{ "type": "URL", "indicator": "https://cn.portal.processsimple.trafficmanager.cn", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://cn.portal.processsimple.trafficmanager.cn", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3776815570, "indicator": "https://cn.portal.processsimple.trafficmanager.cn", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 38, "pulses": [ { "id": "69e434769e2a43c088066ca2", "name": "Kraddare \u2022 Agent Tesla \u2022 CVE Jar clone credit octoseek", "description": "", "modified": "2026-05-19T00:09:08.840000", "created": "2026-04-19T01:48:38.335000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" }, { "id": "Kraddare", "display_name": "Kraddare", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "green", "cloned_from": "654a7a53317c717d1f4fee7f", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "12 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc2ceaf9989ac75c80ac68", "name": "Credit [ty] OctoSeek - please follow them [Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server] - this post is so true", "description": "", "modified": "2026-05-07T06:24:09.569000", "created": "2026-05-07T06:10:50.373000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c597a4a45c8d84f0b15c1", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2927, "domain": 627, "hostname": 1320, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10755, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc2ce920f63f0ab26c6871", "name": "Credit [ty] OctoSeek - please follow them [Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server] - this post is so true", "description": "", "modified": "2026-05-07T06:22:38.844000", "created": "2026-05-07T06:10:49.008000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c597a4a45c8d84f0b15c1", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2927, "domain": 627, "hostname": 1320, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10755, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580c17e69371b34a573f72", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:59.619000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580c1516990d69644fb3d0", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:57.372000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 100, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65574cbe6bdbe24ecb170b24", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:34.083000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 102, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65574cb4447c8d87ad85fa75", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:24.343000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65551682899b039e02b8dc8a", "name": "Apple | iOS | Automated Attacks | Resource Hijacking | Google Tracker", "description": "Boot or Logon Autostart Execution\nCommand and Scripting Interpreter\nAutomated Collection\nWebToolbar \nAmazon rsa\nAmazon02\nAmazon S3\nPrivilege Abuse\nRetaliation", "modified": "2023-12-15T18:02:25.356000", "created": "2023-11-15T19:05:38.437000", "tags": [ "strong", "saal digital", "photo portal", "daten", "support", "saal", "bersicht", "informationen", "profis", "rabatte fr", "service", "heur", "malware", "cisco umbrella", "adware", "safe site", "malware site", "malicious site", "phishing site", "alexa top", "million", "tiggre", "presenoker", "agent", "opencandy", "conduit", "unsafe", "wacatac", "artemis", "phishing", "iframe", "installpack", "xrat", "fusioncore", "riskware", "acint", "nircmd", "swrort", "downldr", "systweak", "behav", "crack", "genkryptik", "exploit", "filetour", "cleaner", "webtoolbar", "trojanspy", "get fdm", "ms windows", "pe32", "intel", "search", "show", "united", "entries", "systemdrive", "program files", "installer", "write", "delphi", "next", "june", "win32", "copy", "pixel", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "variables", "langpage string", "lang", "saalgroup", "creoletohtml", "chat", "reverse dns", "resource", "general full", "asn16509", "amazon02", "url https", "security tls", "protocol h2", "hash", "get h2", "main", "request chain", "http", "de redirected", "http redirect", "site", "malicious url", "blacklist https", "domain", "screenshot", "windows nt", "win64", "khtml", "gecko", "amazons3", "aes128gcm", "amazon rsa", "aes256", "date", "name verdict", "pattern match", "root ca", "script", "done adding", "catalog file", "file", "indicator", "authority", "class", "mitre att", "meta", "unknown", "error", "hybrid", "accept", "general", "local", "click", "strings", "generator", "critical", "refresh", "tools", "null", "body", "create c", "html document", "xport", "noname057", "generic malware", "generic", "dapato", "alexa", "installcore", "downloader", "dropper", "outbreak", "iobit", "mediaget", "azorult", "runescape", "facebook", "bank", "download", "live", "rms", "maltiverse", "cyber threat", "engineering", "services", "malicious host", "malicious", "team", "zeus", "nymaim", "zbot", "simda", "asyncrat", "cobalt strike", "ransomware", "matsnu", "cutwail", "citadel", "pykspa", "raccoon", "kronos", "ramnit", "redline stealer", "apple", "apple", "html info", "title saal", "meta tags", "trackers google", "tag manager", "gtm5wjlq2", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "self", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "hostname", "anonymizer", "firehol", "mail spammer", "team proxy", "kraken", "suppobox", "tofsee", "vawtrak", "hotmail", "netsky", "stealer", "blacknet rat", "remcos", "miner", "hacktool", "trojan", "detplock", "team phishing", "a nxdomain", "passive dns", "scan endpoints", "all octoseek", "pulse pulses", "urls", "files", "ip address", "all search", "otx octoseek", "files ip", "contacted", "whois record", "ssl certificate", "pe resource", "bundled", "attack", "parent", "historical ssl", "collections", "communicating", "emotet", "execution", "markmonitor inc", "vhash", "authentihash", "imphash", "ssdeep", "win32 exe", "magic pe32", "trid win32", "archive", "valid", "serial number", "valid from", "valid usage", "code signing", "status status", "valid issuer", "assured id", "issuer issuer", "symantec sha256", "sections", "file type", "trid generic", "cil executable", "contained", "details module", "version id", "typelib id", "header target", "machine intel", "utc entry", "point", "sections name", "streams size", "entropy chi2", "guid", "blob", "namecheap", "ip detections", "country", "resolutions", "referrer", "whois whois", "threat roundup", "parent domain", "CVE-2023-22518", "CVE-2017-0143", "CVE-2017-0147", "CVE-2020-0601", "CVE-2017-8570", "CVE-2018-4893", "CVE-2017-11882", "CVE-2017-0199", "CVE-2014-3153", "W32.AIDetectNet.01", "trojan.adload/ursu", "targeting tsara brashears", "cybercrime", "privilege escalation", "defacement", "privilege abuse", "soc", "red team", "social engineering", "retaliation", "assault victim", "obsession" ], "references": [ "https://hybrid-analysis.com/sample/9e8ce8607b7f32f6f66c8126851a55818ff775ee060d2c448679e5eb1e22ba2a", "https://www.saal-digital.de/ordercockpit/?email=christ.robert@gmx.de&ordernumber=802109030129517", "\u2193 Interesting \u2193", "owa.telegrafix.com", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (Phishing)", "christ.robert@gmx.de", "https://simtk.org/projects/sv_tests (Tsara Brashears project?)", "https://itunes.apple.com/de/app/saal-design-app/id1481631197?mt=8", "https://play.google.com/store/apps/details?id=com.saaldigital.designerapp.de&hl=de", "BEELab_web_1.0.2-prerelease.exe", "AfraidZad.exe", "https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic", "greycroftpartners.com", "http://videotubeplayer.com/?groupds=1&clientId=201&productId=1407&tracking=w5JJ46MKQI493DMO1NDNTQ6K&publisher_id=", "trkpls3.com", "eg-monitoring.com", "http://m.pornsexer.xxx.3.1.adiosfil.roksit.net/", "https://twitter.com/PORNO_SEXYBABES" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Netherlands", "Italy", "Singapore", "France", "Germany", "Korea, Republic of" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "RMS", "display_name": "RMS", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 82, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 841, "FileHash-SHA1": 467, "FileHash-SHA256": 6370, "CVE": 9, "domain": 2160, "hostname": 3074, "email": 1, "URL": 6550, "SSLCertFingerprint": 1, "CIDR": 3 }, "indicator_count": 19476, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "897 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655516871038cbad9eae2bb7", "name": "Apple | iOS | Automated Attacks | Resource Hijacking | Google Tracker", "description": "Boot or Logon Autostart Execution\nCommand and Scripting Interpreter\nAutomated Collection\nWebToolbar \nAmazon rsa\nAmazon02\nAmazon S3\nPrivilege Abuse\nRetaliation", "modified": "2023-12-15T18:02:25.356000", "created": "2023-11-15T19:05:43.285000", "tags": [ "strong", "saal digital", "photo portal", "daten", "support", "saal", "bersicht", "informationen", "profis", "rabatte fr", "service", "heur", "malware", "cisco umbrella", "adware", "safe site", "malware site", "malicious site", "phishing site", "alexa top", "million", "tiggre", "presenoker", "agent", "opencandy", "conduit", "unsafe", "wacatac", "artemis", "phishing", "iframe", "installpack", "xrat", "fusioncore", "riskware", "acint", "nircmd", "swrort", "downldr", "systweak", "behav", "crack", "genkryptik", "exploit", "filetour", "cleaner", "webtoolbar", "trojanspy", "get fdm", "ms windows", "pe32", "intel", "search", "show", "united", "entries", "systemdrive", "program files", "installer", "write", "delphi", "next", "june", "win32", "copy", "pixel", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "variables", "langpage string", "lang", "saalgroup", "creoletohtml", "chat", "reverse