \nAll tags auto generated.", "modified": "2024-09-05T06:06:53.933000", "created": "2024-06-21T02:07:30.790000", "tags": [ "scripts", "redline stealer", "lazarus", "core", "no problems", "html internet", "html document", "ascii text", "language", "merkd1904", "code", "c++" ], "references": [], "public": 1, "adversary": "Lazarus Group", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "RedLine Stealer", "display_name": "RedLine Stealer", "target": null }, { "id": "204.79.197.200", "display_name": "204.79.197.200", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6840, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 50, "FileHash-SHA1": 43, "FileHash-SHA256": 850, "URL": 949, "domain": 141, "hostname": 410 }, "indicator_count": 2445, "is_author": false, "is_subscribing": null, "subscriber_count": 234, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "Trojan:Win32/JakyllHyde: FileHash-SHA256 37a641988cfb33066c12b68b23bec0623e3d0715d21d6e3b7304bdd7238c8790 - trojan", "ET MALWARE Win32/Eyoorun.D Variant Checkin - Source IP: 192.168.2.3 - Destination IP: 116.211.100.21", "http://ssp.1rtb.com/imp?ua=Mozilla/5.0+(Linux;+Android+7.1.2;+SM-T555+Build/NMF26X;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Version/", "http://sdk.1rtb.com/sdk/req_ad?app_package=com.scpp.plus&device_type=1&device_adid=92841014150fc3fd&device_geo_lat=&app_name=%E8%B", "Trojan:Win32/JakyllHyde: FileHash-SHA1 b45c02987811425c672f56e011f394f94cc29a7b - trojan", "DotNET_Reactor: System.Security.Cryptography ICryptoTransform", "Trojan:Win32/JakyllHyde: FileHash-SHA256 01021c698664f7567b787d7bce266124ec0a226fb2e586125d109beb0ad0ba17 - trojan", "More information: https://www.nextron-systems.com/notes-on-virustotal-matches/ RULE_AUTHOR: Florian Roth", "Trojan:Win32/JakyllHyde: FileHash-SHA1 f02ebf4d8955c363d615a53cc44b048d75b7cefb - adware", "Trojan:Win32/JakyllHyde: CnC IP's -183.95.89.203 116.211.100.182 Exploit Source: IPv4 116.207.118.87 163.171.134.109", "http://medlineplus.gov.https.sci-hub.st", "DESCRIPTION: Detects malformed Microsoft copyright statements in executables RULE_AUTHOR: Florian Roth", "Trojan:Win32/JakyllHyde: FileHash-SHA1 f971b96cd514dc62a43b51f32e3a440fe3e0c6d4 - trojan", "Found in a malicious keyword index: http://m.xiang5.com/keyword/17655.html&htE5-: Family", "Trojan:Win32/JakyllHyde: FileHash-SHA1 800c8a5f93b04d6c5dc491ab582cd75165918f5f - trojan", "#copyright #statements #malformed_copyright_statements", "Yara Detections stack_string , Armadillov1xxv2xx", "Trojan:Win32/JakyllHyde: FileHash-SHA256 002d9916a54c7ea70c931dca29c0a4500020d8040b9e446a5472b9089c29c8bc - trojan", "High Priority Alerts: spawns_dev_util modify_proxy infostealer_cookies", "http://tuijian.adhei.com/douyu/v1/encrypt/gamebox_m.cs", "Trojan:Win32/JakyllHyde: FileHash-SHA256 47d9e427da3dfe5253d0047c40fb773db59dbccb0ff650e86ce7490b2c520c2d - trojan", "https://www.hallrender.com/attorney/brian-sabey/", "Trojan:Win32/JakyllHyde: FileHash-SHA1 0c795954123ebf1806cdafef2b66322f8d40d3ac - trojan", "artificial-legal-intelligence.com", "Trojan:Win32/JakyllHyde: FileHash-MD5: 2f237a35379a5fa46168e3a01667f32c - trojan", "https://uszoom.com/", "Trojan:Win32/JakyllHyde: FileHash-SHA256 7512f88162744b57efd14cc5fb98bc7cf5588fa25c218a1e92fe8048932450a8 -trojan", "Alerts: procmem_yara antisandbox_sleep persistence_autorun cape_detected_threat infostealer_cookies recon_fingerprint", "https://otx.alienvault.com/indicator/file/4d1dbf5ccc25a7f5fa24bd48d92987ff6d4dba35", "http://apple.helptechnicalsupport.com/favicon.ico", "Yara Detections: NTKrnlPacker, NTkrnlSecureSuite01015NTkrnlSoftware, NTkrnlSecureSuiteNTkrnlteam", "Trojan:Win32/JakyllHyde: FileHash-SHA1 be97e5638139ee689312e23022d2e55e58d123c6 - trojan", "Trojan:Win32/JakyllHyde: FileHash-MD5: d6d906a1c4061d3f41053b4548c7ea69 - trojan", "Alerts: dead_host injection_runpe network_icmp allocates_execute_remote_process disables_proxy injection_modifies_memory modifies_proxy_wpad", "https://www.journaldev.com/41403/regex", "http://tuijian.adhei.com/douyu/v /encrypt/gamebox_m.css", "apple.finder-idevice.com | nr-data.net | https://appleid.com-dispositivo-perdido.com/ |", "Alerts: stealth_hidden_extension stealth_hiddenreg antidebug_guardpages dead_connect", "Trojan:Win32/JakyllHyde: FileHash-MD5: 35fc2b92d534f652ffe4ec3cbc3347b6 - adware", "Snort IDS alert for network traffic | Detected VMProtect packer", "Alerts: origin_langid multiple_useragents process_interest recon_beacon injection_resumethread antivm_vmware_in_instruction dumped_buffer network_bind network_http allocates_rwx antisandbox_foregroundwindows antisandbox_sleep antivm_disk_size", "Trojan:Win32/JakyllHyde: FileHash-MD5: fa7d0ef6c2c634e4f0e890c3d5b4cf4f - trojan", "Trojan:Win32/JakyllHyde: FileHash-MD5: 4d4cd0582109e110967bce75534031ed -trojan", "ETPRO MALWARE Win32/JakyllHyde C2 Activity - Source IP: 192.168.2.3 - Destination IP: 116.211.100.21", "RULE_LINK: https://valhalla.nextron-systems.com/info/rule/Malformed_Copyright_Statements RULE_AUTHOR: Florian Roth", "mobileaccess.intel.com", "Alerts: encrypted_ioc http_request powershell_download powershell_request dynamic_function_loading cape_extracted_content", "http://www.dead-speak.com/ElectronicVoicePhenomena_EVP.htm", "W32/Witch.3FA0!tr: 601928c4508162aed7491ea4995eca7361be6faeac3c06ee5fc5302e686e26448", "https://simulator-api.666phonemanager.com/advert/gamebox_winpop/online", "IDS Detections: Win32/JakyllHyde C2 Activity Win32/JakyllHyde C2 Activity M2 PE EXE or DLL Windows file download HTTP", "Trojan:Win32/JakyllHyde: FileHash-MD5: 8eeda8077a13f12aa72c8b7b5f457734 -trojan", "Yara Detections: DotNET_Reactor", "W32/Witch.3FA0!tr: FileHash-MD5 38be6c6b799140f435bc1b1d42275d7c", "business-support.intel.com", "System process connects to network (likely due to code injection or exploit)", "DotNET_Reactor: System.Security.Cryptography.AesCryptoServiceProvider System.Security.Cryptography", "Trojan:Win32/JakyllHyde: FileHash-SHA256 440165588e14516e1ef13b6240aad27a0e8c49744c8383590425b3cc9d7f23f1 - trojan", "http://57d7.zhanyu66.com/air.thinlinuxforandroid.apk", "Alerts: dropper injection_rwx network_dns_doh_tls network_http", "00000000000.cloudfront.net", "ET TROJAN W32/Witch.3FA0!tr CnC Actiivty M2 - Source IP: 192.168.2.3 - Destination IP: 116.211.100.21", "http://intel.net/.about.html", "Win32/JakyllHyde - RUNDLL32.EXE FileHash-SHA1 01021c698664f7567b787d7bce266124ec0a226fb2e586125d109beb0ad0ba17", "W32/Witch.3FA0!tr: FileHash-SHA1 13ed578302cc1f302a8a9df9308859486aeb4d0b", "http://tuijian.adhei.com/douyu/v1/encrypt/gamebox_m.css", "ETPRO MALWARE Win32/JakyllHyde C2: https://www.joesandbox.com/analysis/754158/0/html", "Trojan:Win32/JakyllHyde: FileHash-MD5: 0dd69941b0f01d1ee4d49c228f832bed - trojan", "http://ssp.1rtb.com/imp?ua=Mozilla/5.0+(Linux;+U;+Android+4.3.1;+en-us;+GT-I8190+Build/JZO54K)+AppleWebKit/534.30+", "http://ssp.1rtb.com/tracker?ua=Mozilla/5.0+(Linux;+Android+7.1.2;+SM-T555+Build/NMF26X;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)", "https://www.hybrid-analysis.com/sample/79cab9c299164fb9a6d8f009adc2529ee79feeb0b4ad383eedee0c36bbe041ec/665b7ebee6b33f252d0e64ec", "YARA Signature Match - THOR APT Scanner: RULE_TYPE: Valhalla Rule Feed Only \u26a1", "http://pl.gov-zaloguj.info", "https://hybrid-analysis.com/sample/ba72877899dffe3cfb08ab3b61d24e45325f0c27f3cec81e88e9dcf3f84f7098", "High Priority Check-ins: Banload HTTP Checkin Detected (envia.php) Win32.Meredrop Checkin Bancos Variant C2 Checkin 