{
"type": "URL",
"indicator": "https://de.4.alphawars.com",
"general": {
"sections": [
"general",
"url_list",
"http_scans",
"screenshot"
],
"indicator": "https://de.4.alphawars.com",
"type": "url",
"type_title": "URL",
"validation": [],
"base_indicator": {
"id": 3772633688,
"indicator": "https://de.4.alphawars.com",
"type": "URL",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 50,
"pulses": [
{
"id": "68e2bb5d9ee8577ab5519f2c",
"name": "Meritshealth with DoD links? ",
"description": "",
"modified": "2026-01-13T00:05:56.401000",
"created": "2025-10-05T18:39:25.286000",
"tags": [
"gtmk5nxqc6",
"utc amazon",
"utc na",
"acceptencoding",
"gmt contenttype",
"connection",
"true pragma",
"gmt setcookie",
"httponly",
"gmt vary",
"nc000000 up",
"html document",
"unicode text",
"utf8 text",
"oc0006 http",
"http traffic",
"https http",
"mitre att",
"control ta0011",
"protocol t1071",
"match info",
"t1573 severity",
"info",
"number",
"ja3s",
"algorithm",
"azure rsa",
"tls issuing",
"cus subject",
"stwa lredmond",
"cnmicrosoft ecc",
"update secure",
"server ca",
"omicrosoft cus",
"get http",
"dns resolutions",
"registrar",
"markmonitor inc",
"country",
"resolver domain",
"type name",
"html",
"apnic",
"apnic whois",
"please",
"rirs",
"cidr",
"learn",
"ck id",
"name tactics",
"suspicious",
"informative",
"command",
"adversaries",
"development att",
"name tactics",
"binary file",
"ck matrix",
"wheelchair",
"iamrobert",
"pattern match",
"ascii text",
"href",
"united",
"general",
"local",
"path",
"encrypt",
"click",
"passive dns",
"urls",
"files",
"reverse dns",
"netherlands",
"present aug",
"a domains",
"moved",
"first pqc",
"ip address",
"unknown ns",
"unknown aaaa",
"title",
"body",
"meta",
"window",
"accept",
"body doctype",
"welcome",
"ok server",
"gmt content",
"present jul",
"present sep",
"aaaa",
"hostname",
"error",
"defense evasion",
"windows nt",
"response",
"vary",
"strings",
"core",
"t1027.013 encrypted/encoded",
"michelin lazy k",
"prefetch8",
"flag",
"date",
"starfield",
"hybrid",
"mobility cr",
"extraction",
"data upload",
"include",
"o url",
"url url",
"included i0",
"review ioc",
"excluded ic",
"suggested",
"find sugi",
"failed",
"cre pul",
"enter",
"enter sc",
"type",
"enric",
"extra",
"type opaste",
"data u",
"included",
"copy md5",
"copy sha1",
"copy sha256",
"null",
"refresh",
"tools",
"look",
"verify",
"restart",
"t1480 execution",
"expiration",
"url https",
"no expiration",
"iocs",
"ipv4",
"text drag",
"drop or",
"browse to",
"select file",
"redacted for",
"server",
"privacy tech",
"privacy admin",
"postal code",
"stateprovince",
"organization",
"email",
"code",
"quantum rooms",
"sam somalia",
"emp",
"porn",
"media defense",
"gov porn",
"suck my nips",
"reimer suspect",
"jeffrey reimer",
"dod",
"department of defense",
"show",
"date checked",
"url hostname",
"server response",
"google safe",
"results may",
"entries http",
"scans record",
"value status",
"sabey type",
"merits fake",
"y.a.s.",
"pornography",
"ramsom"
],
"references": [
"https://www.meritshealth.com/ Defense.Gov Mobility Co? ",
"zeroeyes.host \u2022 media.defense.gov \u2022 defense.gov \u2022 23.222.155.67",
"https://media.defense.gov/2022/Mar/17/2002958406/-1/-1/1/SUMMARY-OF-THE-JOINT-ALL-DOMAIN-COMMAND-AND-CONTROL-STRATEGY.pdf",
"https://media.defense.gov/2020/jun/09/2002313081/-1/-1/0/csi-detect-and-prevent-web-shell-malware-20200422.pdf",
"https://rto.bappam.eu/ai-n2cdl/mirai-2025-ven5k-telugu-movie-watch-online.html",
"https://pornokind.vgt.pl \u2022 https://cdn2.video.itsyourporn.com",
"https://webcams.itsyourporn.com/ \u2022 https://members.itsyourporn.com/",
"https://pics-storage-1.pornhat.com/contents/albums/main/1920x1080/135000/135855/9537375.jp",
"https://static.pornhat.com/contents/videos_screenshots/642000/642793/640x360/1.jpg",
"https://d1rozh26tys225.cloudfront.net/robot-suspicion.svg (mobility company no one has heard of)",
"https://www2.itsyourporn.com/license.php \u2022 https://www.lovephoto.tw/members",
"https://members.engine.com/login \u2022 https://members.engine.com/payment-details/220210",
"https://www-pornocarioca-com.sexogratis.page/videos/bbb/ex",
"https://media.defense.gov/2024/sep/18/2003547016/-1/-1/0/csa-prc-linked-actors-botnet.pdf",
"https://maisexo-com.putaria.info/casting \u2022 https://contosadultos-club.sexogratis.page/tudo",
"https://meumundogay-com.sexogratis.page/locker",
"https://es.pornhat.com/models/the-sex-creator/",
"Dear US Government, the man who assaulted targets name is Jeffrey Scott Reimer of Chester Springs, PA",
"Can the DoD no questions asked target a SA victim",
"Red Team Abuse? Starfield ? DoD? You need a real criminal Jeffrey Reimer.",
"There\u2019s a problem with terrorizing victims, relatives of, associates of and stealing their property intellectual or otherwise",
"socialmedia \u2022 socialmedia.defense.gov \u2022 static.defense.gov",
"There is fear in silence or speaking out",
"Target left unattended by anyone in a hospital except a security guard. Hospital refused care. Ignored rare brain incident from high cervical & brain assault injuries aggravated by car accident.",
"3-4 Police presence. 25 + hospital employees prepped radiology room. No one left room so was it for her?",
"If someone is believed to be a threat they have right to due process.",
"Infectious Disease UC Health denied target medication they said she needed as questionable liquid seeped into her brain.",
"She was a researcher not a hacker. A mother not a criminal. Most talented and least impressed person I have ever known.",
"Remarks online \u2018 T\u2019*#^^ is not a runner\u2019 a size 00 broke two track records at a major universities.",
"Honestly, you\u2019ve never seen or met her no many how many people you\u2019ve sent out. That\u2019s why you quiz.",
"ftp.iamrobert.com ? \u2022 https://www.meritshealth.com/templates/iamrobert/fonts/Graphik-Regular.eot",
"iamrobert.com Y.A.S.",
"1.2016 M.Brian Sabey filed a complaint about? Jeffrey Reimer refused Lie detector test and False memory exam",
"Target agreed and complied with all lie detector measures.",
"Is the family allowed to have a funeral for Tsara or print an obituary",
"No, they put Tsara in her mom\u2019s obituary, she couldn\u2019t grieve, she had to take it down.",
"I am very upset. Whoever is doing this is sick."
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "APNIC",
"display_name": "APNIC",
"target": null
},
{
"id": "Malware",
"display_name": "Malware",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1069",
"name": "Permission Groups Discovery",
"display_name": "T1069 - Permission Groups Discovery"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1480",
"name": "Execution Guardrails",
"display_name": "T1480 - Execution Guardrails"
},
{
"id": "T1553",
"name": "Subvert Trust Controls",
"display_name": "T1553 - Subvert Trust Controls"
},
{
"id": "T1566",
"name": "Phishing",
"display_name": "T1566 - Phishing"
},
{
"id": "T1568",
"name": "Dynamic Resolution",
"display_name": "T1568 - Dynamic Resolution"
},
{
"id": "T1583",
"name": "Acquire Infrastructure",
"display_name": "T1583 - Acquire Infrastructure"
},
{
"id": "T1069.002",
"name": "Domain Groups",
"display_name": "T1069.002 - Domain Groups"
},
{
"id": "T1071.001",
"name": "Web Protocols",
"display_name": "T1071.001 - Web Protocols"
},
{
"id": "T1583.001",
"name": "Domains",
"display_name": "T1583.001 - Domains"
},
{
"id": "TA0042",
"name": "Resource Development",
"display_name": "TA0042 - Resource Development"
},
{
"id": "TA0005",
"name": "Defense Evasion",
"display_name": "TA0005 - Defense Evasion"
},
{
"id": "T1553.002",
"name": "Code Signing",
"display_name": "T1553.002 - Code Signing"
},
{
"id": "T1528",
"name": "Steal Application Access Token",
"display_name": "T1528 - Steal Application Access Token"
},
{
"id": "T1071.004",
"name": "DNS",
"display_name": "T1071.004 - DNS"
},
{
"id": "T1113",
"name": "Screen Capture",
"display_name": "T1113 - Screen Capture"
},
{
"id": "T1590",
"name": "Gather Victim Network Information",
"display_name": "T1590 - Gather Victim Network Information"
},
{
"id": "T1591",
"name": "Gather Victim Org Information",
"display_name": "T1591 - Gather Victim Org Information"
},
{
"id": "T1132",
"name": "Data Encoding",
"display_name": "T1132 - Data Encoding"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1457",
"name": "Malicious Media Content",
"display_name": "T1457 - Malicious Media Content"
},
{
"id": "T1562.001",
"name": "Disable or Modify Tools",
"display_name": "T1562.001 - Disable or Modify Tools"
},
{
"id": "T1562.004",
"name": "Disable or Modify System Firewall",
"display_name": "T1562.004 - Disable or Modify System Firewall"
},
{
"id": "T1089",
"name": "Disabling Security Tools",
"display_name": "T1089 - Disabling Security Tools"
},
{
"id": "T1562.008",
"name": "Disable Cloud Logs",
"display_name": "T1562.008 - Disable Cloud Logs"
},
{
"id": "T1125",
"name": "Video Capture",
"display_name": "T1125 - Video Capture"
},
{
"id": "T1056.003",
"name": "Web Portal Capture",
"display_name": "T1056.003 - Web Portal Capture"
},
{
"id": "T1512",
"name": "Capture Camera",
"display_name": "T1512 - Capture Camera"
},
{
"id": "T1180",
"name": "Screensaver",
"display_name": "T1180 - Screensaver"
}
],
"industries": [],
"TLP": "white",
"cloned_from": "68e2b14d83bb63502feac65e",
"export_count": 17,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1365,
"URL": 11172,
"hostname": 2780,
"FileHash-MD5": 381,
"FileHash-SHA256": 4420,
"FileHash-SHA1": 338,
"CIDR": 4,
"SSLCertFingerprint": 24,
"CVE": 1,
"email": 1
},
"indicator_count": 20486,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 139,
"modified_text": "96 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68e2b14d83bb63502feac65e",
"name": "Did the \u2018real\u2019 DoD kill Targets wheelchair as promised? It\u2019s alive again.",
"description": "I\u2019d never think the DoD would be found when researching a wheelchair company NO ONE has ever heard of in this region. \n\nA wheelchair was ordered for target early spring, it was received in early summer. \n\nSettings became a crazy mess. Suspicion was immediate as a toothless tech tried to identify if dealing w/target by birth year , quizzing, fear tactics (doomsday wheelchair) , familiar Then warns about EMP attacks against wheelchair? His son is a hacker (gamer) + software engineer. He left not knowing if target status after quizzing tech knowledge? I intentionally verbalized the truth , target was a very early adopter of Ruby & Ruby on Rails & everything tech, he dropped his tools & left breaking the arm of wheelchair. New tech needed. Later denies ever being a mobility technician. They killed a new wheelchair. Why?. You\u2019re allowed to donate your equipment Vets & uninsured NEED mobility equipment. Stop the craziness. Is it possible gamer hackers are riding the DoD w/o their knowledge?",
"modified": "2026-01-07T00:00:30.717000",
"created": "2025-10-05T17:56:29.109000",
"tags": [
"gtmk5nxqc6",
"utc amazon",
"utc na",
"acceptencoding",
"gmt contenttype",
"connection",
"true pragma",
"gmt setcookie",
"httponly",
"gmt vary",
"nc000000 up",
"html document",
"unicode text",
"utf8 text",
"oc0006 http",
"http traffic",
"https http",
"mitre att",
"control ta0011",
"protocol t1071",
"match info",
"t1573 severity",
"info",
"number",
"ja3s",
"algorithm",
"azure rsa",
"tls issuing",
"cus subject",
"stwa lredmond",
"cnmicrosoft ecc",
"update secure",
"server ca",
"omicrosoft cus",
"get http",
"dns resolutions",
"registrar",
"markmonitor inc",
"country",
"resolver domain",
"type name",
"html",
"apnic",
"apnic whois",
"please",
"rirs",
"cidr",
"learn",
"ck id",
"name tactics",
"suspicious",
"informative",
"command",
"adversaries",
"development att",
"name tactics",
"binary file",
"ck matrix",
"wheelchair",
"iamrobert",
"pattern match",
"ascii text",
"href",
"united",
"general",
"local",
"path",
"encrypt",
"click",
"passive dns",
"urls",
"files",
"reverse dns",
"netherlands",
"present aug",
"a domains",
"moved",
"first pqc",
"ip address",
"unknown ns",
"unknown aaaa",
"title",
"body",
"meta",
"window",
"accept",
"body doctype",
"welcome",
"ok server",
"gmt content",
"present jul",
"present sep",
"aaaa",
"hostname",
"error",
"defense evasion",
"windows nt",
"response",
"vary",
"strings",
"core",
"t1027.013 encrypted/encoded",
"michelin lazy k",
"prefetch8",
"flag",
"date",
"starfield",
"hybrid",
"mobility cr",
"extraction",
"data upload",
"include",
"o url",
"url url",
"included i0",
"review ioc",
"excluded ic",
"suggested",
"find sugi",
"failed",
"cre pul",
"enter",
"enter sc",
"type",
"enric",
"extra",
"type opaste",
"data u",
"included",
"copy md5",
"copy sha1",
"copy sha256",
"null",
"refresh",
"tools",
"look",
"verify",
"restart",
"t1480 execution",
"expiration",
"url https",
"no expiration",
"iocs",
"ipv4",
"text drag",
"drop or",
"browse to",
"select file",
"redacted for",
"server",
"privacy tech",
"privacy admin",
"postal code",
"stateprovince",
"organization",
"email",
"code",
"quantum rooms",
"sam somalia",
"emp",
"porn",
"media defense",
"gov porn",
"suck my nips",
"reimer suspect",
"jeffrey reimer",
"dod",
"department of defense",
"show",
"date checked",
"url hostname",
"server response",
"google safe",
"results may",
"entries http",
"scans record",
"value status",
"sabey type",
"merits fake",
"y.a.s.",
"pornography",
"ramsom"
],
"references": [
"https://www.meritshealth.com/ Defense.Gov Mobility Co? ",
"zeroeyes.host \u2022 media.defense.gov \u2022 defense.gov \u2022 23.222.155.67",
"https://media.defense.gov/2022/Mar/17/2002958406/-1/-1/1/SUMMARY-OF-THE-JOINT-ALL-DOMAIN-COMMAND-AND-CONTROL-STRATEGY.pdf",
"https://media.defense.gov/2020/jun/09/2002313081/-1/-1/0/csi-detect-and-prevent-web-shell-malware-20200422.pdf",
"https://rto.bappam.eu/ai-n2cdl/mirai-2025-ven5k-telugu-movie-watch-online.html",
"https://pornokind.vgt.pl \u2022 https://cdn2.video.itsyourporn.com",
"https://webcams.itsyourporn.com/ \u2022 https://members.itsyourporn.com/",
"https://pics-storage-1.pornhat.com/contents/albums/main/1920x1080/135000/135855/9537375.jp",
"https://static.pornhat.com/contents/videos_screenshots/642000/642793/640x360/1.jpg",
"https://d1rozh26tys225.cloudfront.net/robot-suspicion.svg (mobility company no one has heard of)",
"https://www2.itsyourporn.com/license.php \u2022 https://www.lovephoto.tw/members",
"https://members.engine.com/login \u2022 https://members.engine.com/payment-details/220210",
"https://www-pornocarioca-com.sexogratis.page/videos/bbb/ex",
"https://media.defense.gov/2024/sep/18/2003547016/-1/-1/0/csa-prc-linked-actors-botnet.pdf",
"https://maisexo-com.putaria.info/casting \u2022 https://contosadultos-club.sexogratis.page/tudo",
"https://meumundogay-com.sexogratis.page/locker",
"https://es.pornhat.com/models/the-sex-creator/",
"Dear US Government, the man who assaulted targets name is Jeffrey Scott Reimer of Chester Springs, PA",
"Can the DoD no questions asked target a SA victim",
"Red Team Abuse? Starfield ? DoD? You need a real criminal Jeffrey Reimer.",
"There\u2019s a problem with terrorizing victims, relatives of, associates of and stealing their property intellectual or otherwise",
"socialmedia \u2022 socialmedia.defense.gov \u2022 static.defense.gov",
"There is fear in silence or speaking out",
"Target left unattended by anyone in a hospital except a security guard. Hospital refused care. Ignored rare brain incident from high cervical & brain assault injuries aggravated by car accident.",
"3-4 Police presence. 25 + hospital employees prepped radiology room. No one left room so was it for her?",
"If someone is believed to be a threat they have right to due process.",
"Infectious Disease UC Health denied target medication they said she needed as questionable liquid seeped into her brain.",
"She was a researcher not a hacker. A mother not a criminal. Most talented and least impressed person I have ever known.",
"Remarks online \u2018 T\u2019*#^^ is not a runner\u2019 a size 00 broke two track records at a major universities.",
"Honestly, you\u2019ve never seen or met her no many how many people you\u2019ve sent out. That\u2019s why you quiz.",
"ftp.iamrobert.com ? \u2022 https://www.meritshealth.com/templates/iamrobert/fonts/Graphik-Regular.eot",
"iamrobert.com Y.A.S.",
"1.2016 M.Brian Sabey filed a complaint about? Jeffrey Reimer refused Lie detector test and False memory exam",
"Target agreed and complied with all lie detector measures.",
"Is the family allowed to have a funeral for Tsara or print an obituary",
"No, they put Tsara in her mom\u2019s obituary, she couldn\u2019t grieve, she had to take it down.",
"I am very upset. Whoever is doing this is sick."