dns", "resource", "general full", "asn16509", "amazon02", "url https", "security tls", "protocol h2", "hash", "get h2", "main", "request chain", "http", "de redirected", "http redirect", "site", "malicious url", "blacklist https", "domain", "screenshot", "windows nt", "win64", "khtml", "gecko", "amazons3", "aes128gcm", "amazon rsa", "aes256", "date", "name verdict", "pattern match", "root ca", "script", "done adding", "catalog file", "file", "indicator", "authority", "class", "mitre att", "meta", "unknown", "error", "hybrid", "accept", "general", "local", "click", "strings", "generator", "critical", "refresh", "tools", "null", "body", "create c", "html document", "xport", "noname057", "generic malware", "generic", "dapato", "alexa", "installcore", "downloader", "dropper", "outbreak", "iobit", "mediaget", "azorult", "runescape", "facebook", "bank", "download", "live", "rms", "maltiverse", "cyber threat", "engineering", "services", "malicious host", "malicious", "team", "zeus", "nymaim", "zbot", "simda", "asyncrat", "cobalt strike", "ransomware", "matsnu", "cutwail", "citadel", "pykspa", "raccoon", "kronos", "ramnit", "redline stealer", "apple", "apple", "html info", "title saal", "meta tags", "trackers google", "tag manager", "gtm5wjlq2", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "self", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "hostname", "anonymizer", "firehol", "mail spammer", "team proxy", "kraken", "suppobox", "tofsee", "vawtrak", "hotmail", "netsky", "stealer", "blacknet rat", "remcos", "miner", "hacktool", "trojan", "detplock", "team phishing", "a nxdomain", "passive dns", "scan endpoints", "all octoseek", "pulse pulses", "urls", "files", "ip address", "all search", "otx octoseek", "files ip", "contacted", "whois record", "ssl certificate", "pe resource", "bundled", "attack", "parent", "historical ssl", "collections", "communicating", "emotet", "execution", "markmonitor inc", "vhash", "authentihash", "imphash", "ssdeep", "win32 exe", "magic pe32", "trid win32", "archive", "valid", "serial number", "valid from", "valid usage", "code signing", "status status", "valid issuer", "assured id", "issuer issuer", "symantec sha256", "sections", "file type", "trid generic", "cil executable", "contained", "details module", "version id", "typelib id", "header target", "machine intel", "utc entry", "point", "sections name", "streams size", "entropy chi2", "guid", "blob", "namecheap", "ip detections", "country", "resolutions", "referrer", "whois whois", "threat roundup", "parent domain", "CVE-2023-22518", "CVE-2017-0143", "CVE-2017-0147", "CVE-2020-0601", "CVE-2017-8570", "CVE-2018-4893", "CVE-2017-11882", "CVE-2017-0199", "CVE-2014-3153", "W32.AIDetectNet.01", "trojan.adload/ursu", "targeting tsara brashears", "cybercrime", "privilege escalation", "defacement", "privilege abuse", "soc", "red team", "social engineering", "retaliation", "assault victim", "obsession" ], "references": [ "https://hybrid-analysis.com/sample/9e8ce8607b7f32f6f66c8126851a55818ff775ee060d2c448679e5eb1e22ba2a", "https://www.saal-digital.de/ordercockpit/?email=christ.robert@gmx.de&ordernumber=802109030129517", "\u2193 Interesting \u2193", "owa.telegrafix.com", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (Phishing)", "christ.robert@gmx.de", "https://simtk.org/projects/sv_tests (Tsara Brashears project?)", "https://itunes.apple.com/de/app/saal-design-app/id1481631197?mt=8", "https://play.google.com/store/apps/details?id=com.saaldigital.designerapp.de&hl=de", "BEELab_web_1.0.2-prerelease.exe", "AfraidZad.exe", "https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic", "greycroftpartners.com", "http://videotubeplayer.com/?groupds=1&clientId=201&productId=1407&tracking=w5JJ46MKQI493DMO1NDNTQ6K&publisher_id=", "trkpls3.com", "eg-monitoring.com", "http://m.pornsexer.xxx.3.1.adiosfil.roksit.net/", "https://twitter.com/PORNO_SEXYBABES" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Netherlands", "Italy", "Singapore", "France", "Germany", "Korea, Republic of" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "RMS", "display_name": "RMS", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 83, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 841, "FileHash-SHA1": 467, "FileHash-SHA256": 6370, "CVE": 9, "domain": 2160, "hostname": 3074, "email": 1, "URL": 6550, "SSLCertFingerprint": 1, "CIDR": 3 }, "indicator_count": 19476, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "897 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65568ab12429c394dc4b91ea", "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go", "description": "", "modified": "2023-12-14T15:03:30.417000", "created": "2023-11-16T21:33:37.838000", "tags": [ "united", "blacklist", "malicious site", "mail spammer", "detection list", "cisco umbrella", "site", "safe site", "malware", "phishing site", "heur", "malware site", "alexa top", "million", "unsafe", "artemis", "riskware", "conduit", "agent", "opencandy", "xtrat", "iframe", "cleaner", "team", "installpack", "xrat", "tiggre", "presenoker", "fusioncore", "wacatac", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "crack", "softcnapp", "trojanspy", "maltiverse", "falcon sandbox", "pattern match", "root ca", "authority", "class", "script", "ascii text", "mitre att", "localappdata", "temp", "ck id", "date", "unknown", "generator", "critical", "error", "meta", "hybrid", "general", "local", "click", "strings", "expiressun", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pt3uc1", "path", "movies", "watch", "html info", "meta tags", "suddenlink tv", "trackers amazon", "pt3rc1", "whois record", "whois whois", "ssl certificate", "historical", "historical ssl", "referrer", "communicating", "dropped", "contacted", "apple ios", "hacktool", "metro", "malicious", "crypto", "installer", "attack", "awful", "brian sabey", "aig", "civicaIg", "tracking", "password crack", "tulach", "target tsara brashears", "tylerknott", "att", "monitoring", "spyware", "spying", "cybercrime", "tulach", "hughesnet", "ios", "toshiba", "attack", "malvertizing", "cyber stalking", "porn", "pornhub" ], "references": [ "http://mobile.suddenlink2go.com/", "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3", "https://applemusic-spotlight.myunidays.com/US/en-US?", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "myhughesnet.com", "dishmail.net", "home.toshiba.com", "ytq2rs56.haogfw.com", "pornhub.com", "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI", "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ", "monitor.cablelan.net", "https://monitor.rodgersmith.com", "https://www.everycloudtech.com/free-mail-flow-monitor" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "6553b88c316cfb531b9c4c10", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 144, "FileHash-SHA1": 179, "FileHash-SHA256": 4528, "CVE": 7, "domain": 2024, "hostname": 3556, "URL": 10455 }, "indicator_count": 20893, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "899 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6553b88c316cfb531b9c4c10", "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go.com", "description": "spyware, 114.114.114.114, Tulach, C2, apple iOS, passwords, crack, unlock , click, att, hughesnet", "modified": "2023-12-14T15:03:30.417000", "created": "2023-11-14T18:12:28.459000", "tags": [ "united", "blacklist", "malicious site", "mail spammer", "detection list", "cisco umbrella", "site", "safe site", "malware", "phishing site", "heur", "malware site", "alexa top", "million", "unsafe", "artemis", "riskware", "conduit", "agent", "opencandy", "xtrat", "iframe", "cleaner", "team", "installpack", "xrat", "tiggre", "presenoker", "fusioncore", "wacatac", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "crack", "softcnapp", "trojanspy", "maltiverse", "falcon sandbox", "pattern match", "root ca", "authority", "class", "script", "ascii text", "mitre att", "localappdata", "temp", "ck id", "date", "unknown", "generator", "critical", "error", "meta", "hybrid", "general", "local", "click", "strings", "expiressun", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pt3uc1", "path", "movies", "watch", "html info", "meta tags", "suddenlink tv", "trackers amazon", "pt3rc1", "whois record", "whois whois", "ssl certificate", "historical", "historical ssl", "referrer", "communicating", "dropped", "contacted", "apple ios", "hacktool", "metro", "malicious", "crypto", "installer", "attack", "awful", "brian sabey", "aig", "civicaIg", "tracking", "password crack", "tulach", "target tsara brashears", "tylerknott", "att", "monitoring", "spyware", "spying", "cybercrime", "tulach", "hughesnet", "ios", "toshiba", "attack", "malvertizing", "cyber stalking", "porn", "pornhub" ], "references": [ "http://mobile.suddenlink2go.com/", "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3", "https://applemusic-spotlight.myunidays.com/US/en-US?", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "myhughesnet.com", "dishmail.net", "home.toshiba.com", "ytq2rs56.haogfw.com", "pornhub.com", "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI", "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ", "monitor.cablelan.net", "https://monitor.rodgersmith.com", "https://www.everycloudtech.com/free-mail-flow-monitor" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 144, "FileHash-SHA1": 179, "FileHash-SHA256": 4528, "CVE": 7, "domain": 2024, "hostname": 3556, "URL": 10455 }, "indicator_count": 20893, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "899 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6558126013aef7ce80968842", "name": "PuffStealer", "description": "", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-18T01:24:48.887000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c5970817e6bf8b0e5b5ff", "export_count": 334, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "904 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654d29ff31857aafba0358e1", "name": "Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server | Apple iOS", "description": "", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-09T18:50:39.675000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c597a4a45c8d84f0b15c1", "export_count": 341, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "904 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654c606d74f82e547c77ad89", "name": "Ransom.Win64.PORNOASSET.SM1 | DeepScan:Generic.Ransom.GandCrab5", "description": "Ransom.Win64.PORNOASSET.SM1 DeepScan:Generic.Ransom.GandCrab5\nBlackNET RAT $WebWatson\nAuto generated results from a variety of tools.", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-09T04:30:37.089000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 338, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "904 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654c597a4a45c8d84f0b15c1", "name": "Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server | Apple iOS", "description": "Darkside 2020 Ecosystem .BEware\nMalicious Tor server. Link found in pulse created prior. \nMalvertizing target: Tsara Brashears\nRevenge Porn.