{ "type": "URL", "indicator": "https://comm.hunter.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://comm.hunter.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3390935766, "indicator": "https://comm.hunter.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "65c5e50dda752af9eab50933", "name": "Side 3 Studios Pegasus Attack Denver, Co \u2022 SkyNet BotNetwork", "description": "Pegasus abuse by an alleged legal team with the malware hosting DGA domain https://hallrender.com. Related to an ongoing attack by a M.Brian Sabey who has fixated on a non criminal target. It's frightening to see the carelessness of the Cellebrite tool at work. \nAccording to all written accounts Side 3 provides services to Grammy award winning, nominated and aspiring artists. If you're heard of them , they've recorded there. There is evidence of music file transfers possibly, illegally sold to well known artist. This may have been done without knowledge of studio representatives. More likely by a hacker who boldly informed.", "modified": "2024-03-10T08:03:07.690000", "created": "2024-02-09T08:40:45.976000", "tags": [ "malware", "pegasus", "cellbrite", "targets sa", "survivor", "referrer", "contacted urls", "contacted", "whois record", "hr rtd", "execution", "ssl certificate", "communicating", "skynet", "malicious", "csc corporate", "domains", "code", "t services", "date", "saint louis", "server", "registrar abuse", "whois lookups", "tech email", "threat roundup", "july", "march", "june", "files", "august", "phishing", "service", "amadey", "blacknet rat", "roundup", "magecart", "powershell", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "gmt vary", "gmt connection", "link", "studio", "side", "studios", "downtown denver", "colorado", "studios og", "html info", "title denver", "studios meta", "tags og", "hallrender", "mark brian sabey", "tulach", "passive dns", "urls", "scan endpoints", "all octoseek", "hostname", "pulse submit", "url analysis", "domain", "files ip", "united", "as36646 oath", "unknown", "body doctype", "yahoo title", "x ua", "ieedge chrome1", "possible", "as19137 epsilon", "ipv4", "pulse pulses", "body", "headers nel", "contentencoding", "connection", "access control", "search", "address", "domain robot", "record value", "next", "parking crew", "tracking", "tsara brashears", "targeting", "as20940", "aaaa", "as714 apple", "as16625 akamai", "win32mydoom feb", "name servers", "as6185 apple", "creation date", "trojan", "virtool", "worm", "servers", "expiration date", "moved", "certificate", "showing", "entries" ], "references": [ "adsl-074-168-130-217.sip.pns.bellsouth.net", "http://auditrage.top/Rossmaansywh/tb.php?wmtvjltu", "https://www.cibc.ca/en/personal-banking/bank-accounts/savings-accounts/bonus-savings.htm", "http://iv-u15.com/category/uncensored-leaked [ BitDefender: Porn \u2022 Xcitium: Verdict Cloud illegal software \u2022 Forcepoint: ThreatSeeker adult content]", "Found in: https://side3.com/ \u2022 https://side3.com/wp-json/ \u2022 https://side3.com/wp-json/wp/v2/pages/9 \u2022 https://side3.com/xmlrpc.php \u2022 side3.com \u2022 https://side3.com/wp-content/uploads/2015/07/favicon.ico.gif \u2022 https://www.facebook.com/side3studios", "CnC IP's: 20.103.85.33 \u2022 213.91.128.13 \u2022 74.6.143.25 \u2022 74.6.143.26 \u2022 74.6.231.20 \u2022 74.6.231.21", "https://otx.alienvault.com/indicator/ip/74.6.231.21", "nr-data.net [Apple Private Data Collection]", "https://www.assurant.com/?utm_source=email&utm_medium=email&utm_campaign=Mobile_Transactional_withad&utm_content=Deductible+Charge+Acknowledgement+PD-MB&utm_term= [Tracking. Transactional agreement]", "mail.secure2.store.apple.com [vprsecure.com \u2022 Worm:Win32/Mydoom]" ], "public": 1, "adversary": "NSO GROUP", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "Pegasus", "display_name": "Pegasus", "target": null }, { "id": "Tulach", "display_name": "Tulach", "target": null }, { "id": "Sabey", "display_name": "Sabey", "target": null }, { "id": "AMADEY", "display_name": "AMADEY", "target": null }, { "id": "HallRender", "display_name": "HallRender", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Possible", "display_name": "Possible", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null } ], "attack_ids": [ { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3263, "FileHash-MD5": 133, "FileHash-SHA1": 125, "FileHash-SHA256": 2596, "domain": 1168, "hostname": 1877, "CVE": 2, "email": 6 }, "indicator_count": 9170, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "770 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708d7edae64c19a8b55097", "name": "https://web.archive.org/web/*/https://cloudflare-ipfs.com/ipfs/", "description": "", "modified": "2023-12-06T15:04:30.727000", "created": "2023-12-06T15:04:30.727000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1194, "domain": 211, "hostname": 628, "URL": 945 }, "indicator_count": 2978, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657081ba0df0b5e6590b26fb", "name": "www.dominionvoting.com:%22 ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:14:18.256000", "created": "2023-12-06T14:14:18.256000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 776, "hostname": 131, "domain": 114, "URL": 500, "CIDR": 2, "FileHash-MD5": 9 }, "indicator_count": 1532, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570807c9521659aacb5668a", "name": "gainpower.org ~ Voting Rights Non-profit", "description": "", "modified": "2023-12-06T14:09:00.527000", "created": "2023-12-06T14:09:00.527000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1159, "hostname": 816, "domain": 263, "URL": 2550, "CIDR": 5, "FileHash-MD5": 45, "FileHash-SHA1": 3 }, "indicator_count": 4841, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62787c48325ab8f3160860cb", "name": "https://web.archive.org/web/*/https://cloudflare-ipfs.com/ipfs/", "description": "", "modified": "2022-06-08T00:03:25.734000", "created": "2022-05-09T02:28:24.504000", "tags": [ "date", "found", "network traffic", "wayback machine", "search", "sign", "donate", "friday", "upload", "upload user", "texts", "books video", "video audio", "corefoundation", "foundation", "qos user", "interactive", "qos default", "cfnetwork", "initiated", "identifier", "adam id", "is first", "twitter" ], "references": [ "https://web.archive.org/web/*/https://cloudflare-ipfs.com/ipfs/bafkreibf4rnl3oeoaavx66es2e4dth4hofqxjdmy5o3zxkvaxktak5bngq?g=https://%7Bcid%7D.ipfs.nftstorage.link/&c=bafkreiczfkzcz4pqoghjdk6prm7vtv4ccbsxzrtav5pdwpcijaniajxjqi&c=bafkreift2cqgbltqci7f2wt5tpclmffqrelymsrlg4arc4jf5ti7baj3mm&c=bafkreifdjwbl7pi4js6qw2nvwqzap2esb6k4rksokwu2vsad5ywjdjb4ja&c=bafkreifo7jrbdw25kbdli27bavvm5yqdloykagrusikkfcjwpv62yygite&c=bafkreif44lgcpn6tbghqc7d33wgavdoug6xj5246adskkes3fpnplabynu&c=bafkreieon4agc72kxd4dlcmgzigthhgkmf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 945, "FileHash-SHA256": 1194, "domain": 211, "hostname": 628 }, "indicator_count": 2978, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1411 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622f48cc0bd48e976e5bb3d8", "name": "hartintercivic.com/voting-solutions/verityoverview/\", ~ 12.16.2020", "description": "", "modified": "2022-04-13T00:01:48.292000", "created": "2022-03-14T13:53:16.010000", "tags": [], "references": [ "www.hartintercivic.com:voting-solutions:verityoverview:%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 211, "URL": 475, "domain": 51, "FileHash-SHA256": 666, "CIDR": 5, "FileHash-MD5": 33 }, "indicator_count": 1441, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1467 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622f4e31f684c1b5185ef47b", "name": "www.dominionvoting.com:%22 ~ 03.01.2022", "description": "", "modified": "2022-04-13T00:01:48.292000", "created": "2022-03-14T14:16:17.170000", "tags": [], "references": [ "www.dominionvoting.com:%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 131, "URL": 501, "domain": 114, "FileHash-SHA256": 776, "CIDR": 2, "FileHash-MD5": 9 }, "indicator_count": 1533, "is_author": false, "is_subscribing": null, "subscriber_count": 408, "modified_text": "1467 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622271b1360810e486ae6510", "name": "gainpower.org ~ Voting Rights Non-profit", "description": "", "modified": "2022-04-03T00:00:55.161000", "created": "2022-03-04T20:08:17.351000", "tags": [], "references": [ "gainpower.org.