{ "type": "URL", "indicator": "https://c.aiircdn.com/fe/js/dist/40cf4a032dc571a45735.js", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://c.aiircdn.com/fe/js/dist/40cf4a032dc571a45735.js", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2832640358, "indicator": "https://c.aiircdn.com/fe/js/dist/40cf4a032dc571a45735.js", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 19, "pulses": [ { "id": "684250a4239beb5281e42ffe", "name": "University of Alberta", "description": "Find out more about what makes University of Alberta a great place to live, learn, work, study, and learn all over the world, all in the same place, at one of Canada's leading universities.", "modified": "2025-07-06T00:02:23.596000", "created": "2025-06-06T02:21:24.363000", "tags": [ "university", "june", "alberta", "mtis", "college", "events", "marita", "history month", "first nations", "canada", "life", "alexander", "crime", "sport", "find", "crisis", "spring", "beyond", "tools", "sha256", "vhash", "ssdeep", "siblings", "oszczdno", "whasz", "typeof e", "name", "default", "defaulttype", "typeerror", "error", "date", "yyyy", "regexp", "event", "null", "close", "this", "void", "window", "leave", "observer" ], "references": [ "https://www.ualberta.ca/en/index.html?source=post_page-----4bae31361b51--------------------------------", "https://www.ualberta.ca/media-library/ualberta/homepage/university-of-alberta-logo.jpg", "http://www.training.ualberta.cloud/", "https://www.ualberta.ca/pl/apteka/index.html", "http://api.ualberta.cloud/", "http://www.ualberta.ca/en/prodps/psp/finprd/?cmd=login", "https://www.ualberta.ca/_assets/javascript/framework-v2.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 23, "FileHash-SHA256": 7, "URL": 500, "hostname": 167, "domain": 94 }, "indicator_count": 800, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "331 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4bc7487548e66d6f004", "name": "Virus:DOS/Goma", "description": "", "modified": "2023-12-06T16:43:40.375000", "created": "2023-12-06T16:43:40.375000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4b4259cafcf79907b2f", "name": "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection and Distribution", "description": "", "modified": "2023-12-06T16:43:32.408000", "created": "2023-12-06T16:43:32.408000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4ac54885a7e866cedca", "name": "Elevated Exposure", "description": "", "modified": "2023-12-06T16:43:24.027000", "created": "2023-12-06T16:43:24.027000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4a3ac21d7733c8e1040", "name": "Malvertising", "description": "", "modified": "2023-12-06T16:43:15.632000", "created": "2023-12-06T16:43:15.632000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a49b0b6595444a3fdd9a", "name": "passkey.tracker.net", "description": "", "modified": "2023-12-06T16:43:07.031000", "created": "2023-12-06T16:43:07.031000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a49207f81d6791c30194", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:58.146000", "created": "2023-12-06T16:42:58.146000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4876f8d1d174f717e7b", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:47.591000", "created": "2023-12-06T16:42:47.591000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a47e33876ed78e19e1da", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:38.479000", "created": "2023-12-06T16:42:38.479000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650361b276a56506778d9231", "name": "Virus:DOS/Goma", "description": "", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:40:34.562000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "6503618b59e32805d0bbead7", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "962 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6503618b59e32805d0bbead7", "name": "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection and Distribution ", "description": "", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:39:55.364000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "6503612851bdda6828f488da", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "962 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6503612851bdda6828f488da", "name": "Elevated Exposure ", "description": "", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:38:16.617000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "6503610f5f100cd8acad748e", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "962 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6503610f5f100cd8acad748e", "name": "Malvertising", "description": "", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:37:51.730000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "65036040d3847fa5df0b8496", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "962 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65036040d3847fa5df0b8496", "name": "passkey.tracker.net", "description": "", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:34:24.232000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "65035fea189a32c0498667d9", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "962 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65035fee309320821ec82f95", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "Alert: nr-data.net private Apple) iOS Data Collection & Distribution. Automatically flags as an investigation. Tag 'police agency's auto generated. It's possible with Edward Snowden disclosures, it seems unlikely and completely unethical. Extremely graphic adult content with, beacons, tracking Malicious content poses a cyber threat to the general public , iOS privileges, mouse control, phishing, scanning, open