{ "type": "URL", "indicator": "https://bctc177.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://bctc177.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3782904393, "indicator": "https://bctc177.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "655950034e6ae4650a6b02ce", "name": "Python Initiated Connection | Spyware | Remote Attacks | | Part 4", "description": "Apple, Mac, iOS, phishing, frauds services, malware, trojan.allesgreh/trojan.allesgreh/respat, spyware, Google abuse, used to obsessively spy and stalk SA victim Tsara Brashears and possibly others. Python Initiated Connection, WScriptShell_Case_Anomaly.\nPulse: http://secure-appleid-com-uh2hdgo2m7pjuusohde19c8tqs.sssa79.com/\n[Concerning Pre populated content: A security alert has been sent to a secure Apple account in the US, but what exactly is it and what does it mean? and how did it end up in this post-mortem?\u2190((threat?))Let me tell you a]", "modified": "2023-12-18T23:03:18.732000", "created": "2023-11-19T00:00:03.258000", "tags": [ "http response", "final url", "serving ip", "address", "status code", "body length", "b body", "sha256", "contenttype", "phpsessid", "cisco umbrella", "alexa top", "million", "safe site", "site", "whois record", "ssl certificate", "execution", "dropped", "whois whois", "historical ssl", "copy", "tsara brashears", "communicating", "referrer", "cobalt strike", "hacktool", "emotet", "download", "malware", "malicious", "critical", "relic", "monitoring", "installer", "android", "agent tesla", "et", "october", "contacted", "threat roundup", "january", "cyberstalking", "attack", "icmp", "banker", "keylogger", "google llc", "gc abuse", "orgid", "direct", "whois lookup", "netrange", "nethandle", "net34", "net340000", "googl2", "comment", "gc", "dns replication", "date", "domain", "win32 exe", "driver pro", "files", "detections type", "name", "optimizer pro", "javascript", "text", "text ip", "aacr", "type name", "email", "email delivery", "email fwd", "delivery status", "notification", "name verdict", "runtime process", "sha1", "size", "localappdata", "temp", "prefetch8", "unicode text", "type data", "programfiles", "win64", "hybrid", "click", "strings", "youth", "pe resource", "apple private", "data collection", "hidden privacy", "threats https", "legal", "amazon aws", "wife happy", "vhash", "authentihash", "ssdeep", "file type", "magic pe32", "intel", "ms windows", "trid windows", "os2 executable", "compiler", "delphi", "sections", "md5 code", "data", "children", "file size", "dropped files", "google update", "setup sha256", "kb file" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ET", "display_name": "ET", "target": null }, { "id": "GC", "display_name": "GC", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 12901, "hostname": 4445, "domain": 3685, "FileHash-MD5": 197, "FileHash-SHA256": 5136, "FileHash-SHA1": 170, "CIDR": 1, "email": 2, "CVE": 4 }, "indicator_count": 26541, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655aef8a8cc2e0929f2aa5ea", "name": "Python Initiated Connection | Spyware | Remote Attacks |", "description": "", "modified": "2023-12-18T23:03:18.732000", "created": "2023-11-20T05:32:58.400000", "tags": [ "http response", "final url", "serving ip", "address", "status code", "body length", "b body", "sha256", "contenttype", "phpsessid", "cisco umbrella", "alexa top", "million", "safe site", "site", "whois record", "ssl certificate", "execution", "dropped", "whois whois", "historical ssl", "copy", "tsara brashears", "communicating", "referrer", "cobalt strike", "hacktool", "emotet", "download", "malware", "malicious", "critical", "relic", "monitoring", "installer", "android", "agent tesla", "et", "october", "contacted", "threat roundup", "january", "cyberstalking", "attack", "icmp", "banker", "keylogger", "google llc", "gc abuse", "orgid", "direct", "whois lookup", "netrange", "nethandle", "net34", "net340000", "googl2", "comment", "gc", "dns replication", "date", "domain", "win32 exe", "driver pro", "files", "detections type", "name", "optimizer pro", "javascript", "text", "text ip", "aacr", "type name", "email", "email delivery", "email fwd", "delivery status", "notification", "name verdict", "runtime process", "sha1", "size", "localappdata", "temp", "prefetch8", "unicode text", "type data", "programfiles", "win64", "hybrid", "click", "strings", "youth", "pe resource", "apple