1", "https://otx.alienvault.com/indicator/file/01accdb2c75f7b75e5f9744461fe927e6e1378e3bc1f943d02b0aa441bf65317", "Snort IDS: 2836073 ETPRO MALWARE Win32/JakyllHyde C2 Activity 192.168.2.3:49698 ->", "ETPRO MALWARE Win32/JakyllHyde C2 Activity M2 - Source IP: 116.211.100.21 - Destination IP: 192.168.2.3", "Malicious Score: 10", "Trojan:Win32/JakyllHyde: FileHash-SHA1 732198087c6a88afa356ea729bd3b8bb16c41901 - trojan" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "Lazarus Group", "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell" ], "malware_families": [ "Ascii exploit", "Win.trojan.sdum-9807706-0", "Securiteinfo.com.trojan.generickd.32885218.16582.30886.dll", "Redline stealer", "Ransomware", "Win32.meredrop checkin", "Pdf.phishing.ttraffrobotinstall-7605656-0", "204.79.197.200", "W32/witch.3fa0!tr", "Win.keylogger.susppack-9876601-0", "Njrat", "Gopher", "#lowfi:hstr:trojanspy:win32/bancos", "Trojan:win32/jakyllhyde", "Formbook" ], "industries": [ "Telecommunications", "Civil society", "Technology" ], "unique_indicators": 967530 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/cprapid.com", "whois": "http://whois.domaintools.com/cprapid.com", "domain": "cprapid.com", "hostname": "austi.79-110-49-88.cprapid.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 17, "pulses": [ { "id": "69fd7b60289b73182e9a159c", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:52.129000", "created": "2026-05-08T05:57:52.129000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b5ed982a2ed94c12f67", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:50.241000", "created": "2026-05-08T05:57:50.241000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b5d484b29482fbe4cc2", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:49.464000", "created": "2026-05-08T05:57:49.464000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b5ab51dd45774eac47b", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:46.054000", "created": "2026-05-08T05:57:46.054000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b58e8a0903393ffdd7a", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:44.720000", "created": "2026-05-08T05:57:44.720000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b58b4b5d410557d3c34", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:44.086000", "created": "2026-05-08T05:57:44.086000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b3a63bbd9f424b1cbe0", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:14.484000", "created": "2026-05-08T05:57:14.484000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b3888a42bcf91770459", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:12.538000", "created": "2026-05-08T05:57:12.538000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b354f93bc9aed606930", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:09.991000", "created": "2026-05-08T05:57:09.991000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7b35900d81ffc451da66", "name": "Credit tomtomalien -2years ago - [Jeroen Gui lists (https://file.jeroengui.be) CREATED 2 YEARS AGO]", "description": "", "modified": "2026-05-08T05:57:09.372000", "created": "2026-05-08T05:57:09.372000", "tags": [ "phishing", "jeroengui", "jeroen", "gui", "malware", "web", "shell", "scam", "malicious" ], "references": [], "public": 1, "adversary": "phishing ; jeroengui ; jeroen ; gui ; malware ; web ; shell", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "662e0a50715909a2ce36d1d5", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 905612 }, "indicator_count": 905613, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://austi.79-110-49-88.cprapid.com/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://austi.79-110-49-88.cprapid.com/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780323746.0062294 }