{ "type": "URL", "indicator": "https://cdn.ampproject.org/v0/amp-analytics-0.1.js", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://cdn.ampproject.org/v0/amp-analytics-0.1.js", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #126", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain ampproject.org", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain ampproject.org", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3736391145, "indicator": "https://cdn.ampproject.org/v0/amp-analytics-0.1.js", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 10, "pulses": [ { "id": "69bea5d2987c3d14aeb2b0c9", "name": "Delete service Deleted over 1200 Brian Sabeys Porn Revenge Campaign \u2022 LevelBlue? Dopple AI | Poem Hunter: Poems ", "description": "", "modified": "2026-03-21T14:06:10.007000", "created": "2026-03-21T14:06:10.007000", "tags": [ "active related", "search filter", "time tsara", "x show", "cidr", "email", "learn more", "information", "t1027", "t1036", "t1057", "discovery", "t1059", "t1071", "title added", "poem", "the day", "wild eyesand", "unknown power", "shakespeare", "repeats", "ere man", "dowell oreilly", "read poem", "snit", "website", "loading", "rl https", "y0 nov", "vj96", "uyebaaeabaaaaac", "jid442122029", "active", "url http", "url https", "types", "indicators show", "type indicator", "added active", "tbmvid", "sourcelnms", "zx1724209326040", "read c", "module load", "showing", "delphi", "delete", "rgba", "unicode", "malware", "write", "win32", "execution", "next", "extraction", "data upload", "extre", "include data", "sc type", "url tot", "role title", "tsara brashears", "live sex", "porn video", "levelblue", "porn", "pornhub", "porn videos", "watch tsara", "most relevant", "q estimation", "green", "tsara", "online chat", "spicychat ai", "visa", "sex chat", "miss stella", "january", "philadelphia", "dopple ai", "b1 dec", "videos", "red porn", "free porn", "sunny leone", "hardcore porn", "jeffrey reimer", "puts", "love", "super", "download", "top tsara", "google search", "la iniciacin", "xxx hd", "bdsm scene", "nsfw experience", "ck ids", "open threat", "filepath https", "foundry", "palantir", "brian sabey", "yas", "tiny penis", "slander", "indicator role", "pulses url", "search" ], "references": [ "OTX must have an issue. A delete app seen before has deleted a majority of malicious IoCs. Im", "I don\u2019t appreciate OTX populated Malware suggestion \u2018SNIT\u2019 \u2018 Dopple AI\u2019 NOT malware", "OTX description for SNIT- I love to compose letters of resignation; now and then I send one in", "and leave in a lemon- hued Huff da Country or a Snit with four on the MALWARE fOORILIES", "OTX description for Dopple AI - There\u2019s someone for everyone out there in the BDSM scene, you can enjoy the", "free NSFW experience offered by Dopple AI.MALWARE", "Makes zero sense. Malicious. I don\u2019t get it. I have a Malware gift for you too!", "Y.A.S:1Byte/TinyRod SeeDescription @ Y.A.S. OFFICIAL MUSIC VIDEO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Snit", "display_name": "Snit", "target": null }, { "id": "Dopple AI", "display_name": "Dopple AI", "target": null }, { "id": "Y.A.S:1Byte/TinyRod", "display_name": "Y.A.S:1Byte/TinyRod", "target": "/malware/Y.A.S:1Byte/TinyRod" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" } ], "industries": [], "TLP": "green", "cloned_from": "691ead29f61101bfa3700998", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2497, "hostname": 742, "FileHash-SHA256": 523, "domain": 223, "FileHash-MD5": 85, "FileHash-SHA1": 56, "email": 4 }, "indicator_count": 4130, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "71 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "691ead29f61101bfa3700998", "name": "Dopple AI | Poem Hunter: Poems - Poets - Poetry", "description": "Online terms that sexulize SA victim : Tsara brashears slander red porn videos ,\nHardcore porn, is pornography that features detailed depictions of sexual organs or sexual acts such as vaginal, anal or oral intercourse, fingering, brashears , Red Porn Videos , Tsara brashears slandered red porn\nyoujizz sex\n, Tsara brashears submission on august 27 via manual free , College fuck fest Super japanese hd compilation , \none kinky student fucks tsara brashears porn xxx porn , the best internet porn site\n, tsara brashears slandered, porn video uploaded to hardcore ,\nxxxxxxxxxx sex videos\nsearch , xxxxxxxxxx hd porn. tsara brashears\u09ac\u09b2\u09a6\u09b6\u09b0 \u09a8\u09a4\u09a8 \u09ad\u09acfrench retro gangbang in the hotel room, You will Tsara brashears porn ,\nChunky babe loves to be on top Hot Milf , xxx Movies, updates hourly.