private", "data collection", "hidden privacy", "threats https", "legal", "amazon aws", "wife happy", "vhash", "authentihash", "ssdeep", "file type", "magic pe32", "intel", "ms windows", "trid windows", "os2 executable", "compiler", "delphi", "sections", "md5 code", "data", "children", "file size", "dropped files", "google update", "setup sha256", "kb file" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ET", "display_name": "ET", "target": null }, { "id": "GC", "display_name": "GC", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "green", "cloned_from": "655950034e6ae4650a6b02ce", "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 12901, "hostname": 4445, "domain": 3685, "FileHash-MD5": 197, "FileHash-SHA256": 5136, "FileHash-SHA1": 170, "CIDR": 1, "email": 2, "CVE": 4 }, "indicator_count": 26541, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6558c481715409563073cb79", "name": "Fraud Services", "description": "http://kramtechnology.com/, fraud services, network, rat, trojan, phishing, malvertizing, malware hosting, scanning host, archives browser events.", "modified": "2023-12-18T05:05:36.760000", "created": "2023-11-18T14:04:48.923000", "tags": [ "methodpost", "dropped", "contacted", "ssl certificate", "whois record", "zva8k4ghshhpcb5", "contacted urls", "q0gpyr1balpdgpo", "historical ssl", "page dow", "blacklist http", "cisco umbrella", "site", "alexa top", "safe site", "million", "paypal", "team phishing", "malicious url", "alexa", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "malware", "united", "passive dns", "scan endpoints", "all search", "otx octoseek", "ipv4", "pulse pulses", "urls", "files", "reverse dns", "twitter", "log id", "gmtn", "sectigo rsa", "secure server", "tls web", "salford", "sectigo limited", "ocsp", "false", "california", "british virgin", "locality", "d3 a5", "url http" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14816, "FileHash-MD5": 41, "FileHash-SHA1": 33, "FileHash-SHA256": 5158, "domain": 3758, "hostname": 2961, "email": 4, "SSLCertFingerprint": 3, "CVE": 3 }, "indicator_count": 26777, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "895 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65576cfc8a3c48947d76db0e", "name": "Apple Private Data Collection Data.net\u2192Asp.net", "description": "APDC became apparent to me when it showed up in plain text on a discarded iOS belonging to target. Fraud services puts target in jeopardy, tracking, location hunting, listening, camera , access, photo access, message, threats via digital communication, emails archived, hidden users, social engineering, drive by app chooser, no click attacks.", "modified": "2023-12-17T12:01:00.032000", "created": "2023-11-17T13:39:08.903000", "tags": [ "url http", "entries", "apple private data collection", "whois record", "contacted", "ssl certificate", "execution", "communicating", "referrer", "historical ssl", "tsara brashears", "collections dns", "rwi dtools", "relic", "monitoring", "vidar", "remcos", "august", "nanocore rat", "malware", "name verdict", "pattern match", "script", "beginstring", "mitre att", "misc attack", "ascii text", "null", "ck id", "show technique", "ck matrix", "date", "unknown", "error", "refresh", "span", "tools", "body", "class", "generator", "critical", "look", "verify", "restart", "meta", "hybrid", "general", "local", "click", "strings", "http://114.114.114.114:90/login", "brian sabey", "hallrender", "malvertizing", "dumping", "framing", "fraud services", "trojan", "command_and_control", "silencing", "retaliation", "cyber threat", "confusing", "impersonation", "network rat", "privilege abuse", "hijacker" ], "references": [ "https://hybrid-analysis.com/sample/da72172e40686435fedc33045fd7e605531edd4b11617b6e605b459f047ce913", "https://hybrid-analysis.com/sample/2cfbf379c005c2c33276d56def17858aeded1996d0c5de0c9d607c88cda8897d", "gov-bam.nr-data.net", "bam.nr-data.