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "APNIC",
"display_name": "APNIC",
"target": null
},
{
"id": "Malware",
"display_name": "Malware",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1069",
"name": "Permission Groups Discovery",
"display_name": "T1069 - Permission Groups Discovery"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1480",
"name": "Execution Guardrails",
"display_name": "T1480 - Execution Guardrails"
},
{
"id": "T1553",
"name": "Subvert Trust Controls",
"display_name": "T1553 - Subvert Trust Controls"
},
{
"id": "T1566",
"name": "Phishing",
"display_name": "T1566 - Phishing"
},
{
"id": "T1568",
"name": "Dynamic Resolution",
"display_name": "T1568 - Dynamic Resolution"
},
{
"id": "T1583",
"name": "Acquire Infrastructure",
"display_name": "T1583 - Acquire Infrastructure"
},
{
"id": "T1069.002",
"name": "Domain Groups",
"display_name": "T1069.002 - Domain Groups"
},
{
"id": "T1071.001",
"name": "Web Protocols",
"display_name": "T1071.001 - Web Protocols"
},
{
"id": "T1583.001",
"name": "Domains",
"display_name": "T1583.001 - Domains"
},
{
"id": "TA0042",
"name": "Resource Development",
"display_name": "TA0042 - Resource Development"
},
{
"id": "TA0005",
"name": "Defense Evasion",
"display_name": "TA0005 - Defense Evasion"
},
{
"id": "T1553.002",
"name": "Code Signing",
"display_name": "T1553.002 - Code Signing"
},
{
"id": "T1528",
"name": "Steal Application Access Token",
"display_name": "T1528 - Steal Application Access Token"
},
{
"id": "T1071.004",
"name": "DNS",
"display_name": "T1071.004 - DNS"
},
{
"id": "T1113",
"name": "Screen Capture",
"display_name": "T1113 - Screen Capture"
},
{
"id": "T1590",
"name": "Gather Victim Network Information",
"display_name": "T1590 - Gather Victim Network Information"
},
{
"id": "T1591",
"name": "Gather Victim Org Information",
"display_name": "T1591 - Gather Victim Org Information"
},
{
"id": "T1132",
"name": "Data Encoding",
"display_name": "T1132 - Data Encoding"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1457",
"name": "Malicious Media Content",
"display_name": "T1457 - Malicious Media Content"
},
{
"id": "T1562.001",
"name": "Disable or Modify Tools",
"display_name": "T1562.001 - Disable or Modify Tools"
},
{
"id": "T1562.004",
"name": "Disable or Modify System Firewall",
"display_name": "T1562.004 - Disable or Modify System Firewall"
},
{
"id": "T1089",
"name": "Disabling Security Tools",
"display_name": "T1089 - Disabling Security Tools"
},
{
"id": "T1562.008",
"name": "Disable Cloud Logs",
"display_name": "T1562.008 - Disable Cloud Logs"
},
{
"id": "T1125",
"name": "Video Capture",
"display_name": "T1125 - Video Capture"
},
{
"id": "T1056.003",
"name": "Web Portal Capture",
"display_name": "T1056.003 - Web Portal Capture"
},
{
"id": "T1512",
"name": "Capture Camera",
"display_name": "T1512 - Capture Camera"
},
{
"id": "T1180",
"name": "Screensaver",
"display_name": "T1180 - Screensaver"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 1,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1328,
"URL": 9931,
"hostname": 2621,
"FileHash-MD5": 381,
"FileHash-SHA256": 4360,
"FileHash-SHA1": 338,
"CIDR": 4,
"SSLCertFingerprint": 24,
"CVE": 1,
"email": 1
},
"indicator_count": 18989,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 139,
"modified_text": "102 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6846860ee9b4faefae8d4cf9",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:58:22.091000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6846860a0c5ff214f345717c",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:58:17.902000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68468511340fb7ba8eeb7aae",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:54:09.116000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6846850783baea1a6beb7e71",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. I won\u2019t be surprised if OTX cannot pull the threat. My account isn\u2019t allowing me full permissions. \n\n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:53:59.933000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68468505ee31db44fe063e82",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:53:57.123000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68468501eb091ae414509121",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:53:53.417000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 137,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68468500f573317422968c7c",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:53:52.404000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 137,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65caca061fbb7674de86ec7b",
"name": "Invicta Stealer",
"description": "Invicta Stealer is equipped to steal data from most locations of a system which makes it a dangerous threat.\nLink found in https://house.mo.com",
"modified": "2024-03-14T01:01:47.115000",
"created": "2024-02-13T01:46:46.969000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"historical ssl",
"resolutions",
"communicating",
"whois whois",
"subdomains",
"referrer",
"problems",
"core",
"startpage",
"june",
"passive dns",
"urls",
"domain",
"otx telemetry",
"body",
"gmt content",
"x adblock",
"scan endpoints",
"all octoseek",
"hostname",
"date",
"encrypt",
"threat roundup",
"october",
"november",
"march",
"february",
"apple ios",
"april",
"tsara brashears",
"copy",
"hacktool",
"phishing",
"metro",
"crypto",
"installer",
"awful",
"united",
"unknown",
"germany unknown",
"search",
"servers",
"registrar",
"name servers",
"status",
"next",
"moved",
"address",
"creation date",
"showing",
"ipv4",
"pulse submit",
"url analysis",
"accept",
"aaaa",
"record type",
"ttl value",
"html document",
"ascii text",
"anchor hrefs",
"hrefs",
"anchor",
"anchor href",
"threat",
"paste",
"iocs",
"analyze",
"hostnames",
"url https",
"sample",
"server",
"code",
"registry domain",
"dnssec",
"registrar url",
"registrar whois",
"iana id",
"registrar abuse",
"tech email",
"fake update",
"utilizes new",
"idat loader",
"stealc",
"urls http",
"isadultno",
"adposbottom",
"adformatplain",
"adnetworks",
"quasar rat",
"ip detections",
"country",
"cellbrite",
"execution",
"pegasus",
"malware",
"agent tesla",
"attack",
"ukraine",
"silent",
"invicta stealer",
"redline stealer",
"orcus rat",
"files",
"germany asn",
"as196763",
"a domains",
"redacted for",
"record value",
"for privacy",
"emails",
"name",
"contacted urls",
"bundled",
"de indicators",
"domains",
"hashes",
"gmbh version",
"status page",
"service privacy",
"legal",
"impressum",
"pulse pulses",
"location united",
"open",
"cookie",
"customer",
"0 report",
"sea alt",
"certificate",
"#targeting",
"#discordwallets",
"house.mo.gov"
],
"references": [
"https://www.facebooksunglassshop.com/",
"CVE-2017-0147 \u2022 CVE-2023-4966 \u2022 CVE-2023-22518",
"https://ispy-official.com/ X Cache: Redirect from cloudfront Via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net CloudFront X Amz Cf",
"Pop: HIO50 C1 X Amz Cf Id: Jt aBPO2nI3Nt D0E4nzqpun66btDLhJ41kQwhDASrIukoWyUOWE1w==",
"apple.com-auth.eu [Find apple] | https://applemusic-spotlight.myunidays.com/US/en-US? [compromise via apple media]",
"http://init-p01st.push.apple.com/bag [= Google.com.uy modified browser - malicious] apple.com-auth.eu \u2022 appleid.apple.com-auth.eu\u2022",
"https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635 [apple media compromise. Pega behavior?]",
"all-live.secure2storeapple.xxianzi.com \u2022 https://www.symbios.pk/apple-ipod-5-32gb",
"http://m.xiang5.com/keyword/17655.html&ht=%E9%98%BF%E6%BD%BC%E5%B0%8F%E8%AF%B4%E5%9C%A8%E7%BA%BF%E9%98%85%E8%AF%BB%E5%85%8D%E8%B4%B9%E9%98%85%E8%AF%BB_%E9%98%BF%E6%BD%BC%E5%B0%8F%E8%AF%B4%E5%9C%A8%E7%BA%BF%E9%98%85%E8%AF%BB%E5%85%A8%E6%9C%AC%E6%97%A0%E5%BC%B9%E7%AA%97-%E9%A6%99%E7%BD%91%E5%B0%8F%E8%AF%B4%E6%89%8B%E6%9C%BA%E7%89%88&uaddr=https:/www.sogou.com/link?url=58p16RfDRLtDzo-0AEmfJoGs8rDRUEq4ejjohgXqBYnQGuHk6xSRXg..&h=1080&w=1920&cd=24&lg=zh-CN&ua=mozilla/5.0%20(windows%20nt%2010.0;%20win64;%20x64)%20",
"Tracking: mailtrack.io \u2022 nr-data.net \u2022 tracking.bullseyeedu.com \u2022 https://smtp.mail.pentrack.com \u2022 tracking.vetsindexes.com",
"Remote threats: http://watchhers.net/index.php \u2022 http://eye.infunvip.com/appinterface/other/login.remote",
"https://plussizedesi.com/wp-content/uploads/2022/07/SniperGhostWarrior2BlackBox_Version_Download_INSTALL.pdf",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [ iOS unlocker & password decryption]",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ [ phishing \u2022 apple collection]",
"https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net",
"wallpapers-nature.com",
"https://wallpapers-nature.com/%20tsara-brashears/urlscan-io",
"https://wallpapers-nature.com/tsara-brashears/urlscan-io",
"hello-world-mute-unit-3072.a-rahimi-farahani.workers.dev",
"edgedl.me.gvt1.com",
"Link found in https://house.mo.com"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Invicta Stealer",
"display_name": "Invicta Stealer",
"target": null
},
{
"id": "HackTool",
"display_name": "HackTool",
"target": null
},
{
"id": "Quasar RAT",
"display_name": "Quasar RAT",
"target": null
},
{
"id": "Pegasus",
"display_name": "Pegasus",
"target": null
},
{
"id": "RedLine Stealer",
"display_name": "RedLine Stealer",
"target": null
},
{
"id": "Orcus RAT",
"display_name": "Orcus RAT",
"target": null
},
{
"id": "Silent",
"display_name": "Silent",
"target": null
}
],
"attack_ids": [],
"industries": [
"Government",
"Civil Society",
"Technology"
],
"TLP": "white",
"cloned_from": null,
"export_count": 65,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 153,
"FileHash-SHA1": 145,
"FileHash-SHA256": 3848,
"CVE": 3,
"URL": 8291,
"domain": 2541,
"hostname": 3034,
"email": 13
},
"indicator_count": 18028,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "766 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65bca8fcbe62297d71b47c33",
"name": "Ragnar Locker",
"description": "\u2022 FBI Flash CU-000163-MW: RagnarLocker Ransomware Indicators of Compromise\n\u2022 Found in https://www.Esurance.com\n 108.26.193.165\nAS 701 (UUNET)\n\u2022108.26.193.165 Postal Code: 02465 Reverse Domain Lookup: pool-108-26-193-165.bstnma.fios.verizon.net \n| Ragnar Locker is ransomware for Windows and Linux that exfiltrates information from a compromised machine, encrypts files using the Salsa20 encryption algorithm, and demands that victims pay a ransom to recover their data. The Ragnar Locker group is known to employ a double extortion tactic.",
"modified": "2024-03-03T08:00:03.432000",
"created": "2024-02-02T08:34:04.425000",
"tags": [
"referrer",
"contacted",
"whois record",
"ssl certificate",
"whois whois",
"contacted urls",
"execution",
"historical ssl",
"red team",
"gang breached",
"agent tesla",
"redline stealer",
"metro",
"android",
"urls url",
"files",
"kgs0",
"kls0",
"orgtechhandle",
"orgtechref",
"orgabusehandle",
"orgdnshandle",
"orgdnsref",
"whois lookup",
"netrange",
"nethandle",
"net108",
"net1080000",
"communicating",
"urls http",
"ransomware gang",
"breached",
"team",
"first",
"utc submissions",
"submitters",
"gandi sas",
"psiusa",
"domain robot",
"porkbun llc",
"keysystems gmbh",
"csc corporate",
"domains",
"domain name",
"network pty",
"tucows",
"com laude",
"dynadot inc"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 23,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 8354,
"FileHash-MD5": 104,
"FileHash-SHA1": 81,
"FileHash-SHA256": 2711,
"CIDR": 5,
"CVE": 6,
"domain": 1489,
"hostname": 3058,
"email": 5
},
"indicator_count": 15813,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 228,
"modified_text": "777 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65aab9b6e5834eef98066f6d",
"name": "Author avatar trojan.mydoom/memscan | .911porn.org Google embedded interacting, ",
"description": "",
"modified": "2024-02-17T08:04:16.055000",
"created": "2024-01-19T18:04:38.254000",
"tags": [
"ioc search",
"new ioc",
"teams api",
"contact",
"threat analyzer",
"threat",
"paste",
"iocs",
"urls http",
"samples",
"ssl certificate",
"contacted",
"network",
"whois record",
"historical ssl",
"malware",
"resolutions",
"communicating",
"referrer",
"domains",
"registrar",
"thnic",
"dynadot inc",
"final url",
"urls",
"whois whois",
"execution",
"contacted urls",
"apple",
"redline stealer",
"core",
"subdomains",
"first",
"utc submissions",
"submitters",
"ltd dba",
"com laude",
"edgecast",
"gandi sas",
"csc corporate",
"summary iocs",
"facebook",
"fbnoscript1",
"as14061",
"united",
"whitelisted",
"as16276",
"a domains",
"united kingdom",
"script urls",
"name servers",
"as9009 m247",
"backdoor",
"ransom",
"meta",
"msil",
"date",
"malvertizing",
"elevated exposure",
"contextualizing",
"cve -2023-22518",
"cve-2017-17215",
"contains-pe",
"upx",
"contains-macho attachment",
"contains-embedded-js",
"nsis",
"pecompact",
"wear os",
"android phone",
"gmail app",
"smart reply",
"meet respond",
"meet",
"respond",
"google",
"google chat",
"gmail",
"et",
"playstore",
"dns",
"browser events",
"critical",
"tsara brashears",
"unhacker"
],
"references": [
"http://911porn.org/home.php?mod=space&uid=47570&do=profile&from=space",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
"youjazz.911porn.org",
"gimmebar.com",
"datafoundry.com",
"dataconnector.corp.google.com",
"js.stripe.com [url redirects to]",
"CVE-2023-22518",
"https://bi.phncdn.com/www-static/js/lib/generated-lib.js?cache=2017051919",
"206.189.61.126 [command and control]",
"https://quantilnetworks.com/ [phishing]",
"brazzersnetwork.com",
"brazzers.com",
"http://missing.hi2.ro/missing.html [malware hosting]",
"nsscacheserver2.corp.google.com",
"xred.mooo.com"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Netherlands",
"Romania",
"Russian Federation",
"Japan"
],
"malware_families": [
{
"id": "ALF:Trojan:BAT/EnvVarCharReplacement.Custom",
"display_name": "ALF:Trojan:BAT/EnvVarCharReplacement.Custom",
"target": null
},
{
"id": "ALF:Trojan:Win64/PsBanker.MFP!MTB",
"display_name": "ALF:Trojan:Win64/PsBanker.MFP!MTB",
"target": null
},
{
"id": "Backdoor:MSIL/AsyncRAT.ZB!MTB",
"display_name": "Backdoor:MSIL/AsyncRAT.ZB!MTB",
"target": "/malware/Backdoor:MSIL/AsyncRAT.ZB!MTB"
},
{
"id": "Ransom:Win32/Somhoveran.C",
"display_name": "Ransom:Win32/Somhoveran.C",
"target": "/malware/Ransom:Win32/Somhoveran.C"
},
{
"id": "Ransom:Win32/Genasom.AM",
"display_name": "Ransom:Win32/Genasom.AM",
"target": "/malware/Ransom:Win32/Genasom.AM"
},
{
"id": "PWS:Win32/PrimaryPass.AD!MTB",
"display_name": "PWS:Win32/PrimaryPass.AD!MTB",
"target": "/malware/PWS:Win32/PrimaryPass.AD!MTB"
},
{
"id": "MSIL:GenMalicious-ZC\\ [Trj]",
"display_name": "MSIL:GenMalicious-ZC\\ [Trj]",
"target": null
},
{
"id": "Backdoor:Win32/VB.KQ",
"display_name": "Backdoor:Win32/VB.KQ",
"target": "/malware/Backdoor:Win32/VB.KQ"
},
{
"id": "Backdoor:Win32/Tofsee.T",
"display_name": "Backdoor:Win32/Tofsee.T",
"target": "/malware/Backdoor:Win32/Tofsee.T"
},
{
"id": "Backdoor:MSIL/Bladabindi.AJ",
"display_name": "Backdoor:MSIL/Bladabindi.AJ",
"target": "/malware/Backdoor:MSIL/Bladabindi.AJ"
},
{
"id": "trojan.mydoom/memscan",
"display_name": "trojan.mydoom/memscan",
"target": null
},
{
"id": "RedLine Stealer",
"display_name": "RedLine Stealer",
"target": null
},
{
"id": "NSIS",
"display_name": "NSIS",
"target": null
}
],
"attack_ids": [],
"industries": [],
"TLP": "white",
"cloned_from": "65a94472aa9ff38469be19b0",
"export_count": 15,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 566,
"FileHash-SHA1": 324,
"FileHash-SHA256": 1828,
"URL": 3171,
"domain": 1145,
"hostname": 1556,
"CVE": 2,
"email": 4
},
"indicator_count": 8596,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 225,
"modified_text": "792 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65a94472aa9ff38469be19b0",
"name": "trojan.mydoom/memscan | .911porn.org embedded, interacting, Google PlayStore products",
"description": "Found in a compromised android phone. Redline Stealer, WebToolbar, SearchSuite. Pseudo Google Chrome. Google PlayStore Wallet won't credit $100's victims Visa & Google Play card . Unhelpful if any responses, multiple complaints by others with same issue. Why not research. Target/ client complained, unhelpful response from developers, Google Chrome changed to a china based pseudo Chrome.",
"modified": "2024-02-17T08:04:16.055000",
"created": "2024-01-18T15:32:02.682000",
"tags": [
"ioc search",
"new ioc",
"teams api",
"contact",
"threat analyzer",
"threat",
"paste",
"iocs",
"urls http",
"samples",
"ssl certificate",
"contacted",
"network",
"whois record",
"historical ssl",
"malware",
"resolutions",
"communicating",
"referrer",
"domains",
"registrar",
"thnic",
"dynadot inc",
"final url",
"urls",
"whois whois",
"execution",
"contacted urls",
"apple",
"redline stealer",
"core",
"subdomains",
"first",
"utc submissions",
"submitters",
"ltd dba",
"com laude",
"edgecast",
"gandi sas",
"csc corporate",
"summary iocs",
"facebook",
"fbnoscript1",
"as14061",
"united",
"whitelisted",
"as16276",
"a domains",
"united kingdom",
"script urls",
"name servers",
"as9009 m247",
"backdoor",
"ransom",
"meta",
"msil",
"date",
"malvertizing",
"elevated exposure",
"contextualizing",
"cve -2023-22518",
"cve-2017-17215",
"contains-pe",
"upx",
"contains-macho attachment",
"contains-embedded-js",
"nsis",
"pecompact",
"wear os",
"android phone",
"gmail app",
"smart reply",
"meet respond",
"meet",
"respond",
"google",
"google chat",
"gmail",
"et",
"playstore",
"dns",
"browser events",
"critical",
"tsara brashears",
"unhacker"
],
"references": [
"http://911porn.org/home.php?mod=space&uid=47570&do=profile&from=space",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
"youjazz.911porn.org",
"gimmebar.com",
"datafoundry.com",
"dataconnector.corp.google.com",
"js.stripe.com [url redirects to]",
"CVE-2023-22518",
"https://bi.phncdn.com/www-static/js/lib/generated-lib.js?cache=2017051919",
"206.189.61.126 [command and control]",
"https://quantilnetworks.com/ [phishing]",
"brazzersnetwork.com",
"brazzers.com",
"http://missing.hi2.ro/missing.html [malware hosting]",
"nsscacheserver2.corp.google.com",
"xred.mooo.com"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Netherlands",
"Romania",
"Russian Federation",
"Japan"
],
"malware_families": [
{
"id": "ALF:Trojan:BAT/EnvVarCharReplacement.Custom",
"display_name": "ALF:Trojan:BAT/EnvVarCharReplacement.Custom",
"target": null
},
{
"id": "ALF:Trojan:Win64/PsBanker.MFP!MTB",
"display_name": "ALF:Trojan:Win64/PsBanker.MFP!MTB",
"target": null
},
{
"id": "Backdoor:MSIL/AsyncRAT.ZB!MTB",
"display_name": "Backdoor:MSIL/AsyncRAT.ZB!MTB",
"target": "/malware/Backdoor:MSIL/AsyncRAT.ZB!MTB"
},
{
"id": "Ransom:Win32/Somhoveran.C",
"display_name": "Ransom:Win32/Somhoveran.C",
"target": "/malware/Ransom:Win32/Somhoveran.C"
},
{
"id": "Ransom:Win32/Genasom.AM",
"display_name": "Ransom:Win32/Genasom.AM",
"target": "/malware/Ransom:Win32/Genasom.AM"
},
{
"id": "PWS:Win32/PrimaryPass.AD!MTB",
"display_name": "PWS:Win32/PrimaryPass.AD!MTB",
"target": "/malware/PWS:Win32/PrimaryPass.AD!MTB"
},
{
"id": "MSIL:GenMalicious-ZC\\ [Trj]",
"display_name": "MSIL:GenMalicious-ZC\\ [Trj]",
"target": null
},
{
"id": "Backdoor:Win32/VB.KQ",
"display_name": "Backdoor:Win32/VB.KQ",
"target": "/malware/Backdoor:Win32/VB.KQ"
},
{
"id": "Backdoor:Win32/Tofsee.T",
"display_name": "Backdoor:Win32/Tofsee.T",
"target": "/malware/Backdoor:Win32/Tofsee.T"
},
{
"id": "Backdoor:MSIL/Bladabindi.AJ",
"display_name": "Backdoor:MSIL/Bladabindi.AJ",
"target": "/malware/Backdoor:MSIL/Bladabindi.AJ"
},
{
"id": "trojan.mydoom/memscan",
"display_name": "trojan.mydoom/memscan",
"target": null
},
{
"id": "RedLine Stealer",
"display_name": "RedLine Stealer",
"target": null
},
{
"id": "NSIS",
"display_name": "NSIS",
"target": null
}
],
"attack_ids": [],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 16,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 566,
"FileHash-SHA1": 324,
"FileHash-SHA256": 1828,
"URL": 3171,
"domain": 1145,
"hostname": 1556,
"CVE": 2,
"email": 4
},
"indicator_count": 8596,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 220,
"modified_text": "792 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "659d687f92ebb4f3d613ae0c",
"name": "Mimikatz | www.ssc.spaceforce.mil ",
"description": "",
"modified": "2024-01-09T15:38:39.547000",
"created": "2024-01-09T15:38:39.547000",
"tags": [
"a domains",
"united",
"as20940",
"aaaa",
"as16625 akamai",
"link",
"passive dns",
"space systems",
"urls",
"search",
"encrypt",
"ssl certificate",
"whois record",
"whois whois",
"historical ssl",
"referrer",
"resolutions",
"communicating",
"collections",
"contacted",
"sneaky server",
"team",
"metro",
"hacktool",
"tsara brashears",
"apple ios",
"highly targeted",
"core",
"android",
"formbook",
"emotet",
"download",
"malware",
"malicious",
"critical",
"copy",
"relic",
"monitoring",
"installer",
"first",
"utc submissions",
"submitters",
"gandi sas",
"csc corporate",
"domains",
"cloudflare",
"cloudflarenet",
"akamaias",
"summary iocs",
"b item",
"cisco umbrella",
"site",
"maltiverse",
"heur",
"safe site",
"alexa top",
"million",
"tsgeneric",
"riskware",
"unsafe",
"phishing",
"union",
"bank",
"opencandy",
"exploit",
"agent",
"mimikatz",
"webtoolbar",
"no expiration",
"expiration",
"indicator role",
"pulses url",
"url https",
"domain",
"url http",
"brashears type",
"showing",
"entries"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
}