registry, service execution, hooking, passkeys and more. \nAppears in a Japanese themed video game and paired targets. Male subject common name have a profession, many with same name. Female target is singular, occupation & professions. Verdict: cyber espionage threat targeting overtly tarnished female. Potential Spreading issues: False distribution by false distributers of targets, hacked, malware singed, intangible downloads. \nAdult content doesn't portray targets. Tagging. \n(New-Issued by Cloudflare \nshi(.)cloudflaressl(.)com)", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:33:02.262000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "962 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65035fec3cd7bba66ebcef0b", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "Alert: nr-data.net private Apple) iOS Data Collection & Distribution. Automatically flags as an investigation. Tag 'police agency's auto generated. It's possible with Edward Snowden disclosures, it seems unlikely and completely unethical. Extremely graphic adult content with, beacons, tracking Malicious content poses a cyber threat to the general public , iOS privileges, mouse control, phishing, scanning, open registry, service execution, hooking, passkeys and more. \nAppears in a Japanese themed video game and paired targets. Male subject common name have a profession, many with same name. Female target is singular, occupation & professions. Verdict: cyber espionage threat targeting overtly tarnished female. Potential Spreading issues: False distribution by false distributers of targets, hacked, malware singed, intangible downloads. \nAdult content doesn't portray targets. Tagging. \n(New-Issued by Cloudflare \nshi(.)cloudflaressl(.)com)", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:33:00.802000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "962 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65035fea189a32c0498667d9", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "Alert: nr-data.net private Apple) iOS Data Collection & Distribution. Automatically flags as an investigation. Tag 'police agency's auto generated. It's possible with Edward Snowden disclosures, it seems unlikely and completely unethical. Extremely graphic adult content with, beacons, tracking Malicious content poses a cyber threat to the general public , iOS privileges, mouse control, phishing, scanning, open registry, service execution, hooking, passkeys and more. \nAppears in a Japanese themed video game and paired targets. Male subject common name have a profession, many with same name. Female target is singular, occupation & professions. Verdict: cyber espionage threat targeting overtly tarnished female. Potential Spreading issues: False distribution by false distributers of targets, hacked, malware singed, intangible downloads. \nAdult content doesn't portray targets. Tagging. \n(New-Issued by Cloudflare \nshi(.)cloudflaressl(.)com)", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:32:58.552000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "962 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "643eade3f7cb60ed61723925", "name": "v2- 3FM Isle of Man - The #1 Music Station for the Isle of Man with more music, news and island info", "description": "\"Crimson Panda\" A round-up of the top stories, newspaper headlines and quotes from the Isle of Man that we did not know last week: \u00c2\u00a31.5m worth of news and information about the Manx economy.", "modified": "2023-04-18T14:49:07.081000", "created": "2023-04-18T14:49:07.081000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "pcap processing", "unicode", "pcap frame", "pcap", "hash seen", "united", "size", "runtime process", "date", "win64", "suspicious", "hybrid", "close", "click", "hosts", "april", "general", "facebook", "mozilla", "strings", "media", "qakbot", "crimson panda", "isle of man radio", "isle of man radio station", "isle of man radio stations", "3fm", "3 fm", "isle of man", "threefm", "3fmradio", "3.fm", "three.fm", "radio3fm", "3 f m", "moremusic", "more", "music", "manx", "threedotfm", "iom", "iomradio", "club classics", "late night love songs", "kevin ford", "jason quinn", "isle of man marketing", "isle of man radio advertising", "manxradio", "manx radio", "tt", "tt races", "tt race", "nj williams", "isle of man advertising", "school closures", "isle of man school closures", "the morning crew", "morning crew", "isle of man online", "ben sowrey", "derek richardson", "george ferguson", "ron berry", "morning crew 3fm morning crew", "more music on-air online on ipad and on iphone", "isle of man media", "isle of man television", "isle of man tv", "isle of man news", "energy fm", "radioplayer", "ukradioplayer", "radioplayer.co.uk", "radio player", "isle of man facebook", "isle of man twitter", "isle of man android", "isle of man deals", "isleofmandeals", "isle of deals", "isleofdeals", "commonwealth youth games", "cyg", "cyg 2011", "cyg2011", "tony james", "matt fletcher", "iom news", "strong", "isle", "sunny", "time tunnel", "listen live", "tiktok page", "mpes", "search", "colin beattie", "embed", "tips", "police", "telecom", "rover", "made", "lost", "crimson panda" ], "references": [ "http://three.fm", "https://three.fm", "https://hybrid-analysis.com/sample/034c1879e6f2f6d77dfad779ece7e62c7018acb7743450dbe4bd9213fc110f2b/64301c333c8637c77f0a8a9e", "This is much more interesting than b4 now - might not all be pirate radio right ???", "crimson panda" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Crimson Panda", "display_name": "Crimson Panda", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 191, "URL": 262, "domain": 