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "http://45.159.189.105/bot/regex", "http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/", "https://www.anyxxxtube.net/media/favicon/apple" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Matrix", "display_name": "Matrix", "target": null }, { "id": "Trojan", "display_name": "Trojan", "target": null }, { "id": "Tulach Malware", "display_name": "Tulach Malware", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1608.005", "name": "Link Target", "display_name": "T1608.005 - Link Target" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1548.002", "name": "Bypass User Account Control", "display_name": "T1548.002 - Bypass User Account Control" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1384, "domain": 176, "hostname": 502, "FileHash-SHA256": 1609, "FileHash-MD5": 96, "FileHash-SHA1": 93, "CVE": 1 }, "indicator_count": 3861, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580d2e6c8373c7290d9ad8", "name": "Apple Private Data Collection Data.net\u2192Asp.net", "description": "", "modified": "2023-12-17T12:01:00.032000", "created": "2023-11-18T01:02:38.770000", "tags": [ "url http", "entries", "apple private data collection", "whois record", "contacted", "ssl certificate", "execution", "communicating", "referrer", "historical ssl", "tsara brashears", "collections dns", "rwi dtools", "relic", "monitoring", "vidar", "remcos", "august", "nanocore rat", "malware", "name verdict", "pattern match", "script", "beginstring", "mitre att", "misc attack", "ascii text", "null", "ck id", "show technique", "ck matrix", "date", "unknown", "error", "refresh", "span", "tools", "body", "class", "generator", "critical", "look", "verify", "restart", "meta", "hybrid", "general", "local", "click", "strings", "http://114.114.114.114:90/login", "brian sabey", "hallrender", "malvertizing", "dumping", "framing", "fraud services", "trojan", "command_and_control", "silencing", "retaliation", "cyber threat", "confusing", "impersonation", "network rat", "privilege abuse", "hijacker" ], "references": [ "https://hybrid-analysis.com/sample/da72172e40686435fedc33045fd7e605531edd4b11617b6e605b459f047ce913", "https://hybrid-analysis.com/sample/2cfbf379c005c2c33276d56def17858aeded1996d0c5de0c9d607c88cda8897d", "gov-bam.nr-data.net", "bam.nr-data.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "http://45.159.189.105/bot/regex", "http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/", "https://www.anyxxxtube.net/media/favicon/apple" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Matrix", "display_name": "Matrix", "target": null }, { "id": "Trojan", "display_name": "Trojan", "target": null }, { "id": "Tulach Malware", "display_name": "Tulach Malware", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1608.005", "name": "Link Target", "display_name": "T1608.005 - Link Target" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1548.002", "name": "Bypass User Account Control", "display_name": "T1548.002 - Bypass User Account Control" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": "65576cfc8a3c48947d76db0e", "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1384, "domain": 176, "hostname": 502, "FileHash-SHA256": 1609, "FileHash-MD5": 96, "FileHash-SHA1": 93, "CVE": 1 }, "indicator_count": 3861, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65552550c406412cd83dec6f", "name": "t.call | https://www.milehighmedia.com/legal/2257 (phishing)", "description": "Malvertizing\nt.call\nhttps://www.milehighmedia.com/legal/2257 (T Brazzers| Phishing)\nphishing\ntrojanspyware\nmonitoring", "modified": "2023-12-15T19:02:53.792000", "created": "2023-11-15T20:08:48.881000", "tags": [ "a nxdomain", "unknown", "dns show", "search", "status hostname", "query type", "address first", "seen last", "seen asn", "country unknown", "contacted", "pe resource", "isadmin", "collections", "neural netw", "problems", "threat network", "infrastructure", "referrer", "ads into", "javascript", "javascript http", "win32 exe", "type name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 331, "URL": 904, "FileHash-MD5": 67, "FileHash-SHA1": 47, "FileHash-SHA256": 1533 }, "indicator_count": 3142, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65552832e2ebc1d277d13420", "name": "Threat Network", "description": "Malvertizing,\nt.call, \nHello,\nhttps://www.milehighmedia.com/legal/2257,\nphishing,\ntrojanspyware,\nmonitoring,\nhttps://to.hofer.at/iphone,\nNXDOMAIN", "modified": "2023-12-15T19:02:53.792000", "created": "2023-11-15T20:21:06.879000", "tags": [ "a nxdomain", "unknown", "dns show", "search", "status hostname", "query type", "address first", "seen last", "seen asn", "country unknown", "contacted", "pe resource", "isadmin", "collections", "neural netw", "problems", "threat network", "infrastructure", "referrer", "ads into", "javascript", "javascript http", "win32 