{ "type": "URL", "indicator": "https://buy2.boku.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://buy2.boku.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2976492247, "indicator": "https://buy2.boku.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69daf535597472533079e5f6", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-05-12T01:07:39.899000", "created": "2026-04-12T01:28:21.713000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "windows sandbox", "clear filters", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "program", "date" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957388&Signature=j7mXlx0GVb0TDeeeaHo0qwgZHxnVi4UTmmhgRk3wlp6IEw2ck926P9kdu9Bwyl5LaXy%2FYq3ymJRelUPUI7aCjoJFuGfYD8I7mw7EGYakeIUiWZYxhXK0JlufPqPnve%2FTHZC4XGtctnsv6V7oK3Qelm67Z1%2Fp1QbDgdl0oRB3JQ5cJs5%2BQhbBsphLhRc72Rvb3TCG6FhBlplf06D9RYxzJjXWoh3nCTN%2FCLpspJxyoVqlBlFyuN", "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957405&Signature=jmT3CGVytjqR42R8NEdcnfLU2JfSqYRjGKmSOeTIeyM9zjC9SUc2kprtucDQyXxFQrY0aWlR5hpDk3ZhyivJ%2FWtzlSUgIPb%2BsD4I4iRT5lbhHsts9vvdB4gJ74TyMsaHv6yNq1Z5UMtXvu6kPXrDl4WsIFDKpzbKPFhkASB76qeXEEAqD6j%2Bxl8Lheyr7S6sS%2Fgcjh4VUmKvPDoXtavRuNyN3YJ6u4E%2BsfuJXw2zo0wiJOk", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957451&Signature=N2m2sK3XauqRFF3owN9CyW5oH4lW7mCTJC7JDPU4MBjdP9gjHB9u85xL9mfPmTng%2BipCBg7JmSxzAxBzlUHptzenijHka8MDBJ796vBsZ%2Bhf9LGPH8EVYbWTKjlz2eIj3GN4JzKOZa9EQFyZqUbLnR1U2Wsyv0mDXZA1sJtNZKH9fiCn5ywME8YL5w3m6CSem2hdKubPx%2BuC3px0Ln6qwsRV9fAsLV5pmFtLJVdUbNOJ5kXc6e4hc0ohlpRbP27W", "https://vtbehaviour.commondatastorage.googleapis.com/59ab46ed842430175dd343634a4832a8ee326620f572ce6136847ce1ba8cd662_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957494&Signature=UWODW7HArkGZy47J4shCBEE1miTB7G8oVfL98Pw0EcTRZ%2F5tHlFR4FscqBu0h11ell3iLxmgTk%2BVVk6P%2FKLVmhtL8jsFv9TgyY09W0SHHs%2Fd%2BzIzrOZVxeoV3U38ea0NyAdYTQyqu0iYCXCYgK06ML7ILo5aWLIzZINJR1dpRsAwA6uwJSYZ8Zvu5pMSdNF3fBIFVo86ElhKTEk%2F9mXzQCpBu0h9tzUggruaLOAo7S0eTw5JD8", "https://vtbehaviour.commondatastorage.googleapis.com/fb087f42790328af4e77c319f2cba27555061293eaff1776f08a52d1d6a3b842_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957524&Signature=uYl%2BWEuvmmRW4mWz7rkBPJbR6%2B%2Fk2opmif8T16J37itEzu%2Ba9Lx%2FD1xixRy0rucm6zCSI6Yhhq34qv%2FPc3vbJe29oov%2B0vPaVeyDvjDc7dNeBeTOfuauhCWFfaVW6oDvyWLOXVL1glPM8kCxcJHAhWXpS4t36D6nuKhNF4kiEu%2FDaqpON29XxvuYu1DPEdjaYfEkS8Ekofo5n52W2g7cDMyp6MvreGZ3gInElrum1ueOVAEiSWog7g" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 97, "FileHash-SHA1": 91, "FileHash-SHA256": 107, "URL": 538, "domain": 29, "hostname": 256 }, "indicator_count": 1118, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708d215bd5ac568e46e941", "name": "oculus - facebook store - ajax - Banzai Loader variant?", "description": "", "modified": "2023-12-06T15:02:56.346000", "created": "2023-12-06T15:02:56.346000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 96, "domain": 23, "hostname": 72, "URL": 215 }, "indicator_count": 406, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626fece7af33afa468c88099", "name": "oculus - facebook store - ajax - Banzai Loader variant?", "description": "", "modified": "2022-06-01T00:01:26.074000", "created": "2022-05-02T14:38:31.782000", "tags": [ "timeslicesham", "serverjs", "u7b2qtk", "eb9gce0", "k34bnbp", "runcomet", "jsscheduler", "f4pyjrr", "timeslice", "2190", "4328", "5540" ], "references": [ "https://store.facebook.com/ajax/bnzai?