\nThere may me others. Malicious Apple activities, locating, CVE exploits, unlocking, hijacker, service transfer, spyware, malicious full auth, tracking, endless. Seems to originate from a law firm that goes to far to defend clients and silence alleged victims. \nSome State allow the same privileges and tools the federal government to insurance, workers compensation, investigators and insurance company law firms for investigations. \nFear tactics they seem willing to back up. I was approached and asked about my cyber knowledge by strangers. I am followed now for using a tool properly.\nALL terms auto populated from various tools from various tools used including, State, Brian Sabey, cyber stalking. Perhaps he's made contact with target. Danger!", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-09T04:00:58.166000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 338, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "904 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654c5970817e6bf8b0e5b5ff", "name": "Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server | Apple iOS", "description": "Darkside 2020 Ecosystem .BEware\nMalicious Tor server. Link found in pulse created prior. \nMalvertizing target: Tsara Brashears\nRevenge Porn.\nThere may me others. Malicious Apple activities, locating, CVE exploits, unlocking, hijacker, service transfer, spyware, malicious full auth, tracking, endless. Seems to originate from a law firm that goes to far to defend clients and silence alleged victims. \nSome State allow the same privileges and tools the federal government to insurance, workers compensation, investigators and insurance company law firms for investigations. \nFear tactics they seem willing to back up. I was approached and asked about my cyber knowledge by strangers. I am followed now for using a tool properly.\nALL terms auto populated from various tools from various tools used including, State, Brian Sabey, cyber stalking. Perhaps he's made contact with target. Danger!", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-09T04:00:48.087000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 339, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "904 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654af6cf6bee02fafb173522", "name": "Infected.WebPage", "description": "Auto populated statement:\n\"Researchers\" have been analysing more than 1,000 samples of malware in an attempt to identify and identify the most common types of cyber-crime and its impact on the public and private networks.\"\nBehavesLike.HTML.Redirector", "modified": "2023-12-08T01:04:05.677000", "created": "2023-11-08T02:47:43.205000", "tags": [ "scan endpoints", "all search", "otx octoseek", "url http", "new pulse", "existing pulse", "http", "ip address", "passive dns", "related nids", "search live", "api blog", "docs pricing", "login", "november", "de summary", "london", "united kingdom", "google safe", "europelondon", "windows nt", "win64", "khtml", "gecko", "veryhigh", "date", "servers", "hashes files", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "mitre att", "null", "unknown", "span", "error", "class", "generator", "critical", "body", "meta", "hybrid", "general", "local", "click", "strings", "refresh", "tools", "contacted", "whois record", "whois whois", "execution", "resolutions", "communicating", "referrer", "pe resource", "bundled", "flawedammyy", "metamorfo", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "filerepmalware", "heur", "cisco umbrella", "site", "safe site", "malware", "alexa top", "million", "malicious site", "malware site", "phishing site", "artemis", "outbreak", "dropper", "unsafe", "trojanx", "phishing", "agent", "installcore", "acint", "conduit", "iobit", "mediaget", "crack", "mimikatz", "alexa", "rostpay", "installpack", "predator", "dbatloader", "downloader", "blocker", "ransom", "autoit", "bladabindi", "emotet", "trojan", "irata", "utorrent", "generic", "yakes", "adposhel", "crypt", "wacatac", "riskware", "blacknet rat", "stealer", "xrat", "downldr", "malicious", "trojanspy", "webtoolbar", "maltiverse" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 115, "FileHash-SHA1": 112, "FileHash-SHA256": 3390, "URL": 2779, "CIDR": 1, "hostname": 1228, "domain": 698, "CVE": 5 }, "indicator_count": 8328, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654d2a2e6cbc20fac8504fe5", "name": "Infected.WebPage", "description": "", "modified": "2023-12-08T01:04:05.677000", "created": "2023-11-09T18:51:26.957000", "tags": [ "scan endpoints", "all search", "otx octoseek", "url http", "new pulse", "existing pulse", "http", "ip address", "passive dns", "related nids", "search live", "api blog", "docs pricing", "login", "november", "de summary", "london", "united kingdom", "google safe", "europelondon", "windows nt", "win64", "khtml", "gecko", "veryhigh", "date", "servers", "hashes files", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "mitre att", "null", "unknown", "span", "error", "class", "generator", "critical", "body", "meta", "hybrid", "general", "local", "click", "strings", "refresh", "tools", "contacted", "whois record", "whois whois", "execution", "resolutions", "communicating", "referrer", "pe resource", "bundled", "flawedammyy", "metamorfo", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "filerepmalware", "heur", "cisco umbrella", "site", "safe site", "malware", "alexa top", "million", "malicious site", "malware site", "phishing site", "artemis", "outbreak", "dropper", "unsafe", "trojanx", "phishing", "agent", "installcore", "acint", "conduit", "iobit", "mediaget", "crack", "mimikatz", "alexa", "rostpay", "installpack", "predator", "dbatloader", "downloader", "blocker", "ransom", "autoit", "bladabindi", "emotet", "trojan", "irata", "utorrent", "generic", "yakes", "adposhel", "crypt", "wacatac", "riskware", "blacknet rat", "stealer", "xrat", "downldr", "malicious", "trojanspy", "webtoolbar", "maltiverse" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "654af6cf6bee02fafb173522", "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 115, "FileHash-SHA1": 112, "FileHash-SHA256": 3390, "URL": 2779, "CIDR": 1, "hostname": 1228, "domain": 698, "CVE": 5 }, "indicator_count": 8328, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654af6ca6354bcdb604e2e85", "name": "Infected.WebPage", "description": "Auto populated statement:\n\"Researchers\" have been analysing more than 1,000 samples of malware in an attempt to identify and identify the most common types of cyber-crime and its impact on the public and private networks.\"\nBehavesLike.HTML.Redirector", "modified": "2023-12-08T01:04:05.677000", "created": "2023-11-08T02:47:38.907000", "tags": [ "scan endpoints", "all search", "otx octoseek", "url http", "new pulse", "existing pulse", "http", "ip address", "passive dns", "related nids", "search live", "api blog", "docs pricing", "login", "november", "de summary", "london", "united kingdom", "google safe", "europelondon", "windows nt", "win64", "khtml", "gecko", "veryhigh", "date", "servers", "hashes files", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "mitre att", "null", "unknown", "span", "error", "class", "generator", "critical", "body", "meta", "hybrid", "general", "local", "click", "strings", "refresh", "tools", "contacted", "whois record", "whois whois", "execution", "resolutions", "communicating", "referrer", "pe resource", "bundled", "flawedammyy", "metamorfo", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "filerepmalware", "heur", "cisco umbrella", "site", "safe site", "malware", "alexa top", "million", "malicious site", "malware site", "phishing site", "artemis", "outbreak", "dropper", "unsafe", "trojanx", "phishing", "agent", "installcore", "acint", "conduit", "iobit", "mediaget", "crack", "mimikatz", "alexa", "rostpay", "installpack", "predator", "dbatloader", "downloader", "blocker", "ransom", "autoit", "bladabindi", "emotet", "trojan", "irata", "utorrent", "generic", "yakes", "adposhel", "crypt", "wacatac", "riskware", "blacknet rat", "stealer", "xrat", "downldr", "malicious", "trojanspy", "webtoolbar", "maltiverse" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 115, "FileHash-SHA1": 112, "FileHash-SHA256": 3390, "URL": 2779, "CIDR": 1, "hostname": 1228, "domain": 698, "CVE": 5 }, "indicator_count": 8328, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654ab0f0b732066a2bdd1425", "name": "Remote & other attacks. Dapato I Detplock I Emotet I", "description": "", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T21:49:36.686000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Hall Render", "display_name": "Hall Render", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "white", "cloned_from": "654a772076be04f1649f9a42", "export_count": 143, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654a7a53317c717d1f4fee7f", "name": "Kraddare \u2022 Agent Tesla \u2022 CVE Jar", "description": "http://bpdb.portal.gov.bd:3128/sites/default/files/files/bpdb.portal.gov.bd/npfblock/2021-34bc869d2906198362a4346373ce5b94.jpg\nPurports to be based in Bangladesh, bounces to USA. Tor exit, relay router. Many proxies. Malicious. Very malicious targeting involved. Apple iOS hacking, device unlocking, CNC. Legal mischief?