exe", "type name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 331, "URL": 904, "FileHash-MD5": 67, "FileHash-SHA1": 47, "FileHash-SHA256": 1533 }, "indicator_count": 3142, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655689e7e3250ae1a6a9be2f", "name": "t.call | https://www.milehighmedia.com/legal/2257 (phishing)", "description": "", "modified": "2023-12-15T19:02:53.792000", "created": "2023-11-16T21:30:15.183000", "tags": [ "a nxdomain", "unknown", "dns show", "search", "status hostname", "query type", "address first", "seen last", "seen asn", "country unknown", "contacted", "pe resource", "isadmin", "collections", "neural netw", "problems", "threat network", "infrastructure", "referrer", "ads into", "javascript", "javascript http", "win32 exe", "type name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65552550c406412cd83dec6f", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 331, "URL": 904, "FileHash-MD5": 67, "FileHash-SHA1": 47, "FileHash-SHA256": 1533 }, "indicator_count": 3142, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65568a146bed0e035fee11e7", "name": "Threat Network", "description": "", "modified": "2023-12-15T19:02:53.792000", "created": "2023-11-16T21:31:00.134000", "tags": [ "a nxdomain", "unknown", "dns show", "search", "status hostname", "query type", "address first", "seen last", "seen asn", "country unknown", "contacted", "pe resource", "isadmin", "collections", "neural netw", "problems", "threat network", "infrastructure", "referrer", "ads into", "javascript", "javascript http", "win32 exe", "type name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65552832e2ebc1d277d13420", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 331, "URL": 904, "FileHash-MD5": 67, "FileHash-SHA1": 47, "FileHash-SHA256": 1533 }, "indicator_count": 3142, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "bam.nr-data.net", "https://hybrid-analysis.com/sample/da72172e40686435fedc33045fd7e605531edd4b11617b6e605b459f047ce913", "gov-bam.nr-data.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "https://hybrid-analysis.com/sample/2cfbf379c005c2c33276d56def17858aeded1996d0c5de0c9d607c88cda8897d", "https://www.anyxxxtube.net/media/favicon/apple", "http://45.159.189.105/bot/regex", "http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Vidar", "Remcos", "Tulach malware", "Nanocore rat", "Relic", "Et", "Matrix", "Trojan", "Gc" ], "industries": [], "unique_indicators": 58048 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/bctc177.com", "whois": "http://whois.domaintools.com/bctc177.com", "domain": "bctc177.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "655950034e6ae4650a6b02ce", "name": "Python Initiated Connection | Spyware | Remote Attacks | | Part 4", "description": "Apple, Mac, iOS, phishing, frauds services, malware, trojan.allesgreh/trojan.allesgreh/respat, spyware, Google abuse, used to obsessively spy and stalk SA victim Tsara Brashears and possibly others. Python Initiated Connection, WScriptShell_Case_Anomaly.\nPulse: http://secure-appleid-com-uh2hdgo2m7pjuusohde19c8tqs.sssa79.com/\n[Concerning Pre populated content: A security alert has been sent to a secure Apple account in the US, but what exactly is it and what does it mean? and how did it end up in this post-mortem?\u2190((threat?))Let me tell you a]", "modified": "2023-12-18T23:03:18.732000", "created": "2023-11-19T00:00:03.258000", "tags": [ "http response", "final url", "serving ip", "address", "status code", "body length", "b body", "sha256", "contenttype", "phpsessid", "cisco umbrella", "alexa top", "million", "safe site", "site", "whois record", "ssl certificate", "execution", "dropped", "whois whois", "historical ssl", "copy", "tsara brashears", "communicating", "referrer", "cobalt strike", "hacktool", "emotet", "download", "malware", "malicious", "critical", "relic", "monitoring", "installer", "android", "agent tesla", "et", "october", "contacted", "threat roundup", "january", "cyberstalking", "attack", "icmp", "banker", "keylogger", "google llc", "gc abuse", "orgid", "direct", "whois lookup", "netrange", "nethandle", "net34", "net340000", "googl2", "comment", "gc", "dns replication", "date", "domain", "win32 exe", "driver pro", "files", "detections type", "name", "optimizer pro", "javascript", "text", "text ip", "aacr", "type name", "email", "email delivery", "email fwd", "delivery status", "notification", "name