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "NGO" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 816, "URL": 2550, "domain": 263, "FileHash-SHA256": 1159, "CIDR": 5, "FileHash-MD5": 45, "FileHash-SHA1": 3 }, "indicator_count": 4841, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1477 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://web.archive.org/web/*/https://cloudflare-ipfs.com/ipfs/bafkreibf4rnl3oeoaavx66es2e4dth4hofqxjdmy5o3zxkvaxktak5bngq?g=https://%7Bcid%7D.ipfs.nftstorage.link/&c=bafkreiczfkzcz4pqoghjdk6prm7vtv4ccbsxzrtav5pdwpcijaniajxjqi&c=bafkreift2cqgbltqci7f2wt5tpclmffqrelymsrlg4arc4jf5ti7baj3mm&c=bafkreifdjwbl7pi4js6qw2nvwqzap2esb6k4rksokwu2vsad5ywjdjb4ja&c=bafkreifo7jrbdw25kbdli27bavvm5yqdloykagrusikkfcjwpv62yygite&c=bafkreif44lgcpn6tbghqc7d33wgavdoug6xj5246adskkes3fpnplabynu&c=bafkreieon4agc72kxd4dlcmgzigthhgkmf", "http://auditrage.top/Rossmaansywh/tb.php?wmtvjltu", "www.dominionvoting.com:%22,.pdf", "gainpower.org.pdf", "nr-data.net [Apple Private Data Collection]", "www.hartintercivic.com:voting-solutions:verityoverview:%22,.pdf", "Found in: https://side3.com/ \u2022 https://side3.com/wp-json/ \u2022 https://side3.com/wp-json/wp/v2/pages/9 \u2022 https://side3.com/xmlrpc.php \u2022 side3.com \u2022 https://side3.com/wp-content/uploads/2015/07/favicon.ico.gif \u2022 https://www.facebook.com/side3studios", "https://www.cibc.ca/en/personal-banking/bank-accounts/savings-accounts/bonus-savings.htm", "https://www.assurant.com/?utm_source=email&utm_medium=email&utm_campaign=Mobile_Transactional_withad&utm_content=Deductible+Charge+Acknowledgement+PD-MB&utm_term= [Tracking. Transactional agreement]", "CnC IP's: 20.103.85.33 \u2022 213.91.128.13 \u2022 74.6.143.25 \u2022 74.6.143.26 \u2022 74.6.231.20 \u2022 74.6.231.21", "https://otx.alienvault.com/indicator/ip/74.6.231.21", "mail.secure2.store.apple.com [vprsecure.com \u2022 Worm:Win32/Mydoom]", "http://iv-u15.com/category/uncensored-leaked [ BitDefender: Porn \u2022 Xcitium: Verdict Cloud illegal software \u2022 Forcepoint: ThreatSeeker adult content]", "adsl-074-168-130-217.sip.pns.bellsouth.net" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "NSO GROUP" ], "malware_families": [ "Pegasus", "Skynet", "Hallrender", "Sabey", "Blacknet rat", "Emotet", "Amadey", "Tulach", "Possible" ], "industries": [ "Government", "Ngo" ], "unique_indicators": 19259 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/hunter.com", "whois": "http://whois.domaintools.com/hunter.com", "domain": "hunter.com", "hostname": "comm.hunter.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "65c5e50dda752af9eab50933", "name": "Side 3 Studios Pegasus Attack Denver, Co \u2022 SkyNet BotNetwork", "description": "Pegasus abuse by an alleged legal team with the malware hosting DGA domain https://hallrender.com. Related to an ongoing attack by a M.Brian Sabey who has fixated on a non criminal target. It's frightening to see the carelessness of the Cellebrite tool at work. \nAccording to all written accounts Side 3 provides services to Grammy award winning, nominated and aspiring artists. If you're heard of them , they've recorded there. There is evidence of music file transfers possibly, illegally sold to well known artist. This may have been done without knowledge of studio representatives. More likely by a hacker who boldly