],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "655cd0f065d2e5a6c92369e5",
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 101,
"FileHash-SHA1": 81,
"hostname": 1376,
"URL": 3305,
"domain": 572,
"FileHash-SHA256": 3300,
"CVE": 4,
"email": 1
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 219,
"modified_text": "831 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "656aa27f81a9096f5889a9d0",
"name": "WebToolbar | www.ssc.spaceforce.mil ",
"description": "",
"modified": "2023-12-21T15:00:07.190000",
"created": "2023-12-02T03:20:31.494000",
"tags": [
"a domains",
"united",
"as20940",
"aaaa",
"as16625 akamai",
"link",
"passive dns",
"space systems",
"urls",
"search",
"encrypt",
"ssl certificate",
"whois record",
"whois whois",
"historical ssl",
"referrer",
"resolutions",
"communicating",
"collections",
"contacted",
"sneaky server",
"team",
"metro",
"hacktool",
"tsara brashears",
"apple ios",
"highly targeted",
"core",
"android",
"formbook",
"emotet",
"download",
"malware",
"malicious",
"critical",
"copy",
"relic",
"monitoring",
"installer",
"first",
"utc submissions",
"submitters",
"gandi sas",
"csc corporate",
"domains",
"cloudflare",
"cloudflarenet",
"akamaias",
"summary iocs",
"b item",
"cisco umbrella",
"site",
"maltiverse",
"heur",
"safe site",
"alexa top",
"million",
"tsgeneric",
"riskware",
"unsafe",
"phishing",
"union",
"bank",
"opencandy",
"exploit",
"agent",
"mimikatz",
"webtoolbar",
"no expiration",
"expiration",
"indicator role",
"pulses url",
"url https",
"domain",
"url http",
"brashears type",
"showing",
"entries"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
}
],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "655cd0f065d2e5a6c92369e5",
"export_count": 15,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 101,
"FileHash-SHA1": 81,
"hostname": 1376,
"URL": 3305,
"domain": 572,
"FileHash-SHA256": 3300,
"CVE": 4,
"email": 1
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 224,
"modified_text": "850 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "655ce5116519bd86d1f1bdee",
"name": "FormBook | www.ssc.spaceforce.mil 'Hoax' | Spyware | Fraud Services",
"description": "",
"modified": "2023-12-21T15:00:07.190000",
"created": "2023-11-21T17:12:49.783000",
"tags": [
"a domains",
"united",
"as20940",
"aaaa",
"as16625 akamai",
"link",
"passive dns",
"space systems",
"urls",
"search",
"encrypt",
"ssl certificate",
"whois record",
"whois whois",
"historical ssl",
"referrer",
"resolutions",
"communicating",
"collections",
"contacted",
"sneaky server",
"team",
"metro",
"hacktool",
"tsara brashears",
"apple ios",
"highly targeted",
"core",
"android",
"formbook",
"emotet",
"download",
"malware",
"malicious",
"critical",
"copy",
"relic",
"monitoring",
"installer",
"first",
"utc submissions",
"submitters",
"gandi sas",
"csc corporate",
"domains",
"cloudflare",
"cloudflarenet",
"akamaias",
"summary iocs",
"b item",
"cisco umbrella",
"site",
"maltiverse",
"heur",
"safe site",
"alexa top",
"million",
"tsgeneric",
"riskware",
"unsafe",
"phishing",
"union",
"bank",
"opencandy",
"exploit",
"agent",
"mimikatz",
"webtoolbar",
"no expiration",
"expiration",
"indicator role",
"pulses url",
"url https",
"domain",
"url http",
"brashears type",
"showing",
"entries"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
}
],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 22,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 101,
"FileHash-SHA1": 81,
"hostname": 1376,
"URL": 3305,
"domain": 572,
"FileHash-SHA256": 3300,
"CVE": 4,
"email": 1
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 219,
"modified_text": "850 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "655cd0f065d2e5a6c92369e5",
"name": "www.ssc.spaceforce.mil",
"description": "",
"modified": "2023-12-21T15:00:07.190000",
"created": "2023-11-21T15:46:56.740000",
"tags": [
"a domains",
"united",
"as20940",
"aaaa",
"as16625 akamai",
"link",
"passive dns",
"space systems",
"urls",
"search",
"encrypt",
"ssl certificate",
"whois record",
"whois whois",
"historical ssl",
"referrer",
"resolutions",
"communicating",
"collections",
"contacted",
"sneaky server",
"team",
"metro",
"hacktool",
"tsara brashears",
"apple ios",
"highly targeted",
"core",
"android",
"formbook",
"emotet",
"download",
"malware",
"malicious",
"critical",
"copy",
"relic",
"monitoring",
"installer",
"first",
"utc submissions",
"submitters",
"gandi sas",
"csc corporate",
"domains",
"cloudflare",
"cloudflarenet",
"akamaias",
"summary iocs",
"b item",
"cisco umbrella",
"site",
"maltiverse",
"heur",
"safe site",
"alexa top",
"million",
"tsgeneric",
"riskware",
"unsafe",
"phishing",
"union",
"bank",
"opencandy",
"exploit",
"agent",
"mimikatz",
"webtoolbar",
"no expiration",
"expiration",
"indicator role",
"pulses url",
"url https",
"domain",
"url http",
"brashears type",
"showing",
"entries"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
}
],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 20,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 101,
"FileHash-SHA1": 81,
"hostname": 1376,
"URL": 3305,
"domain": 572,
"FileHash-SHA256": 3300,
"CVE": 4,
"email": 1
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 219,
"modified_text": "850 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "655ad8e83914549cd4658f8e",
"name": "Radar Ineractive \u2022 Inmortal \u2022 HSBC.com",
"description": "carrotbat malware, SHAREit services.exe, typosquatting, fraud services, privilege, location tracking, cyber stalking, masquerading, malvertizing, malicious website, C2, control, apple, android, services, CNC, hack tools,\nMaps are real tools. \nhttps://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing & botnetwork)\nhttp://45.159.189.105/bot/regex (Botnetwork)\nhttps://www.sweetheartvideo.com/tsara-brashears/\nwww.sweetheartvideo.com\t(Tsara Brashears Botnetwork created by attacker)\nhttp://182.22.25.124:7878/182.22.25.124:443\nhttps://pin.it/ (aka malicious Pinterest)\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (100% straight female target - defamation, libel)\ndis.io\npin.it (changed targets Pinterest to this)\nRadar Ineractive \u2022 Inmortal \u2022 HSBC.com",
"modified": "2023-12-20T02:02:59.943000",
"created": "2023-11-20T03:56:24.105000",
"tags": [
"log id",
"gmtn",
"passive dns",
"urls",
"tls web",
"encrypt",
"ca issuers",
"f9970e",
"bd6en timestamp",
"a487132c3b",
"false",
"ssl certificate",
"tsara brashears",
"contacted",
"referrer",
"copy",
"historical ssl",
"collections",
"password",
"networks",
"botnet campaign",
"skynet",
"fall",
"hacktool",
"malware",
"critical",
"relic",
"monitoring",
"attack",
"hiddentear",
"metro",
"test",
"detection list",
"pattern match",
"root ca",
"authority",
"class",
"script",
"mitre att",
"temp",
"ck id",
"show technique",
"ck matrix",
"date",
"unknown",
"meta",
"span",
"error",
"refresh",
"body",
"generator",
"look",
"verify",
"restart",
"hybrid",
"accept",
"click",
"strings",
"tools",
"whois record",
"msgid10053",
"msgid10051",
"communicating",
"anid",
"execution",
"null",
"core",
"installer",
"threat roundup",
"apple ios",
"august",
"highly targeted",
"apple",
"sqli dumper",
"april",
"february",
"awful",
"radar ineractive",
"october",
"no data",
"tag count",
"threat report",
"ip summary",
"url summary",
"summary",
"sample",
"samples",
"blacklist",
"cisco umbrella",
"site",
"wormx",
"malicious site",
"safe site",
"malware site",
"alexa top",
"million",
"phishing site",
"alexa",
"phishing",
"agent",
"bank",
"inmortal",
"united",
"cyber threat",
"pony",
"cnc zeus",
"tracker",
"cnc server",
"covid19",
"engineering",
"http spammer",
"host",
"azorult",
"asyncrat",
"cobalt strike",
"team",
"hsbc"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Radar Ineractive",
"display_name": "Radar Ineractive",
"target": null
},
{
"id": "Inmortal",
"display_name": "Inmortal",
"target": null
},
{
"id": "HSBC",
"display_name": "HSBC",
"target": null
}
],
"attack_ids": [
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1100",
"name": "Web Shell",
"display_name": "T1100 - Web Shell"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 21,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 1,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 815,
"FileHash-SHA256": 3404,
"SSLCertFingerprint": 2,
"URL": 8938,
"domain": 1194,
"hostname": 2705,
"FileHash-SHA1": 457,
"CIDR": 7,
"CVE": 3
},
"indicator_count": 17525,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "851 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "655ad83180deb1186bb4f466",
"name": "Carrotbat Malware | Stalker Suite | gogglemaps.com",
"description": "carrotbat malware, SHAREit services.exe, typosquatting, fraud services, privilege, location tracking, cyber stalking, masquerading, malvertizing, malicious website, C2, control, apple, android, services, CNC, hack tools, botnetwork \nMaps are real tools. \nhttps://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing & botnetwork)\nhttp://45.159.189.105/bot/regex (Botnetwork)\nhttps://www.sweetheartvideo.com/tsara-brashears/\nwww.sweetheartvideo.com\t(Tsara Brashears Botnetwork created by attacker)\nhttp://182.22.25.124:7878/182.22.25.124:443\nhttps://pin.it/ (aka malicious Pinterest)\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (100% straight female target - defamation, libel)\ndis.io\npin.it (changed targets Pinterest to this)",
"modified": "2023-12-20T02:02:59.943000",
"created": "2023-11-20T03:53:21.699000",
"tags": [
"log id",
"gmtn",
"passive dns",
"urls",
"tls web",
"encrypt",
"ca issuers",
"f9970e",
"bd6en timestamp",
"a487132c3b",
"false",
"ssl certificate",
"tsara brashears",
"contacted",
"referrer",
"copy",
"historical ssl",
"collections",
"password",
"networks",
"botnet campaign",
"skynet",
"fall",
"hacktool",
"malware",
"critical",
"relic",
"monitoring",
"attack",
"hiddentear",
"metro",
"test",
"detection list",
"pattern match",
"root ca",
"authority",
"class",
"script",
"mitre att",
"temp",
"ck id",
"show technique",
"ck matrix",
"date",
"unknown",
"meta",
"span",
"error",
"refresh",
"body",
"generator",
"look",
"verify",
"restart",
"hybrid",
"accept",
"click",
"strings",
"tools",
"whois record",
"msgid10053",
"msgid10051",
"communicating",
"anid",
"execution",
"null",
"core",
"installer",
"threat roundup",
"apple ios",
"august",
"highly targeted",
"apple",
"sqli dumper",
"april",
"february",
"awful",
"radar ineractive",
"october",
"no data",
"tag count",
"threat report",
"ip summary",
"url summary",
"summary",
"sample",
"samples",
"blacklist",
"cisco umbrella",
"site",
"wormx",
"malicious site",
"safe site",
"malware site",
"alexa top",
"million",
"phishing site",
"alexa",
"phishing",
"agent",
"bank",
"inmortal",
"united",
"cyber threat",
"pony",
"cnc zeus",
"tracker",
"cnc server",
"covid19",
"engineering",
"http spammer",
"host",
"azorult",
"asyncrat",
"cobalt strike",
"team",
"hsbc",
"noname057",
"generic malware",
"blacklist http",
"malicious url"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Radar Ineractive",
"display_name": "Radar Ineractive",
"target": null
},
{
"id": "Inmortal",
"display_name": "Inmortal",
"target": null
},
{
"id": "HSBC",
"display_name": "HSBC",
"target": null
}
],
"attack_ids": [
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1100",
"name": "Web Shell",
"display_name": "T1100 - Web Shell"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 21,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 815,
"FileHash-SHA256": 3404,
"SSLCertFingerprint": 2,
"URL": 8938,
"domain": 1195,
"hostname": 2705,
"FileHash-SHA1": 457,
"CIDR": 7,
"CVE": 3
},
"indicator_count": 17526,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "851 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6558d52f7078c8c2558602c6",
"name": "Bot Network locates, remotely connects, archives Targets property",
"description": "FormBook, rat, trojan, C2, scripter, rat, Tulach Malware Family, method, command and control, scanning host, attack, cyber threat, cyber stalking.\nTargets: Tsara Brashears by remotely locationing, connection and control of any property Brashears and associated aquires. \nBot Networks and Apple Crackers:\nt.prototype.hasownproperty.call\nhttp://45.159.189.105/bot/regex\nhttp://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel\t\nhttp://45.159.189.105/bot/online?guid=WALKER-PC&key=b73f03cae5752ff4c823f89de539b59754bc4e65d43970358b17bcf21fb6c4e5\n114.114.114.114\nhttp://45.159.189.105/bot/online?key=56d9a38b25a0c16ea67e7d74c06851fc8eac5b4ad06b30712a8253baf78647a8&guid=WALKER-PC\\WALKER\n\n\nhttp://clipper.guru/bot/online?guid=WALKER-PC\nNo Expiration\t0\t\n\n\nhttp://103.246.145.111/del.php?hwid=WALKER-PC-WALKER\n\nhttp://103.246.145.111/delonl.php?hwid=WALKER-PC-WALKER\nhttp://103.246.145.111/gate.php?hwid=WALKER-PC-WALKER&os=Windows%207%20Enterprise&cpu=Intel\nURL\nhttps://twitter.com/PORNO_SEXYBABES\n\ntwitter.com.",
"modified": "2023-12-18T14:02:38.834000",
"created": "2023-11-18T15:15:59.916000",
"tags": [
"passive dns",
"urls",
"domain",
"scan endpoints",
"all octoseek",
"pulse pulses",
"files",
"files ip",
"address domain",
"ip related",
"win32 exe",
"type name",
"execution",
"contacted",
"referrer",
"whois whois",
"tsara brashears",
"ssl certificate",
"malware",
"password bypass",
"apple phone",
"unlocker",
"dark power",
"cobalt strike",
"core",
"download",
"relic",
"monitoring",
"installer"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 52,
"hostname": 214,
"FileHash-MD5": 92,
"FileHash-SHA1": 92,
"FileHash-SHA256": 968,
"URL": 470
},
"indicator_count": 1888,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 219,
"modified_text": "853 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65580c17e69371b34a573f72",
"name": "Masquerading",
"description": "",
"modified": "2023-12-17T11:03:45.376000",
"created": "2023-11-18T00:57:59.619000",
"tags": [
"no expiration",
"filehashsha256",
"filehashmd5",
"iocs",
"url http",
"expiration",
"scan endpoints",
"all search",
"otx octoseek",
"create new",
"blacklist http",
"laplasclipper",
"malicious url",
"cisco umbrella",
"site",
"alexa top",
"blacklist",
"safe site",
"malware site",
"phishing site",
"malicious site",
"malware",
"china unknown",
"united",
"unknown",
"as54994 quantil",
"cname",
"nxdomain",
"as8068",
"as4134 chinanet",
"passive dns",
"domain",
"next",
"filehashsha1",
"service company",
"servers",
"ndicator role",
"title added",
"active related",
"pulses url",
"showing",
"entries",
"pulses http",
"url https",
"type indicator",
"role title",
"added active",
"related pulses",
"report spam",
"author avatar",
"created",
"hour ago",
"trojanspy",
"redline",
"pulses hostname",
"blacklist https",
"indicator role",
"bidid",
"adid",
"v4us",
"v51845481",
"hostname",
"http",
"cisco",
"umbrella rank",
"search live",
"api blog",
"docs pricing",
"november",
"de summary",
"frankfurt",
"main",
"reverse dns",
"general full",
"asn16509",
"amazon02",
"resource",
"protocol h2",
"security tls",
"hash",
"de indicators",
"domains",
"hashes",
"copyright",
"gmbh version",
"follow",
"value",
"postitem",
"variables",
"parameters",
"systemid object",
"def function",
"login",
"get h2",
"secrets llc",
"agreement",
"the site",
"content",
"policy",
"this site",
"claims",
"florida",
"please",
"premium",
"service",
"restrict",
"express",
"media",
"facebook",
"twitter",
"final",
"first",
"cloudflarenet",
"gts ca",
"software",
"million",
"hours ago",
"chameleon",
"heur",
"phishing",
"riskware",
"agent",
"unsafe",
"opencandy",
"exploit",
"mimikatz",
"iframe",
"downldr",
"presenoker",
"artemis",
"download",
"beach research",
"germany",
"asn20940",
"akamaiasn1",
"threat report",
"url summary",
"summary",
"sample",
"samples",
"detection list",
"alexa",
"maltiverse",
"google",
"qtsas",
"name value",
"no data",
"tag count",
"count blacklist",
"pbiptbmvd0k4",
"glelexoputyh",
"suppobox",
"team",
"bambernek",
"internet storm",
"phishtank",
"phish",
"trickbot",
"telecom",
"bank",
"ipv4",
"octoseek report",
"spam https",
"tsara brashears",
"malvertizing",
"tracking",
"tagging",
"spyder",
"cybercrime",
"email collection",
"apple data collection",
"win32 exe",
"ms word",
"document",
"type name",
"javascript",
"network capture",
"files",
"detections type",
"name",
"ssl certificate",
"whois whois",
"tsara brashears",
"whois record",
"asn owner",
"highly targeted",
"kgs0",
"kls0",
"relacionada",
"family",
"lolkek",
"emotet",
"dark power",
"wiper",
"ransomware",
"cobalt strike",
"quasar rat",
"ursnif",
"remcos",
"core",
"redline stealer",
"bitrat",
"hacktool",
"critical",
"copy",
"installer",
"execution",
"network",
"communicating",
"referrer",
"parent",
"historical ssl",
"siblings",
"resolutions",
"name verdict",
"falcon sandbox",
"pattern match",
"error",
"file",
"indicator",
"script",
"typeof e",
"ascii text",
"appdata",
"date",
"windir",
"span",
"body",
"meta",
"class",
"generator",
"info",
"null",
"refresh",
"hybrid",
"general",
"local",
"click",
"strings",
"tools",
"look",
"verify",
"restart",
"form",
"footer",
"html",
"union",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"installcore",
"webshell",
"crack",
"webtoolbar",
"threat roundup",
"contacted",
"june",
"july",
"october",
"august"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Beach Research",
"display_name": "Beach Research",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
}
],
"attack_ids": [
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1090",
"name": "Proxy",
"display_name": "T1090 - Proxy"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1036",
"name": "Masquerading",
"display_name": "T1036 - Masquerading"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1102",
"name": "Web Service",
"display_name": "T1102 - Web Service"
},
{
"id": "T1566",
"name": "Phishing",
"display_name": "T1566 - Phishing"
},
{
"id": "T1199",
"name": "Trusted Relationship",
"display_name": "T1199 - Trusted Relationship"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
}
],
"industries": [
"Health",
"Nutritional",
"Medical",
"Medicine"
],
"TLP": "white",
"cloned_from": "65574cb4447c8d87ad85fa75",
"export_count": 103,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 400,
"FileHash-SHA1": 240,
"FileHash-SHA256": 6459,
"hostname": 4845,
"URL": 11514,
"CVE": 15,
"domain": 3179,
"email": 31
},
"indicator_count": 26683,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 226,
"modified_text": "854 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65580c1516990d69644fb3d0",
"name": "Masquerading",
"description": "",
"modified": "2023-12-17T11:03:45.376000",
"created": "2023-11-18T00:57:57.372000",
"tags": [
"no expiration",
"filehashsha256",
"filehashmd5",
"iocs",
"url http",
"expiration",
"scan endpoints",
"all search",
"otx octoseek",
"create new",
"blacklist http",
"laplasclipper",
"malicious url",
"cisco umbrella",
"site",
"alexa top",
"blacklist",
"safe site",
"malware site",
"phishing site",
"malicious site",
"malware",
"china unknown",
"united",
"unknown",
"as54994 quantil",
"cname",
"nxdomain",
"as8068",
"as4134 chinanet",
"passive dns",
"domain",
"next",
"filehashsha1",
"service company",
"servers",
"ndicator role",
"title added",
"active related",
"pulses url",
"showing",
"entries",
"pulses http",
"url https",
"type indicator",
"role title",
"added active",
"related pulses",
"report spam",
"author avatar",
"created",
"hour ago",
"trojanspy",
"redline",
"pulses hostname",
"blacklist https",
"indicator role",
"bidid",
"adid",
"v4us",
"v51845481",
"hostname",
"http",
"cisco",
"umbrella rank",
"search live",
"api blog",
"docs pricing",
"november",
"de summary",
"frankfurt",
"main",
"reverse dns",
"general full",
"asn16509",
"amazon02",
"resource",
"protocol h2",
"security tls",
"hash",
"de indicators",
"domains",
"hashes",
"copyright",
"gmbh version",
"follow",
"value",
"postitem",
"variables",
"parameters",
"systemid object",
"def function",
"login",
"get h2",
"secrets llc",
"agreement",
"the site",
"content",
"policy",
"this site",
"claims",
"florida",
"please",
"premium",
"service",
"restrict",
"express",
"media",
"facebook",
"twitter",
"final",
"first",
"cloudflarenet",
"gts ca",
"software",
"million",
"hours ago",
"chameleon",
"heur",
"phishing",
"riskware",
"agent",
"unsafe",
"opencandy",
"exploit",
"mimikatz",
"iframe",
"downldr",
"presenoker",
"artemis",
"download",
"beach research",
"germany",
"asn20940",
"akamaiasn1",
"threat report",
"url summary",
"summary",
"sample",
"samples",
"detection list",
"alexa",
"maltiverse",
"google",
"qtsas",
"name value",
"no data",
"tag count",
"count blacklist",
"pbiptbmvd0k4",
"glelexoputyh",
"suppobox",
"team",
"bambernek",
"internet storm",
"phishtank",
"phish",
"trickbot",
"telecom",
"bank",
"ipv4",
"octoseek report",
"spam https",
"tsara brashears",
"malvertizing",
"tracking",
"tagging",
"spyder",
"cybercrime",
"email collection",
"apple data collection",
"win32 exe",
"ms word",
"document",
"type name",
"javascript",
"network capture",
"files",
"detections type",
"name",
"ssl certificate",
"whois whois",
"tsara brashears",
"whois record",
"asn owner",
"highly targeted",
"kgs0",
"kls0",
"relacionada",
"family",
"lolkek",
"emotet",
"dark power",
"wiper",
"ransomware",
"cobalt strike",
"quasar rat",
"ursnif",
"remcos",
"core",
"redline stealer",
"bitrat",
"hacktool",
"critical",
"copy",
"installer",
"execution",
"network",
"communicating",
"referrer",
"parent",
"historical ssl",
"siblings",
"resolutions",
"name verdict",
"falcon sandbox",
"pattern match",
"error",
"file",
"indicator",
"script",
"typeof e",
"ascii text",