\n tsara brashears slandered,\nfrench retro gangbang in the hotel room , free porn videos. You will Tsara brashears porn jeffrey reimer puts his love on top tsara brashears brother", "modified": "2025-12-20T03:00:41.407000", "created": "2025-11-20T05:54:49.968000", "tags": [ "active related", "search filter", "time tsara", "x show", "cidr", "email", "learn more", "information", "t1027", "t1036", "t1057", "discovery", "t1059", "t1071", "title added", "poem", "the day", "wild eyesand", "unknown power", "shakespeare", "repeats", "ere man", "dowell oreilly", "read poem", "snit", "website", "loading", "rl https", "y0 nov", "vj96", "uyebaaeabaaaaac", "jid442122029", "active", "url http", "url https", "types", "indicators show", "type indicator", "added active", "tbmvid", "sourcelnms", "zx1724209326040", "read c", "module load", "showing", "delphi", "delete", "rgba", "unicode", "malware", "write", "win32", "execution", "next", "extraction", "data upload", "extre", "include data", "sc type", "url tot", "role title", "tsara brashears", "live sex", "porn video", "levelblue", "porn", "pornhub", "porn videos", "watch tsara", "most relevant", "q estimation", "green", "tsara", "online chat", "spicychat ai", "visa", "sex chat", "miss stella", "january", "philadelphia", "dopple ai", "b1 dec", "videos", "red porn", "free porn", "sunny leone", "hardcore porn", "jeffrey reimer", "puts", "love", "super", "download", "top tsara", "google search", "la iniciacin", "xxx hd", "bdsm scene", "nsfw experience", "ck ids", "open threat", "filepath https", "foundry", "palantir", "brian sabey", "yas", "tiny penis", "slander", "indicator role", "pulses url", "search" ], "references": [ "OTX must have an issue. A delete app seen before has deleted a majority of malicious IoCs. Im", "I don\u2019t appreciate OTX populated Malware suggestion \u2018SNIT\u2019 \u2018 Dopple AI\u2019 NOT malware", "OTX description for SNIT- I love to compose letters of resignation; now and then I send one in", "and leave in a lemon- hued Huff da Country or a Snit with four on the MALWARE fOORILIES", "OTX description for Dopple AI - There\u2019s someone for everyone out there in the BDSM scene, you can enjoy the", "free NSFW experience offered by Dopple AI.MALWARE", "Makes zero sense. Malicious. I don\u2019t get it. I have a Malware gift for you too!", "Y.A.S:1Byte/TinyRod SeeDescription @ Y.A.S. OFFICIAL MUSIC VIDEO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Snit", "display_name": "Snit", "target": null }, { "id": "Dopple AI", "display_name": "Dopple AI", "target": null }, { "id": "Y.A.S:1Byte/TinyRod", "display_name": "Y.A.S:1Byte/TinyRod", "target": "/malware/Y.A.S:1Byte/TinyRod" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2497, "hostname": 742, "FileHash-SHA256": 523, "domain": 223, "FileHash-MD5": 85, "FileHash-SHA1": 56, "email": 4 }, "indicator_count": 4130, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "163 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709f38353a6151ed506123", "name": "tsara brashears porn Google search", "description": "", "modified": "2023-12-06T16:20:08.474000", "created": "2023-12-06T16:20:08.474000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 16, "URL": 152, "FileHash-SHA256": 100, "FileHash-MD5": 58, "FileHash-SHA1": 40, "domain": 20 }, "indicator_count": 386, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "652396e713c1ed328a30e252", "name": "Multiple Antagonist", "description": "Multiple antagonist related to this issue.