verdict", "runtime process", "sha1", "size", "localappdata", "temp", "prefetch8", "unicode text", "type data", "programfiles", "win64", "hybrid", "click", "strings", "youth", "pe resource", "apple private", "data collection", "hidden privacy", "threats https", "legal", "amazon aws", "wife happy", "vhash", "authentihash", "ssdeep", "file type", "magic pe32", "intel", "ms windows", "trid windows", "os2 executable", "compiler", "delphi", "sections", "md5 code", "data", "children", "file size", "dropped files", "google update", "setup sha256", "kb file" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ET", "display_name": "ET", "target": null }, { "id": "GC", "display_name": "GC", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 12901, "hostname": 4445, "domain": 3685, "FileHash-MD5": 197, "FileHash-SHA256": 5136, "FileHash-SHA1": 170, "CIDR": 1, "email": 2, "CVE": 4 }, "indicator_count": 26541, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655aef8a8cc2e0929f2aa5ea", "name": "Python Initiated Connection | Spyware | Remote Attacks |", "description": "", "modified": "2023-12-18T23:03:18.732000", "created": "2023-11-20T05:32:58.400000", "tags": [ "http response", "final url", "serving ip", "address", "status code", "body length", "b body", "sha256", "contenttype", "phpsessid", "cisco umbrella", "alexa top", "million", "safe site", "site", "whois record", "ssl certificate", "execution", "dropped", "whois whois", "historical ssl", "copy", "tsara brashears", "communicating", "referrer", "cobalt strike", "hacktool", "emotet", "download", "malware", "malicious", "critical", "relic", "monitoring", "installer", "android", "agent tesla", "et", "october", "contacted", "threat roundup", "january", "cyberstalking", "attack", "icmp", "banker", "keylogger", "google llc", "gc abuse", "orgid", "direct", "whois lookup", "netrange", "nethandle", "net34", "net340000", "googl2", "comment", "gc", "dns replication", "date", "domain", "win32 exe", "driver pro", "files", "detections type", "name", "optimizer pro", "javascript", "text", "text ip", "aacr", "type name", "email", "email delivery", "email fwd", "delivery status", "notification", "name verdict", "runtime process", "sha1", "size", "localappdata", "temp", "prefetch8", "unicode text", "type data", "programfiles", "win64", "hybrid", "click", "strings", "youth", "pe resource", "apple private", "data collection", "hidden privacy", "threats https", "legal", "amazon aws", "wife happy", "vhash", "authentihash", "ssdeep", "file type", "magic pe32", "intel", "ms windows", "trid windows", "os2 executable", "compiler", "delphi", "sections", "md5 code", "data", "children", "file size", "dropped files", "google update", "setup sha256", "kb file" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ET", "display_name": "ET", "target": null }, { "id": "GC", "display_name": "GC", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "green", "cloned_from": "655950034e6ae4650a6b02ce", "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 12901, "hostname": 4445, "domain": 3685, "FileHash-MD5": 197, "FileHash-SHA256": 5136, "FileHash-SHA1": 170, "CIDR": 1, "email": 2, "CVE": 4 }, "indicator_count": 26541, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6558c481715409563073cb79", "name": "Fraud Services", "description": "http://kramtechnology.com/, fraud services, network, rat, trojan, phishing, malvertizing, malware hosting, scanning host, archives browser events.", "modified": "2023-12-18T05:05:36.760000", "created": "2023-11-18T14:04:48.923000", "tags": [ "methodpost", "dropped", "contacted", "ssl certificate", "whois record", "zva8k4ghshhpcb5", "contacted urls", "q0gpyr1balpdgpo", "historical ssl", "page dow", "blacklist http", "cisco umbrella", "site", "alexa top", "safe site", "million", "paypal", "team phishing", "malicious url", "alexa", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "malware", "united", "passive dns", "scan endpoints", "all search", "otx octoseek", "ipv4", "pulse pulses", "urls", "files", "reverse dns", "twitter", "log id", "gmtn", "sectigo rsa", "secure server", "tls web", "salford", "sectigo limited", "ocsp", "false", "california", "british virgin", "locality", "d3 a5", "url http" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14816, "FileHash-MD5": 41, "FileHash-SHA1": 33, "FileHash-SHA256": 5158, "domain": 3758, "hostname": 2961, "email": 