"appdata",
"date",
"windir",
"span",
"body",
"meta",
"class",
"generator",
"info",
"null",
"refresh",
"hybrid",
"general",
"local",
"click",
"strings",
"tools",
"look",
"verify",
"restart",
"form",
"footer",
"html",
"union",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"installcore",
"webshell",
"crack",
"webtoolbar",
"threat roundup",
"contacted",
"june",
"july",
"october",
"august"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Beach Research",
"display_name": "Beach Research",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
}
],
"attack_ids": [
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1090",
"name": "Proxy",
"display_name": "T1090 - Proxy"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1036",
"name": "Masquerading",
"display_name": "T1036 - Masquerading"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1102",
"name": "Web Service",
"display_name": "T1102 - Web Service"
},
{
"id": "T1566",
"name": "Phishing",
"display_name": "T1566 - Phishing"
},
{
"id": "T1199",
"name": "Trusted Relationship",
"display_name": "T1199 - Trusted Relationship"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
}
],
"industries": [
"Health",
"Nutritional",
"Medical",
"Medicine"
],
"TLP": "white",
"cloned_from": "65574cb4447c8d87ad85fa75",
"export_count": 100,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 400,
"FileHash-SHA1": 240,
"FileHash-SHA256": 6459,
"hostname": 4845,
"URL": 11514,
"CVE": 15,
"domain": 3179,
"email": 31
},
"indicator_count": 26683,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 226,
"modified_text": "854 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65574cbe6bdbe24ecb170b24",
"name": "Masquerading",
"description": "",
"modified": "2023-12-17T11:03:45.376000",
"created": "2023-11-17T11:21:34.083000",
"tags": [
"no expiration",
"filehashsha256",
"filehashmd5",
"iocs",
"url http",
"expiration",
"scan endpoints",
"all search",
"otx octoseek",
"create new",
"blacklist http",
"laplasclipper",
"malicious url",
"cisco umbrella",
"site",
"alexa top",
"blacklist",
"safe site",
"malware site",
"phishing site",
"malicious site",
"malware",
"china unknown",
"united",
"unknown",
"as54994 quantil",
"cname",
"nxdomain",
"as8068",
"as4134 chinanet",
"passive dns",
"domain",
"next",
"filehashsha1",
"service company",
"servers",
"ndicator role",
"title added",
"active related",
"pulses url",
"showing",
"entries",
"pulses http",
"url https",
"type indicator",
"role title",
"added active",
"related pulses",
"report spam",
"author avatar",
"created",
"hour ago",
"trojanspy",
"redline",
"pulses hostname",
"blacklist https",
"indicator role",
"bidid",
"adid",
"v4us",
"v51845481",
"hostname",
"http",
"cisco",
"umbrella rank",
"search live",
"api blog",
"docs pricing",
"november",
"de summary",
"frankfurt",
"main",
"reverse dns",
"general full",
"asn16509",
"amazon02",
"resource",
"protocol h2",
"security tls",
"hash",
"de indicators",
"domains",
"hashes",
"copyright",
"gmbh version",
"follow",
"value",
"postitem",
"variables",
"parameters",
"systemid object",
"def function",
"login",
"get h2",
"secrets llc",
"agreement",
"the site",
"content",
"policy",
"this site",
"claims",
"florida",
"please",
"premium",
"service",
"restrict",
"express",
"media",
"facebook",
"twitter",
"final",
"first",
"cloudflarenet",
"gts ca",
"software",
"million",
"hours ago",
"chameleon",
"heur",
"phishing",
"riskware",
"agent",
"unsafe",
"opencandy",
"exploit",
"mimikatz",
"iframe",
"downldr",
"presenoker",
"artemis",
"download",
"beach research",
"germany",
"asn20940",
"akamaiasn1",
"threat report",
"url summary",
"summary",
"sample",
"samples",
"detection list",
"alexa",
"maltiverse",
"google",
"qtsas",
"name value",
"no data",
"tag count",
"count blacklist",
"pbiptbmvd0k4",
"glelexoputyh",
"suppobox",
"team",
"bambernek",
"internet storm",
"phishtank",
"phish",
"trickbot",
"telecom",
"bank",
"ipv4",
"octoseek report",
"spam https",
"tsara brashears",
"malvertizing",
"tracking",
"tagging",
"spyder",
"cybercrime",
"email collection",
"apple data collection",
"win32 exe",
"ms word",
"document",
"type name",
"javascript",
"network capture",
"files",
"detections type",
"name",
"ssl certificate",
"whois whois",
"tsara brashears",
"whois record",
"asn owner",
"highly targeted",
"kgs0",
"kls0",
"relacionada",
"family",
"lolkek",
"emotet",
"dark power",
"wiper",
"ransomware",
"cobalt strike",
"quasar rat",
"ursnif",
"remcos",
"core",
"redline stealer",
"bitrat",
"hacktool",
"critical",
"copy",
"installer",
"execution",
"network",
"communicating",
"referrer",
"parent",
"historical ssl",
"siblings",
"resolutions",
"name verdict",
"falcon sandbox",
"pattern match",
"error",
"file",
"indicator",
"script",
"typeof e",
"ascii text",
"appdata",
"date",
"windir",
"span",
"body",
"meta",
"class",
"generator",
"info",
"null",
"refresh",
"hybrid",
"general",
"local",
"click",
"strings",
"tools",
"look",
"verify",
"restart",
"form",
"footer",
"html",
"union",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"installcore",
"webshell",
"crack",
"webtoolbar",
"threat roundup",
"contacted",
"june",
"july",
"october",
"august"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Beach Research",
"display_name": "Beach Research",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
}
],
"attack_ids": [
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1090",
"name": "Proxy",
"display_name": "T1090 - Proxy"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1036",
"name": "Masquerading",
"display_name": "T1036 - Masquerading"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1102",
"name": "Web Service",
"display_name": "T1102 - Web Service"
},
{
"id": "T1566",
"name": "Phishing",
"display_name": "T1566 - Phishing"
},
{
"id": "T1199",
"name": "Trusted Relationship",
"display_name": "T1199 - Trusted Relationship"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
}
],
"industries": [
"Health",
"Nutritional",
"Medical",
"Medicine"
],
"TLP": "white",
"cloned_from": null,
"export_count": 102,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 400,
"FileHash-SHA1": 240,
"FileHash-SHA256": 6459,
"hostname": 4845,
"URL": 11514,
"CVE": 15,
"domain": 3179,
"email": 31
},
"indicator_count": 26683,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 220,
"modified_text": "854 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65574cb4447c8d87ad85fa75",
"name": "Masquerading",
"description": "",
"modified": "2023-12-17T11:03:45.376000",
"created": "2023-11-17T11:21:24.343000",
"tags": [
"no expiration",
"filehashsha256",
"filehashmd5",
"iocs",
"url http",
"expiration",
"scan endpoints",
"all search",
"otx octoseek",
"create new",
"blacklist http",
"laplasclipper",
"malicious url",
"cisco umbrella",
"site",
"alexa top",
"blacklist",
"safe site",
"malware site",
"phishing site",
"malicious site",
"malware",
"china unknown",
"united",
"unknown",
"as54994 quantil",
"cname",
"nxdomain",
"as8068",
"as4134 chinanet",
"passive dns",
"domain",
"next",
"filehashsha1",
"service company",
"servers",
"ndicator role",
"title added",
"active related",
"pulses url",
"showing",
"entries",
"pulses http",
"url https",
"type indicator",
"role title",
"added active",
"related pulses",
"report spam",
"author avatar",
"created",
"hour ago",
"trojanspy",
"redline",
"pulses hostname",
"blacklist https",
"indicator role",
"bidid",
"adid",
"v4us",
"v51845481",
"hostname",
"http",
"cisco",
"umbrella rank",
"search live",
"api blog",
"docs pricing",
"november",
"de summary",
"frankfurt",
"main",
"reverse dns",
"general full",
"asn16509",
"amazon02",
"resource",
"protocol h2",
"security tls",
"hash",
"de indicators",
"domains",
"hashes",
"copyright",
"gmbh version",
"follow",
"value",
"postitem",
"variables",
"parameters",
"systemid object",
"def function",
"login",
"get h2",
"secrets llc",
"agreement",
"the site",
"content",
"policy",
"this site",
"claims",
"florida",
"please",
"premium",
"service",
"restrict",
"express",
"media",
"facebook",
"twitter",
"final",
"first",
"cloudflarenet",
"gts ca",
"software",
"million",
"hours ago",
"chameleon",
"heur",
"phishing",
"riskware",
"agent",
"unsafe",
"opencandy",
"exploit",
"mimikatz",
"iframe",
"downldr",
"presenoker",
"artemis",
"download",
"beach research",
"germany",
"asn20940",
"akamaiasn1",
"threat report",
"url summary",
"summary",
"sample",
"samples",
"detection list",
"alexa",
"maltiverse",
"google",
"qtsas",
"name value",
"no data",
"tag count",
"count blacklist",
"pbiptbmvd0k4",
"glelexoputyh",
"suppobox",
"team",
"bambernek",
"internet storm",
"phishtank",
"phish",
"trickbot",
"telecom",
"bank",
"ipv4",
"octoseek report",
"spam https",
"tsara brashears",
"malvertizing",
"tracking",
"tagging",
"spyder",
"cybercrime",
"email collection",
"apple data collection",
"win32 exe",
"ms word",
"document",
"type name",
"javascript",
"network capture",
"files",
"detections type",
"name",
"ssl certificate",
"whois whois",
"tsara brashears",
"whois record",
"asn owner",
"highly targeted",
"kgs0",
"kls0",
"relacionada",
"family",
"lolkek",
"emotet",
"dark power",
"wiper",
"ransomware",
"cobalt strike",
"quasar rat",
"ursnif",
"remcos",
"core",
"redline stealer",
"bitrat",
"hacktool",
"critical",
"copy",
"installer",
"execution",
"network",
"communicating",
"referrer",
"parent",
"historical ssl",
"siblings",
"resolutions",
"name verdict",
"falcon sandbox",
"pattern match",
"error",
"file",
"indicator",
"script",
"typeof e",
"ascii text",
"appdata",
"date",
"windir",
"span",
"body",
"meta",
"class",
"generator",
"info",
"null",
"refresh",
"hybrid",
"general",
"local",
"click",
"strings",
"tools",
"look",
"verify",
"restart",
"form",
"footer",
"html",
"union",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"installcore",
"webshell",
"crack",
"webtoolbar",
"threat roundup",
"contacted",
"june",
"july",
"october",
"august"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Beach Research",
"display_name": "Beach Research",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
}
],
"attack_ids": [
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1090",
"name": "Proxy",
"display_name": "T1090 - Proxy"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1036",
"name": "Masquerading",
"display_name": "T1036 - Masquerading"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1102",
"name": "Web Service",
"display_name": "T1102 - Web Service"
},
{
"id": "T1566",
"name": "Phishing",
"display_name": "T1566 - Phishing"
},
{
"id": "T1199",
"name": "Trusted Relationship",
"display_name": "T1199 - Trusted Relationship"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
}
],
"industries": [
"Health",
"Nutritional",
"Medical",
"Medicine"
],
"TLP": "white",
"cloned_from": null,
"export_count": 103,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 400,
"FileHash-SHA1": 240,
"FileHash-SHA256": 6459,
"hostname": 4845,
"URL": 11514,
"CVE": 15,
"domain": 3179,
"email": 31
},
"indicator_count": 26683,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "854 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "655686e2c072557f03e9cba2",
"name": "https://myaccount.uscis.gov/ [pulse created by Octoseek]",
"description": "",
"modified": "2023-12-16T15:00:49.451000",
"created": "2023-11-16T21:17:22.087000",
"tags": [
"whois record",
"ssl certificate",
"whois whois",
"communicating",
"referrer",
"ip address",
"contacted",
"pe resource",
"historical ssl",
"collections wow",
"cobalt",
"stealer",
"quasar",
"remcos",
"ursnif",
"fabookie",
"name verdict",
"exit",
"node tcp",
"traffic",
"united",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"tor known",
"tor relayrouter",
"cisco umbrella",
"site",
"safe site",
"heur",
"maltiverse",
"million",
"alexa top",
"unsafe",
"html",
"team",
"riskware",
"malware",
"phishing",
"union",
"bank",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"exploit",
"crack",
"webtoolbar",
"detection list",
"blacklist http",
"september",
"threat roundup",
"execution",
"metro",
"formbook",
"kgs0",
"kls0",
"blacklist https",
"malicious site",
"malware site",
"phishing site",
"download",
"malicious",
"azorult",
"service",
"runescape",
"facebook",
"genkryptik",
"fuery",
"wacatac",
"alexa",
"dbatloader",
"nanocore rat",
"agent tesla",
"binder",
"dridex",
"hawkeye",
"small",
"netwire",
"trojan",
"redline stealer",
"lumma stealer",
"trojanspy",
"redline",
"lumma",
"tsara brashears",
"whois",
"asn owner",
"highly targeted",
"relacionada",
"lolkek",
"emotet",
"dark power",
"wiper",
"ransomware",
"cobalt strike",
"quasar rat",
"core",
"bitrat",
"hacktool",
"critical",
"copy",
"installer",
"meta",
"as15169 google",
"aaaa",
"a domains",
"videosdewebcams",
"search",
"passive dns",
"urls",
"record value",
"date",
"certificate",
"scan endpoints",
"all octoseek",
"pulse pulses",
"files"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Germany"
],
"malware_families": [
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "RedLine",
"display_name": "RedLine",
"target": null
},
{
"id": "Lumma",
"display_name": "Lumma",
"target": null
}
],
"attack_ids": [
{
"id": "T1090",
"name": "Proxy",
"display_name": "T1090 - Proxy"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "655650c9b2be6cc930c92cf3",
"export_count": 102,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 204,
"FileHash-SHA1": 182,
"FileHash-SHA256": 6268,
"URL": 13989,
"domain": 3229,
"hostname": 4412,
"CVE": 19,
"email": 3
},
"indicator_count": 28306,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 225,
"modified_text": "855 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "656aac25a8a2caaddf0d3b88",
"name": "https://myaccount.uscis.gov/",
"description": "",
"modified": "2023-12-16T15:00:49.451000",
"created": "2023-12-02T04:01:41.427000",
"tags": [
"whois record",
"ssl certificate",
"whois whois",
"communicating",
"referrer",
"ip address",
"contacted",
"pe resource",
"historical ssl",
"collections wow",
"cobalt",
"stealer",
"quasar",
"remcos",
"ursnif",
"fabookie",
"name verdict",
"exit",
"node tcp",
"traffic",
"united",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"tor known",
"tor relayrouter",
"cisco umbrella",
"site",
"safe site",
"heur",
"maltiverse",
"million",
"alexa top",
"unsafe",
"html",
"team",
"riskware",
"malware",
"phishing",
"union",
"bank",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"exploit",
"crack",
"webtoolbar",
"detection list",
"blacklist http",
"september",
"threat roundup",
"execution",
"metro",
"formbook",
"kgs0",
"kls0",
"blacklist https",
"malicious site",
"malware site",
"phishing site",
"download",
"malicious",
"azorult",
"service",
"runescape",
"facebook",
"genkryptik",
"fuery",
"wacatac",
"alexa",
"dbatloader",
"nanocore rat",
"agent tesla",
"binder",
"dridex",
"hawkeye",
"small",
"netwire",
"trojan",
"redline stealer",
"lumma stealer",
"trojanspy",
"redline",
"lumma",
"tsara brashears",
"whois",
"asn owner",
"highly targeted",
"relacionada",
"lolkek",
"emotet",
"dark power",
"wiper",
"ransomware",
"cobalt strike",
"quasar rat",
"core",
"bitrat",
"hacktool",
"critical",
"copy",
"installer",
"meta",
"as15169 google",
"aaaa",
"a domains",
"videosdewebcams",
"search",
"passive dns",
"urls",
"record value",
"date",
"certificate",
"scan endpoints",
"all octoseek",
"pulse pulses",
"files"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Germany"
],
"malware_families": [
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "RedLine",
"display_name": "RedLine",
"target": null
},
{
"id": "Lumma",
"display_name": "Lumma",
"target": null
}
],
"attack_ids": [
{
"id": "T1090",
"name": "Proxy",
"display_name": "T1090 - Proxy"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "655652f6ddcbf952a599cded",
"export_count": 93,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 204,
"FileHash-SHA1": 182,
"FileHash-SHA256": 6268,
"URL": 13989,
"domain": 3229,
"hostname": 4412,
"CVE": 19,
"email": 3
},
"indicator_count": 28306,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 227,
"modified_text": "855 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65580c52bf98f256b6a01da6",
"name": "https://myaccount.uscis.gov/",
"description": "",
"modified": "2023-12-16T15:00:49.451000",
"created": "2023-11-18T00:58:58.944000",
"tags": [
"whois record",
"ssl certificate",
"whois whois",
"communicating",
"referrer",
"ip address",
"contacted",
"pe resource",
"historical ssl",
"collections wow",
"cobalt",
"stealer",
"quasar",
"remcos",
"ursnif",
"fabookie",
"name verdict",
"exit",
"node tcp",
"traffic",
"united",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"tor known",
"tor relayrouter",
"cisco umbrella",
"site",
"safe site",
"heur",
"maltiverse",
"million",
"alexa top",
"unsafe",
"html",
"team",
"riskware",
"malware",
"phishing",
"union",
"bank",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"exploit",
"crack",
"webtoolbar",
"detection list",
"blacklist http",
"september",
"threat roundup",
"execution",
"metro",
"formbook",
"kgs0",
"kls0",
"blacklist https",
"malicious site",
"malware site",
"phishing site",
"download",
"malicious",
"azorult",
"service",
"runescape",
"facebook",
"genkryptik",
"fuery",
"wacatac",
"alexa",
"dbatloader",
"nanocore rat",
"agent tesla",
"binder",
"dridex",
"hawkeye",
"small",
"netwire",
"trojan",
"redline stealer",
"lumma stealer",
"trojanspy",
"redline",
"lumma",
"tsara brashears",
"whois",
"asn owner",
"highly targeted",
"relacionada",
"lolkek",
"emotet",
"dark power",
"wiper",
"ransomware",
"cobalt strike",
"quasar rat",
"core",
"bitrat",
"hacktool",
"critical",
"copy",
"installer",
"meta",
"as15169 google",
"aaaa",
"a domains",
"videosdewebcams",
"search",
"passive dns",
"urls",
"record value",
"date",
"certificate",
"scan endpoints",
"all octoseek",
"pulse pulses",
"files"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Germany"
],
"malware_families": [
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "RedLine",
"display_name": "RedLine",
"target": null
},
{
"id": "Lumma",
"display_name": "Lumma",
"target": null
}
],
"attack_ids": [
{
"id": "T1090",
"name": "Proxy",
"display_name": "T1090 - Proxy"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "655650c9b2be6cc930c92cf3",
"export_count": 101,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 204,
"FileHash-SHA1": 182,
"FileHash-SHA256": 6268,
"URL": 13989,
"domain": 3229,
"hostname": 4412,
"CVE": 19,
"email": 3
},
"indicator_count": 28306,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 226,
"modified_text": "855 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "655657ca2e402d4f98283de9",
"name": "https://myaccount.uscis.gov/ ",
"description": "",
"modified": "2023-12-16T15:00:49.451000",
"created": "2023-11-16T17:56:26.312000",
"tags": [
"whois record",
"ssl certificate",
"whois whois",
"communicating",
"referrer",
"ip address",
"contacted",
"pe resource",
"historical ssl",
"collections wow",
"cobalt",
"stealer",
"quasar",
"remcos",
"ursnif",
"fabookie",
"name verdict",
"exit",
"node tcp",
"traffic",
"united",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"tor known",
"tor relayrouter",
"cisco umbrella",
"site",
"safe site",
"heur",
"maltiverse",
"million",
"alexa top",
"unsafe",
"html",
"team",
"riskware",
"malware",
"phishing",
"union",
"bank",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"exploit",
"crack",
"webtoolbar",
"detection list",
"blacklist http",
"september",
"threat roundup",
"execution",
"metro",
"formbook",
"kgs0",
"kls0",
"blacklist https",
"malicious site",
"malware site",
"phishing site",
"download",
"malicious",
"azorult",
"service",
"runescape",
"facebook",
"genkryptik",
"fuery",
"wacatac",
"alexa",
"dbatloader",
"nanocore rat",
"agent tesla",
"binder",
"dridex",
"hawkeye",
"small",
"netwire",
"trojan",
"redline stealer",
"lumma stealer",
"trojanspy",
"redline",
"lumma",
"tsara brashears",
"whois",
"asn owner",
"highly targeted",
"relacionada",
"lolkek",
"emotet",
"dark power",
"wiper",
"ransomware",
"cobalt strike",
"quasar rat",
"core",
"bitrat",
"hacktool",
"critical",
"copy",
"installer",
"meta",
"as15169 google",
"aaaa",
"a domains",
"videosdewebcams",
"search",
"passive dns",
"urls",
"record value",
"date",
"certificate",
"scan endpoints",
"all octoseek",
"pulse pulses",
"files"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Germany"
],
"malware_families": [
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "RedLine",
"display_name": "RedLine",
"target": null
},
{
"id": "Lumma",
"display_name": "Lumma",
"target": null
}
],
"attack_ids": [
{
"id": "T1090",
"name": "Proxy",
"display_name": "T1090 - Proxy"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "655650c9b2be6cc930c92cf3",
"export_count": 100,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 204,
"FileHash-SHA1": 182,
"FileHash-SHA256": 6268,
"URL": 13989,
"domain": 3229,
"hostname": 4412,
"CVE": 19,
"email": 3
},
"indicator_count": 28306,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "855 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "655652f6ddcbf952a599cded",
"name": "https://myaccount.uscis.gov/",
"description": "After Mark Montano Md reported alleged acts by Jeffrey Scott Reimer after receiving 'multiple' reports of him aggressively pursuing Brashears, she was contacted, told she violated the Patriot Act by Big O Tires?!! Received letters from the above and harassed for years. Colorado Workers compensation is so corrupt this may be my last post. She was immediately framed , blamed, porn smeared and stalked. Denied medical care , when received died on surgery table, revised and disabled. Even the mafia would tackle only the associates bringing undue negative attention to their own organization.",