\n\n\nBased on extensive research attack not aimed at medical business. \n\nTargeting: visitors, specified female individual, associates, targets businesses, devices, digital profile , technology, insurance, communications, search redirects, targets route through BN.\n\n\n\nResearch points to multiple involved antagonists, a female target, a clear motive.", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-09T06:00:07.575000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6523978d9bc58273e16261a6", "name": "Ransom:Win32/WannaCrypt ", "description": "", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-09T06:02:53.483000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "652396e713c1ed328a30e252", "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f1b9d7b8c6e2836f2c1a5", "name": "Ransom:Win32/WannaCrypt", "description": "", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-30T02:57:33.289000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "6523978d9bc58273e16261a6", "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f1cc68d8465d74f49192f", "name": "Ransom:Win32/WannaCrypt", "description": "", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-30T03:02:30.391000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "6523978d9bc58273e16261a6", "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f21acc5a187c1be5fcc90", "name": "Multiple Antagonist", "description": "", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-30T03:23:24.863000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "652396e713c1ed328a30e252", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653fd3ed0900058de627cebc", "name": "Multiple Antagonist", "description": "", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-30T16:03:57.322000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "653f21acc5a187c1be5fcc90", "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64cdf2ea337c4c46dc1ff713", "name": "tsara brashears porn Google search", "description": "Malicious smear campaign.\nPrivate citizen tagged in malicious websites.\nNORAD Tracker\nTracking Radar Keyloggers SEO rollout\nInfoStealer Password stealer passcode bypass malware spreaders", "modified": "2023-10-02T00:00:29.692000", "created": "2023-08-05T06:57:46.150000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 390, "domain": 44, "hostname": 44, "FileHash-MD5": 68, "FileHash-SHA256": 150, "FileHash-SHA1": 50 }, "indicator_count": 746, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "973 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "Data Analysis", "Comparative Analysis", "Y.A.S:1Byte/TinyRod SeeDescription @ Y.A.S. OFFICIAL MUSIC VIDEO", "I don\u2019t appreciate OTX populated Malware suggestion \u2018SNIT\u2019 \u2018 Dopple AI\u2019 NOT malware", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "OTX description for Dopple AI - There\u2019s someone for everyone out there in the BDSM scene, you can enjoy the", "Hybrid Analysis via AlienVault OTX Extraction Details", "free NSFW experience offered by Dopple AI.MALWARE", "Makes zero sense. Malicious. I don\u2019t get it. I have a Malware gift for you too!", "OTX must have an issue. A delete app seen before has deleted a majority of malicious IoCs. Im", "https://www.superpages.com/", "Extensive research", "OTX description for SNIT- I love to compose letters of resignation; now and then I send one in", "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "and leave in a lemon- hued Huff da Country or a Snit with four on the MALWARE fOORILIES", "Content servers: https://c.ypcdn.com/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Trojan:win32/swrort", "Backdoor:win32/zbot", "Skynet", "Alf:pua:win32/iobit", "Slimware.a", "Filerepmetagen [pup]", "Malicious.35bb6b", "Hacktool:win32/crack", "Virus.html.gen03", "Trojan:win32/wacatac", "Pony", "Bu", "Trojanspy", "Snit", "Adwind rat", "Nircmd", "Alf:cert:installpack", "Virus:dos/better_tomorrow", "Alf:heraklezeval:trojandownloader:win32/unruy", "Alf:program:win32/mediaget", "Phishingms.abc", "Webtoolbar", "Y.a.s:1byte/tinyrod", "Xrat", "Ransom:win32/wannacrypt", "Troj_frs.vsn1ea19", "Alf:pua:win32/funshion", "#lowfi:siga:trojanspy:msil/keylogger", "Hacktool:powershell/mimikatz", "Maltiverse", "Worm:win32/nimda", "Alf:pua:win32/opencandy", "Alf:jasyp:pua:win32/systweak", "Pe.heur", "Trojan:win32/tiggre", "Quasar