\n\nCVE\tCVE-2017-0147\t\t\t\t\t\nCVE\tCVE-2015-1650\t\t\t\t\t\nCVE\tCVE-2014-6352\t\t\t\t\t\nCVE\tCVE-2014-3153\t\t\t\t\t\nCVE\tCVE-2017-8570\t\t\t\t\t\t\nCVE\tCVE-2015-6585\t\t\t\nCVE\tCVE-2012-0158\t\t\t\t\t\t\nCVE\tCVE-2010-3333\t\t\t\t\t\t\nCVE\tCVE-2017-17215\t\t\t\t\nhttp://1.116.132.182/weblogic_CVE_2020_2551.jar", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T17:56:35.967000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" }, { "id": "Kraddare", "display_name": "Kraddare", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 151, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654a7a4d960200d938e180c3", "name": "Kraddare \u2022 Agent Tesla \u2022 CVE Jar", "description": "http://bpdb.portal.gov.bd:3128/sites/default/files/files/bpdb.portal.gov.bd/npfblock/2021-34bc869d2906198362a4346373ce5b94.jpg\nPurports to be based in Bangladesh, bounces to USA. Tor exit, relay router. Many proxies. Malicious. Very malicious targeting involved. Apple iOS hacking, device unlocking, CNC. Legal mischief?\n\nCVE\tCVE-2017-0147\t\t\t\t\t\nCVE\tCVE-2015-1650\t\t\t\t\t\nCVE\tCVE-2014-6352\t\t\t\t\t\nCVE\tCVE-2014-3153\t\t\t\t\t\nCVE\tCVE-2017-8570\t\t\t\t\t\t\nCVE\tCVE-2015-6585\t\t\t\nCVE\tCVE-2012-0158\t\t\t\t\t\t\nCVE\tCVE-2010-3333\t\t\t\t\t\t\nCVE\tCVE-2017-17215\t\t\t\t\nhttp://1.116.132.182/weblogic_CVE_2020_2551.jar", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T17:56:29.786000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" }, { "id": "Kraddare", "display_name": "Kraddare", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 152, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654a772076be04f1649f9a42", "name": "Remote & other attacks. Dapato I Detplock I Emotet I", "description": "http://bpdb.portal.gov.bd:3128/sites/default/files/files/bpdb.portal.gov.bd/npfblock/2021-34bc869d2906198362a4346373ce5b94.jpg\nPurports to be based in Bangladesh, bounces to USA. Tor exit, relay router. Many proxies. Malicious. Very malicious targeting involved. Apple iOS hacking, device unlocking, CNC. Legal mischief.", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T17:42:56.873000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Hall Render", "display_name": "Hall Render", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 151, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6546d0120a7e479fecffe2b1", "name": "Browser Malware Attack", "description": "Attacking browser to identify researcher.\nCommand for critical failure/destruction: https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "modified": "2023-12-04T22:00:43.514000", "created": "2023-11-04T23:13:21.883000", "tags": [ "united", "facebook", "phishtank", "detection list", "ip address", "blacklist", "paypal", "cisco umbrella", "site", "alexa top", "safe site", "million", "malicious url", "malware site", "malicious site", "malware", "name verdict", "falcon sandbox", "reports no", "speci", "efr1", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "et tor", "known tor", "relayrouter", "date", "unknown", "general", "hybrid", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "phishing site", "heur", "cyber threat", "unsafe", "riskware", "phishing", "bank", "service", "artemis", "team", "xtrat", "agent", "xrat", "filetour", "exploit", "conduit", "opencandy", "fusioncore", "orkut", "steam", "genkryptik", "runescape", "presenoker", "ramnit", "msil", "crack", "tofsee", "suppobox", "malicious", "simda", "vawtrak", "hotmail", "generic", "webtoolbar", "hsbc", "maltiverse", "ip summary", "url summary", "summary", "sample", "samples", "count blacklist", "tag count", "downldr", "cleaner", "iframe", "wacatac", "alexa", "win64", "swrort", "installcore", "azorult", "download", "blacknet rat", "stealer", "softcnapp", "nircmd", "unruy", "patcher", "adload", "dropper", "installpack", "tiggre", "gamehack", "trojanspy", "germany http", "attacker", "static engine", "internet storm", "center", "passive dns", "urls", "scan endpoints", "all search", "otx scoreblue", "url http", "pulse pulses", "http", "related nids" ], "references": [ "https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "object.prototype.hasownproperty.call", "hasownproperty.call", "a.default.meta.applestore.id", "applestore.id", "http://decafsmob.this.id", "id.google.com", "http://critical-system-failure7250.21ny35098453.com-bm3y-v806d9gk.cricket/", "http://git.io/yBU2rg", "critical-failure-alert2286.40ek97931491.com-4nj1ze3ivfwy.website", "https://fairspin.io/?track_id=44698569&pid=1&geo=6252001&utm_source=bonafides&utm_medium=&utm_campaign=smarttds&utm_term=incorrect_param", "http://tracking.3061331.corn10wuk.club", "http://information.7174932.cakcuk.az/tracking/tracking.php?id=8459701&page=904", "apps.apple.com/us/app/id$", "t.name", "http://e.id?e.id:e.id.getAttribute", "location.search", "https://dnsorangetel.dn2.n-helix.com", "1080p-torrent.ml", "states.app", "dev-2.ernestatech.com", "https://hybrid-analysis.com/sample/d26000dfe1137f05f9187996dc752a703000402fe9e35a8ea216e9215a34560d", "209.85.145.113 [malware]", "cdn.fuckporntube.com", "www.search.app.goo.gl", "apps.apple.com", "http://www.youtube.com/gen_204?cplatform=tablet&c=android&cver=5.6.36&cos=Android&cosver=4.4.2&cbr=com.google.android.youtube&cbrv", "https://coloradosprings.americanlisted.com/pets-animals/beautiful-ragdoll-kittens_31591993.html", "globalworker1.sol.us", "worker-m-tlcus1.sol.us" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Ireland", "Singapore" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "HSBC", "display_name": "HSBC", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "GameHack", "display_name": "GameHack", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1015, "hostname": 1309, "FileHash-MD5": 466, "FileHash-SHA1": 255, "FileHash-SHA256": 3783, "URL": 4001, "CVE": 9, "email": 3 }, "indicator_count": 10841, "is_author": false, "is_subscribing": null, "subscriber_count": 232, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6546cf78627adef6562a97aa", "name": "Browser Malware Attack", "description": "Attacking my browser to identify.\nCommand for critical failure/destruction: https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "modified": "2023-12-04T22:00:43.514000", "created": "2023-11-04T23:10:48.676000", "tags": [ "united", "facebook", "phishtank", "detection list", "ip address", "blacklist", "paypal", "cisco umbrella", "site", "alexa top", "safe site", "million", "malicious url", "malware site", "malicious site", "malware", "name verdict", "falcon sandbox", "reports no", "speci", "efr1", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "et tor", "known tor", "relayrouter", "date", "unknown", "general", "hybrid", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "phishing site", "heur", "cyber threat", "unsafe", "riskware", "phishing", "bank", "service", "artemis", "team", "xtrat", "agent", "xrat", "filetour", "exploit", "conduit", "opencandy", "fusioncore", "orkut", "steam", "genkryptik", "runescape", "presenoker", "ramnit", "msil", "crack", "tofsee", "suppobox", "malicious", "simda", "vawtrak", "hotmail", "generic", "webtoolbar", "hsbc", "maltiverse", "ip summary", "url summary", "summary", "sample", "samples", "count blacklist", "tag count", "downldr", "cleaner", "iframe", "wacatac", "alexa", "win64", "swrort", "installcore", "azorult", "download", "blacknet rat", "stealer", "softcnapp", "nircmd", "unruy", "patcher", "adload", "dropper", "installpack", "tiggre", "gamehack", "trojanspy", "germany http", "attacker", "static engine", "internet storm", "center", "passive dns", "urls", "scan endpoints", "all search", "otx scoreblue", "url http", "pulse pulses", "http", "related nids" ], "references": [ "https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "object.prototype.hasownproperty.call", "hasownproperty.call", "a.default.meta.applestore.id", "applestore.id", "http://decafsmob.this.id", "id.google.com", "http://critical-system-failure7250.21ny35098453.com-bm3y-v806d9gk.cricket/", "http://git.io/yBU2rg", "critical-failure-alert2286.40ek97931491.com-4nj1ze3ivfwy.website", "https://fairspin.io/?track_id=44698569&pid=1&geo=6252001&utm_source=bonafides&utm_medium=&utm_campaign=smarttds&utm_term=incorrect_param", "http://tracking.3061331.corn10wuk.club", "http://information.7174932.cakcuk.az/tracking/tracking.php?id=8459701&page=904", "apps.apple.com/us/app/id$", "t.name", "http://e.id?e.id:e.id.getAttribute", "location.search", "https://dnsorangetel.dn2.n-helix.com", "1080p-torrent.ml", "states.app", "dev-2.ernestatech.com", "https://hybrid-analysis.com/sample/d26000dfe1137f05f9187996dc752a703000402fe9e35a8ea216e9215a34560d", "209.85.145.113 [malware]", "cdn.fuckporntube.com", "www.search.app.goo.gl", "apps.apple.com", "http://www.youtube.com/gen_204?cplatform=tablet&c=android&cver=5.6.36&cos=Android&cosver=4.4.2&cbr=com.google.android.youtube&cbrv", "https://coloradosprings.americanlisted.com/pets-animals/beautiful-ragdoll-kittens_31591993.html", "globalworker1.sol.us", "worker-m-tlcus1.sol.us" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Ireland", "Singapore" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "HSBC", "display_name": "HSBC", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "GameHack", "display_name": "GameHack", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1015, "hostname": 1309, "FileHash-MD5": 466, "FileHash-SHA1": 255, "FileHash-SHA256": 3783, "URL": 4001, "CVE": 9, "email": 3 }, "indicator_count": 10841, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "656a97db9134b17c1f6d845b", "name": "DeepScan:Generic.Ransom.GandCrab5", "description": "", "modified": "2023-12-02T02:35:07.890000", "created": "2023-12-02T02:35:07.890000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "6541df216e018a0bce63e2a3", "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "911 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6545a25d60272bac5827f2fc", "name": "TrojanSpy", "description": "", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-04T01:46:05.174000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "6541e08c81e836438946bbbf", "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "912 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6543350c86e1299dc78bfa90", "name": "this dick", "description": "", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-02T05:35:08.226000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "6541df216e018a0bce63e2a3", "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Nicholus33", "id": "76046", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 207, "URI": 1 }, "indicator_count": 7766, "is_author": false, "is_subscribing": null, "subscriber_count": 2, "modified_text": "912 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6541e08c81e836438946bbbf", "name": "TrojanSpy", "description": "Malicious redirect. Targets individual.\n{*https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic\n*Redirects to: https://login.microsoftonline.com/jsdisabled}\n(AUTO POPULATED: A full list of findings from the Maltiverse Research Team on Malware and Exploit, as compiled by the National Security Agency (NSA), has been published on the website of Microsoft's website.)", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-01T05:22:20.519000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "912 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6541df216e018a0bce63e2a3", "name": "DeepScan:Generic.Ransom.GandCrab5", "description": "Malicious redirect. OWA? Dreaded Canary cookie? I don't know yet. Link affects individuals, corporations and edu's. \n\n{*https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic\n*Redirects to: https://login.microsoftonline.com/jsdisabled}\n(AUTO POPULATED: A full list of findings from the Maltiverse Research Team on Malware and Exploit, as compiled by the National Security Agency (NSA), has been published on the website of Microsoft's website.)", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-01T05:16:17.835000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "912 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653fd47a852cc130c72de9e5", "name": "BGP.Tools", "description": "", "modified": "2023-11-29T05:05:42.592000", "created": "2023-10-30T16:06:18.567000", "tags": [ "ssl certificate", "whois record", "referrer", "whois whois", "communicating", "relacionada", "resolutions", "historical ssl", "collections new", "family", "lolkek", "dark power", "ransomware", "play ransomware", "makop", "core", "redline stealer", "hacktool", "emotet", "quasar rat", "wiper", "ursnif", "malware", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "self", "server", "date wed", "html info", "meta tags", "name verdict", "falcon sandbox", "pattern match", "changelog", "header", "layer", "data", "ipv4", "function", "ascii text", "et tor", "known tor", "meta", "monitoring", "body", "form", "august", "june", "friendly", "main", "footer", "date", "unknown", "hybrid", "general", "local", "click", "strings", "class", "generator", "critical", "error", "njrat", "cobalt strike" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "green", "cloned_from": "653f4d0c4cca0c5f58530600", "export_count": 39, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3631, "FileHash-MD5": 45, "FileHash-SHA1": 44, "FileHash-SHA256": 1788, "CVE": 5, "domain": 543, "hostname": 1328, "CIDR": 2, "email": 1 }, "indicator_count": 7387, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "914 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f4d0c4cca0c5f58530600", "name": "BGP.Tools", "description": "BGP is a very malicious, developed spyware tool. Attorneys, insurance companies use tool. BGP Hurricane. In the past they will call target and a modem connects draining ALL content. It can CNC device, erase everything from it, manipulate dropbox as well as other clouds. Very destructive.Once you're a target your privacy is gone for good. Assertions from threat crowd that CISA/Valmet are government phishing entities concerns me. BGP gets a 100% malicious score. Listed as part of infrastructure is CISA. A familiar name in adult content and other commands, vulnerabilities,etc. I'm not sure what to believe, or what's going on.", "modified": "2023-11-29T05:05:42.592000", "created": "2023-10-30T06:28:28.160000", "tags": [ "ssl certificate", "whois record", "referrer", "whois whois", "communicating", "relacionada", "resolutions", "historical ssl", "collections new", "family", "lolkek", "dark power", "ransomware", "play ransomware", "makop", "core", "redline stealer", "hacktool", "emotet", "quasar rat", "wiper", "ursnif", "malware", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "self", "server", "date wed", "html info", "meta tags", "name verdict", "falcon sandbox", "pattern match", "changelog", "header", "layer", "data", "ipv4", "function", "ascii text", "et tor", "known tor", "meta", "monitoring", "body", "form", "august", "june", "friendly", "main", "footer", "date", "unknown", "hybrid", "general", "local", "click", "strings", "class", "generator", "critical", "error", "njrat", "cobalt strike" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3631, "FileHash-MD5": 45, "FileHash-SHA1": 44, "FileHash-SHA256": 1788, "CVE": 5, "domain": 543, "hostname": 1328, "CIDR": 2, "email": 1 }, "indicator_count": 7387, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "914 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653e92fcaf9d549477914ece", "name": "Registrar Abuse | CNC", "description": "My input: unsigned, evasive,Trojan:Win32/Danabot.G, missing STSH, CNC, phishing, trojans, scanning host, exploit host. \n\n\n[Auto populated: Last DNS records are held by a single person, and they are not the same as the previous records, which were posted in the early 1990s and early 2000s, according to the US government.]", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-29T17:14:36.780000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f04475b063d0b0d3badca", "name": "CNC | Malicious activities. | aig.com [lacks http/https]", "description": "", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-30T01:17:59.531000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "653e9147fc170101be4f7afe", "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653e9215890dfc9167d774e3", "name": "Qakbot, Qbot, Qausar | CNC", "description": "My input: unsigned, evasive,Trojan:Win32/Danabot.G, missing STSH, CNC, phishing, trojans, scanning host, exploit host. \n\n\n[Auto populated: Last DNS records are held by a single person, and they are not the same as the previous records, which were posted in the early 1990s and early 2000s, according to the US government.]", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-29T17:10:45.609000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f047d030109e1cab23db8", "name": "Qakbot, Qbot, Qausar | CNC", "description": "", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-30T01:18:53.112000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "653e9215890dfc9167d774e3", "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f04af6927f6584755d691", "name": "Registrar Abuse | CNC", "description": "", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-30T01:19:43.234000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "653e92fcaf9d549477914ece", "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653e9147fc170101be4f7afe", "name": "CNC | Malicious activities. | aig.com [lacks http/https]", "description": "My input: unsigned, evasive,Trojan:Win32/Danabot.G, missing STSH, CNC, phishing, trojans, scanning host, exploit host. \n\n\n[Auto populated: Last DNS records are held by a single person, and they are not the same as the previous records, which were posted in the early 1990s and early 2000s, according to the US government.]", "modified": "2023-11-28T16:01:50.761000", "created": "2023-10-29T17:07:19.371000", "tags": [ "ssl certificate", "whois record", "communicating", "contacted", "threat roundup", "referrer", "october", "historical ssl", "june", "august", "execution", "quasar", "metro", "android", "djvu", "qakbot", "qbot", "april", "skynet", "crypto", "awful", "record type", "ttl value", "algorithm", "data", "v3 serial", "number", "cus ou", "entrust", "oentrust", "l1k validity", "lnew york", "group", "info", "domain status", "server", "date", "registrar abuse", "new york", "postal code", "contact phone", "registrar url", "csc corporate", "domains", "code", "microsoft", "dns replication", "full name", "key algorithm", "key identifier", "subject key", "identifier", "x509v3 key", "first", "iana id", "registrar whois", "win32 exe", "files", "detections