"modified": "2023-12-16T15:00:49.451000",
"created": "2023-11-16T17:35:50.285000",
"tags": [
"whois record",
"ssl certificate",
"whois whois",
"communicating",
"referrer",
"ip address",
"contacted",
"pe resource",
"historical ssl",
"collections wow",
"cobalt",
"stealer",
"quasar",
"remcos",
"ursnif",
"fabookie",
"name verdict",
"exit",
"node tcp",
"traffic",
"united",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"tor known",
"tor relayrouter",
"cisco umbrella",
"site",
"safe site",
"heur",
"maltiverse",
"million",
"alexa top",
"unsafe",
"html",
"team",
"riskware",
"malware",
"phishing",
"union",
"bank",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"exploit",
"crack",
"webtoolbar",
"detection list",
"blacklist http",
"september",
"threat roundup",
"execution",
"metro",
"formbook",
"kgs0",
"kls0",
"blacklist https",
"malicious site",
"malware site",
"phishing site",
"download",
"malicious",
"azorult",
"service",
"runescape",
"facebook",
"genkryptik",
"fuery",
"wacatac",
"alexa",
"dbatloader",
"nanocore rat",
"agent tesla",
"binder",
"dridex",
"hawkeye",
"small",
"netwire",
"trojan",
"redline stealer",
"lumma stealer",
"trojanspy",
"redline",
"lumma",
"tsara brashears",
"whois",
"asn owner",
"highly targeted",
"relacionada",
"lolkek",
"emotet",
"dark power",
"wiper",
"ransomware",
"cobalt strike",
"quasar rat",
"core",
"bitrat",
"hacktool",
"critical",
"copy",
"installer",
"meta",
"as15169 google",
"aaaa",
"a domains",
"videosdewebcams",
"search",
"passive dns",
"urls",
"record value",
"date",
"certificate",
"scan endpoints",
"all octoseek",
"pulse pulses",
"files"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Germany"
],
"malware_families": [
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "RedLine",
"display_name": "RedLine",
"target": null
},
{
"id": "Lumma",
"display_name": "Lumma",
"target": null
}
],
"attack_ids": [
{
"id": "T1090",
"name": "Proxy",
"display_name": "T1090 - Proxy"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 100,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 204,
"FileHash-SHA1": 182,
"FileHash-SHA256": 6268,
"URL": 13989,
"domain": 3229,
"hostname": 4412,
"CVE": 19,
"email": 3
},
"indicator_count": 28306,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 224,
"modified_text": "855 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "655650c9b2be6cc930c92cf3",
"name": "https://myaccount.uscis.gov/",
"description": "HOW!?!? My device was remotely logged into this account somehow.\nThis is egregious. Silence Threats. I have no connection to this but was contacted by a while ago. I don't know how or why a part of the government would attack a person with a TBI and C1 - S1 Spinal cord injury allegedly caused by Colorado physical therapist and protect him. Why is victim, tracked and unsafe, receiving death threats, monitored, denied medical care, stalked EVERYWHERE. \nEven felons aren't monitored for life. STOP.\nWill this get us killed. Do the right thing.\nGod bless America, purge the government.\nThe truth should set you fee not get you harmed.",
"modified": "2023-12-16T15:00:49.451000",
"created": "2023-11-16T17:26:33",
"tags": [
"whois record",
"ssl certificate",
"whois whois",
"communicating",
"referrer",
"ip address",
"contacted",
"pe resource",
"historical ssl",
"collections wow",
"cobalt",
"stealer",
"quasar",
"remcos",
"ursnif",
"fabookie",
"name verdict",
"exit",
"node tcp",
"traffic",
"united",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"tor known",
"tor relayrouter",
"cisco umbrella",
"site",
"safe site",
"heur",
"maltiverse",
"million",
"alexa top",
"unsafe",
"html",
"team",
"riskware",
"malware",
"phishing",
"union",
"bank",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"exploit",
"crack",
"webtoolbar",
"detection list",
"blacklist http",
"september",
"threat roundup",
"execution",
"metro",
"formbook",
"kgs0",
"kls0",
"blacklist https",
"malicious site",
"malware site",
"phishing site",
"download",
"malicious",
"azorult",
"service",
"runescape",
"facebook",
"genkryptik",
"fuery",
"wacatac",
"alexa",
"dbatloader",
"nanocore rat",
"agent tesla",
"binder",
"dridex",
"hawkeye",
"small",
"netwire",
"trojan",
"redline stealer",
"lumma stealer",
"trojanspy",
"redline",
"lumma",
"tsara brashears",
"whois",
"asn owner",
"highly targeted",
"relacionada",
"lolkek",
"emotet",
"dark power",
"wiper",
"ransomware",
"cobalt strike",
"quasar rat",
"core",
"bitrat",
"hacktool",
"critical",
"copy",
"installer",
"meta",
"as15169 google",
"aaaa",
"a domains",
"videosdewebcams",
"search",
"passive dns",
"urls",
"record value",
"date",
"certificate",
"scan endpoints",
"all octoseek",
"pulse pulses",
"files"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Germany"
],
"malware_families": [
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "RedLine",
"display_name": "RedLine",
"target": null
},
{
"id": "Lumma",
"display_name": "Lumma",
"target": null
}
],
"attack_ids": [
{
"id": "T1090",
"name": "Proxy",
"display_name": "T1090 - Proxy"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 102,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 204,
"FileHash-SHA1": 182,
"FileHash-SHA256": 6268,
"URL": 13989,
"domain": 3229,
"hostname": 4412,
"CVE": 19,
"email": 3
},
"indicator_count": 28306,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 224,
"modified_text": "855 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65565477da453c46f05a6ac4",
"name": "BTW VirusTotal - \" interesting files written to disk during execution'",
"description": "",
"modified": "2023-12-16T15:00:49.451000",
"created": "2023-11-16T17:42:15.123000",
"tags": [
"whois record",
"ssl certificate",
"whois whois",
"communicating",
"referrer",
"ip address",
"contacted",
"pe resource",
"historical ssl",
"collections wow",
"cobalt",
"stealer",
"quasar",
"remcos",
"ursnif",
"fabookie",
"name verdict",
"exit",
"node tcp",
"traffic",
"united",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"tor known",
"tor relayrouter",
"cisco umbrella",
"site",
"safe site",
"heur",
"maltiverse",
"million",
"alexa top",
"unsafe",
"html",
"team",
"riskware",
"malware",
"phishing",
"union",
"bank",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"exploit",
"crack",
"webtoolbar",
"detection list",
"blacklist http",
"september",
"threat roundup",
"execution",
"metro",
"formbook",
"kgs0",
"kls0",
"blacklist https",
"malicious site",
"malware site",
"phishing site",
"download",
"malicious",
"azorult",
"service",
"runescape",
"facebook",
"genkryptik",
"fuery",
"wacatac",
"alexa",
"dbatloader",
"nanocore rat",
"agent tesla",
"binder",
"dridex",
"hawkeye",
"small",
"netwire",
"trojan",
"redline stealer",
"lumma stealer",
"trojanspy",
"redline",
"lumma",
"tsara brashears",
"whois",
"asn owner",
"highly targeted",
"relacionada",
"lolkek",
"emotet",
"dark power",
"wiper",
"ransomware",
"cobalt strike",
"quasar rat",
"core",
"bitrat",
"hacktool",
"critical",
"copy",
"installer",
"meta",
"as15169 google",
"aaaa",
"a domains",
"videosdewebcams",
"search",
"passive dns",
"urls",
"record value",
"date",
"certificate",
"scan endpoints",
"all octoseek",
"pulse pulses",
"files"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Germany"
],
"malware_families": [
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "RedLine",
"display_name": "RedLine",
"target": null
},
{
"id": "Lumma",
"display_name": "Lumma",
"target": null
}
],
"attack_ids": [
{
"id": "T1090",
"name": "Proxy",
"display_name": "T1090 - Proxy"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "655650c9b2be6cc930c92cf3",
"export_count": 101,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 204,
"FileHash-SHA1": 182,
"FileHash-SHA256": 6268,
"URL": 13989,
"domain": 3229,
"hostname": 4412,
"CVE": 19,
"email": 3
},
"indicator_count": 28306,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 223,
"modified_text": "855 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "654d29ff31857aafba0358e1",
"name": "Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server | Apple iOS",
"description": "",
"modified": "2023-12-09T03:01:57.989000",
"created": "2023-11-09T18:50:39.675000",
"tags": [
"ssl certificate",
"historical ssl",
"communicating",
"contacted",
"resolutions",
"whois record",
"whois whois",
"whois parent",
"whois siblings",
"skynet",
"threat report",
"ip summary",
"url summary",
"summary",
"sample",
"samples",
"detection list",
"blacklist",
"cisco umbrella",
"site",
"safe site",
"million",
"team",
"microsoft",
"back",
"download",
"phishing",
"union",
"bank",
"malicious site",
"blacklist http",
"exit",
"traffic",
"node tcp",
"tor known",
"tor relayrouter",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"spammer",
"malware",
"dropped",
"unlocker",
"http",
"critical risk",
"redline stealer",
"core",
"hacktool",
"execution",
"type win32",
"exe size",
"first seen",
"file name",
"avast win32",
"win32",
"avg win32",
"fortinet",
"vitro",
"mb first",
"rmndrp",
"clean mx",
"undetected dns8",
"undetected vx",
"sophos",
"vault",
"zdb zeus",
"cmc threat",
"snort ip",
"feodo tracker",
"cybereason",
"send bug",
"pe yandex",
"no data",
"tag count",
"count blacklist",
"tag tag",
"algorithm",
"v3 serial",
"number",
"issuer",
"cus cnr3",
"olet",
"subject public",
"key info",
"key algorithm",
"key identifier",
"first",
"seen",
"valid",
"no na",
"no no",
"ip security",
"cndst root",
"ca x3",
"ca id",
"research group",
"cnisrg root",
"no expired",
"mozilla",
"android",
"malicious red team",
"tsara brashears",
"cyber stalking",
"malvertizing",
"invasion of privacy",
"threat",
"adult content",
"apple",
"iphone unlocker",
"android",
"exploited spyware",
"malware host",
"brute force",
"revenge-rat",
"banker",
"evasive",
"domain",
"redline",
"stealer",
"phishing",
"ramnit",
"unreliable subdomains",
"dridex",
"gating",
"msil",
"rat",
"loki",
"network",
"hacking",
"sinkhole",
"azorult",
"c2",
"historicalandnew",
"targeted attack",
"puffstealer",
"rultazo",
"lokibot",
"loki pws",
"burkina",
"banker,dde,dridex,exploit",
"banker,dridex,evasive",
"trickbot",
"ransomware,torrentlocker",
"exploit_source",
"blacknet",
"FileRepMalware",
"linux agent",
"blacknet",
"ios",
"phishing paypal",
"tagging",
"defacement",
"hit",
"bounty",
"phishing site",
"malware site",
"malware download",
"endangerment",
"Malicious domain - SANS Internet Storm Center",
"evasive,msil,rat,revenge-rat",
"prism_setting",
"prism_object",
"static engine",
"social engineering",
"jansky",
"worm",
"network rat",
"networm",
"Loki Password Stealer (PWS)",
"South Carolina Federal Credit Union phishing",
"darkweb",
"yandex",
"redirectors",
"blacknet threats",
"phishing,ransomware,sinkhole",
"wanacrypt0r,wannacry,wcry",
"tor c++",
"tor c++ client",
"python user",
"js user",
"hacker",
"hijacker",
"heur",
"maltiverse",
"alexa top",
"exploit",
"riskware",
"unsafe",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"crack",
"webtoolbar",
"search live",
"api blog",
"docs pricing",
"november",
"de indicators",
"domains",
"hashes",
"__convergedlogin_pcustomizationloader_44b450e8d543eb53930d",
"malicious url",
"financial",
"blacknet rat",
"azorult",
"stealer",
"deep scan",
"blacklist https",
"referrer",
"collections kp",
"incident ip",
"sneaky server",
"replacement",
"unauthorized",
"emotet",
"noname057",
"generic malware",
"engineering",
"cyber threat",
"facebook",
"paypal",
"dropbox",
"united",
"america",
"banking",
"wells fargo",
"steam",
"twitter",
"sliver",
"daum",
"swift",
"runescape",
"betabot",
"district",
"iframe",
"alexa",
"downldr",
"agent",
"presenoker",
"bladabindi",
"live",
"conduit",
"pony",
"covid19",
"malicious",
"cobalt strike",
"suppobox",
"ramnit",
"meterpreter",
"virut",
"njrat",
"pykspa",
"asyncrat",
"downloader",
"fakealert",
"binder",
"virustotal",
"formbook",
"necurs",
"trojan",
"msil",
"hiloti",
"vawtrak",
"simda",
"kraken",
"solimba",
"icedid",
"redirector",
"suspic",
"amadey",
"raccoon",
"nanocore rat",
"revenge rat",
"genkryptik",
"fuery",
"wacatac",
"service",
"cloudeye",
"tinba",
"domaiq",
"ave maria",
"zeus",
"ransomware",
"zbot",
"generic",
"trojanspy",
"states",
"inmortal",
"locky",
"strike",
"china cobalt",
"keybase",
"cutwail",
"citadel",
"radamant",
"kovter",
"bradesco",
"nymaim",
"amonetize",
"bondat",
"ghost rat",
"vjw0rm",
"bandoo",
"matsnu",
"dnspionage",
"darkgate",
"vidar",
"keylogger",
"remcos",
"agenttesla",
"detplock",
"win64",
"smokeloader",
"agent tesla",
"kgs0",
"kls0",
"urls",
"type name",
"dns replication",
"date",
"domain",
"win32 exe",
"files",
"detections type",
"name",
"drpsuinstaller",
"vdfsurfs",
"opera",
"icwrmind",
"notepad",
"installer",
"miner",
"unknown",
"networm",
"houdini",
"quasar rat",
"gamehack",
"dbatloader",
"qakbot",
"ursnif",
"CVE-2005-1790",
"CVE-2009-3672",
"CVE-2010-3962",
"CVE-2012-3993",
"CVE-2014-6332",
"CVE-2017-11882",
"CVE-2020-0601",
"CVE-2020-0674",
"hallrender.com",
"brian sabey",
"insurance",
"botnetwork",
"botmaster",
"command_and_control",
"CVE-2021-27065",
"CVE-2021-40444",
"CVE-2023-4966",
"CVE-2017-0199",
"CVE-2018-4893",
"CVE-2010-3333",
"CVE-2015-1641",
"CVE-2017-0147",
"CVE-2017-8570",
"CVE-2018-0802",
"CVE-2018-8373",
"CVE-2017-8759",
"CVE-2018-8453",
"CVE-2014-3153",
"CVE-2015-1650",
"CVE-2017-0143",
"CVE-2017-8464",
"Icefog",
"Delf.NBX",
"$WebWatson",
"Gen:Heur.Ransom.HiddenTears",
"mobilekey.pw",
"bitbucket.org",
"Anomalous.100%",
"malware distribution site",
"gootkit",
"edsaid",
"rightsaided",
"betabot",
"cobaltstrike4.tk",
"mas.to",
"BehavesLike.YahLover",
"srdvd16010404",
"languageenu",
"buildno",
"channelisales",
"vendorname2581",
"osregion",
"device",
"systemlocale",
"majorver16",
"quasar",
"find",
"lockbit",
"chaos",
"ransomexx",
"grandoreiro",
"evilnum",
"banker"
],
"references": [
"https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7",
"20.99.186.246 exploit source",
"fp2e7a.wpc.2be4.phicdn.net",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)",
"http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)",
"init.ess.apple.com (malicious code script)",
"https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )",
"https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators",
"VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection",
"Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246",
"IPv4 45.12.253.72. command_and_control",
"Hostname: ddos.dnsnb8.net command_and_control",
"IPv4 95.213.186.51 command_and_control",
"Hostname: www.supernetforme.com command_and_control",
"IPv4 103.224.182.246 command_and_control",
"IPv4 72.251.233.245 command_and_control",
"IPv4 63.251.106.25 command_and_control",
"IPv4 45.15.156.208 command_and_control",
"IPv4 104.247.81.51 command_and_control",
"http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)",
"https://downloaddevtools.ir/ (phishing)",
"happylifehappywife.com",
"apples.encryptedwork.com (Interesting in the blacknet)",
"https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)",
"https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)",
"https://www.apple.com/shop/browse/open/country_selector (exploit)",
"www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!",
"http://init-p01st.push.apple.com/bag (malicious web creator)",
"opencve.djgummikuh.de (CVE dispensary)",
"Maltiverse Research Team",
"URLscan.io",
"Deep Research",
"Hybrid Analysis",
"URLhaus Abuse.ch",
"Cyber Threat Coalition",
"ThreatFox Abuse.ch"
],
"public": 1,
"adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed",
"targeted_countries": [
"United States of America",
"France",
"Spain"
],
"malware_families": [
{
"id": "Feodo",
"display_name": "Feodo",
"target": null
},
{
"id": "Dridex",
"display_name": "Dridex",
"target": null
},
{
"id": "Redline Stealer",
"display_name": "Redline Stealer",
"target": null
},
{
"id": "Ramnit.N",
"display_name": "Ramnit.N",
"target": null
},
{
"id": "Loki Bot",
"display_name": "Loki Bot",
"target": null
},
{
"id": "Loki Password Stealer (PWS)",
"display_name": "Loki Password Stealer (PWS)",
"target": null
},
{
"id": "AZORult",
"display_name": "AZORult",
"target": null
},
{
"id": "Zbd Zeus",
"display_name": "Zbd Zeus",
"target": null
},
{
"id": "Trojan:MSIL/Burkina",
"display_name": "Trojan:MSIL/Burkina",
"target": "/malware/Trojan:MSIL/Burkina"
},
{
"id": "Generic.TrickBot.1",
"display_name": "Generic.TrickBot.1",
"target": null
},
{
"id": "Exploit.CVE",
"display_name": "Exploit.CVE",
"target": null
},
{
"id": "Injector.IS.gen",
"display_name": "Injector.IS.gen",
"target": null
},
{
"id": "Gen:Variant.Razy",
"display_name": "Gen:Variant.Razy",
"target": null
},
{
"id": "Trojan.Androm.Gen",
"display_name": "Trojan.Androm.Gen",
"target": null
},
{
"id": "HEUR:Trojan.Linux.Agent",
"display_name": "HEUR:Trojan.Linux.Agent",
"target": null
},
{
"id": "BScope.Trojan",
"display_name": "BScope.Trojan",
"target": null
},
{
"id": "VBA.Downloader",
"display_name": "VBA.Downloader",
"target": null
},
{
"id": "Trojan.Notifier",
"display_name": "Trojan.Notifier",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.Alien",
"display_name": "HEUR:Trojan.MSOffice.Alien",
"target": null
},
{
"id": "Unsafe.AI_Score_100%",
"display_name": "Unsafe.AI_Score_100%",
"target": null
},
{
"id": "Gen:Variant.Johnnie",
"display_name": "Gen:Variant.Johnnie",
"target": null
},
{
"id": "DangerousObject.Multi",
"display_name": "DangerousObject.Multi",
"target": null
},
{
"id": "Trojan:Python/Downldr",
"display_name": "Trojan:Python/Downldr",
"target": "/malware/Trojan:Python/Downldr"
},
{
"id": "Trojan:Linux/Downldr",
"display_name": "Trojan:Linux/Downldr",
"target": "/malware/Trojan:Linux/Downldr"
},
{
"id": "Trojan:VBA/Downldr",
"display_name": "Trojan:VBA/Downldr",
"target": "/malware/Trojan:VBA/Downldr"
},
{
"id": "TrojanDownloader:Linux/Downldr",
"display_name": "TrojanDownloader:Linux/Downldr",
"target": "/malware/TrojanDownloader:Linux/Downldr"
},
{
"id": "Kryptik.FPH.gen",
"display_name": "Kryptik.FPH.gen",
"target": null
},
{
"id": "TROJ_FRS.VSNTFK19",
"display_name": "TROJ_FRS.VSNTFK19",
"target": null
},
{
"id": "Trojan.Ransom.GenericKD",
"display_name": "Trojan.Ransom.GenericKD",
"target": null
},
{
"id": "Phish.JAT",
"display_name": "Phish.JAT",
"target": null
},
{
"id": "Phishing.HTML",
"display_name": "Phishing.HTML",
"target": null
},
{
"id": "Generic.ASMalwS",
"display_name": "Generic.ASMalwS",
"target": null
},
{
"id": "Phish.AB",
"display_name": "Phish.AB",
"target": null
},
{
"id": "Generic.Malware",
"display_name": "Generic.Malware",
"target": null
},
{
"id": "ml.Generic",
"display_name": "ml.Generic",
"target": null
},
{
"id": "Xegumumune.8596c22f",
"display_name": "Xegumumune.8596c22f",
"target": null
},
{
"id": "Generic.Malware.SMYB",
"display_name": "Generic.Malware.SMYB",
"target": null
},
{
"id": "malicious.moderate.ml",
"display_name": "malicious.moderate.ml",
"target": null
},
{
"id": "Agent.NBAE",
"display_name": "Agent.NBAE",
"target": null
},
{
"id": "AGEN.1045227",
"display_name": "AGEN.1045227",
"target": null
},
{
"id": "Riskware.Agent",
"display_name": "Riskware.Agent",
"target": null
},
{
"id": "Gen:Variant.Cerbu",
"display_name": "Gen:Variant.Cerbu",
"target": null
},
{
"id": "IL:Trojan.MSILZilla",
"display_name": "IL:Trojan.MSILZilla",
"target": null
},
{
"id": "Dropped:Generic.Ransom.DMR",
"display_name": "Dropped:Generic.Ransom.DMR",
"target": null
},
{
"id": "Delf.NBX",
"display_name": "Delf.NBX",
"target": null
},
{
"id": "malicious.f01f67",
"display_name": "malicious.f01f67",
"target": null
},
{
"id": "AGEN.1144657",
"display_name": "AGEN.1144657",
"target": null
},
{
"id": "Trojan.Heur",
"display_name": "Trojan.Heur",
"target": null
},
{
"id": "Trojan.Malware.300983",
"display_name": "Trojan.Malware.300983",
"target": null
},
{
"id": "SdBot.CAOC",
"display_name": "SdBot.CAOC",
"target": null
},
{
"id": "Trojan.DelShad",
"display_name": "Trojan.DelShad",
"target": null
},
{
"id": "Exploit CVE-2017-11882",
"display_name": "Exploit CVE-2017-11882",
"target": null
},
{
"id": "GameHack.NL",
"display_name": "GameHack.NL",
"target": null
},
{
"id": "JS:Trojan.HideLink",
"display_name": "JS:Trojan.HideLink",
"target": null
},
{
"id": "Script.Agent",
"display_name": "Script.Agent",
"target": null
},
{
"id": "Macro.Agent",
"display_name": "Macro.Agent",
"target": null
},
{
"id": "Macro.Downloader.AMIP",
"display_name": "Macro.Downloader.AMIP",
"target": null
},
{
"id": "Trojan.VBA",
"display_name": "Trojan.VBA",
"target": null
},
{
"id": "HEUR.VBA.Trojan",
"display_name": "HEUR.VBA.Trojan",
"target": null
},
{
"id": "VB.EmoooDldr.10",
"display_name": "VB.EmoooDldr.10",
"target": null
},
{
"id": "VB:Trojan.Valyria",
"display_name": "VB:Trojan.Valyria",
"target": null
},
{
"id": "OpenSubtitles.A",
"display_name": "OpenSubtitles.A",
"target": null
},
{
"id": "VB.EmoDldr.4",
"display_name": "VB.EmoDldr.4",
"target": null
},
{
"id": "Packed-GV",
"display_name": "Packed-GV",
"target": null
},
{
"id": "Adware.InstallMonetizer",
"display_name": "Adware.InstallMonetizer",
"target": null
},
{
"id": "Skynet",
"display_name": "Skynet",
"target": null
},
{
"id": "HW32.Packed",
"display_name": "HW32.Packed",
"target": null
},
{
"id": "Zpevdo.B",
"display_name": "Zpevdo.B",
"target": null
},
{
"id": "Presenoker",
"display_name": "Presenoker",
"target": null
},
{
"id": "SGeneric",
"display_name": "SGeneric",
"target": null
},
{
"id": "GameHack.DOM",
"display_name": "GameHack.DOM",
"target": null
},
{