rat", "Trojan:win32/presenoker", "Formbook", "Trojanx", "Agent.3132311", "Trojan:win32/filetour", "Trojan:win32/fuery", "Alf:pua:win32/rostpay", "Worm:win32/acint", "Trojan:win32/qbot", "Dopple ai" ], "industries": [], "unique_indicators": 5337 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/ampproject.org", "whois": "http://whois.domaintools.com/ampproject.org", "domain": "ampproject.org", "hostname": "cdn.ampproject.org" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 10, "pulses": [ { "id": "69bea5d2987c3d14aeb2b0c9", "name": "Delete service Deleted over 1200 Brian Sabeys Porn Revenge Campaign \u2022 LevelBlue? Dopple AI | Poem Hunter: Poems ", "description": "", "modified": "2026-03-21T14:06:10.007000", "created": "2026-03-21T14:06:10.007000", "tags": [ "active related", "search filter", "time tsara", "x show", "cidr", "email", "learn more", "information", "t1027", "t1036", "t1057", "discovery", "t1059", "t1071", "title added", "poem", "the day", "wild eyesand", "unknown power", "shakespeare", "repeats", "ere man", "dowell oreilly", "read poem", "snit", "website", "loading", "rl https", "y0 nov", "vj96", "uyebaaeabaaaaac", "jid442122029", "active", "url http", "url https", "types", "indicators show", "type indicator", "added active", "tbmvid", "sourcelnms", "zx1724209326040", "read c", "module load", "showing", "delphi", "delete", "rgba", "unicode", "malware", "write", "win32", "execution", "next", "extraction", "data upload", "extre", "include data", "sc type", "url tot", "role title", "tsara brashears", "live sex", "porn video", "levelblue", "porn", "pornhub", "porn videos", "watch tsara", "most relevant", "q estimation", "green", "tsara", "online chat", "spicychat ai", "visa", "sex chat", "miss stella", "january", "philadelphia", "dopple ai", "b1 dec", "videos", "red porn", "free porn", "sunny leone", "hardcore porn", "jeffrey reimer", "puts", "love", "super", "download", "top tsara", "google search", "la iniciacin", "xxx hd", "bdsm scene", "nsfw experience", "ck ids", "open threat", "filepath https", "foundry", "palantir", "brian sabey", "yas", "tiny penis", "slander", "indicator role", "pulses url", "search" ], "references": [ "OTX must have an issue. A delete app seen before has deleted a majority of malicious IoCs. Im", "I don\u2019t appreciate OTX populated Malware suggestion \u2018SNIT\u2019 \u2018 Dopple AI\u2019 NOT malware", "OTX description for SNIT- I love to compose letters of resignation; now and then I send one in", "and leave in a lemon- hued Huff da Country or a Snit with four on the MALWARE fOORILIES", "OTX description for Dopple AI - There\u2019s someone for everyone out there in the BDSM scene, you can enjoy the", "free NSFW experience offered by Dopple AI.MALWARE", "Makes zero sense. Malicious. I don\u2019t get it. I have a Malware gift for you too!", "Y.A.S:1Byte/TinyRod SeeDescription @ Y.A.S. OFFICIAL MUSIC VIDEO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Snit", "display_name": "Snit", "target": null }, { "id": "Dopple AI", "display_name": "Dopple AI", "target": null }, { "id": "Y.A.S:1Byte/TinyRod", "display_name": "Y.A.S:1Byte/TinyRod", "target": "/malware/Y.A.S:1Byte/TinyRod" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" } ], "industries": [], "TLP": "green", "cloned_from": "691ead29f61101bfa3700998", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2497, "hostname": 742, "FileHash-SHA256": 523, "domain": 223, "FileHash-MD5": 85, "FileHash-SHA1": 56, "email": 4 }, "indicator_count": 4130, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "71 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "691ead29f61101bfa3700998", "name": "Dopple AI | Poem Hunter: Poems - Poets - Poetry", "description": "Online terms that sexulize SA victim : Tsara brashears slander red porn videos ,\nHardcore porn, is pornography that features detailed depictions of sexual organs or sexual acts such as vaginal, anal or oral