4, "SSLCertFingerprint": 3, "CVE": 3 }, "indicator_count": 26777, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "895 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65576cfc8a3c48947d76db0e", "name": "Apple Private Data Collection Data.net\u2192Asp.net", "description": "APDC became apparent to me when it showed up in plain text on a discarded iOS belonging to target. Fraud services puts target in jeopardy, tracking, location hunting, listening, camera , access, photo access, message, threats via digital communication, emails archived, hidden users, social engineering, drive by app chooser, no click attacks.", "modified": "2023-12-17T12:01:00.032000", "created": "2023-11-17T13:39:08.903000", "tags": [ "url http", "entries", "apple private data collection", "whois record", "contacted", "ssl certificate", "execution", "communicating", "referrer", "historical ssl", "tsara brashears", "collections dns", "rwi dtools", "relic", "monitoring", "vidar", "remcos", "august", "nanocore rat", "malware", "name verdict", "pattern match", "script", "beginstring", "mitre att", "misc attack", "ascii text", "null", "ck id", "show technique", "ck matrix", "date", "unknown", "error", "refresh", "span", "tools", "body", "class", "generator", "critical", "look", "verify", "restart", "meta", "hybrid", "general", "local", "click", "strings", "http://114.114.114.114:90/login", "brian sabey", "hallrender", "malvertizing", "dumping", "framing", "fraud services", "trojan", "command_and_control", "silencing", "retaliation", "cyber threat", "confusing", "impersonation", "network rat", "privilege abuse", "hijacker" ], "references": [ "https://hybrid-analysis.com/sample/da72172e40686435fedc33045fd7e605531edd4b11617b6e605b459f047ce913", "https://hybrid-analysis.com/sample/2cfbf379c005c2c33276d56def17858aeded1996d0c5de0c9d607c88cda8897d", "gov-bam.nr-data.net", "bam.nr-data.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "http://45.159.189.105/bot/regex", "http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/", "https://www.anyxxxtube.net/media/favicon/apple" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Matrix", "display_name": "Matrix", "target": null }, { "id": "Trojan", "display_name": "Trojan", "target": null }, { "id": "Tulach Malware", "display_name": "Tulach Malware", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1608.005", "name": "Link Target", "display_name": "T1608.005 - Link Target" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1548.002", "name": "Bypass User Account Control", "display_name": "T1548.002 - Bypass User Account Control" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1384, "domain": 176, "hostname": 502, "FileHash-SHA256": 1609, "FileHash-MD5": 96, "FileHash-SHA1": 93, "CVE": 1 }, "indicator_count": 3861, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580d2e6c8373c7290d9ad8", "name": "Apple Private Data Collection Data.net\u2192Asp.net", "description": "", "modified": "2023-12-17T12:01:00.032000", "created": "2023-11-18T01:02:38.770000", "tags": [ "url http", "entries", "apple private data collection", "whois record", "contacted", "ssl certificate", "execution", "communicating", "referrer", "historical ssl", "tsara brashears", "collections dns", "rwi dtools", "relic", "monitoring", "vidar", "remcos", "august", "nanocore rat", "malware", "name verdict", "pattern match", "script", "beginstring", "mitre att", "misc attack", "ascii text", "null", "ck id", "show technique", "ck matrix", "date", "unknown", "error", "refresh", "span", "tools", "body", "class", "generator", "critical", "look", "verify", "restart", "meta", "hybrid", "general", "local", "click", "strings", "http://114.114.114.114:90/login", "brian sabey", "hallrender", "malvertizing", "dumping", "framing", "fraud services", "trojan", "command_and_control", "silencing", "retaliation", "cyber threat", "confusing", "impersonation", "network rat", "privilege abuse", "hijacker" ], "references": [ "https://hybrid-analysis.com/sample/da72172e40686435fedc33045fd7e605531edd4b11617b6e605b459f047ce913", "https://hybrid-analysis.com/sample/2cfbf379c005c2c33276d56def17858aeded1996d0c5de0c9d607c88cda8897d", "gov-bam.nr-data.net", "bam.nr-data.