"id": "BehavesLike.Ransom",
"display_name": "BehavesLike.Ransom",
"target": null
},
{
"id": "CIL.StupidCryptor",
"display_name": "CIL.StupidCryptor",
"target": null
},
{
"id": "Gen:Heur.Ransom.MSIL",
"display_name": "Gen:Heur.Ransom.MSIL",
"target": null
},
{
"id": "Black.Gen2",
"display_name": "Black.Gen2",
"target": null
},
{
"id": "GameHack.CRS",
"display_name": "GameHack.CRS",
"target": null
},
{
"id": "Trojan.HTML.PHISH",
"display_name": "Trojan.HTML.PHISH",
"target": null
},
{
"id": "Gen:Heur.MSIL.Inject",
"display_name": "Gen:Heur.MSIL.Inject",
"target": null
},
{
"id": "Program.Unwanted",
"display_name": "Program.Unwanted",
"target": null
},
{
"id": "HEUR/QVM42.3.72EB.Malware",
"display_name": "HEUR/QVM42.3.72EB.Malware",
"target": null
},
{
"id": "suspicious.low.ml",
"display_name": "suspicious.low.ml",
"target": null
},
{
"id": "JS:Trojan.Cryxos",
"display_name": "JS:Trojan.Cryxos",
"target": null
},
{
"id": "Suspicious_GEN.F47V0520",
"display_name": "Suspicious_GEN.F47V0520",
"target": null
},
{
"id": "Dropper.Trojan.Generic",
"display_name": "Dropper.Trojan.Generic",
"target": null
},
{
"id": "Trojan.TrickBot",
"display_name": "Trojan.TrickBot",
"target": null
},
{
"id": "Malware.Tk.Generic",
"display_name": "Malware.Tk.Generic",
"target": null
},
{
"id": "TrojanSpy.Java",
"display_name": "TrojanSpy.Java",
"target": null
},
{
"id": "Riskware.NetFilter",
"display_name": "Riskware.NetFilter",
"target": null
},
{
"id": "RiskWare.Crack",
"display_name": "RiskWare.Crack",
"target": null
},
{
"id": "BehavesLike.Exploit",
"display_name": "BehavesLike.Exploit",
"target": null
},
{
"id": "Gen:NN.ZemsilF.34128",
"display_name": "Gen:NN.ZemsilF.34128",
"target": null
},
{
"id": "Wacapew.C",
"display_name": "Wacapew.C",
"target": null
},
{
"id": "Trojan.Malware.121218",
"display_name": "Trojan.Malware.121218",
"target": null
},
{
"id": "RiskWare.HackTool.Agent",
"display_name": "RiskWare.HackTool.Agent",
"target": null
},
{
"id": "Artemis",
"display_name": "Artemis",
"target": null
},
{
"id": "Trojan.Generic",
"display_name": "Trojan.Generic",
"target": null
},
{
"id": "W32.Trojan",
"display_name": "W32.Trojan",
"target": null
},
{
"id": "BScope.Riskware",
"display_name": "BScope.Riskware",
"target": null
},
{
"id": "Gen:Variant.Bulz",
"display_name": "Gen:Variant.Bulz",
"target": null
},
{
"id": "Ransom:Win32/CVE-2017-0147",
"display_name": "Ransom:Win32/CVE-2017-0147",
"target": "/malware/Ransom:Win32/CVE-2017-0147"
},
{
"id": "Virus.Ramnit",
"display_name": "Virus.Ramnit",
"target": null
},
{
"id": "Virus.Virut",
"display_name": "Virus.Virut",
"target": null
},
{
"id": "Adware.KuziTui",
"display_name": "Adware.KuziTui",
"target": null
},
{
"id": "AGEN.1141126",
"display_name": "AGEN.1141126",
"target": null
},
{
"id": "W32.AIDetect",
"display_name": "W32.AIDetect",
"target": null
},
{
"id": "Trojan.Python",
"display_name": "Trojan.Python",
"target": null
},
{
"id": "W32.AIDetectVM",
"display_name": "W32.AIDetectVM",
"target": null
},
{
"id": "Suspicious.Save",
"display_name": "Suspicious.Save",
"target": null
},
{
"id": "Adware.Downware",
"display_name": "Adware.Downware",
"target": null
},
{
"id": "Ransom.Win64.Wacatac.oa",
"display_name": "Ransom.Win64.Wacatac.oa",
"target": null
},
{
"id": "OpenSubtitles.A",
"display_name": "OpenSubtitles.A",
"target": null
},
{
"id": "VB.EmoDldr.4",
"display_name": "VB.EmoDldr.4",
"target": null
},
{
"id": "Gen:Variant.Midie",
"display_name": "Gen:Variant.Midie",
"target": null
},
{
"id": "HEUR/QVM41.2.DA9B.Malware",
"display_name": "HEUR/QVM41.2.DA9B.Malware",
"target": null
},
{
"id": "Gen:Variant.Sirefef",
"display_name": "Gen:Variant.Sirefef",
"target": null
},
{
"id": "Macro.Trojan.Dropperd",
"display_name": "Macro.Trojan.Dropperd",
"target": null
},
{
"id": "BlackNET RAT",
"display_name": "BlackNET RAT",
"target": null
},
{
"id": "Gen:Variant.Ursu",
"display_name": "Gen:Variant.Ursu",
"target": null
},
{
"id": "Redcap.rlhse",
"display_name": "Redcap.rlhse",
"target": null
},
{
"id": "Trojan.Trickster",
"display_name": "Trojan.Trickster",
"target": null
},
{
"id": "HTML_REDIR.SMR",
"display_name": "HTML_REDIR.SMR",
"target": null
},
{
"id": "TROJ_FRS.VSNTFK19",
"display_name": "TROJ_FRS.VSNTFK19",
"target": null
},
{
"id": "Hoax.JS.Phish",
"display_name": "Hoax.JS.Phish",
"target": null
},
{
"id": "JS:Iframe",
"display_name": "JS:Iframe",
"target": null
},
{
"id": "Application.SQLCrack",
"display_name": "Application.SQLCrack",
"target": null
},
{
"id": "susp.lnk",
"display_name": "susp.lnk",
"target": null
},
{
"id": "QVM201.0.B70B.Malware",
"display_name": "QVM201.0.B70B.Malware",
"target": null
},
{
"id": "Immortal Stealer",
"display_name": "Immortal Stealer",
"target": null
},
{
"id": "WebMonitor RAT",
"display_name": "WebMonitor RAT",
"target": null
},
{
"id": "Tor - S0183",
"display_name": "Tor - S0183",
"target": null
},
{
"id": "WannaCry",
"display_name": "WannaCry",
"target": null
},
{
"id": "WannaCryptor",
"display_name": "WannaCryptor",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "BlackNET",
"display_name": "BlackNET",
"target": null
},
{
"id": "DeepScan:Generic.Ransom.GandCrab5",
"display_name": "DeepScan:Generic.Ransom.GandCrab5",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "States",
"display_name": "States",
"target": null
},
{
"id": "Inmortal",
"display_name": "Inmortal",
"target": null
},
{
"id": "Domains",
"display_name": "Domains",
"target": null
},
{
"id": "Locky",
"display_name": "Locky",
"target": null
},
{
"id": "Delf.NBX",
"display_name": "Delf.NBX",
"target": null
},
{
"id": "Gen:NN.ZexaF.32515",
"display_name": "Gen:NN.ZexaF.32515",
"target": null
},
{
"id": "FileRepMalware",
"display_name": "FileRepMalware",
"target": null
},
{
"id": "Gen:Variant.MSILPerseus",
"display_name": "Gen:Variant.MSILPerseus",
"target": null
},
{
"id": "Icefog",
"display_name": "Icefog",
"target": null
},
{
"id": "$WebWatson",
"display_name": "$WebWatson",
"target": null
},
{
"id": "Agent.AIK.gen",
"display_name": "Agent.AIK.gen",
"target": null
},
{
"id": "Agent.AIK.genCIL.StupidCryptor",
"display_name": "Agent.AIK.genCIL.StupidCryptor",
"target": null
},
{
"id": "Agent.YPEZ",
"display_name": "Agent.YPEZ",
"target": null
},
{
"id": "Application.InnovativSol",
"display_name": "Application.InnovativSol",
"target": null
},
{
"id": "Agent.ASO",
"display_name": "Agent.ASO",
"target": null
},
{
"id": "S-b748adc5",
"display_name": "S-b748adc5",
"target": null
},
{
"id": "W32.eHeur",
"display_name": "W32.eHeur",
"target": null
},
{
"id": "Kryptik.GUCB",
"display_name": "Kryptik.GUCB",
"target": null
},
{
"id": "AgentTesla",
"display_name": "AgentTesla",
"target": null
},
{
"id": "Autoit.bimwt",
"display_name": "Autoit.bimwt",
"target": null
},
{
"id": "HEUR:Trojan.OLE2.Alien",
"display_name": "HEUR:Trojan.OLE2.Alien",
"target": null
},
{
"id": "AGEN.1038489",
"display_name": "AGEN.1038489",
"target": null
},
{
"id": "Gen:Variant.Ser.Strictor",
"display_name": "Gen:Variant.Ser.Strictor",
"target": null
},
{
"id": "Packed.Themida.Gen",
"display_name": "Packed.Themida.Gen",
"target": null
},
{
"id": "AGEN.1043164",
"display_name": "AGEN.1043164",
"target": null
},
{
"id": "TrickBot - S0266",
"display_name": "TrickBot - S0266",
"target": null
},
{
"id": "Emotet",
"display_name": "Emotet",
"target": null
},
{
"id": "Trojan.PornoAsset",
"display_name": "Trojan.PornoAsset",
"target": null
},
{
"id": "Ransom.Win64.PORNOASSET.SM1",
"display_name": "Ransom.Win64.PORNOASSET.SM1",
"target": null
},
{
"id": "Gen:Variant.Ulise",
"display_name": "Gen:Variant.Ulise",
"target": null
},
{
"id": "Trojan.Win64",
"display_name": "Trojan.Win64",
"target": null
},
{
"id": "Dropper.Trojan.Agent",
"display_name": "Dropper.Trojan.Agent",
"target": null
},
{
"id": "Heur.BZC.YAX.Pantera.10",
"display_name": "Heur.BZC.YAX.Pantera.10",
"target": null
},
{
"id": "malicious.high.ml",
"display_name": "malicious.high.ml",
"target": null
},
{
"id": "CVE-2015-1650",
"display_name": "CVE-2015-1650",
"target": null
},
{
"id": "Worm.Win64.AutoRun",
"display_name": "Worm.Win64.AutoRun",
"target": null
},
{
"id": "AIT.Heur.Cottonmouth.8.78F19BD7",
"display_name": "AIT.Heur.Cottonmouth.8.78F19BD7",
"target": null
},
{
"id": "Gen:Variant.Mikey",
"display_name": "Gen:Variant.Mikey",
"target": null
},
{
"id": "Trojan.Agent",
"display_name": "Trojan.Agent",
"target": null
},
{
"id": "Pua.Gen",
"display_name": "Pua.Gen",
"target": null
},
{
"id": "Trojan.Downloader.Generic",
"display_name": "Trojan.Downloader.Generic",
"target": null
},
{
"id": "Suspected of Trojan.Downloader.gen",
"display_name": "Suspected of Trojan.Downloader.gen",
"target": null
},
{
"id": "HEUR:RemoteAdmin.Generic",
"display_name": "HEUR:RemoteAdmin.Generic",
"target": null
},
{
"id": "Gen:Heur.Ransom.HiddenTears",
"display_name": "Gen:Heur.Ransom.HiddenTears",
"target": null
},
{
"id": "Nemucod.A",
"display_name": "Nemucod.A",
"target": null
},
{
"id": "Backdoor.Hupigon",
"display_name": "Backdoor.Hupigon",
"target": null
},
{
"id": "Trojan.Starter JS.Iframe",
"display_name": "Trojan.Starter JS.Iframe",
"target": null
},
{
"id": "fake ,promethiumm ,strongpity",
"display_name": "fake ,promethiumm ,strongpity",
"target": null
},
{
"id": "PUA.Reg1staid",
"display_name": "PUA.Reg1staid",
"target": null
},
{
"id": "Malware.Heur_Generic.A",
"display_name": "Malware.Heur_Generic.A",
"target": null
},
{
"id": "Bladabindi.Q",
"display_name": "Bladabindi.Q",
"target": null
},
{
"id": "W32.eHeur",
"display_name": "W32.eHeur",
"target": null
},
{
"id": "malicious.6e0700",
"display_name": "malicious.6e0700",
"target": null
},
{
"id": "Trojan.Inject",
"display_name": "Trojan.Inject",
"target": null
},
{
"id": "TSGeneric",
"display_name": "TSGeneric",
"target": null
},
{
"id": "RedCap.vneda",
"display_name": "RedCap.vneda",
"target": null
},
{
"id": "Trojan.Indiloadz",
"display_name": "Trojan.Indiloadz",
"target": null
},
{
"id": "Trojan.Ekstak",
"display_name": "Trojan.Ekstak",
"target": null
},
{
"id": "staticrr.paleokits.net",
"display_name": "staticrr.paleokits.net",
"target": null
},
{
"id": "MSIL.Downloader",
"display_name": "MSIL.Downloader",
"target": null
},
{
"id": "Trojan.Autoruns.GenericKDS",
"display_name": "Trojan.Autoruns.GenericKDS",
"target": null
},
{
"id": "MSIL.Trojan.BSE",
"display_name": "MSIL.Trojan.BSE",
"target": null
},
{
"id": "Adload.AD81",
"display_name": "Adload.AD81",
"target": null
},
{
"id": "Packed.Asprotect",
"display_name": "Packed.Asprotect",
"target": null
},
{
"id": "Gen:NN.ZemsilF.34062",
"display_name": "Gen:NN.ZemsilF.34062",
"target": null
},
{
"id": "Evo",
"display_name": "Evo",
"target": null
},
{
"id": "Agent.pwc",
"display_name": "Agent.pwc",
"target": null
},
{
"id": "RiskTool.Phpw",
"display_name": "RiskTool.Phpw",
"target": null
},
{
"id": "Gen:Variant.Symmi",
"display_name": "Gen:Variant.Symmi",
"target": null
},
{
"id": "Trojan.PWS",
"display_name": "Trojan.PWS",
"target": null
},
{
"id": "Generic.BitCoinMiner.3",
"display_name": "Generic.BitCoinMiner.3",
"target": null
},
{
"id": "Trojan.Tasker",
"display_name": "Trojan.Tasker",
"target": null
},
{
"id": "Gen:NN",
"display_name": "Gen:NN",
"target": null
},
{
"id": "Downloader.CertutilURLCache",
"display_name": "Downloader.CertutilURLCache",
"target": null
},
{
"id": "Elf",
"display_name": "Elf",
"target": null
},
{
"id": "Gen:Heur.MSIL.Androm",
"display_name": "Gen:Heur.MSIL.Androm",
"target": null
},
{
"id": "Kryptik.NRD",
"display_name": "Kryptik.NRD",
"target": null
},
{
"id": "Riskware",
"display_name": "Riskware",
"target": null
},
{
"id": "Kuluoz.B.gen",
"display_name": "Kuluoz.B.gen",
"target": null
},
{
"id": "Gen:Variant.RevengeRat",
"display_name": "Gen:Variant.RevengeRat",
"target": null
},
{
"id": "Gen:Variant.Mikey",
"display_name": "Gen:Variant.Mikey",
"target": null
},
{
"id": "VB.Chronos.7",
"display_name": "VB.Chronos.7",
"target": null
},
{
"id": "Kryptik.NOE",
"display_name": "Kryptik.NOE",
"target": null
},
{
"id": "HEUR:WebToolbar.Generic",
"display_name": "HEUR:WebToolbar.Generic",
"target": null
},
{
"id": "Gen:Variant.Barys",
"display_name": "Gen:Variant.Barys",
"target": null
},
{
"id": "Backdoor.Xtreme",
"display_name": "Backdoor.Xtreme",
"target": null
},
{
"id": "Trojan.MSIL",
"display_name": "Trojan.MSIL",
"target": null
},
{
"id": "Gen:Variant.Graftor",
"display_name": "Gen:Variant.Graftor",
"target": null
},
{
"id": "Backdoor.Agent",
"display_name": "Backdoor.Agent",
"target": null
},
{
"id": "Unsafe",
"display_name": "Unsafe",
"target": null
},
{
"id": "Trojan.PHP.Agent",
"display_name": "Trojan.PHP.Agent",
"target": null
},
{
"id": "Trojan.Agent",
"display_name": "Trojan.Agent",
"target": null
},
{
"id": "HEUR:Exploit.Generic",
"display_name": "HEUR:Exploit.Generic",
"target": null
},
{
"id": "Ransom_WCRY.SMALYM",
"display_name": "Ransom_WCRY.SMALYM",
"target": null
},
{
"id": "Ransom_WCRY.SMJ",
"display_name": "Ransom_WCRY.SMJ",
"target": null
},
{
"id": "Auslogics",
"display_name": "Auslogics",
"target": null
},
{
"id": "Gen:Variant.Jaiko",
"display_name": "Gen:Variant.Jaiko",
"target": null
},
{
"id": "Exploit.W32.Agent",
"display_name": "Exploit.W32.Agent",
"target": null
},
{
"id": "Trojan.Cud.Gen",
"display_name": "Trojan.Cud.Gen",
"target": null
},
{
"id": "Trojan.DOC.Downloader",
"display_name": "Trojan.DOC.Downloader",
"target": null
},
{
"id": "Backdoor.MSIL.Agent",
"display_name": "Backdoor.MSIL.Agent",
"target": null
},
{
"id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB",
"display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB",
"target": null
},
{
"id": "Gen:Variant.Kazy",
"display_name": "Gen:Variant.Kazy",
"target": null
},
{
"id": "Gen:Variant.Zusy",
"display_name": "Gen:Variant.Zusy",
"target": null
},
{
"id": "Ransom.WannaCrypt",
"display_name": "Ransom.WannaCrypt",
"target": null
},
{
"id": "Generic.ServStart.A",
"display_name": "Generic.ServStart.A",
"target": null
},
{
"id": "Trojan.Wanna",
"display_name": "Trojan.Wanna",
"target": null
},
{
"id": "Generic.MSIL.Bladabindi",
"display_name": "Generic.MSIL.Bladabindi",
"target": null
},
{
"id": "TROJ_GEN.R002C0OG518",
"display_name": "TROJ_GEN.R002C0OG518",
"target": null
},
{
"id": "Trojan.Chapak",
"display_name": "Trojan.Chapak",
"target": null
},
{
"id": "Indiloadz.BB",
"display_name": "Indiloadz.BB",
"target": null
},
{
"id": "BehavBehavesLike.PUPXBI",
"display_name": "BehavBehavesLike.PUPXBI",
"target": null
},
{
"id": "DeepScan:Generic.SpyAgent.6",
"display_name": "DeepScan:Generic.SpyAgent.6",
"target": null
},
{
"id": "Python.KeyLogger",
"display_name": "Python.KeyLogger",
"target": null
},
{
"id": "GameHack.CRS",
"display_name": "GameHack.CRS",
"target": null
},
{
"id": "Generic.MSIL.PasswordStealer",
"display_name": "Generic.MSIL.PasswordStealer",
"target": null
},
{
"id": "PSW.Agent",
"display_name": "PSW.Agent",
"target": null
},
{
"id": "malicious.8c45ba",
"display_name": "malicious.8c45ba",
"target": null
},
{
"id": "Dropper.Binder",
"display_name": "Dropper.Binder",
"target": null
},
{
"id": "Constructor.MSIL",
"display_name": "Constructor.MSIL",
"target": null
},
{
"id": "Linux.Agent",
"display_name": "Linux.Agent",
"target": null
},
{
"id": "Virus.3DMax.Script",
"display_name": "Virus.3DMax.Script",
"target": null
},
{
"id": "ScrInject.B",
"display_name": "ScrInject.B",
"target": null
},
{
"id": "Trojan.WisdomEyes.16070401.9500",
"display_name": "Trojan.WisdomEyes.16070401.9500",
"target": null
},
{
"id": "Application.SearchProtect",
"display_name": "Application.SearchProtect",
"target": null
},
{
"id": "JS:Trojan.Clicker",
"display_name": "JS:Trojan.Clicker",
"target": null
},
{
"id": "Faceliker.A",
"display_name": "Faceliker.A",
"target": null
},
{
"id": "JS:Trojan.JS.Faceliker",
"display_name": "JS:Trojan.JS.Faceliker",
"target": null
},
{
"id": "Constructor.MSIL Linux.Agent",
"display_name": "Constructor.MSIL Linux.Agent",
"target": null
},
{
"id": "PowerShell.Trojan",
"display_name": "PowerShell.Trojan",
"target": null
},
{
"id": "HTML:Script",
"display_name": "HTML:Script",
"target": null
},
{
"id": "ScrInject.B",
"display_name": "ScrInject.B",
"target": null
},
{
"id": "W32.AIDetectVM",
"display_name": "W32.AIDetectVM",
"target": null
},
{
"id": "HackTool.CheatEngine",
"display_name": "HackTool.CheatEngine",
"target": null
},
{
"id": "Injector.CLDS",
"display_name": "Injector.CLDS",
"target": null
},
{
"id": "VB.Downloader.2",
"display_name": "VB.Downloader.2",
"target": null
},
{
"id": "malicious.3e78cc",
"display_name": "malicious.3e78cc",
"target": null
},
{
"id": "malicious.d800d6",
"display_name": "malicious.d800d6",
"target": null
},
{
"id": "VB.PwShell.2",
"display_name": "VB.PwShell.2",
"target": null
},
{
"id": "Backdoor.RBot",
"display_name": "Backdoor.RBot",
"target": null
},
{
"id": "malicious.71b1a8",
"display_name": "malicious.71b1a8",
"target": null
},
{
"id": "TrojanSpy.KeyLogger",
"display_name": "TrojanSpy.KeyLogger",
"target": null
},
{
"id": "Injector.JDO",
"display_name": "Injector.JDO",
"target": null
},
{
"id": "Heur.Msword.Gen",
"display_name": "Heur.Msword.Gen",
"target": null
},
{
"id": "PSW.Discord",
"display_name": "PSW.Discord",
"target": null
},
{
"id": "Packed.VMProtect",
"display_name": "Packed.VMProtect",
"target": null
},
{
"id": "HEUR:AdWare.StartSurf",
"display_name": "HEUR:AdWare.StartSurf",
"target": null
},
{
"id": "Gen:Heur.NoobyProtect",
"display_name": "Gen:Heur.NoobyProtect",
"target": null
},
{
"id": "CIL.HeapOverride",
"display_name": "CIL.HeapOverride",
"target": null
},
{
"id": "HEUR:Trojan.Tasker",
"display_name": "HEUR:Trojan.Tasker",
"target": null
},
{
"id": "XLM.Trojan.Abracadabra.27",
"display_name": "XLM.Trojan.Abracadabra.27",
"target": null
},
{
"id": "HEUR:Backdoor.MSIL.NanoBot",
"display_name": "HEUR:Backdoor.MSIL.NanoBot",
"target": null
},
{
"id": "Trojan.PSW.Mimikatz",
"display_name": "Trojan.PSW.Mimikatz",
"target": null
},
{
"id": "TrojanSpy.Python",
"display_name": "TrojanSpy.Python",
"target": null
},
{
"id": "Trojan.Ole2.Vbs",
"display_name": "Trojan.Ole2.Vbs",
"target": null
},
{
"id": "Exploit.MSOffice",
"display_name": "Exploit.MSOffice",
"target": null
},
{
"id": "DeepScan:Generic.Ransom.AmnesiaE",
"display_name": "DeepScan:Generic.Ransom.AmnesiaE",
"target": null
},
{
"id": "Wacatac.D6",
"display_name": "Wacatac.D6",
"target": null
},
{
"id": "Backdoor.Androm",
"display_name": "Backdoor.Androm",
"target": null
},
{
"id": "Packed.NetSeal",
"display_name": "Packed.NetSeal",
"target": null
},
{
"id": "Trojan.MSIL.Injector",
"display_name": "Trojan.MSIL.Injector",
"target": null
},
{
"id": "Trojan.PWS.Agent",
"display_name": "Trojan.PWS.Agent",
"target": null
},
{
"id": "TScope.Trojan",
"display_name": "TScope.Trojan",
"target": null
},
{
"id": "PSW.Stealer",
"display_name": "PSW.Stealer",
"target": null
},
{
"id": "Trojan.PackedNET",
"display_name": "Trojan.PackedNET",
"target": null
},
{
"id": "Trojan.Java",
"display_name": "Trojan.Java",
"target": null
},
{
"id": "MalwareX",
"display_name": "MalwareX",
"target": null
},
{
"id": "Trojan.PSW.Python",
"display_name": "Trojan.PSW.Python",
"target": null
},
{
"id": "malicious.11abfc",
"display_name": "malicious.11abfc",
"target": null
},
{
"id": "Generic.ASMalwS",
"display_name": "Generic.ASMalwS",
"target": null
},
{
"id": "HEUR:Trojan.MSIL.Tasker",
"display_name": "HEUR:Trojan.MSIL.Tasker",
"target": null
},
{
"id": "PossibleThreat.PALLAS",
"display_name": "PossibleThreat.PALLAS",
"target": null
},
{
"id": "Backdoor.Poison",
"display_name": "Backdoor.Poison",
"target": null
},
{
"id": "Generic.MSIL.LimeRAT",
"display_name": "Generic.MSIL.LimeRAT",
"target": null
},
{
"id": "PWS-FCZZ",
"display_name": "PWS-FCZZ",
"target": null
},
{
"id": "Trojan.Script",
"display_name": "Trojan.Script",
"target": null
},
{
"id": "Gen:Heur.MSIL.Inject",
"display_name": "Gen:Heur.MSIL.Inject",
"target": null
},
{
"id": "Trojan.PWS.Growtopia",
"display_name": "Trojan.PWS.Growtopia",
"target": null
},
{
"id": "Spyware.Bobik",
"display_name": "Spyware.Bobik",
"target": null
},
{
"id": "HackTool.BruteForce",
"display_name": "HackTool.BruteForce",
"target": null
},
{
"id": "Hack.Patcher",
"display_name": "Hack.Patcher",
"target": null
},
{
"id": "PWS.p",
"display_name": "PWS.p",
"target": null
},
{
"id": "Suppobox",
"display_name": "Suppobox",
"target": null
},
{
"id": "index.php",
"display_name": "index.php",
"target": null
},
{
"id": "Packed.VMProtect",
"display_name": "Packed.VMProtect",
"target": null
},
{
"id": "SmokeLoader",
"display_name": "SmokeLoader",
"target": null
},
{
"id": "Generic.Malware",
"display_name": "Generic.Malware",
"target": null
},
{
"id": "SNH:Script [Dropper]",
"display_name": "SNH:Script [Dropper]",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.SAgent",
"display_name": "HEUR:Trojan.MSOffice.SAgent",
"target": null
},
{
"id": "Script.INF",
"display_name": "Script.INF",
"target": null
},
{
"id": "JS:Trojan.JS.Likejack",
"display_name": "JS:Trojan.JS.Likejack",
"target": null
},
{
"id": "SNH:Script [Dropper]",
"display_name": "SNH:Script [Dropper]",
"target": null
},
{
"id": "Trojan.JS.Agent",
"display_name": "Trojan.JS.Agent",
"target": null
},
{
"id": "APT Notes",
"display_name": "APT Notes",
"target": null
},
{
"id": "susp.rtf.objupdate",
"display_name": "susp.rtf.objupdate",
"target": null
},
{
"id": "RedCap.zoohz",
"display_name": "RedCap.zoohz",
"target": null
},
{
"id": "Trojan.Tasker",
"display_name": "Trojan.Tasker",
"target": null
},
{
"id": "virus.office.qexvmc",
"display_name": "virus.office.qexvmc",