informed.", "modified": "2024-03-10T08:03:07.690000", "created": "2024-02-09T08:40:45.976000", "tags": [ "malware", "pegasus", "cellbrite", "targets sa", "survivor", "referrer", "contacted urls", "contacted", "whois record", "hr rtd", "execution", "ssl certificate", "communicating", "skynet", "malicious", "csc corporate", "domains", "code", "t services", "date", "saint louis", "server", "registrar abuse", "whois lookups", "tech email", "threat roundup", "july", "march", "june", "files", "august", "phishing", "service", "amadey", "blacknet rat", "roundup", "magecart", "powershell", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "gmt vary", "gmt connection", "link", "studio", "side", "studios", "downtown denver", "colorado", "studios og", "html info", "title denver", "studios meta", "tags og", "hallrender", "mark brian sabey", "tulach", "passive dns", "urls", "scan endpoints", "all octoseek", "hostname", "pulse submit", "url analysis", "domain", "files ip", "united", "as36646 oath", "unknown", "body doctype", "yahoo title", "x ua", "ieedge chrome1", "possible", "as19137 epsilon", "ipv4", "pulse pulses", "body", "headers nel", "contentencoding", "connection", "access control", "search", "address", "domain robot", "record value", "next", "parking crew", "tracking", "tsara brashears", "targeting", "as20940", "aaaa", "as714 apple", "as16625 akamai", "win32mydoom feb", "name servers", "as6185 apple", "creation date", "trojan", "virtool", "worm", "servers", "expiration date", "moved", "certificate", "showing", "entries" ], "references": [ "adsl-074-168-130-217.sip.pns.bellsouth.net", "http://auditrage.top/Rossmaansywh/tb.php?wmtvjltu", "https://www.cibc.ca/en/personal-banking/bank-accounts/savings-accounts/bonus-savings.htm", "http://iv-u15.com/category/uncensored-leaked [ BitDefender: Porn \u2022 Xcitium: Verdict Cloud illegal software \u2022 Forcepoint: ThreatSeeker adult content]", "Found in: https://side3.com/ \u2022 https://side3.com/wp-json/ \u2022 https://side3.com/wp-json/wp/v2/pages/9 \u2022 https://side3.com/xmlrpc.php \u2022 side3.com \u2022 https://side3.com/wp-content/uploads/2015/07/favicon.ico.gif \u2022 https://www.facebook.com/side3studios", "CnC IP's: 20.103.85.33 \u2022 213.91.128.13 \u2022 74.6.143.25 \u2022 74.6.143.26 \u2022 74.6.231.20 \u2022 74.6.231.21", "https://otx.alienvault.com/indicator/ip/74.6.231.21", "nr-data.net [Apple Private Data Collection]", "https://www.assurant.com/?utm_source=email&utm_medium=email&utm_campaign=Mobile_Transactional_withad&utm_content=Deductible+Charge+Acknowledgement+PD-MB&utm_term= [Tracking. Transactional agreement]", "mail.secure2.store.apple.com [vprsecure.com \u2022 Worm:Win32/Mydoom]" ], "public": 1, "adversary": "NSO GROUP", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "Pegasus", "display_name": "Pegasus", "target": null }, { "id": "Tulach", "display_name": "Tulach", "target": null }, { "id": "Sabey", "display_name": "Sabey", "target": null }, { "id": "AMADEY", "display_name": "AMADEY", "target": null }, { "id": "HallRender", "display_name": "HallRender", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Possible", "display_name": "Possible", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null } ], "attack_ids": [ { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3263, "FileHash-MD5": 133, "FileHash-SHA1": 125, "FileHash-SHA256": 2596, "domain": 1168, "hostname": 1877, "CVE": 2, "email": 6 }, "indicator_count": 9170, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "770 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708d7edae64c19a8b55097", "name": "https://web.archive.org/web/*/https://cloudflare-ipfs.com/ipfs/", "description": "", "modified": "2023-12-06T15:04:30.727000", "created": "2023-12-06T15:04:30.727000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1194, "domain": 211, "hostname": 628, "URL": 945 }, "indicator_count": 2978, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657081ba0df0b5e6590b26fb", "name": "www.dominionvoting.com:%22 ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:14:18.256000", "created": "2023-12-06T14:14:18.256000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 776, "hostname": 131, "domain": 114, "URL": 500, "CIDR": 2, "FileHash-MD5": 9 }, "indicator_count": 1532, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570807c9521659aacb5668a", "name": "gainpower.org ~ Voting Rights Non-profit", "description": "", "modified": "2023-12-06T14:09:00.527000", "created": "2023-12-06T14:09:00.527000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1159, "hostname": 816, "domain": 263, "URL": 2550, "CIDR": 5, "FileHash-MD5": 45, "FileHash-SHA1": 3 }, "indicator_count": 4841, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62787c48325ab8f3160860cb", "name": "https://web.archive.org/web/*/https://cloudflare-ipfs.com/ipfs/", "description": "", "modified": "2022-06-08T00:03:25.734000", "created": "2022-05-09T02:28:24.504000", "tags": [ "date", "found", "network traffic", "wayback machine", "search", "sign", "donate", "friday", "upload", "upload user", "texts", "books video", "video audio", "corefoundation", "foundation", "qos user", "interactive", "qos default", "cfnetwork", "initiated", "identifier", "adam id", "is first", "twitter" ], "references": [ "https://web.archive.org/web/*/https://cloudflare-ipfs.com/ipfs/bafkreibf4rnl3oeoaavx66es2e4dth4hofqxjdmy5o3zxkvaxktak5bngq?g=https://%7Bcid%7D.ipfs.nftstorage.link/&c=bafkreiczfkzcz4pqoghjdk6prm7vtv4ccbsxzrtav5pdwpcijaniajxjqi&c=bafkreift2cqgbltqci7f2wt5tpclmffqrelymsrlg4arc4jf5ti7baj3mm&c=bafkreifdjwbl7pi4js6qw2nvwqzap2esb6k4rksokwu2vsad5ywjdjb4ja&c=bafkreifo7jrbdw25kbdli27bavvm5yqdloykagrusikkfcjwpv62yygite&c=bafkreif44lgcpn6tbghqc7d33wgavdoug6xj5246adskkes3fpnplabynu&c=bafkreieon4agc72kxd4dlcmgzigthhgkmf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 945, "FileHash-SHA256": 1194, "domain": 211, "hostname": 628 }, "indicator_count": 2978, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1411 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622f48cc0bd48e976e5bb3d8", "name": "hartintercivic.com/voting-solutions/verityoverview/\", ~ 12.16.2020", "description": "", "modified": "2022-04-13T00:01:48.292000", "created": "2022-03-14T13:53:16.010000", "tags": [], "references": [ "www.hartintercivic.com:voting-solutions:verityoverview:%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 211, "URL": 475, "domain": 51, "FileHash-SHA256": 666, "CIDR": 5, "FileHash-MD5": 33 }, "indicator_count": 1441, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1467 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622f4e31f684c1b5185ef47b", "name": "www.dominionvoting.com:%22 ~ 03.01.2022", "description": "", "modified": "2022-04-13T00:01:48.292000", "created": "2022-03-14T14:16:17.170000", "tags": [], "references": [ "www.dominionvoting.com:%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 131, "URL": 501, "domain": 114, "FileHash-SHA256": 776, "CIDR": 2, "FileHash-MD5": 9 }, "indicator_count": 1533, "is_author": false, "is_subscribing": null, "subscriber_count": 408, "modified_text": "1467 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622271b1360810e486ae6510", "name": "gainpower.org ~ Voting Rights Non-profit", "description": "", "modified": "2022-04-03T00:00:55.161000", "created": "2022-03-04T20:08:17.351000", "tags": [], "references": [ "gainpower.org.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "NGO" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 816, "URL": 2550, "domain": 263, "FileHash-SHA256": 1159, "CIDR": 5, "FileHash-MD5": 45, "FileHash-SHA1": 3 }, "indicator_count": 4841, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1477 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://comm.hunter.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://comm.hunter.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776638498.3184876 }