__a=1&__ccg=EXCELLENT&__comet_req=1&__hs=19114.HYP%3Adolly_pkg.2.1.0.0.&__hsi=7093116294864868522-0&__jssesw=1&__req=1&__rev=1005435320&__s=i3y67y%3A232rxn%3A81bflx&__spin_b=trunk&__spin_r=1005435320&__spin_t=1651494831&__user=533058652&dpr=1&fb_dtsg=AQHp_rUgPeDhLjM%3A35%3A1651493969&jazoest=22092&lsd=tT8hfmNrIy2GZdiD3CC952&ph=C3" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 215, "hostname": 72, "FileHash-SHA256": 96, "domain": 23 }, "indicator_count": 406, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1463 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957388&Signature=j7mXlx0GVb0TDeeeaHo0qwgZHxnVi4UTmmhgRk3wlp6IEw2ck926P9kdu9Bwyl5LaXy%2FYq3ymJRelUPUI7aCjoJFuGfYD8I7mw7EGYakeIUiWZYxhXK0JlufPqPnve%2FTHZC4XGtctnsv6V7oK3Qelm67Z1%2Fp1QbDgdl0oRB3JQ5cJs5%2BQhbBsphLhRc72Rvb3TCG6FhBlplf06D9RYxzJjXWoh3nCTN%2FCLpspJxyoVqlBlFyuN", "https://vtbehaviour.commondatastorage.googleapis.com/59ab46ed842430175dd343634a4832a8ee326620f572ce6136847ce1ba8cd662_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957494&Signature=UWODW7HArkGZy47J4shCBEE1miTB7G8oVfL98Pw0EcTRZ%2F5tHlFR4FscqBu0h11ell3iLxmgTk%2BVVk6P%2FKLVmhtL8jsFv9TgyY09W0SHHs%2Fd%2BzIzrOZVxeoV3U38ea0NyAdYTQyqu0iYCXCYgK06ML7ILo5aWLIzZINJR1dpRsAwA6uwJSYZ8Zvu5pMSdNF3fBIFVo86ElhKTEk%2F9mXzQCpBu0h9tzUggruaLOAo7S0eTw5JD8", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957451&Signature=N2m2sK3XauqRFF3owN9CyW5oH4lW7mCTJC7JDPU4MBjdP9gjHB9u85xL9mfPmTng%2BipCBg7JmSxzAxBzlUHptzenijHka8MDBJ796vBsZ%2Bhf9LGPH8EVYbWTKjlz2eIj3GN4JzKOZa9EQFyZqUbLnR1U2Wsyv0mDXZA1sJtNZKH9fiCn5ywME8YL5w3m6CSem2hdKubPx%2BuC3px0Ln6qwsRV9fAsLV5pmFtLJVdUbNOJ5kXc6e4hc0ohlpRbP27W", "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957405&Signature=jmT3CGVytjqR42R8NEdcnfLU2JfSqYRjGKmSOeTIeyM9zjC9SUc2kprtucDQyXxFQrY0aWlR5hpDk3ZhyivJ%2FWtzlSUgIPb%2BsD4I4iRT5lbhHsts9vvdB4gJ74TyMsaHv6yNq1Z5UMtXvu6kPXrDl4WsIFDKpzbKPFhkASB76qeXEEAqD6j%2Bxl8Lheyr7S6sS%2Fgcjh4VUmKvPDoXtavRuNyN3YJ6u4E%2BsfuJXw2zo0wiJOk", "https://store.facebook.com/ajax/bnzai?__a=1&__ccg=EXCELLENT&__comet_req=1&__hs=19114.HYP%3Adolly_pkg.2.1.0.0.&__hsi=7093116294864868522-0&__jssesw=1&__req=1&__rev=1005435320&__s=i3y67y%3A232rxn%3A81bflx&__spin_b=trunk&__spin_r=1005435320&__spin_t=1651494831&__user=533058652&dpr=1&fb_dtsg=AQHp_rUgPeDhLjM%3A35%3A1651493969&jazoest=22092&lsd=tT8hfmNrIy2GZdiD3CC952&ph=C3", "https://vtbehaviour.commondatastorage.googleapis.com/fb087f42790328af4e77c319f2cba27555061293eaff1776f08a52d1d6a3b842_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957524&Signature=uYl%2BWEuvmmRW4mWz7rkBPJbR6%2B%2Fk2opmif8T16J37itEzu%2Ba9Lx%2FD1xixRy0rucm6zCSI6Yhhq34qv%2FPc3vbJe29oov%2B0vPaVeyDvjDc7dNeBeTOfuauhCWFfaVW6oDvyWLOXVL1glPM8kCxcJHAhWXpS4t36D6nuKhNF4kiEu%2FDaqpON29XxvuYu1DPEdjaYfEkS8Ekofo5n52W2g7cDMyp6MvreGZ3gInElrum1ueOVAEiSWog7g" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 1064 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/boku.com", "whois": "http://whois.domaintools.com/boku.com", "domain": "boku.com", "hostname": "buy2.boku.