"target": null
},
{
"id": "Trojan.KillProc",
"display_name": "Trojan.KillProc",
"target": null
},
{
"id": "Generic.MSIL.GrwtpStealer.1",
"display_name": "Generic.MSIL.GrwtpStealer.1",
"target": null
},
{
"id": "Suspicious.Cloud",
"display_name": "Suspicious.Cloud",
"target": null
},
{
"id": "PowerShell.DownLoader",
"display_name": "PowerShell.DownLoader",
"target": null
},
{
"id": "Downldr.gen",
"display_name": "Downldr.gen",
"target": null
},
{
"id": "AGEN.1030939",
"display_name": "AGEN.1030939",
"target": null
},
{
"id": "HackTool.Binder",
"display_name": "HackTool.Binder",
"target": null
},
{
"id": "Trojan.Inject",
"display_name": "Trojan.Inject",
"target": null
},
{
"id": "Dldr.Agent",
"display_name": "Dldr.Agent",
"target": null
},
{
"id": "Dropper.MSIL",
"display_name": "Dropper.MSIL",
"target": null
},
{
"id": "Trojan.VBKryjetor",
"display_name": "Trojan.VBKryjetor",
"target": null
},
{
"id": "PWSX",
"display_name": "PWSX",
"target": null
},
{
"id": "VB:Trojan.VBA.Agent",
"display_name": "VB:Trojan.VBA.Agent",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.Stratos",
"display_name": "HEUR:Trojan.MSOffice.Stratos",
"target": null
}
],
"attack_ids": [
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1071.001",
"name": "Web Protocols",
"display_name": "T1071.001 - Web Protocols"
},
{
"id": "T1071.004",
"name": "DNS",
"display_name": "T1071.004 - DNS"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1059.007",
"name": "JavaScript",
"display_name": "T1059.007 - JavaScript"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "TA0029",
"name": "Privilege Escalation",
"display_name": "TA0029 - Privilege Escalation"
},
{
"id": "T1449",
"name": "Exploit SS7 to Redirect Phone Calls/SMS",
"display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS"
},
{
"id": "T1190",
"name": "Exploit Public-Facing Application",
"display_name": "T1190 - Exploit Public-Facing Application"
},
{
"id": "T1210",
"name": "Exploitation of Remote Services",
"display_name": "T1210 - Exploitation of Remote Services"
},
{
"id": "T1450",
"name": "Exploit SS7 to Track Device Location",
"display_name": "T1450 - Exploit SS7 to Track Device Location"
},
{
"id": "T1211",
"name": "Exploitation for Defense Evasion",
"display_name": "T1211 - Exploitation for Defense Evasion"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "TA0011",
"name": "Command and Control",
"display_name": "TA0011 - Command and Control"
},
{
"id": "T1412",
"name": "Capture SMS Messages",
"display_name": "T1412 - Capture SMS Messages"
},
{
"id": "T1454",
"name": "Malicious SMS Message",
"display_name": "T1454 - Malicious SMS Message"
},
{
"id": "T1001",
"name": "Data Obfuscation",
"display_name": "T1001 - Data Obfuscation"
},
{
"id": "T1114",
"name": "Email Collection",
"display_name": "T1114 - Email Collection"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1498",
"name": "Network Denial of Service",
"display_name": "T1498 - Network Denial of Service"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "654c597a4a45c8d84f0b15c1",
"export_count": 341,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 1184,
"FileHash-SHA1": 949,
"FileHash-SHA256": 3712,
"URL": 2925,
"domain": 627,
"hostname": 1319,
"CVE": 26,
"email": 8,
"CIDR": 2
},
"indicator_count": 10752,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 228,
"modified_text": "862 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "654c606d74f82e547c77ad89",
"name": "Ransom.Win64.PORNOASSET.SM1 | DeepScan:Generic.Ransom.GandCrab5",
"description": "Ransom.Win64.PORNOASSET.SM1 DeepScan:Generic.Ransom.GandCrab5\nBlackNET RAT $WebWatson\nAuto generated results from a variety of tools.",
"modified": "2023-12-09T03:01:57.989000",
"created": "2023-11-09T04:30:37.089000",
"tags": [
"ssl certificate",
"historical ssl",
"communicating",
"contacted",
"resolutions",
"whois record",
"whois whois",
"whois parent",
"whois siblings",
"skynet",
"threat report",
"ip summary",
"url summary",
"summary",
"sample",
"samples",
"detection list",
"blacklist",
"cisco umbrella",
"site",
"safe site",
"million",
"team",
"microsoft",
"back",
"download",
"phishing",
"union",
"bank",
"malicious site",
"blacklist http",
"exit",
"traffic",
"node tcp",
"tor known",
"tor relayrouter",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"spammer",
"malware",
"dropped",
"unlocker",
"http",
"critical risk",
"redline stealer",
"core",
"hacktool",
"execution",
"type win32",
"exe size",
"first seen",
"file name",
"avast win32",
"win32",
"avg win32",
"fortinet",
"vitro",
"mb first",
"rmndrp",
"clean mx",
"undetected dns8",
"undetected vx",
"sophos",
"vault",
"zdb zeus",
"cmc threat",
"snort ip",
"feodo tracker",
"cybereason",
"send bug",
"pe yandex",
"no data",
"tag count",
"count blacklist",
"tag tag",
"algorithm",
"v3 serial",
"number",
"issuer",
"cus cnr3",
"olet",
"subject public",
"key info",
"key algorithm",
"key identifier",
"first",
"seen",
"valid",
"no na",
"no no",
"ip security",
"cndst root",
"ca x3",
"ca id",
"research group",
"cnisrg root",
"no expired",
"mozilla",
"android",
"malicious red team",
"tsara brashears",
"cyber stalking",
"malvertizing",
"invasion of privacy",
"threat",
"adult content",
"apple",
"iphone unlocker",
"android",
"exploited spyware",
"malware host",
"brute force",
"revenge-rat",
"banker",
"evasive",
"domain",
"redline",
"stealer",
"phishing",
"ramnit",
"unreliable subdomains",
"dridex",
"gating",
"msil",
"rat",
"loki",
"network",
"hacking",
"sinkhole",
"azorult",
"c2",
"historicalandnew",
"targeted attack",
"puffstealer",
"rultazo",
"lokibot",
"loki pws",
"burkina",
"banker,dde,dridex,exploit",
"banker,dridex,evasive",
"trickbot",
"ransomware,torrentlocker",
"exploit_source",
"blacknet",
"FileRepMalware",
"linux agent",
"blacknet",
"ios",
"phishing paypal",
"tagging",
"defacement",
"hit",
"bounty",
"phishing site",
"malware site",
"malware download",
"endangerment",
"Malicious domain - SANS Internet Storm Center",
"evasive,msil,rat,revenge-rat",
"prism_setting",
"prism_object",
"static engine",
"social engineering",
"jansky",
"worm",
"network rat",
"networm",
"Loki Password Stealer (PWS)",
"South Carolina Federal Credit Union phishing",
"darkweb",
"yandex",
"redirectors",
"blacknet threats",
"phishing,ransomware,sinkhole",
"wanacrypt0r,wannacry,wcry",
"tor c++",
"tor c++ client",
"python user",
"js user",
"hacker",
"hijacker",
"heur",
"maltiverse",
"alexa top",
"exploit",
"riskware",
"unsafe",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"crack",
"webtoolbar",
"search live",
"api blog",
"docs pricing",
"november",
"de indicators",
"domains",
"hashes",
"__convergedlogin_pcustomizationloader_44b450e8d543eb53930d",
"malicious url",
"financial",
"blacknet rat",
"azorult",
"stealer",
"deep scan",
"blacklist https",
"referrer",
"collections kp",
"incident ip",
"sneaky server",
"replacement",
"unauthorized",
"emotet",
"noname057",
"generic malware",
"engineering",
"cyber threat",
"facebook",
"paypal",
"dropbox",
"united",
"america",
"banking",
"wells fargo",
"steam",
"twitter",
"sliver",
"daum",
"swift",
"runescape",
"betabot",
"district",
"iframe",
"alexa",
"downldr",
"agent",
"presenoker",
"bladabindi",
"live",
"conduit",
"pony",
"covid19",
"malicious",
"cobalt strike",
"suppobox",
"ramnit",
"meterpreter",
"virut",
"njrat",
"pykspa",
"asyncrat",
"downloader",
"fakealert",
"binder",
"virustotal",
"formbook",
"necurs",
"trojan",
"msil",
"hiloti",
"vawtrak",
"simda",
"kraken",
"solimba",
"icedid",
"redirector",
"suspic",
"amadey",
"raccoon",
"nanocore rat",
"revenge rat",
"genkryptik",
"fuery",
"wacatac",
"service",
"cloudeye",
"tinba",
"domaiq",
"ave maria",
"zeus",
"ransomware",
"zbot",
"generic",
"trojanspy",
"states",
"inmortal",
"locky",
"strike",
"china cobalt",
"keybase",
"cutwail",
"citadel",
"radamant",
"kovter",
"bradesco",
"nymaim",
"amonetize",
"bondat",
"ghost rat",
"vjw0rm",
"bandoo",
"matsnu",
"dnspionage",
"darkgate",
"vidar",
"keylogger",
"remcos",
"agenttesla",
"detplock",
"win64",
"smokeloader",
"agent tesla",
"kgs0",
"kls0",
"urls",
"type name",
"dns replication",
"date",
"domain",
"win32 exe",
"files",
"detections type",
"name",
"drpsuinstaller",
"vdfsurfs",
"opera",
"icwrmind",
"notepad",
"installer",
"miner",
"unknown",
"networm",
"houdini",
"quasar rat",
"gamehack",
"dbatloader",
"qakbot",
"ursnif",
"CVE-2005-1790",
"CVE-2009-3672",
"CVE-2010-3962",
"CVE-2012-3993",
"CVE-2014-6332",
"CVE-2017-11882",
"CVE-2020-0601",
"CVE-2020-0674",
"hallrender.com",
"brian sabey",
"insurance",
"botnetwork",
"botmaster",
"command_and_control",
"CVE-2021-27065",
"CVE-2021-40444",
"CVE-2023-4966",
"CVE-2017-0199",
"CVE-2018-4893",
"CVE-2010-3333",
"CVE-2015-1641",
"CVE-2017-0147",
"CVE-2017-8570",
"CVE-2018-0802",
"CVE-2018-8373",
"CVE-2017-8759",
"CVE-2018-8453",
"CVE-2014-3153",
"CVE-2015-1650",
"CVE-2017-0143",
"CVE-2017-8464",
"Icefog",
"Delf.NBX",
"$WebWatson",
"Gen:Heur.Ransom.HiddenTears",
"mobilekey.pw",
"bitbucket.org",
"Anomalous.100%",
"malware distribution site",
"gootkit",
"edsaid",
"rightsaided",
"betabot",
"cobaltstrike4.tk",
"mas.to",
"BehavesLike.YahLover",
"srdvd16010404",
"languageenu",
"buildno",
"channelisales",
"vendorname2581",
"osregion",
"device",
"systemlocale",
"majorver16",
"quasar",
"find",
"lockbit",
"chaos",
"ransomexx",
"grandoreiro",
"evilnum",
"banker"
],
"references": [
"https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7",
"20.99.186.246 exploit source",
"fp2e7a.wpc.2be4.phicdn.net",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)",
"http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)",
"init.ess.apple.com (malicious code script)",
"https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )",
"https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators",
"VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection",
"Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246",
"IPv4 45.12.253.72. command_and_control",
"Hostname: ddos.dnsnb8.net command_and_control",
"IPv4 95.213.186.51 command_and_control",
"Hostname: www.supernetforme.com command_and_control",
"IPv4 103.224.182.246 command_and_control",
"IPv4 72.251.233.245 command_and_control",
"IPv4 63.251.106.25 command_and_control",
"IPv4 45.15.156.208 command_and_control",
"IPv4 104.247.81.51 command_and_control",
"http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)",
"https://downloaddevtools.ir/ (phishing)",
"happylifehappywife.com",
"apples.encryptedwork.com (Interesting in the blacknet)",
"https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)",
"https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)",
"https://www.apple.com/shop/browse/open/country_selector (exploit)",
"www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!",
"http://init-p01st.push.apple.com/bag (malicious web creator)",
"opencve.djgummikuh.de (CVE dispensary)",
"Maltiverse Research Team",
"URLscan.io",
"Deep Research",
"Hybrid Analysis",
"URLhaus Abuse.ch",
"Cyber Threat Coalition",
"ThreatFox Abuse.ch"
],
"public": 1,
"adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed",
"targeted_countries": [
"United States of America",
"France",
"Spain"
],
"malware_families": [
{
"id": "Feodo",
"display_name": "Feodo",
"target": null
},
{
"id": "Dridex",
"display_name": "Dridex",
"target": null
},
{
"id": "Redline Stealer",
"display_name": "Redline Stealer",
"target": null
},
{
"id": "Ramnit.N",
"display_name": "Ramnit.N",
"target": null
},
{
"id": "Loki Bot",
"display_name": "Loki Bot",
"target": null
},
{
"id": "Loki Password Stealer (PWS)",
"display_name": "Loki Password Stealer (PWS)",
"target": null
},
{
"id": "AZORult",
"display_name": "AZORult",
"target": null
},
{
"id": "Zbd Zeus",
"display_name": "Zbd Zeus",
"target": null
},
{
"id": "Trojan:MSIL/Burkina",
"display_name": "Trojan:MSIL/Burkina",
"target": "/malware/Trojan:MSIL/Burkina"
},
{
"id": "Generic.TrickBot.1",
"display_name": "Generic.TrickBot.1",
"target": null
},
{
"id": "Exploit.CVE",
"display_name": "Exploit.CVE",
"target": null
},
{
"id": "Injector.IS.gen",
"display_name": "Injector.IS.gen",
"target": null
},
{
"id": "Gen:Variant.Razy",
"display_name": "Gen:Variant.Razy",
"target": null
},
{
"id": "Trojan.Androm.Gen",
"display_name": "Trojan.Androm.Gen",
"target": null
},
{
"id": "HEUR:Trojan.Linux.Agent",
"display_name": "HEUR:Trojan.Linux.Agent",
"target": null
},
{
"id": "BScope.Trojan",
"display_name": "BScope.Trojan",
"target": null
},
{
"id": "VBA.Downloader",
"display_name": "VBA.Downloader",
"target": null
},
{
"id": "Trojan.Notifier",
"display_name": "Trojan.Notifier",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.Alien",
"display_name": "HEUR:Trojan.MSOffice.Alien",
"target": null
},
{
"id": "Unsafe.AI_Score_100%",
"display_name": "Unsafe.AI_Score_100%",
"target": null
},
{
"id": "Gen:Variant.Johnnie",
"display_name": "Gen:Variant.Johnnie",
"target": null
},
{
"id": "DangerousObject.Multi",
"display_name": "DangerousObject.Multi",
"target": null
},
{
"id": "Trojan:Python/Downldr",
"display_name": "Trojan:Python/Downldr",
"target": "/malware/Trojan:Python/Downldr"
},
{
"id": "Trojan:Linux/Downldr",
"display_name": "Trojan:Linux/Downldr",
"target": "/malware/Trojan:Linux/Downldr"
},
{
"id": "Trojan:VBA/Downldr",
"display_name": "Trojan:VBA/Downldr",
"target": "/malware/Trojan:VBA/Downldr"
},
{
"id": "TrojanDownloader:Linux/Downldr",
"display_name": "TrojanDownloader:Linux/Downldr",
"target": "/malware/TrojanDownloader:Linux/Downldr"
},
{
"id": "Kryptik.FPH.gen",
"display_name": "Kryptik.FPH.gen",
"target": null
},
{
"id": "TROJ_FRS.VSNTFK19",
"display_name": "TROJ_FRS.VSNTFK19",
"target": null
},
{
"id": "Trojan.Ransom.GenericKD",
"display_name": "Trojan.Ransom.GenericKD",
"target": null
},
{
"id": "Phish.JAT",
"display_name": "Phish.JAT",
"target": null
},
{
"id": "Phishing.HTML",
"display_name": "Phishing.HTML",
"target": null
},
{
"id": "Generic.ASMalwS",
"display_name": "Generic.ASMalwS",
"target": null
},
{
"id": "Phish.AB",
"display_name": "Phish.AB",
"target": null
},
{
"id": "Generic.Malware",
"display_name": "Generic.Malware",
"target": null
},
{
"id": "ml.Generic",
"display_name": "ml.Generic",
"target": null
},
{
"id": "Xegumumune.8596c22f",
"display_name": "Xegumumune.8596c22f",
"target": null
},
{
"id": "Generic.Malware.SMYB",
"display_name": "Generic.Malware.SMYB",
"target": null
},
{
"id": "malicious.moderate.ml",
"display_name": "malicious.moderate.ml",
"target": null
},
{
"id": "Agent.NBAE",
"display_name": "Agent.NBAE",
"target": null
},
{
"id": "AGEN.1045227",
"display_name": "AGEN.1045227",
"target": null
},
{
"id": "Riskware.Agent",
"display_name": "Riskware.Agent",
"target": null
},
{
"id": "Gen:Variant.Cerbu",
"display_name": "Gen:Variant.Cerbu",
"target": null
},
{
"id": "IL:Trojan.MSILZilla",
"display_name": "IL:Trojan.MSILZilla",
"target": null
},
{
"id": "Dropped:Generic.Ransom.DMR",
"display_name": "Dropped:Generic.Ransom.DMR",
"target": null
},
{
"id": "Delf.NBX",
"display_name": "Delf.NBX",
"target": null
},
{
"id": "malicious.f01f67",
"display_name": "malicious.f01f67",
"target": null
},
{
"id": "AGEN.1144657",
"display_name": "AGEN.1144657",
"target": null
},
{
"id": "Trojan.Heur",
"display_name": "Trojan.Heur",
"target": null
},
{
"id": "Trojan.Malware.300983",
"display_name": "Trojan.Malware.300983",
"target": null
},
{
"id": "SdBot.CAOC",
"display_name": "SdBot.CAOC",
"target": null
},
{
"id": "Trojan.DelShad",
"display_name": "Trojan.DelShad",
"target": null
},
{
"id": "Exploit CVE-2017-11882",
"display_name": "Exploit CVE-2017-11882",
"target": null
},
{
"id": "GameHack.NL",
"display_name": "GameHack.NL",
"target": null
},
{
"id": "JS:Trojan.HideLink",
"display_name": "JS:Trojan.HideLink",
"target": null
},
{
"id": "Script.Agent",
"display_name": "Script.Agent",
"target": null
},
{
"id": "Macro.Agent",
"display_name": "Macro.Agent",
"target": null
},
{
"id": "Macro.Downloader.AMIP",
"display_name": "Macro.Downloader.AMIP",
"target": null
},
{
"id": "Trojan.VBA",
"display_name": "Trojan.VBA",
"target": null
},
{
"id": "HEUR.VBA.Trojan",
"display_name": "HEUR.VBA.Trojan",
"target": null
},
{
"id": "VB.EmoooDldr.10",
"display_name": "VB.EmoooDldr.10",
"target": null
},
{
"id": "VB:Trojan.Valyria",
"display_name": "VB:Trojan.Valyria",
"target": null
},
{
"id": "OpenSubtitles.A",
"display_name": "OpenSubtitles.A",
"target": null
},
{
"id": "VB.EmoDldr.4",
"display_name": "VB.EmoDldr.4",
"target": null
},
{
"id": "Packed-GV",
"display_name": "Packed-GV",
"target": null
},
{
"id": "Adware.InstallMonetizer",
"display_name": "Adware.InstallMonetizer",
"target": null
},
{
"id": "Skynet",
"display_name": "Skynet",
"target": null
},
{
"id": "HW32.Packed",
"display_name": "HW32.Packed",
"target": null
},
{
"id": "Zpevdo.B",
"display_name": "Zpevdo.B",
"target": null
},
{
"id": "Presenoker",
"display_name": "Presenoker",
"target": null
},
{
"id": "SGeneric",
"display_name": "SGeneric",
"target": null
},
{
"id": "GameHack.DOM",
"display_name": "GameHack.DOM",
"target": null
},
{
"id": "BehavesLike.Ransom",
"display_name": "BehavesLike.Ransom",
"target": null
},
{
"id": "CIL.StupidCryptor",
"display_name": "CIL.StupidCryptor",
"target": null
},
{
"id": "Gen:Heur.Ransom.MSIL",
"display_name": "Gen:Heur.Ransom.MSIL",
"target": null
},
{
"id": "Black.Gen2",
"display_name": "Black.Gen2",
"target": null
},
{
"id": "GameHack.CRS",
"display_name": "GameHack.CRS",
"target": null
},
{
"id": "Trojan.HTML.PHISH",
"display_name": "Trojan.HTML.PHISH",
"target": null
},
{
"id": "Gen:Heur.MSIL.Inject",
"display_name": "Gen:Heur.MSIL.Inject",
"target": null
},
{
"id": "Program.Unwanted",
"display_name": "Program.Unwanted",
"target": null
},
{
"id": "HEUR/QVM42.3.72EB.Malware",
"display_name": "HEUR/QVM42.3.72EB.Malware",
"target": null
},
{
"id": "suspicious.low.ml",
"display_name": "suspicious.low.ml",
"target": null
},
{
"id": "JS:Trojan.Cryxos",
"display_name": "JS:Trojan.Cryxos",
"target": null
},
{
"id": "Suspicious_GEN.F47V0520",
"display_name": "Suspicious_GEN.F47V0520",
"target": null
},
{
"id": "Dropper.Trojan.Generic",
"display_name": "Dropper.Trojan.Generic",
"target": null
},
{
"id": "Trojan.TrickBot",
"display_name": "Trojan.TrickBot",
"target": null
},
{
"id": "Malware.Tk.Generic",
"display_name": "Malware.Tk.Generic",
"target": null
},
{
"id": "TrojanSpy.Java",
"display_name": "TrojanSpy.Java",
"target": null
},
{
"id": "Riskware.NetFilter",
"display_name": "Riskware.NetFilter",
"target": null
},
{
"id": "RiskWare.Crack",
"display_name": "RiskWare.Crack",
"target": null
},
{
"id": "BehavesLike.Exploit",
"display_name": "BehavesLike.Exploit",
"target": null
},
{
"id": "Gen:NN.ZemsilF.34128",
"display_name": "Gen:NN.ZemsilF.34128",
"target": null
},
{
"id": "Wacapew.C",
"display_name": "Wacapew.C",
"target": null
},
{
"id": "Trojan.Malware.121218",
"display_name": "Trojan.Malware.121218",
"target": null
},
{
"id": "RiskWare.HackTool.Agent",
"display_name": "RiskWare.HackTool.Agent",
"target": null
},
{
"id": "Artemis",
"display_name": "Artemis",
"target": null
},
{
"id": "Trojan.Generic",
"display_name": "Trojan.Generic",
"target": null
},
{
"id": "W32.Trojan",
"display_name": "W32.Trojan",
"target": null
},
{
"id": "BScope.Riskware",
"display_name": "BScope.Riskware",
"target": null
},
{
"id": "Gen:Variant.Bulz",
"display_name": "Gen:Variant.Bulz",
"target": null
},
{
"id": "Ransom:Win32/CVE-2017-0147",
"display_name": "Ransom:Win32/CVE-2017-0147",
"target": "/malware/Ransom:Win32/CVE-2017-0147"
},
{
"id": "Virus.Ramnit",
"display_name": "Virus.Ramnit",
"target": null
},
{
"id": "Virus.Virut",
"display_name": "Virus.Virut",
"target": null
},
{
"id": "Adware.KuziTui",
"display_name": "Adware.KuziTui",
"target": null
},
{
"id": "AGEN.1141126",
"display_name": "AGEN.1141126",
"target": null
},
{
"id": "W32.AIDetect",
"display_name": "W32.AIDetect",
"target": null
},
{
"id": "Trojan.Python",
"display_name": "Trojan.Python",
"target": null
},
{
"id": "W32.AIDetectVM",
"display_name": "W32.AIDetectVM",
"target": null
},
{
"id": "Suspicious.Save",
"display_name": "Suspicious.Save",
"target": null
},
{
"id": "Adware.Downware",
"display_name": "Adware.Downware",
"target": null
},
{
"id": "Ransom.Win64.Wacatac.oa",
"display_name": "Ransom.Win64.Wacatac.oa",
"target": null
},
{
"id": "OpenSubtitles.A",
"display_name": "OpenSubtitles.A",
"target": null
},
{
"id": "VB.EmoDldr.4",
"display_name": "VB.EmoDldr.4",
"target": null
},
{
"id": "Gen:Variant.Midie",
"display_name": "Gen:Variant.Midie",
"target": null
},
{
"id": "HEUR/QVM41.2.DA9B.Malware",
"display_name": "HEUR/QVM41.2.DA9B.Malware",
"target": null
},
{
"id": "Gen:Variant.Sirefef",
"display_name": "Gen:Variant.Sirefef",
"target": null
},
{
"id": "Macro.Trojan.Dropperd",
"display_name": "Macro.Trojan.Dropperd",
"target": null
},
{
"id": "BlackNET RAT",
"display_name": "BlackNET RAT",
"target": null
},
{
"id": "Gen:Variant.Ursu",
"display_name": "Gen:Variant.Ursu",
"target": null
},
{
"id": "Redcap.rlhse",
"display_name": "Redcap.rlhse",
"target": null
},
{
"id": "Trojan.Trickster",
"display_name": "Trojan.Trickster",
"target": null
},
{
"id": "HTML_REDIR.SMR",
"display_name": "HTML_REDIR.SMR",
"target": null
},
{
"id": "TROJ_FRS.VSNTFK19",
"display_name": "TROJ_FRS.VSNTFK19",
"target": null
},
{
"id": "Hoax.JS.Phish",
"display_name": "Hoax.JS.Phish",
"target": null
},
{
"id": "JS:Iframe",
"display_name": "JS:Iframe",
"target": null
},
{
"id": "Application.SQLCrack",
"display_name": "Application.SQLCrack",
"target": null
},
{
"id": "susp.lnk",
