{ "type": "URL", "indicator": "https://b-0005.b-dc-msedge.net", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://b-0005.b-dc-msedge.net", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4079038685, "indicator": "https://b-0005.b-dc-msedge.net", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69ce1c7b60a3065cc75b7e23", "name": "Chance Encounter Clone CREDIT: UCP_GoA23 Public - same watering hole?", "description": "", "modified": "2026-04-21T05:29:42.247000", "created": "2026-04-02T07:36:27.829000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": "698f07428f6e35876e034e41", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "42 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698f07428f6e35876e034e41", "name": "Chance Encounter Commuting from U of A to GoA - 02.13.2026", "description": "My 1st Graph: Hidden Boots on my Phone ( Chance Encounter Commuting from U of A to GoA - 02.13.2026 ). \nConclusion: U of A and the Governments of Alberta, and those of Treaty 6/7/8 have been victims of crime.\nhttps://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "modified": "2026-03-15T10:19:15.579000", "created": "2026-02-13T11:13:03.870000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "79 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68596260a9ca6c4cc92ca068", "name": "Delete service | Affects Threat Research Platforms", "description": "Delete service attacking threat researchers platforms. Deletes , blocks, scrambles , attaches to accounts like an overlord monitoring and deletion of Io\u2019s across various platforms. \n\nIDS Rules: PROTOCOL-ICMP PATH MTU denial of service attempt\n\u2022 PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set\n\u2022 Matches rule PROTOCOL-ICMP Echo Reply\nInteresting: TLS: SNI: slscr.update.microsoft.com\nSNI: nexusrules.officeapps.live.com\nSNI: login.live.com\nSNI: client.wns.windows.com", "modified": "2025-08-20T04:13:22.641000", "created": "2025-06-23T14:19:12.328000", "tags": [ "ta0004 defense", "evasion ta0005", "command", "control ta0011", "oc0006", "get http", "resolved ips", "dns resolutions", "request", "response", "windows nt", "win64", "khtml", "gecko", "ip address", "country name", "cname", "port", "accept", "gmt ifnonematch", "url data", "icmp", "mutexes nothing", "data", "datacrashpad", "edge", "created", "nothing", "html internet", "html document", "ascii text", "gtmkvjvztk dl" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2401, "URL": 5856, "FileHash-SHA256": 3473, "domain": 2188, "FileHash-MD5": 123, "FileHash-SHA1": 120, "CVE": 2 }, "indicator_count": 14163, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "286 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son-v7+", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "cmdline.txt", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "LICENCE.broadcom", "config-5.15.44-Re4son+", "README", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs", "config.txt", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "COPYING.linux", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Finance", "Government", "Transportation", "Telecommunications", "Education", "Healthcare", "Agriculture" ], "unique_indicators": 21648 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/b-dc-msedge.net", "whois": "http://whois.domaintools.com/b-dc-msedge.net", "domain": "b-dc-msedge.net", "hostname": "b-0005.b-dc-msedge.net" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69ce1c7b60a3065cc75b7e23", "name": "Chance Encounter Clone CREDIT: UCP_GoA23 Public - same watering hole?", "description": "", "modified": "2026-04-21T05:29:42.247000", "created": "2026-04-02T07:36:27.829000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": "698f07428f6e35876e034e41", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "42 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698f07428f6e35876e034e41", "name": "Chance Encounter Commuting from U of A to GoA - 02.13.2026", "description": "My 1st Graph: Hidden Boots on my Phone ( Chance Encounter Commuting from U of A to GoA - 02.13.2026 ). \nConclusion: U of A and the Governments of Alberta, and those of Treaty 6/7/8 have been victims of crime.\nhttps://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "modified": "2026-03-15T10:19:15.579000", "created": "2026-02-13T11:13:03.870000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "79 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68596260a9ca6c4cc92ca068", "name": "Delete service | Affects Threat Research Platforms", "description": "Delete service attacking threat researchers platforms. Deletes , blocks, scrambles , attaches to accounts like an overlord monitoring and deletion of Io\u2019s across various platforms. \n\nIDS Rules: PROTOCOL-ICMP PATH MTU denial of service attempt\n\u2022 PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set\n\u2022 Matches rule PROTOCOL-ICMP Echo Reply\nInteresting: TLS: SNI: slscr.update.microsoft.com\nSNI: nexusrules.officeapps.live.com\nSNI: login.live.com\nSNI: client.wns.windows.com", "modified": "2025-08-20T04:13:22.641000", "created": "2025-06-23T14:19:12.328000", "tags": [ "ta0004 defense", "evasion ta0005", "command", "control ta0011", "oc0006", "get http", "resolved ips", "dns resolutions", "request", "response", "windows nt", "win64", "khtml", "gecko", "ip address", "country name", "cname", "port", "accept", "gmt ifnonematch", "url data", "icmp", "mutexes nothing", "data", "datacrashpad", "edge", "created", "nothing", "html internet", "html document", "ascii text", "gtmkvjvztk dl" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2401, "URL": 5856, "FileHash-SHA256": 3473, "domain": 2188, "FileHash-MD5": 123, "FileHash-SHA1": 120, "CVE": 2 }, "indicator_count": 14163, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "286 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://b-0005.b-dc-msedge.net", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://b-0005.b-dc-msedge.net", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780430413.04359 }