intercourse, fingering, brashears , Red Porn Videos , Tsara brashears slandered red porn\nyoujizz sex\n, Tsara brashears submission on august 27 via manual free , College fuck fest Super japanese hd compilation , \none kinky student fucks tsara brashears porn xxx porn , the best internet porn site\n, tsara brashears slandered, porn video uploaded to hardcore ,\nxxxxxxxxxx sex videos\nsearch , xxxxxxxxxx hd porn. tsara brashears\u09ac\u09b2\u09a6\u09b6\u09b0 \u09a8\u09a4\u09a8 \u09ad\u09acfrench retro gangbang in the hotel room, You will Tsara brashears porn ,\nChunky babe loves to be on top Hot Milf , xxx Movies, updates hourly.\n tsara brashears slandered,\nfrench retro gangbang in the hotel room , free porn videos. You will Tsara brashears porn jeffrey reimer puts his love on top tsara brashears brother", "modified": "2025-12-20T03:00:41.407000", "created": "2025-11-20T05:54:49.968000", "tags": [ "active related", "search filter", "time tsara", "x show", "cidr", "email", "learn more", "information", "t1027", "t1036", "t1057", "discovery", "t1059", "t1071", "title added", "poem", "the day", "wild eyesand", "unknown power", "shakespeare", "repeats", "ere man", "dowell oreilly", "read poem", "snit", "website", "loading", "rl https", "y0 nov", "vj96", "uyebaaeabaaaaac", "jid442122029", "active", "url http", "url https", "types", "indicators show", "type indicator", "added active", "tbmvid", "sourcelnms", "zx1724209326040", "read c", "module load", "showing", "delphi", "delete", "rgba", "unicode", "malware", "write", "win32", "execution", "next", "extraction", "data upload", "extre", "include data", "sc type", "url tot", "role title", "tsara brashears", "live sex", "porn video", "levelblue", "porn", "pornhub", "porn videos", "watch tsara", "most relevant", "q estimation", "green", "tsara", "online chat", "spicychat ai", "visa", "sex chat", "miss stella", "january", "philadelphia", "dopple ai", "b1 dec", "videos", "red porn", "free porn", "sunny leone", "hardcore porn", "jeffrey reimer", "puts", "love", "super", "download", "top tsara", "google search", "la iniciacin", "xxx hd", "bdsm scene", "nsfw experience", "ck ids", "open threat", "filepath https", "foundry", "palantir", "brian sabey", "yas", "tiny penis", "slander", "indicator role", "pulses url", "search" ], "references": [ "OTX must have an issue. A delete app seen before has deleted a majority of malicious IoCs. Im", "I don\u2019t appreciate OTX populated Malware suggestion \u2018SNIT\u2019 \u2018 Dopple AI\u2019 NOT malware", "OTX description for SNIT- I love to compose letters of resignation; now and then I send one in", "and leave in a lemon- hued Huff da Country or a Snit with four on the MALWARE fOORILIES", "OTX description for Dopple AI - There\u2019s someone for everyone out there in the BDSM scene, you can enjoy the", "free NSFW experience offered by Dopple AI.MALWARE", "Makes zero sense. Malicious. I don\u2019t get it. I have a Malware gift for you too!", "Y.A.S:1Byte/TinyRod SeeDescription @ Y.A.S. OFFICIAL MUSIC VIDEO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Snit", "display_name": "Snit", "target": null }, { "id": "Dopple AI", "display_name": "Dopple AI", "target": null }, { "id": "Y.A.S:1Byte/TinyRod", "display_name": "Y.A.S:1Byte/TinyRod", "target": "/malware/Y.A.S:1Byte/TinyRod" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2497, "hostname": 742, "FileHash-SHA256": 523, "domain": 223, "FileHash-MD5": 85, "FileHash-SHA1": 56, "email": 4 }, "indicator_count": 4130, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "163 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709f38353a6151ed506123", "name": "tsara brashears porn Google search", "description": "", "modified": "2023-12-06T16:20:08.474000", "created": "2023-12-06T16:20:08.474000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 16, "URL": 152, "FileHash-SHA256": 100, "FileHash-MD5": 58, "FileHash-SHA1": 40, "domain": 20 }, "indicator_count": 386, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "652396e713c1ed328a30e252", "name": "Multiple Antagonist", "description": "Multiple antagonist related to this issue.