type", "name" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4115, "FileHash-MD5": 250, "FileHash-SHA1": 244, "FileHash-SHA256": 2692, "domain": 665, "hostname": 1448, "CVE": 1, "email": 3 }, "indicator_count": 9418, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "home.toshiba.com", "https://hybrid-analysis.com/sample/d26000dfe1137f05f9187996dc752a703000402fe9e35a8ea216e9215a34560d", "https://itunes.apple.com/de/app/saal-design-app/id1481631197?mt=8", "Urlscan", "ww.google.com.uy", "eg-monitoring.com", "https://monitor.rodgersmith.com", "http://emrd.gov.bd/dead.php", "owa.telegrafix.com", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://tracking.3061331.corn10wuk.club", "http://critical-system-failure7250.21ny35098453.com-bm3y-v806d9gk.cricket/", "http://watchhers.net/index.php", "happylifehappywife.com", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "apps.apple.com/us/app/id$", "https://fairspin.io/?track_id=44698569&pid=1&geo=6252001&utm_source=bonafides&utm_medium=&utm_campaign=smarttds&utm_term=incorrect_param", "critical-failure-alert2286.40ek97931491.com-4nj1ze3ivfwy.website", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "http://mincom.gov.bd/dead.php", "Maltiverse Research Team", "ThreatFox Abuse.ch", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://init-p01st.push.apple.com/bag (malicious web creator)", "location.search", "URLscan.io", "https://brandyallen.com/2022/11/23/sexy", "states.app", "209.85.145.113 [malware]", "ytq2rs56.haogfw.com", "globalworker1.sol.us", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "http://mobile.suddenlink2go.com/", "https://alohatube.xyz/search/sex-mom-dog-animal", "hasownproperty.call", "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI", "https://polling.portal.gov.bd/js/npop.script.js", "IPv4 104.247.81.51 command_and_control", "https://www.everycloudtech.com/free-mail-flow-monitor", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "https://hybrid-analysis.com/sample/9e8ce8607b7f32f6f66c8126851a55818ff775ee060d2c448679e5eb1e22ba2a", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "pornhub.com", "IPv4 95.213.186.51 command_and_control", "http://e.id?e.id:e.id.getAttribute", "dishmail.net", "Deep Research", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://applemusic-spotlight.myunidays.com/US/en-US?", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "OTX AlienVault", "https://simtk.org/projects/sv_tests (Tsara Brashears project?)", "applestore.id", "fp2e7a.wpc.2be4.phicdn.net", "IPv4 45.15.156.208 command_and_control", "greycroftpartners.com", "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ", "apps.apple.com", "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "https://www.colorfulbox.jp/", "http://cabinet.gov.bd/dead.php", "Cyber Threat Coalition", "https://coloradosprings.americanlisted.com/pets-animals/beautiful-ragdoll-kittens_31591993.html", "http://decafsmob.this.id", "http://git.io/yBU2rg", "apples.encryptedwork.com (Interesting in the blacknet)", "Hybrid Analysis", "object.prototype.hasownproperty.call", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "trkpls3.com", "https://play.google.com/store/apps/details?id=com.saaldigital.designerapp.de&hl=de", "http://m.pornsexer.xxx.3.1.adiosfil.roksit.net/", "IPv4 63.251.106.25 command_and_control", "IPv4 45.12.253.72. command_and_control", "t.name", "IPv4 72.251.233.245 command_and_control", "christ.robert@gmx.de", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "dev-2.ernestatech.com", "http://titasgas.portal.gov.bd/dead.php", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "init.ess.apple.com (malicious code script)", "20.99.186.246 exploit source", "UrlVoid", "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3", "https://polling.portal.gov.bd/js/npc.script.js", "Hostname: www.supernetforme.com command_and_control", "opencve.djgummikuh.de (CVE dispensary)", "myhughesnet.com", "https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "http://videotubeplayer.com/?groupds=1&clientId=201&productId=1407&tracking=w5JJ46MKQI493DMO1NDNTQ6K&publisher_id=", "Hostname: ddos.dnsnb8.net command_and_control", "https://www.saal-digital.de/ordercockpit/?email=christ.robert@gmx.de&ordernumber=802109030129517", "id.google.com", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic", "IPv4 103.224.182.246 command_and_control", "cdn.fuckporntube.com", "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "1080p-torrent.ml", "https://downloaddevtools.ir/ (phishing)", "https://dnsorangetel.dn2.n-helix.com", "polling.portal.gov.bd", "Any.run", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/tsara-brashears", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "http://www.youtube.com/gen_204?cplatform=tablet&c=android&cver=5.6.36&cos=Android&cosver=4.4.2&cbr=com.google.android.youtube&cbrv", "alohatube.xyz", "BEELab_web_1.0.2-prerelease.exe", "www.search.app.goo.gl", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (Phishing)", "AfraidZad.exe", "monitor.cablelan.net", "http://information.7174932.cakcuk.az/tracking/tracking.php?id=8459701&page=904", "worker-m-tlcus1.sol.us", "URLhaus Abuse.ch", "\u2193 Interesting \u2193", "a.default.meta.applestore.id" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "Lucky Mouse APT27 | NoName057(16) | Unnamed" ], "malware_families": [ "Agen.1038489", "Heur.vba.trojan", "Unsafe", "Possiblethreat.pallas", "Phish.ab", "Malwarex", "Ransom:win32/cve-2017-0147", "Riskware", "Pua.gen", "Gen:variant.symmi", "Dropper.trojan.agent", "W32.aidetectvm", "Gen:variant.ser.strictor", "Trojan.trickbot", "Behaveslike.exploit", "Autoit.bimwt", "Fake ,promethiumm ,strongpity", "Rms", "Gamehack.dom", "Trojanspy.java", "Blacknet", "Malicious.moderate.ml", "Inmortal", "Js:trojan.cryxos", "Malicious.11abfc", "Gen:variant.midie", "Macro.trojan.dropperd", "Wannacry", "Trojan.tasker", "Gen:variant.kazy", "Trojan.python", "Evo", "Risktool.phpw", "Gen:heur.msil.inject", "Trojan.trickster", "Ransom.win64.pornoasset.sm1", "Script.inf", "Gen:heur.ransom.hiddentears", "Heur:backdoor.msil.nanobot", "Redcap.rlhse", "Pws-fczz", "Heur:exploit.generic", "Nanocore rat", "Artemis", "Heur.bzc.yax.pantera.10", "Maltiverse", "Opensubtitles.a", "Azorult", "Heur/qvm42.3.72eb.malware", "Agen.1141126", "Vb.emooodldr.10", "Gen:variant.sirefef", "Trojan:vba/downldr", "Html:script", "Bscope.riskware", "Injector.is.gen", "Heur:webtoolbar.generic", "Suspicious.cloud", "Trojan.generic", "Dropper.msil", "Trojan.vbkryjetor", "Noname057", "Agen.1144657", "Ait.heur.cottonmouth.8.78f19bd7", "Gen:nn.zemsilf.34062", "Generic.trickbot.1", "Gen:heur.ransom.msil", "Trojan.notifier", "Gen:trojan.heur2.lptbhw@w64.hfsautob", "Trojan.indiloadz", "Redcap.vneda", "Trojan.pws", "Linux.agent", "Heur:trojan.msoffice.sagent", "Trojan.killproc", "Malicious.8c45ba", "Backdoor.msil.agent", "Webmonitor rat", "Downloader.certutilurlcache", "Gen:heur.msil.androm", "Adware.downware", "Ransom_wcry.smj", "Trojan.chapak", "Hsbc", "Icefog", "Generic.malware.smyb", "Hacktool.binder", "Hoax.js.phish", "Adload.ad81", "Gamehack.nl", "Domains", "Generic.servstart.a", "Suspicious.save", "Js:trojan.js.faceliker", "Ghandi", "Malicious.f01f67", "Trojan.wisdomeyes.16070401.9500", "Trojan.msil", "W32.aidetect", "Kryptik.nrd", "Kuluoz.b.gen", "Script.agent", "Downldr.gen", "Agen.1043164", "Snh:script [dropper]", "Wannacry kill switch", "Trojan.inject", "Phish.jat", "Suspicious_gen.f47v0520", "Trojanspy", "Quasar rat", "Packed-gv", "Njrat - s0385", "Program.unwanted", "Behaveslike.ransom", "Heur:trojan.linux.agent", "Trojan.doc.downloader", "Gen:variant.msilperseus", "Gen:heur.noobyprotect", "Trojan.agent", "Trojan.psw.mimikatz", "Malicious.6e0700", "Agent.nbae", "Systweak", "Dangerousobject.multi", "Trojan:linux/downldr", "Vb:trojan.valyria", "Js:trojan.clicker", "Trojan.script", "Ransom.win64.wacatac.oa", "Heur:adware.startsurf", "Ml.generic", "Malicious.high.ml", "Spyware.bobik", "Js:iframe", "Gen:variant.razy", "Faceliker.a", "Phishing.html", "Gen:variant.graftor", "Trojan.malware.300983", "Trojan.starter js.iframe", "Gen:nn.zemsilf.34128", "Riskware.netfilter", "Trojan:msil/burkina", "Smokeloader", "Troj_frs.vsntfk19", "Ransom.wannacrypt", "Agent.pwc", "Unsafe.ai_score_100%", "Js:trojan.hidelink", "Dropper.trojan.generic", "Swort", "Virus.virut", "Malware.heur_generic.a", "States", "Dropped:generic.ransom.dmr", "Trojandownloader:linux/downldr", "Xegumumune.8596c22f", "Application.sqlcrack", "Html_redir.smr", "Psw.discord", "Zbd zeus", "Wannacryptor", "Trojan.delshad", "Constructor.msil linux.agent", "Exploit cve-2017-11882", "Trojan.js.agent", "Virus.ramnit", "Immortal stealer", "Sgeneric", "Malicious.71b1a8", "Gen:nn.zexaf.32515", "Generic.msil.limerat", "Psw.agent", "Generic", "Generic.malware", "Tsgeneric", "Dridex", "Hw32.packed", "Pws.p", "Generic.msil.grwtpstealer.1", "Hacktool.bruteforce", "Auslogics", "Backdoor.hupigon", "Generic.msil.passwordstealer", "Packed.themida.gen", "Injector.clds", "Suspicious.low.ml", "Agenttesla", "Apt notes", "Trojan:win32/wacatac", "Gen:nn", "Formbook", "Hack.patcher", "Detplock", "Trojan.pws.agent", "Bladabindi.q", "Trojan.androm.gen", "Trojan.heur", "Dropper.binder", "Xlm.trojan.abracadabra.27", "Kraddare", "Vb.emodldr.4", "Kryptik.fph.gen", "Packed.asprotect", "Virus.3dmax.script", "Trojan.psw.python", "W32.eheur", "Exploit.w32.agent", "Ramnit.n", "Malicious.d800d6", "Python.keylogger", "Powershell.downloader", "Bscope.trojan", "Constructor.msil", "Agent.ypez", "Exploit.msoffice", "Heur:trojan.msil.tasker", "Pua.reg1staid", "Beach research", "Vb:trojan.vba.agent", "Generic.asmalws", "Black.gen2", "Indiloadz.bb", "Vb.pwshell.2", "Delf.nbx", "Gen:variant.johnnie", "Powershell.trojan", "Redline