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69daf535597472533079e5f6", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-05-12T01:07:39.899000", "created": "2026-04-12T01:28:21.713000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "windows sandbox", "clear filters", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "program", "date" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957388&Signature=j7mXlx0GVb0TDeeeaHo0qwgZHxnVi4UTmmhgRk3wlp6IEw2ck926P9kdu9Bwyl5LaXy%2FYq3ymJRelUPUI7aCjoJFuGfYD8I7mw7EGYakeIUiWZYxhXK0JlufPqPnve%2FTHZC4XGtctnsv6V7oK3Qelm67Z1%2Fp1QbDgdl0oRB3JQ5cJs5%2BQhbBsphLhRc72Rvb3TCG6FhBlplf06D9RYxzJjXWoh3nCTN%2FCLpspJxyoVqlBlFyuN", "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957405&Signature=jmT3CGVytjqR42R8NEdcnfLU2JfSqYRjGKmSOeTIeyM9zjC9SUc2kprtucDQyXxFQrY0aWlR5hpDk3ZhyivJ%2FWtzlSUgIPb%2BsD4I4iRT5lbhHsts9vvdB4gJ74TyMsaHv6yNq1Z5UMtXvu6kPXrDl4WsIFDKpzbKPFhkASB76qeXEEAqD6j%2Bxl8Lheyr7S6sS%2Fgcjh4VUmKvPDoXtavRuNyN3YJ6u4E%2BsfuJXw2zo0wiJOk", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957451&Signature=N2m2sK3XauqRFF3owN9CyW5oH4lW7mCTJC7JDPU4MBjdP9gjHB9u85xL9mfPmTng%2BipCBg7JmSxzAxBzlUHptzenijHka8MDBJ796vBsZ%2Bhf9LGPH8EVYbWTKjlz2eIj3GN4JzKOZa9EQFyZqUbLnR1U2Wsyv0mDXZA1sJtNZKH9fiCn5ywME8YL5w3m6CSem2hdKubPx%2BuC3px0Ln6qwsRV9fAsLV5pmFtLJVdUbNOJ5kXc6e4hc0ohlpRbP27W", "https://vtbehaviour.commondatastorage.googleapis.com/59ab46ed842430175dd343634a4832a8ee326620f572ce6136847ce1ba8cd662_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957494&Signature=UWODW7HArkGZy47J4shCBEE1miTB7G8oVfL98Pw0EcTRZ%2F5tHlFR4FscqBu0h11ell3iLxmgTk%2BVVk6P%2FKLVmhtL8jsFv9TgyY09W0SHHs%2Fd%2BzIzrOZVxeoV3U38ea0NyAdYTQyqu0iYCXCYgK06ML7ILo5aWLIzZINJR1dpRsAwA6uwJSYZ8Zvu5pMSdNF3fBIFVo86ElhKTEk%2F9mXzQCpBu0h9tzUggruaLOAo7S0eTw5JD8", "https://vtbehaviour.commondatastorage.googleapis.com/fb087f42790328af4e77c319f2cba27555061293eaff1776f08a52d1d6a3b842_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957524&Signature=uYl%2BWEuvmmRW4mWz7rkBPJbR6%2B%2Fk2opmif8T16J37itEzu%2Ba9Lx%2FD1xixRy0rucm6zCSI6Yhhq34qv%2FPc3vbJe29oov%2B0vPaVeyDvjDc7dNeBeTOfuauhCWFfaVW6oDvyWLOXVL1glPM8kCxcJHAhWXpS4t36D6nuKhNF4kiEu%2FDaqpON29XxvuYu1DPEdjaYfEkS8Ekofo5n52W2g7cDMyp6MvreGZ3gInElrum1ueOVAEiSWog7g" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 97, "FileHash-SHA1": 91, "FileHash-SHA256": 107, "URL": 538, "domain": 29, "hostname": 256 }, "indicator_count": 1118, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708d215bd5ac568e46e941", "name": "oculus - facebook store - ajax - Banzai Loader variant?", "description": "", "modified": "2023-12-06T15:02:56.346000", "created": "2023-12-06T15:02:56.346000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 96, "domain": 23, "hostname": 72, "URL": 215 }, "indicator_count": 406, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626fece7af33afa468c88099", "name": "oculus - facebook store - ajax - Banzai Loader variant?", "description": "", "modified": "2022-06-01T00:01:26.074000", "created": "2022-05-02T14:38:31.782000", "tags": [ "timeslicesham", "serverjs", "u7b2qtk", "eb9gce0", "k34bnbp", "runcomet", "jsscheduler", "f4pyjrr", "timeslice", "2190", "4328", "5540" ], "references": [ "https://store.facebook.com/ajax/bnzai?__a=1&__ccg=EXCELLENT&__comet_req=1&__hs=19114.HYP%3Adolly_pkg.2.1.0.0.&__hsi=7093116294864868522-0&__jssesw=1&__req=1&__rev=1005435320&__s=i3y67y%3A232rxn%3A81bflx&__spin_b=trunk&__spin_r=1005435320&__spin_t=1651494831&__user=533058652&dpr=1&fb_dtsg=AQHp_rUgPeDhLjM%3A35%3A1651493969&jazoest=22092&lsd=tT8hfmNrIy2GZdiD3CC952&ph=C3" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 215, "hostname": 72, "FileHash-SHA256": 96, "domain": 23 }, "indicator_count": 406, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1463 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://buy2.boku.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://buy2.boku.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780471736.2752254 }