\n\n\nBased on extensive research attack not aimed at medical business. \n\nTargeting: visitors, specified female individual, associates, targets businesses, devices, digital profile , technology, insurance, communications, search redirects, targets route through BN.\n\n\n\nResearch points to multiple involved antagonists, a female target, a clear motive.", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-09T06:00:07.575000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6523978d9bc58273e16261a6", "name": "Ransom:Win32/WannaCrypt ", "description": "", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-09T06:02:53.483000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "652396e713c1ed328a30e252", "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f1b9d7b8c6e2836f2c1a5", "name": "Ransom:Win32/WannaCrypt", "description": "", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-30T02:57:33.289000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "6523978d9bc58273e16261a6", "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f1cc68d8465d74f49192f", "name": "Ransom:Win32/WannaCrypt", "description": "", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-30T03:02:30.391000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "6523978d9bc58273e16261a6", "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f21acc5a187c1be5fcc90", "name": "Multiple Antagonist", "description": "", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-30T03:23:24.863000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "652396e713c1ed328a30e252", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653fd3ed0900058de627cebc", "name": "Multiple Antagonist", "description": "", "modified": "2023-11-08T04:04:40.217000", "created": "2023-10-30T16:03:57.322000", "tags": [ "heur", "united", "malicious site", "phishing site", "malware", "anonymisation", "ibm xforce", "exchange", "unsafe", "artemis", "formbook", "downloader", "facebook", "bank", "download", "union", "fuery", "team", "qbot", "bankerx", "riskware", "dropper", "nimda", "swrort", "unruy", "adwind", "trojanx", "crack", "win64", "agent", "generic", "alexa top", "million", "team top", "site", "cisco umbrella", "safe site", "malware site", "iframe", "opencandy", "exploit", "zbot", "nircmd", "acint", "downldr", "tiggre", "presenoker", "filetour", "cleaner", "conduit", "wacatac", "quasar rat", "mimikatz", "pony", "funshion", "mywebsearch", "rostpay", "iobit", "mediaget", "systweak", "behav", "genkryptik", "phishing", "alexa", "installpack", "xtrat", "webtoolbar", "trojanspy", "detection list", "blacklist http", "bottom3", "sig10vr3b813", "lcid1033", "smlen", "spn224", "bv7uet92ww", "blacklist", "denver", "s tamarac", "dr ste", "therapists", "centennial", "therahand", "review", "physical", "tomorrow", "hours mon", "dpt", "404", "gettr", "whois record", "referrer", "historical ssl", "contacted", "communicating", "resolutions", "whois whois", "whois ssl", "ssl certificate", "bottom3 http", "FileRepMetagen", "evasive,hyteod,ransomware", "AI_Score_52%", "ATT&CK fonts.gstatic.com", "mitre", "button", "path", "input", "form", "malicious url", "paypal", "team phishing", "filerepmetagen", "azorult", "service", "runescape", "business url", "delivery optout", "superpages url", "us url", "network partner", "google", "windows nt", "khtml", "gecko", "aes128gcm", "gts ca", "europeberlin", "frankfurt", "main", "sign", "people search", "state directory", "join browse", "nail salons", "popular", "the local", "nearby", "strong", "use my", "fakealert", "zpevdo" ], "references": [ "https://www.superpages.com/denver-co/bpp/amp/therahand-472908110", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "Hybrid Analysis via AlienVault OTX Extraction Details", "Extensive research", "Data Analysis", "Comparative Analysis", "Content servers: https://c.ypcdn.com/", "https://www.superpages.