stealer", "Trojan.vba", "Kryptik.noe", "Injector.jdo", "Trojan.pws.growtopia", "Cve-2015-1650", "Trojan.ransom.generickd", "Gen:variant.barys", "Dldr.agent", "Bazaar loader", "Malicious.3e78cc", "Trojanspy.python", "Gen:variant.jaiko", "Js:trojan.js.likejack", "Trojan.pornoasset", "Cil.stupidcryptor", "Filerepmalware", "Qvm201.0.b70b.malware", "Alf:heraklezeval:pua:win32/spyrixkeylogger", "Deepscan:generic.ransom.amnesiae", "Application.searchprotect", "Heur:remoteadmin.generic", "Backdoor.rbot", "Racoon stealer", "Worm:vbs/dapato", "Backdoor.xtreme", "Trojan.wanna", "Vba.downloader", "Emotet", "Tscope.trojan", "Gamehack.crs", "Redcap.zoohz", "Gamehack", "Deepscan:generic.spyagent.6", "Agen.1045227", "Trojanspy.keylogger", "Wacatac.d6", "$webwatson", "Trickbot - s0266", "Exploit.cve", "Packed.vmprotect", "Agen.1030939", "Heur:trojan.msoffice.alien", "Gen:variant.cerbu", "Heur.msword.gen", "Virus.office.qexvmc", "Trojan.html.phish", "Suspected of trojan.downloader.gen", "Heur:trojan.ole2.alien", "Trojan.win64", "Trojan:python/downldr", "Tor - s0183", "Vb.chronos.7", "Worm.win64.autorun", "Pwsx", "Msil.downloader", "Susp.lnk", "Nemucod.a", "W32.trojan", "Silk road", "Loki password stealer (pws)", "Blacknet rat", "Gen:variant.bulz", "Locky", "Webtoolbar", "Trojan.cud.gen", "Troj_gen.r002c0og518", "Backdoor.androm", "Gen:variant.ursu", "Zpevdo.b", "Trojan.java", "Staticrr.paleokits.net", "Riskware.crack", "Application.innovativsol", "Adware.installmonetizer", "Vb.downloader.2", "Trojan.php.agent", "Sdbot.caoc", "Generic.bitcoinminer.3", "Riskware.agent", "Gen:variant.ulise", "Ransomexx", "Skynet", "Index.php", "Suppobox", "Agent.aso", "Malware.tk.generic", "Backdoor.poison", "Gen:variant.revengerat", "Riskware.hacktool.agent", "Trojan.ekstak", "Scrinject.b", "Generic.msil.bladabindi", "Cil.heapoverride", "Trojan.malware.121218", "Loki bot", "Elf", "Susp.rtf.objupdate", "Presenoker", "Heur:trojan.tasker", "Wacapew.c", "Kryptik.gucb", "Agent.aik.gen", "Agent.aik.gencil.stupidcryptor", "Adware.kuzitui", "Trojan.downloader.generic", "S-b748adc5", "Macro.agent", "Gen:variant.mikey", "Psw.stealer", "Hall render", "Trojan.autoruns.generickds", "Redline", "Heur/qvm41.2.da9b.malware", "Deepscan:generic.ransom.gandcrab5", "Il:trojan.msilzilla", "Gen:variant.zusy", "Trojan.msil.injector", "Heur:trojan.msoffice.stratos", "Trojan.packednet", "Msil.trojan.bse", "Ransom_wcry.smalym", "Packed.netseal", "Backdoor.agent", "Trojan.ole2.vbs", "Feodo", "Behavbehaveslike.pupxbi", "Macro.downloader.amip", "Hacktool.cheatengine" ], "industries": [ "Medical", "Health", "Nutritional", "Medicine" ], "unique_indicators": 129434 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/trafficmanager.cn", "whois": "http://whois.domaintools.com/trafficmanager.cn", "domain": "trafficmanager.cn", "hostname": "cn.portal.processsimple.trafficmanager.cn" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 38, "pulses": [ { "id": "69e434769e2a43c088066ca2", "name": "Kraddare \u2022 Agent Tesla \u2022 CVE Jar clone credit octoseek", "description": "", "modified": "2026-05-19T00:09:08.840000", "created": "2026-04-19T01:48:38.335000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" }, { "id": "Kraddare", "display_name": "Kraddare", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "green", "cloned_from": "654a7a53317c717d1f4fee7f", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "12 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc2ceaf9989ac75c80ac68", "name": "Credit [ty] OctoSeek - please follow them [Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server] - this post is so true", "description": "", "modified": "2026-05-07T06:24:09.569000", "created": "2026-05-07T06:10:50.373000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c597a4a45c8d84f0b15c1", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2927, "domain": 627, "hostname": 1320, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10755, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc2ce920f63f0ab26c6871", "name": "Credit [ty] OctoSeek - please follow them [Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server] - this post is so true", "description": "", "modified": "2026-05-07T06:22:38.844000", "created": "2026-05-07T06:10:49.008000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c597a4a45c8d84f0b15c1", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2927, "domain": 627, "hostname": 1320, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10755, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580c17e69371b34a573f72", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:59.619000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580c1516990d69644fb3d0", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:57.372000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 100, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65574cbe6bdbe24ecb170b24", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:34.083000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 102, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65574cb4447c8d87ad85fa75", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:24.343000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65551682899b039e02b8dc8a", "name": "Apple | iOS | Automated Attacks | Resource Hijacking | Google Tracker", "description": "Boot or Logon Autostart Execution\nCommand and Scripting Interpreter\nAutomated Collection\nWebToolbar \nAmazon rsa\nAmazon02\nAmazon S3\nPrivilege Abuse\nRetaliation", "modified": "2023-12-15T18:02:25.356000", "created": "2023-11-15T19:05:38.437000", "tags": [ "strong", "saal digital", "photo portal", "daten", "support", "saal", "bersicht", "informationen", "profis", "rabatte fr", "service", "heur", "malware", "cisco umbrella", "adware", "safe site", "malware site", "malicious site", "phishing site", "alexa top", "million", "tiggre", "presenoker", "agent", "opencandy", "conduit", "unsafe", "wacatac", "artemis", "phishing", "iframe", "installpack", "xrat", "fusioncore", "riskware", "acint", "nircmd", "swrort", "downldr", "systweak", "behav", "crack", "genkryptik", "exploit", "filetour", "cleaner", "webtoolbar", "trojanspy", "get fdm", "ms windows", "pe32", "intel", "search", "show", "united", "entries", "systemdrive", "program files", "installer", "write", "delphi", "next", "june", "win32", "copy", "pixel", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "variables", "langpage string", "lang", "saalgroup", "creoletohtml", "chat", "reverse dns", "resource", "general full", "asn16509", "amazon02", "url https", "security tls", "protocol h2", "hash", "get h2", "main", "request chain", "http", "de redirected", "http redirect", "site", "malicious url", "blacklist https", "domain", "screenshot", "windows nt", "win64", "khtml", "gecko", "amazons3", "aes128gcm", "amazon rsa", "aes256", "date", "name verdict", "pattern match", "root ca", "script", "done adding", "catalog file", "file", "indicator", "authority", "class", "mitre att", "meta", "unknown", "error", "hybrid", "accept", "general", "local", "click", "strings", "generator", "critical", "refresh", "tools", "null", "body", "create c", "html document", "xport", "noname057", "generic malware", "generic", "dapato", "alexa", "installcore", "downloader", "dropper", "outbreak", "iobit", "mediaget", "azorult", "runescape", "facebook", "bank", "download", "live", "rms", "maltiverse", "cyber threat", "engineering", "services", "malicious host", "malicious", "team", "zeus", "nymaim", "zbot", "simda", "asyncrat", "cobalt strike", "ransomware", "matsnu", "cutwail", "citadel", "pykspa", "raccoon", "kronos", "ramnit", "redline stealer", "apple", "apple", "html info", "title saal", "meta tags", "trackers google", "tag manager", "gtm5wjlq2", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "self", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "hostname", "anonymizer", "firehol", "mail spammer", "team proxy", "kraken", "suppobox", "tofsee", "vawtrak", "hotmail", "netsky", "stealer", "blacknet rat", "remcos", "miner", "hacktool", "trojan", "detplock", "team phishing", "a nxdomain", "passive dns", "scan endpoints", "all octoseek", "pulse pulses", "urls", "files", "ip address", "all search", "otx octoseek", "files ip", "contacted", "whois record", "ssl certificate", "pe resource", "bundled", "attack", "parent", "historical ssl", "collections", "communicating", "emotet", "execution", "markmonitor inc", "vhash", "authentihash", "imphash", "ssdeep", "win32 exe", "magic pe32", "trid win32", "archive", "valid", "serial number", "valid from", "valid usage", "code signing", "status status", "valid issuer", "assured id", "issuer issuer", "symantec sha256", "sections", "file type", "trid generic", "cil executable", "contained", "details module", "version id", "typelib id", "header target", "machine intel", "utc entry", "point", "sections name", "streams size", "entropy chi2", "guid", "blob", "namecheap", "ip detections", "country", "resolutions", "referrer", "whois whois", "threat roundup", "parent domain", "CVE-2023-22518", "CVE-2017-0143", "CVE-2017-0147", "CVE-2020-0601", "CVE-2017-8570", "CVE-2018-4893", "CVE-2017-11882", "CVE-2017-0199", "CVE-2014-3153", "W32.AIDetectNet.01", "trojan.adload/ursu", "targeting tsara brashears", "cybercrime", "privilege escalation", "defacement", "privilege abuse", "soc", "red team", "social engineering", "retaliation", "assault victim", "obsession" ], "references": [ "https://hybrid-analysis.com/sample/9e8ce8607b7f32f6f66c8126851a55818ff775ee060d2c448679e5eb1e22ba2a", "https://www.saal-digital.de/ordercockpit/?email=christ.robert@gmx.de&ordernumber=802109030129517", "\u2193 Interesting \u2193", "owa.telegrafix.com", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (Phishing)", "christ.robert@gmx.de", "https://simtk.org/projects/sv_tests (Tsara Brashears project?)", "https://itunes.apple.com/de/app/saal-design-app/id1481631197?mt=8", "https://play.google.com/store/apps/details?id=com.saaldigital.designerapp.de&hl=de", "BEELab_web_1.0.2-prerelease.exe", "AfraidZad.exe", "https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic", "greycroftpartners.com", "http://videotubeplayer.com/?groupds=1&clientId=201&productId=1407&tracking=w5JJ46MKQI493DMO1NDNTQ6K&publisher_id=", "trkpls3.com", "eg-monitoring.com", "http://m.pornsexer.xxx.3.1.adiosfil.roksit.net/", "https://twitter.com/PORNO_SEXYBABES" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Netherlands", "Italy", "Singapore", "France", "Germany", "Korea, Republic of" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "RMS", "display_name": "RMS", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 82, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 841, "FileHash-SHA1": 467, "FileHash-SHA256": 6370, "CVE": 9, "domain": 2160, "hostname": 3074, "email": 1, "URL": 6550, "SSLCertFingerprint": 1, "CIDR": 3 }, "indicator_count": 19476, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "897 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655516871038cbad9eae2bb7", "name": "Apple | iOS | Automated Attacks | Resource Hijacking | Google Tracker", "description": "Boot or Logon Autostart Execution\nCommand and Scripting Interpreter\nAutomated Collection\nWebToolbar \nAmazon rsa\nAmazon02\nAmazon S3\nPrivilege Abuse\nRetaliation", "modified": "2023-12-15T18:02:25.356000", "created": "2023-11-15T19:05:43.285000", "tags": [ "strong", "saal digital", "photo portal", "daten", "support", "saal", "bersicht", "informationen", "profis", "rabatte fr", "service", "heur", "malware", "cisco umbrella", "adware", "safe site", "malware site", "malicious site", "phishing site", "alexa top", "million", "tiggre", "presenoker", "agent", "opencandy", "conduit", "unsafe", "wacatac", "artemis", "phishing", "iframe", "installpack", "xrat", "fusioncore", "riskware", "acint", "nircmd", "swrort", "downldr", "systweak", "behav", "crack", "genkryptik", "exploit", "filetour", "cleaner", "webtoolbar", "trojanspy", "get fdm", "ms windows", "pe32", "intel", "search", "show", "united", "entries", "systemdrive", "program files", "installer", "write", "delphi", "next", "june", "win32", "copy", "pixel", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "variables", "langpage string", "lang", "saalgroup", "creoletohtml", "chat", "reverse dns", "resource", "general full", "asn16509", "amazon02", "url https", "security tls", "protocol h2", "hash", "get h2", "main", "request chain", "http", "de redirected", "http redirect", "site", "malicious url", "blacklist https", "domain", "screenshot", "windows nt", "win64", "khtml", "gecko", "amazons3", "aes128gcm", "amazon rsa", "aes256", "date", "name verdict", "pattern match", "root ca", "script", "done adding", "catalog file", "file", "indicator", "authority", "class", "mitre att", "meta", "unknown", "error", "hybrid", "accept", "general", "local", "click", "strings", "generator", "critical", "refresh", "tools", "null", "body", "create c", "html document", "xport", "noname057", "generic malware", "generic", "dapato", "alexa", "installcore", "downloader", "dropper", "outbreak", "iobit", "mediaget", "azorult", "runescape", "facebook", "bank", "download", "live", "rms", "maltiverse", "cyber threat", "engineering", "services", "malicious host", "malicious", "team", "zeus", "nymaim", "zbot", "simda", "asyncrat", "cobalt strike", "ransomware", "matsnu", "cutwail", "citadel", "pykspa", "raccoon", "kronos", "ramnit", "redline stealer", "apple", "apple", "html info", "title saal", "meta tags", "trackers google", "tag manager", "gtm5wjlq2", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "self", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "hostname", "anonymizer", "firehol", "mail spammer", "team proxy", "kraken", "suppobox", "tofsee", "vawtrak", "hotmail", "netsky", "stealer", "blacknet rat", "remcos", "miner", "hacktool", "trojan", "detplock", "team phishing", "a nxdomain", "passive dns", "scan endpoints", "all octoseek", "pulse pulses", "urls", "files", "ip address", "all search", "otx octoseek", "files ip", "contacted", "whois record", "ssl certificate", "pe resource", "bundled", "attack", "parent", "historical ssl", "collections", "communicating", "emotet", "execution", "markmonitor inc", "vhash", "authentihash", "imphash", "ssdeep", "win32 exe", "magic pe32", "trid win32", "archive", "valid", "serial number", "valid from", "valid usage", "code signing", "status status", "valid issuer", "assured id", "issuer issuer", "symantec sha256", "sections", "file type", "trid generic", "cil executable", "contained", "details module", "version id", "typelib id", "header target", "machine intel", "utc entry", "point", "sections name", "streams size", "entropy chi2", "guid", "blob", "namecheap", "ip detections", "country", "resolutions", "referrer", "whois whois", "threat roundup", "parent domain", "CVE-2023-22518", "CVE-2017-0143", "CVE-2017-0147", "CVE-2020-0601", "CVE-2017-8570", "CVE-2018-4893", "CVE-2017-11882", "CVE-2017-0199", "CVE-2014-3153", "W32.AIDetectNet.01", "trojan.adload/ursu", "targeting tsara brashears", "cybercrime", "privilege escalation", "defacement", "privilege abuse", "soc", "red team", "social engineering", "retaliation", "assault victim", "obsession" ], "references": [ "https://hybrid-analysis.com/sample/9e8ce8607b7f32f6f66c8126851a55818ff775ee060d2c448679e5eb1e22ba2a", "https://www.saal-digital.de/ordercockpit/?email=christ.robert@gmx.de&ordernumber=802109030129517", "\u2193 Interesting \u2193", "owa.telegrafix.com", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (Phishing)", "christ.robert@gmx.de", "https://simtk.org/projects/sv_tests (Tsara Brashears project?)", "https://itunes.apple.com/de/app/saal-design-app/id1481631197?mt=8", "https://play.google.com/store/apps/details?id=com.saaldigital.designerapp.de&hl=de", "BEELab_web_1.0.2-prerelease.exe", "AfraidZad.exe", "https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic", "greycroftpartners.com", "http://videotubeplayer.com/?groupds=1&clientId=201&productId=1407&tracking=w5JJ46MKQI493DMO1NDNTQ6K&publisher_id=", "trkpls3.com", "eg-monitoring.com", "http://m.pornsexer.xxx.3.1.adiosfil.roksit.net/", "https://twitter.com/PORNO_SEXYBABES" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Netherlands", "Italy", "Singapore", "France", "Germany", "Korea, Republic of" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "RMS", "display_name": "RMS", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 83, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 841, "FileHash-SHA1": 467, "FileHash-SHA256": 6370, "CVE": 9, "domain": 2160, "hostname": 3074, "email": 1, "URL": 6550, "SSLCertFingerprint": 1, "CIDR": 3 }, "indicator_count": 19476, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "897 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65568ab12429c394dc4b91ea", "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go", "description": "", "modified": "2023-12-14T15:03:30.417000", "created": "2023-11-16T21:33:37.838000", "tags": [ "united", "blacklist", "malicious site", "mail spammer", "detection list", "cisco umbrella", "site", "safe site", "malware", "phishing site", "heur", "malware site", "alexa top", "million", "unsafe", "artemis", "riskware", "conduit", "agent", "opencandy", "xtrat", "iframe", "cleaner", "team", "installpack", "xrat", "tiggre", "presenoker", "fusioncore", "wacatac", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "crack", "softcnapp", "trojanspy", "maltiverse", "falcon sandbox", "pattern match", "root ca", "authority", "class", "script", "ascii text", "mitre att", "localappdata", "temp", "ck id", "date", "unknown", "generator", "critical", "error", "meta", "hybrid", "general", "local", "click", "strings", "expiressun", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pt3uc1", "path", "movies", "watch", "html info", "meta tags", "suddenlink tv", "trackers amazon", "pt3rc1", "whois record", "whois whois", "ssl certificate", "historical", "historical ssl", "referrer", "communicating", "dropped", "contacted", "apple ios", "hacktool", "metro", "malicious", "crypto", "installer", "attack", "awful", "brian sabey", "aig", "civicaIg", "tracking", "password crack", "tulach", "target tsara brashears", "tylerknott", "att", "monitoring", "spyware", "spying", "cybercrime", "tulach", "hughesnet", "ios", "toshiba", "attack", "malvertizing", "cyber stalking", "porn", "pornhub" ], "references": [ "http://mobile.suddenlink2go.com/", "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3", "https://applemusic-spotlight.myunidays.com/US/en-US?", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "myhughesnet.com", "dishmail.net", "home.toshiba.com", "ytq2rs56.haogfw.com", "pornhub.com", "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI", "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ", "monitor.cablelan.net", "https://monitor.rodgersmith.com", "https://www.everycloudtech.com/free-mail-flow-monitor" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "6553b88c316cfb531b9c4c10", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 144, "FileHash-SHA1": 179, "FileHash-SHA256": 4528, "CVE": 7, "domain": 2024, "hostname": 3556, "URL": 10455 }, "indicator_count": 20893, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "899 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://cn.portal.processsimple.trafficmanager.cn", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://cn.portal.processsimple.trafficmanager.cn", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780246552.8138185 }