180, "FileHash-SHA256": 113, "IPv4": 17, "email": 5, "FileHash-MD5": 63, "FileHash-SHA1": 63 }, "indicator_count": 894, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1141 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62374741ab73c46ec3078320", "name": "voip ham radio dstar", "description": "", "modified": "2022-04-19T00:01:05.210000", "created": "2022-03-20T15:24:49.672000", "tags": [ "domain related" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 450, "hostname": 768, "URL": 3685, "domain": 351 }, "indicator_count": 5254, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1505 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.ualberta.ca/media-library/ualberta/homepage/university-of-alberta-logo.jpg", "https://www.ualberta.ca/pl/apteka/index.html", "http://www.ualberta.ca/en/prodps/psp/finprd/?cmd=login", "Data Analysis", "crimson panda", "Pattern Behavior Research", "http://api.ualberta.cloud/", "http://three.fm", "This is much more interesting than b4 now - might not all be pirate radio right ???", "https://www.ualberta.ca/en/index.html?source=post_page-----4bae31361b51--------------------------------", "https://www.ualberta.ca/_assets/javascript/framework-v2.js", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "http://www.training.ualberta.cloud/", "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "https://hybrid-analysis.com/sample/034c1879e6f2f6d77dfad779ece7e62c7018acb7743450dbe4bd9213fc110f2b/64301c333c8637c77f0a8a9e", "https://three.fm" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Malware", "Trojan.agent", "Virus:win32/magistr", "Trojandownloader:js/malspam", "Virus:dos/goma", "Crimson panda", "Alina pos", "Darktrack rat", "Decovid19", "B.link/infringement (tracking)", "Assassin" ], "industries": [], "unique_indicators": 18613 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/aiircdn.com", "whois": "http://whois.domaintools.com/aiircdn.com", "domain": "aiircdn.com", "hostname": "c.aiircdn.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 19, "pulses": [ { "id": "684250a4239beb5281e42ffe", "name": "University of Alberta", "description": "Find out more about what makes University of Alberta a great place to live, learn, work, study, and learn all over the world, all in the same place, at one of Canada's leading universities.", "modified": "2025-07-06T00:02:23.596000", "created": "2025-06-06T02:21:24.363000", "tags": [ "university", "june", "alberta", "mtis", "college", "events", "marita", "history month", "first nations", "canada", "life", "alexander", "crime", "sport", "find", "crisis", "spring", "beyond", "tools", "sha256", "vhash", "ssdeep", "siblings", "oszczdno", "whasz", "typeof e", "name", "default", "defaulttype", "typeerror", "error", "date", "yyyy", "regexp", "event", "null", "close", "this", "void", "window", "leave", "observer" ], "references": [ "https://www.ualberta.ca/en/index.html?source=post_page-----4bae31361b51--------------------------------", "https://www.ualberta.ca/media-library/ualberta/homepage/university-of-alberta-logo.jpg", "http://www.training.ualberta.cloud/", "https://www.ualberta.ca/pl/apteka/index.html", "http://api.ualberta.cloud/", "http://www.ualberta.ca/en/prodps/psp/finprd/?cmd=login", "https://www.ualberta.ca/_assets/javascript/framework-v2.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 23, "FileHash-SHA256": 7, "URL": 500, "hostname": 167, "domain": 94 }, "indicator_count": 800, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "331 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4bc7487548e66d6f004", "name": "Virus:DOS/Goma", "description": "", "modified": "2023-12-06T16:43:40.375000", "created": "2023-12-06T16:43:40.375000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4b4259cafcf79907b2f", "name": "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection and Distribution", "description": "", "modified": "2023-12-06T16:43:32.408000", "created": "2023-12-06T16:43:32.408000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4ac54885a7e866cedca", "name": "Elevated Exposure", "description": "", "modified": "2023-12-06T16:43:24.027000", "created": "2023-12-06T16:43:24.027000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4a3ac21d7733c8e1040", "name": "Malvertising", "description": "", "modified": "2023-12-06T16:43:15.632000", "created": "2023-12-06T16:43:15.632000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a49b0b6595444a3fdd9a", "name": "passkey.tracker.net", "description": "", "modified": "2023-12-06T16:43:07.031000", "created": "2023-12-06T16:43:07.031000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a49207f81d6791c30194", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:58.146000", "created": "2023-12-06T16:42:58.146000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4876f8d1d174f717e7b", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:47.591000", "created": "2023-12-06T16:42:47.591000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a47e33876ed78e19e1da", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:38.479000", "created": "2023-12-06T16:42:38.479000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650361b276a56506778d9231", "name": "Virus:DOS/Goma", "description": "", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:40:34.562000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "6503618b59e32805d0bbead7", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "962 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://c.aiircdn.com/fe/js/dist/40cf4a032dc571a45735.js", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://c.aiircdn.com/fe/js/dist/40cf4a032dc571a45735.js", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780421735.9851756 }