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "XRat", "display_name": "XRat", "target": null }, { "id": "Backdoor:Win32/Zbot", "display_name": "Backdoor:Win32/Zbot", "target": "/malware/Backdoor:Win32/Zbot" }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "ALF:JASYP:PUA:Win32/Systweak", "display_name": "ALF:JASYP:PUA:Win32/Systweak", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Worm:Win32/Nimda", "display_name": "Worm:Win32/Nimda", "target": "/malware/Worm:Win32/Nimda" }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/OpenCandy", "display_name": "ALF:PUA:Win32/OpenCandy", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "display_name": "#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger", "target": null }, { "id": "HackTool:PowerShell/Mimikatz", "display_name": "HackTool:PowerShell/Mimikatz", "target": "/malware/HackTool:PowerShell/Mimikatz" }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Trojan:Win32/Qbot", "display_name": "Trojan:Win32/Qbot", "target": "/malware/Trojan:Win32/Qbot" }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Adwind RAT", "display_name": "Adwind RAT", "target": null }, { "id": "Trojan:Win32/Tiggre", "display_name": "Trojan:Win32/Tiggre", "target": "/malware/Trojan:Win32/Tiggre" }, { "id": "Virus:DOS/Better_Tomorrow", "display_name": "Virus:DOS/Better_Tomorrow", "target": "/malware/Virus:DOS/Better_Tomorrow" }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "NirCmd", "display_name": "NirCmd", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "trojanx", "display_name": "trojanx", "target": null }, { "id": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "display_name": "ALF:HeraklezEval:TrojanDownloader:Win32/Unruy", "target": null }, { "id": "Trojan:Win32/Fuery", "display_name": "Trojan:Win32/Fuery", "target": "/malware/Trojan:Win32/Fuery" }, { "id": "Trojan:Win32/Filetour", "display_name": "Trojan:Win32/Filetour", "target": "/malware/Trojan:Win32/Filetour" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "ALF:Cert:InstallPack", "display_name": "ALF:Cert:InstallPack", "target": null }, { "id": "Ransom:Win32/WannaCrypt", "display_name": "Ransom:Win32/WannaCrypt", "target": "/malware/Ransom:Win32/WannaCrypt" }, { "id": "TROJ_FRS.VSN1EA19", "display_name": "TROJ_FRS.VSN1EA19", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Slimware.a", "display_name": "Slimware.a", "target": null }, { "id": "PhishingMS.ABC", "display_name": "PhishingMS.ABC", "target": null }, { "id": "FileRepMetagen [PUP]", "display_name": "FileRepMetagen [PUP]", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Agent.3132311", "display_name": "Agent.3132311", "target": null }, { "id": "virus.html.gen03", "display_name": "virus.html.gen03", "target": null }, { "id": "BU", "display_name": "BU", "target": null }, { "id": "Trojan:Win32/Presenoker", "display_name": "Trojan:Win32/Presenoker", "target": "/malware/Trojan:Win32/Presenoker" }, { "id": "Trojan:Win32/Swrort", "display_name": "Trojan:Win32/Swrort", "target": "/malware/Trojan:Win32/Swrort" }, { "id": "ALF:PUA:Win32/Funshion", "display_name": "ALF:PUA:Win32/Funshion", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": "653f21acc5a187c1be5fcc90", "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "hostname": 313, "FileHash-MD5": 187, "FileHash-SHA1": 102, "domain": 115, "URL": 134, "FileHash-SHA256": 169, "FilePath": 1, "CIDR": 1 }, "indicator_count": 1036, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64cdf2ea337c4c46dc1ff713", "name": "tsara brashears porn Google search", "description": "Malicious smear campaign.\nPrivate citizen tagged in malicious websites.\nNORAD Tracker\nTracking Radar Keyloggers SEO rollout\nInfoStealer Password stealer passcode bypass malware spreaders", "modified": "2023-10-02T00:00:29.692000", "created": "2023-08-05T06:57:46.150000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 390, "domain": 44, "hostname": 44, "FileHash-MD5": 68, "FileHash-SHA256": 150, "FileHash-SHA1": 50 }, "indicator_count": 746, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "973 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://cdn.ampproject.org/v0/amp-analytics-0.1.js", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://cdn.ampproject.org/v0/amp-analytics-0.1.js", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780319824.4504502 }