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "http://45.159.189.105/bot/regex", "http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/", "https://www.anyxxxtube.net/media/favicon/apple" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Matrix", "display_name": "Matrix", "target": null }, { "id": "Trojan", "display_name": "Trojan", "target": null }, { "id": "Tulach Malware", "display_name": "Tulach Malware", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1608.005", "name": "Link Target", "display_name": "T1608.005 - Link Target" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1548.002", "name": "Bypass User Account Control", "display_name": "T1548.002 - Bypass User Account Control" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": "65576cfc8a3c48947d76db0e", "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1384, "domain": 176, "hostname": 502, "FileHash-SHA256": 1609, "FileHash-MD5": 96, "FileHash-SHA1": 93, "CVE": 1 }, "indicator_count": 3861, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65552550c406412cd83dec6f", "name": "t.call | https://www.milehighmedia.com/legal/2257 (phishing)", "description": "Malvertizing\nt.call\nhttps://www.milehighmedia.com/legal/2257 (T Brazzers| Phishing)\nphishing\ntrojanspyware\nmonitoring", "modified": "2023-12-15T19:02:53.792000", "created": "2023-11-15T20:08:48.881000", "tags": [ "a nxdomain", "unknown", "dns show", "search", "status hostname", "query type", "address first", "seen last", "seen asn", "country unknown", "contacted", "pe resource", "isadmin", "collections", "neural netw", "problems", "threat network", "infrastructure", "referrer", "ads into", "javascript", "javascript http", "win32 exe", "type name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 331, "URL": 904, "FileHash-MD5": 67, "FileHash-SHA1": 47, "FileHash-SHA256": 1533 }, "indicator_count": 3142, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65552832e2ebc1d277d13420", "name": "Threat Network", "description": "Malvertizing,\nt.call, \nHello,\nhttps://www.milehighmedia.com/legal/2257,\nphishing,\ntrojanspyware,\nmonitoring,\nhttps://to.hofer.at/iphone,\nNXDOMAIN", "modified": "2023-12-15T19:02:53.792000", "created": "2023-11-15T20:21:06.879000", "tags": [ "a nxdomain", "unknown", "dns show", "search", "status hostname", "query type", "address first", "seen last", "seen asn", "country unknown", "contacted", "pe resource", "isadmin", "collections", "neural netw", "problems", "threat network", "infrastructure", "referrer", "ads into", "javascript", "javascript http", "win32 exe", "type name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 331, "URL": 904, "FileHash-MD5": 67, "FileHash-SHA1": 47, "FileHash-SHA256": 1533 }, "indicator_count": 3142, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655689e7e3250ae1a6a9be2f", "name": "t.call | https://www.milehighmedia.com/legal/2257 (phishing)", "description": "", "modified": "2023-12-15T19:02:53.792000", "created": "2023-11-16T21:30:15.183000", "tags": [ "a nxdomain", "unknown", "dns show", "search", "status hostname", "query type", "address first", "seen last", "seen asn", "country unknown", "contacted", "pe resource", "isadmin", "collections", "neural netw", "problems", "threat network", "infrastructure", "referrer", "ads into", "javascript", "javascript http", "win32 exe", "type name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65552550c406412cd83dec6f", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 331, "URL": 904, "FileHash-MD5": 67, "FileHash-SHA1": 47, "FileHash-SHA256": 1533 }, "indicator_count": 3142, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65568a146bed0e035fee11e7", "name": "Threat Network", "description": "", "modified": "2023-12-15T19:02:53.792000", "created": "2023-11-16T21:31:00.134000", "tags": [ "a nxdomain", "unknown", "dns show", "search", "status hostname", "query type", "address first", "seen last", "seen asn", "country unknown", "contacted", "pe resource", "isadmin", "collections", "neural netw", "problems", "threat network", "infrastructure", "referrer", "ads into", "javascript", "javascript http", "win32 exe", "type name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65552832e2ebc1d277d13420", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 331, "URL": 904, "FileHash-MD5": 67, "FileHash-SHA1": 47, "FileHash-SHA256": 1533 }, "indicator_count": 3142, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://bctc177.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://bctc177.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780257050.5652113 }