"display_name": "susp.lnk",
"target": null
},
{
"id": "QVM201.0.B70B.Malware",
"display_name": "QVM201.0.B70B.Malware",
"target": null
},
{
"id": "Immortal Stealer",
"display_name": "Immortal Stealer",
"target": null
},
{
"id": "WebMonitor RAT",
"display_name": "WebMonitor RAT",
"target": null
},
{
"id": "Tor - S0183",
"display_name": "Tor - S0183",
"target": null
},
{
"id": "WannaCry",
"display_name": "WannaCry",
"target": null
},
{
"id": "WannaCryptor",
"display_name": "WannaCryptor",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "BlackNET",
"display_name": "BlackNET",
"target": null
},
{
"id": "DeepScan:Generic.Ransom.GandCrab5",
"display_name": "DeepScan:Generic.Ransom.GandCrab5",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "States",
"display_name": "States",
"target": null
},
{
"id": "Inmortal",
"display_name": "Inmortal",
"target": null
},
{
"id": "Domains",
"display_name": "Domains",
"target": null
},
{
"id": "Locky",
"display_name": "Locky",
"target": null
},
{
"id": "Delf.NBX",
"display_name": "Delf.NBX",
"target": null
},
{
"id": "Gen:NN.ZexaF.32515",
"display_name": "Gen:NN.ZexaF.32515",
"target": null
},
{
"id": "FileRepMalware",
"display_name": "FileRepMalware",
"target": null
},
{
"id": "Gen:Variant.MSILPerseus",
"display_name": "Gen:Variant.MSILPerseus",
"target": null
},
{
"id": "Icefog",
"display_name": "Icefog",
"target": null
},
{
"id": "$WebWatson",
"display_name": "$WebWatson",
"target": null
},
{
"id": "Agent.AIK.gen",
"display_name": "Agent.AIK.gen",
"target": null
},
{
"id": "Agent.AIK.genCIL.StupidCryptor",
"display_name": "Agent.AIK.genCIL.StupidCryptor",
"target": null
},
{
"id": "Agent.YPEZ",
"display_name": "Agent.YPEZ",
"target": null
},
{
"id": "Application.InnovativSol",
"display_name": "Application.InnovativSol",
"target": null
},
{
"id": "Agent.ASO",
"display_name": "Agent.ASO",
"target": null
},
{
"id": "S-b748adc5",
"display_name": "S-b748adc5",
"target": null
},
{
"id": "W32.eHeur",
"display_name": "W32.eHeur",
"target": null
},
{
"id": "Kryptik.GUCB",
"display_name": "Kryptik.GUCB",
"target": null
},
{
"id": "AgentTesla",
"display_name": "AgentTesla",
"target": null
},
{
"id": "Autoit.bimwt",
"display_name": "Autoit.bimwt",
"target": null
},
{
"id": "HEUR:Trojan.OLE2.Alien",
"display_name": "HEUR:Trojan.OLE2.Alien",
"target": null
},
{
"id": "AGEN.1038489",
"display_name": "AGEN.1038489",
"target": null
},
{
"id": "Gen:Variant.Ser.Strictor",
"display_name": "Gen:Variant.Ser.Strictor",
"target": null
},
{
"id": "Packed.Themida.Gen",
"display_name": "Packed.Themida.Gen",
"target": null
},
{
"id": "AGEN.1043164",
"display_name": "AGEN.1043164",
"target": null
},
{
"id": "TrickBot - S0266",
"display_name": "TrickBot - S0266",
"target": null
},
{
"id": "Emotet",
"display_name": "Emotet",
"target": null
},
{
"id": "Trojan.PornoAsset",
"display_name": "Trojan.PornoAsset",
"target": null
},
{
"id": "Ransom.Win64.PORNOASSET.SM1",
"display_name": "Ransom.Win64.PORNOASSET.SM1",
"target": null
},
{
"id": "Gen:Variant.Ulise",
"display_name": "Gen:Variant.Ulise",
"target": null
},
{
"id": "Trojan.Win64",
"display_name": "Trojan.Win64",
"target": null
},
{
"id": "Dropper.Trojan.Agent",
"display_name": "Dropper.Trojan.Agent",
"target": null
},
{
"id": "Heur.BZC.YAX.Pantera.10",
"display_name": "Heur.BZC.YAX.Pantera.10",
"target": null
},
{
"id": "malicious.high.ml",
"display_name": "malicious.high.ml",
"target": null
},
{
"id": "CVE-2015-1650",
"display_name": "CVE-2015-1650",
"target": null
},
{
"id": "Worm.Win64.AutoRun",
"display_name": "Worm.Win64.AutoRun",
"target": null
},
{
"id": "AIT.Heur.Cottonmouth.8.78F19BD7",
"display_name": "AIT.Heur.Cottonmouth.8.78F19BD7",
"target": null
},
{
"id": "Gen:Variant.Mikey",
"display_name": "Gen:Variant.Mikey",
"target": null
},
{
"id": "Trojan.Agent",
"display_name": "Trojan.Agent",
"target": null
},
{
"id": "Pua.Gen",
"display_name": "Pua.Gen",
"target": null
},
{
"id": "Trojan.Downloader.Generic",
"display_name": "Trojan.Downloader.Generic",
"target": null
},
{
"id": "Suspected of Trojan.Downloader.gen",
"display_name": "Suspected of Trojan.Downloader.gen",
"target": null
},
{
"id": "HEUR:RemoteAdmin.Generic",
"display_name": "HEUR:RemoteAdmin.Generic",
"target": null
},
{
"id": "Gen:Heur.Ransom.HiddenTears",
"display_name": "Gen:Heur.Ransom.HiddenTears",
"target": null
},
{
"id": "Nemucod.A",
"display_name": "Nemucod.A",
"target": null
},
{
"id": "Backdoor.Hupigon",
"display_name": "Backdoor.Hupigon",
"target": null
},
{
"id": "Trojan.Starter JS.Iframe",
"display_name": "Trojan.Starter JS.Iframe",
"target": null
},
{
"id": "fake ,promethiumm ,strongpity",
"display_name": "fake ,promethiumm ,strongpity",
"target": null
},
{
"id": "PUA.Reg1staid",
"display_name": "PUA.Reg1staid",
"target": null
},
{
"id": "Malware.Heur_Generic.A",
"display_name": "Malware.Heur_Generic.A",
"target": null
},
{
"id": "Bladabindi.Q",
"display_name": "Bladabindi.Q",
"target": null
},
{
"id": "W32.eHeur",
"display_name": "W32.eHeur",
"target": null
},
{
"id": "malicious.6e0700",
"display_name": "malicious.6e0700",
"target": null
},
{
"id": "Trojan.Inject",
"display_name": "Trojan.Inject",
"target": null
},
{
"id": "TSGeneric",
"display_name": "TSGeneric",
"target": null
},
{
"id": "RedCap.vneda",
"display_name": "RedCap.vneda",
"target": null
},
{
"id": "Trojan.Indiloadz",
"display_name": "Trojan.Indiloadz",
"target": null
},
{
"id": "Trojan.Ekstak",
"display_name": "Trojan.Ekstak",
"target": null
},
{
"id": "staticrr.paleokits.net",
"display_name": "staticrr.paleokits.net",
"target": null
},
{
"id": "MSIL.Downloader",
"display_name": "MSIL.Downloader",
"target": null
},
{
"id": "Trojan.Autoruns.GenericKDS",
"display_name": "Trojan.Autoruns.GenericKDS",
"target": null
},
{
"id": "MSIL.Trojan.BSE",
"display_name": "MSIL.Trojan.BSE",
"target": null
},
{
"id": "Adload.AD81",
"display_name": "Adload.AD81",
"target": null
},
{
"id": "Packed.Asprotect",
"display_name": "Packed.Asprotect",
"target": null
},
{
"id": "Gen:NN.ZemsilF.34062",
"display_name": "Gen:NN.ZemsilF.34062",
"target": null
},
{
"id": "Evo",
"display_name": "Evo",
"target": null
},
{
"id": "Agent.pwc",
"display_name": "Agent.pwc",
"target": null
},
{
"id": "RiskTool.Phpw",
"display_name": "RiskTool.Phpw",
"target": null
},
{
"id": "Gen:Variant.Symmi",
"display_name": "Gen:Variant.Symmi",
"target": null
},
{
"id": "Trojan.PWS",
"display_name": "Trojan.PWS",
"target": null
},
{
"id": "Generic.BitCoinMiner.3",
"display_name": "Generic.BitCoinMiner.3",
"target": null
},
{
"id": "Trojan.Tasker",
"display_name": "Trojan.Tasker",
"target": null
},
{
"id": "Gen:NN",
"display_name": "Gen:NN",
"target": null
},
{
"id": "Downloader.CertutilURLCache",
"display_name": "Downloader.CertutilURLCache",
"target": null
},
{
"id": "Elf",
"display_name": "Elf",
"target": null
},
{
"id": "Gen:Heur.MSIL.Androm",
"display_name": "Gen:Heur.MSIL.Androm",
"target": null
},
{
"id": "Kryptik.NRD",
"display_name": "Kryptik.NRD",
"target": null
},
{
"id": "Riskware",
"display_name": "Riskware",
"target": null
},
{
"id": "Kuluoz.B.gen",
"display_name": "Kuluoz.B.gen",
"target": null
},
{
"id": "Gen:Variant.RevengeRat",
"display_name": "Gen:Variant.RevengeRat",
"target": null
},
{
"id": "Gen:Variant.Mikey",
"display_name": "Gen:Variant.Mikey",
"target": null
},
{
"id": "VB.Chronos.7",
"display_name": "VB.Chronos.7",
"target": null
},
{
"id": "Kryptik.NOE",
"display_name": "Kryptik.NOE",
"target": null
},
{
"id": "HEUR:WebToolbar.Generic",
"display_name": "HEUR:WebToolbar.Generic",
"target": null
},
{
"id": "Gen:Variant.Barys",
"display_name": "Gen:Variant.Barys",
"target": null
},
{
"id": "Backdoor.Xtreme",
"display_name": "Backdoor.Xtreme",
"target": null
},
{
"id": "Trojan.MSIL",
"display_name": "Trojan.MSIL",
"target": null
},
{
"id": "Gen:Variant.Graftor",
"display_name": "Gen:Variant.Graftor",
"target": null
},
{
"id": "Backdoor.Agent",
"display_name": "Backdoor.Agent",
"target": null
},
{
"id": "Unsafe",
"display_name": "Unsafe",
"target": null
},
{
"id": "Trojan.PHP.Agent",
"display_name": "Trojan.PHP.Agent",
"target": null
},
{
"id": "Trojan.Agent",
"display_name": "Trojan.Agent",
"target": null
},
{
"id": "HEUR:Exploit.Generic",
"display_name": "HEUR:Exploit.Generic",
"target": null
},
{
"id": "Ransom_WCRY.SMALYM",
"display_name": "Ransom_WCRY.SMALYM",
"target": null
},
{
"id": "Ransom_WCRY.SMJ",
"display_name": "Ransom_WCRY.SMJ",
"target": null
},
{
"id": "Auslogics",
"display_name": "Auslogics",
"target": null
},
{
"id": "Gen:Variant.Jaiko",
"display_name": "Gen:Variant.Jaiko",
"target": null
},
{
"id": "Exploit.W32.Agent",
"display_name": "Exploit.W32.Agent",
"target": null
},
{
"id": "Trojan.Cud.Gen",
"display_name": "Trojan.Cud.Gen",
"target": null
},
{
"id": "Trojan.DOC.Downloader",
"display_name": "Trojan.DOC.Downloader",
"target": null
},
{
"id": "Backdoor.MSIL.Agent",
"display_name": "Backdoor.MSIL.Agent",
"target": null
},
{
"id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB",
"display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB",
"target": null
},
{
"id": "Gen:Variant.Kazy",
"display_name": "Gen:Variant.Kazy",
"target": null
},
{
"id": "Gen:Variant.Zusy",
"display_name": "Gen:Variant.Zusy",
"target": null
},
{
"id": "Ransom.WannaCrypt",
"display_name": "Ransom.WannaCrypt",
"target": null
},
{
"id": "Generic.ServStart.A",
"display_name": "Generic.ServStart.A",
"target": null
},
{
"id": "Trojan.Wanna",
"display_name": "Trojan.Wanna",
"target": null
},
{
"id": "Generic.MSIL.Bladabindi",
"display_name": "Generic.MSIL.Bladabindi",
"target": null
},
{
"id": "TROJ_GEN.R002C0OG518",
"display_name": "TROJ_GEN.R002C0OG518",
"target": null
},
{
"id": "Trojan.Chapak",
"display_name": "Trojan.Chapak",
"target": null
},
{
"id": "Indiloadz.BB",
"display_name": "Indiloadz.BB",
"target": null
},
{
"id": "BehavBehavesLike.PUPXBI",
"display_name": "BehavBehavesLike.PUPXBI",
"target": null
},
{
"id": "DeepScan:Generic.SpyAgent.6",
"display_name": "DeepScan:Generic.SpyAgent.6",
"target": null
},
{
"id": "Python.KeyLogger",
"display_name": "Python.KeyLogger",
"target": null
},
{
"id": "GameHack.CRS",
"display_name": "GameHack.CRS",
"target": null
},
{
"id": "Generic.MSIL.PasswordStealer",
"display_name": "Generic.MSIL.PasswordStealer",
"target": null
},
{
"id": "PSW.Agent",
"display_name": "PSW.Agent",
"target": null
},
{
"id": "malicious.8c45ba",
"display_name": "malicious.8c45ba",
"target": null
},
{
"id": "Dropper.Binder",
"display_name": "Dropper.Binder",
"target": null
},
{
"id": "Constructor.MSIL",
"display_name": "Constructor.MSIL",
"target": null
},
{
"id": "Linux.Agent",
"display_name": "Linux.Agent",
"target": null
},
{
"id": "Virus.3DMax.Script",
"display_name": "Virus.3DMax.Script",
"target": null
},
{
"id": "ScrInject.B",
"display_name": "ScrInject.B",
"target": null
},
{
"id": "Trojan.WisdomEyes.16070401.9500",
"display_name": "Trojan.WisdomEyes.16070401.9500",
"target": null
},
{
"id": "Application.SearchProtect",
"display_name": "Application.SearchProtect",
"target": null
},
{
"id": "JS:Trojan.Clicker",
"display_name": "JS:Trojan.Clicker",
"target": null
},
{
"id": "Faceliker.A",
"display_name": "Faceliker.A",
"target": null
},
{
"id": "JS:Trojan.JS.Faceliker",
"display_name": "JS:Trojan.JS.Faceliker",
"target": null
},
{
"id": "Constructor.MSIL Linux.Agent",
"display_name": "Constructor.MSIL Linux.Agent",
"target": null
},
{
"id": "PowerShell.Trojan",
"display_name": "PowerShell.Trojan",
"target": null
},
{
"id": "HTML:Script",
"display_name": "HTML:Script",
"target": null
},
{
"id": "ScrInject.B",
"display_name": "ScrInject.B",
"target": null
},
{
"id": "W32.AIDetectVM",
"display_name": "W32.AIDetectVM",
"target": null
},
{
"id": "HackTool.CheatEngine",
"display_name": "HackTool.CheatEngine",
"target": null
},
{
"id": "Injector.CLDS",
"display_name": "Injector.CLDS",
"target": null
},
{
"id": "VB.Downloader.2",
"display_name": "VB.Downloader.2",
"target": null
},
{
"id": "malicious.3e78cc",
"display_name": "malicious.3e78cc",
"target": null
},
{
"id": "malicious.d800d6",
"display_name": "malicious.d800d6",
"target": null
},
{
"id": "VB.PwShell.2",
"display_name": "VB.PwShell.2",
"target": null
},
{
"id": "Backdoor.RBot",
"display_name": "Backdoor.RBot",
"target": null
},
{
"id": "malicious.71b1a8",
"display_name": "malicious.71b1a8",
"target": null
},
{
"id": "TrojanSpy.KeyLogger",
"display_name": "TrojanSpy.KeyLogger",
"target": null
},
{
"id": "Injector.JDO",
"display_name": "Injector.JDO",
"target": null
},
{
"id": "Heur.Msword.Gen",
"display_name": "Heur.Msword.Gen",
"target": null
},
{
"id": "PSW.Discord",
"display_name": "PSW.Discord",
"target": null
},
{
"id": "Packed.VMProtect",
"display_name": "Packed.VMProtect",
"target": null
},
{
"id": "HEUR:AdWare.StartSurf",
"display_name": "HEUR:AdWare.StartSurf",
"target": null
},
{
"id": "Gen:Heur.NoobyProtect",
"display_name": "Gen:Heur.NoobyProtect",
"target": null
},
{
"id": "CIL.HeapOverride",
"display_name": "CIL.HeapOverride",
"target": null
},
{
"id": "HEUR:Trojan.Tasker",
"display_name": "HEUR:Trojan.Tasker",
"target": null
},
{
"id": "XLM.Trojan.Abracadabra.27",
"display_name": "XLM.Trojan.Abracadabra.27",
"target": null
},
{
"id": "HEUR:Backdoor.MSIL.NanoBot",
"display_name": "HEUR:Backdoor.MSIL.NanoBot",
"target": null
},
{
"id": "Trojan.PSW.Mimikatz",
"display_name": "Trojan.PSW.Mimikatz",
"target": null
},
{
"id": "TrojanSpy.Python",
"display_name": "TrojanSpy.Python",
"target": null
},
{
"id": "Trojan.Ole2.Vbs",
"display_name": "Trojan.Ole2.Vbs",
"target": null
},
{
"id": "Exploit.MSOffice",
"display_name": "Exploit.MSOffice",
"target": null
},
{
"id": "DeepScan:Generic.Ransom.AmnesiaE",
"display_name": "DeepScan:Generic.Ransom.AmnesiaE",
"target": null
},
{
"id": "Wacatac.D6",
"display_name": "Wacatac.D6",
"target": null
},
{
"id": "Backdoor.Androm",
"display_name": "Backdoor.Androm",
"target": null
},
{
"id": "Packed.NetSeal",
"display_name": "Packed.NetSeal",
"target": null
},
{
"id": "Trojan.MSIL.Injector",
"display_name": "Trojan.MSIL.Injector",
"target": null
},
{
"id": "Trojan.PWS.Agent",
"display_name": "Trojan.PWS.Agent",
"target": null
},
{
"id": "TScope.Trojan",
"display_name": "TScope.Trojan",
"target": null
},
{
"id": "PSW.Stealer",
"display_name": "PSW.Stealer",
"target": null
},
{
"id": "Trojan.PackedNET",
"display_name": "Trojan.PackedNET",
"target": null
},
{
"id": "Trojan.Java",
"display_name": "Trojan.Java",
"target": null
},
{
"id": "MalwareX",
"display_name": "MalwareX",
"target": null
},
{
"id": "Trojan.PSW.Python",
"display_name": "Trojan.PSW.Python",
"target": null
},
{
"id": "malicious.11abfc",
"display_name": "malicious.11abfc",
"target": null
},
{
"id": "Generic.ASMalwS",
"display_name": "Generic.ASMalwS",
"target": null
},
{
"id": "HEUR:Trojan.MSIL.Tasker",
"display_name": "HEUR:Trojan.MSIL.Tasker",
"target": null
},
{
"id": "PossibleThreat.PALLAS",
"display_name": "PossibleThreat.PALLAS",
"target": null
},
{
"id": "Backdoor.Poison",
"display_name": "Backdoor.Poison",
"target": null
},
{
"id": "Generic.MSIL.LimeRAT",
"display_name": "Generic.MSIL.LimeRAT",
"target": null
},
{
"id": "PWS-FCZZ",
"display_name": "PWS-FCZZ",
"target": null
},
{
"id": "Trojan.Script",
"display_name": "Trojan.Script",
"target": null
},
{
"id": "Gen:Heur.MSIL.Inject",
"display_name": "Gen:Heur.MSIL.Inject",
"target": null
},
{
"id": "Trojan.PWS.Growtopia",
"display_name": "Trojan.PWS.Growtopia",
"target": null
},
{
"id": "Spyware.Bobik",
"display_name": "Spyware.Bobik",
"target": null
},
{
"id": "HackTool.BruteForce",
"display_name": "HackTool.BruteForce",
"target": null
},
{
"id": "Hack.Patcher",
"display_name": "Hack.Patcher",
"target": null
},
{
"id": "PWS.p",
"display_name": "PWS.p",
"target": null
},
{
"id": "Suppobox",
"display_name": "Suppobox",
"target": null
},
{
"id": "index.php",
"display_name": "index.php",
"target": null
},
{
"id": "Packed.VMProtect",
"display_name": "Packed.VMProtect",
"target": null
},
{
"id": "SmokeLoader",
"display_name": "SmokeLoader",
"target": null
},
{
"id": "Generic.Malware",
"display_name": "Generic.Malware",
"target": null
},
{
"id": "SNH:Script [Dropper]",
"display_name": "SNH:Script [Dropper]",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.SAgent",
"display_name": "HEUR:Trojan.MSOffice.SAgent",
"target": null
},
{
"id": "Script.INF",
"display_name": "Script.INF",
"target": null
},
{
"id": "JS:Trojan.JS.Likejack",
"display_name": "JS:Trojan.JS.Likejack",
"target": null
},
{
"id": "SNH:Script [Dropper]",
"display_name": "SNH:Script [Dropper]",
"target": null
},
{
"id": "Trojan.JS.Agent",
"display_name": "Trojan.JS.Agent",
"target": null
},
{
"id": "APT Notes",
"display_name": "APT Notes",
"target": null
},
{
"id": "susp.rtf.objupdate",
"display_name": "susp.rtf.objupdate",
"target": null
},
{
"id": "RedCap.zoohz",
"display_name": "RedCap.zoohz",
"target": null
},
{
"id": "Trojan.Tasker",
"display_name": "Trojan.Tasker",
"target": null
},
{
"id": "virus.office.qexvmc",
"display_name": "virus.office.qexvmc",
"target": null
},
{
"id": "Trojan.KillProc",
"display_name": "Trojan.KillProc",
"target": null
},
{
"id": "Generic.MSIL.GrwtpStealer.1",
"display_name": "Generic.MSIL.GrwtpStealer.1",
"target": null
},
{
"id": "Suspicious.Cloud",
"display_name": "Suspicious.Cloud",
"target": null
},
{
"id": "PowerShell.DownLoader",
"display_name": "PowerShell.DownLoader",
"target": null
},
{
"id": "Downldr.gen",
"display_name": "Downldr.gen",
"target": null
},
{
"id": "AGEN.1030939",
"display_name": "AGEN.1030939",
"target": null
},
{
"id": "HackTool.Binder",
"display_name": "HackTool.Binder",
"target": null
},
{
"id": "Trojan.Inject",
"display_name": "Trojan.Inject",
"target": null
},
{
"id": "Dldr.Agent",
"display_name": "Dldr.Agent",
"target": null
},
{
"id": "Dropper.MSIL",
"display_name": "Dropper.MSIL",
"target": null
},
{
"id": "Trojan.VBKryjetor",
"display_name": "Trojan.VBKryjetor",
"target": null
},
{
"id": "PWSX",
"display_name": "PWSX",
"target": null
},
{
"id": "VB:Trojan.VBA.Agent",
"display_name": "VB:Trojan.VBA.Agent",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.Stratos",
"display_name": "HEUR:Trojan.MSOffice.Stratos",
"target": null
}
],
"attack_ids": [
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1071.001",
"name": "Web Protocols",
"display_name": "T1071.001 - Web Protocols"
},
{
"id": "T1071.004",
"name": "DNS",
"display_name": "T1071.004 - DNS"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1059.007",
"name": "JavaScript",
"display_name": "T1059.007 - JavaScript"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "TA0029",
"name": "Privilege Escalation",
"display_name": "TA0029 - Privilege Escalation"
},
{
"id": "T1449",
"name": "Exploit SS7 to Redirect Phone Calls/SMS",
"display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS"
},
{
"id": "T1190",
"name": "Exploit Public-Facing Application",
"display_name": "T1190 - Exploit Public-Facing Application"
},
{
"id": "T1210",
"name": "Exploitation of Remote Services",
"display_name": "T1210 - Exploitation of Remote Services"
},
{
"id": "T1450",
"name": "Exploit SS7 to Track Device Location",
"display_name": "T1450 - Exploit SS7 to Track Device Location"
},
{
"id": "T1211",
"name": "Exploitation for Defense Evasion",
"display_name": "T1211 - Exploitation for Defense Evasion"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "TA0011",
"name": "Command and Control",
"display_name": "TA0011 - Command and Control"
},
{
"id": "T1412",
"name": "Capture SMS Messages",
"display_name": "T1412 - Capture SMS Messages"
},
{
"id": "T1454",
"name": "Malicious SMS Message",
"display_name": "T1454 - Malicious SMS Message"
},
{
"id": "T1001",
"name": "Data Obfuscation",
"display_name": "T1001 - Data Obfuscation"
},
{
"id": "T1114",
"name": "Email Collection",
"display_name": "T1114 - Email Collection"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1498",
"name": "Network Denial of Service",
"display_name": "T1498 - Network Denial of Service"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 338,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 1184,
"FileHash-SHA1": 949,
"FileHash-SHA256": 3712,
"URL": 2925,
"domain": 627,
"hostname": 1319,
"CVE": 26,
"email": 8,
"CIDR": 2
},
"indicator_count": 10752,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "862 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "654c597a4a45c8d84f0b15c1",
"name": "Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server | Apple iOS",
"description": "Darkside 2020 Ecosystem .BEware\nMalicious Tor server. Link found in pulse created prior. \nMalvertizing target: Tsara Brashears\nRevenge Porn.\nThere may me others. Malicious Apple activities, locating, CVE exploits, unlocking, hijacker, service transfer, spyware, malicious full auth, tracking, endless. Seems to originate from a law firm that goes to far to defend clients and silence alleged victims. \nSome State allow the same privileges and tools the federal government to insurance, workers compensation, investigators and insurance company law firms for investigations. \nFear tactics they seem willing to back up. I was approached and asked about my cyber knowledge by strangers. I am followed now for using a tool properly.\nALL terms auto populated from various tools from various tools used including, State, Brian Sabey, cyber stalking. Perhaps he's made contact with target. Danger!",
"modified": "2023-12-09T03:01:57.989000",
"created": "2023-11-09T04:00:58.166000",
"tags": [
"ssl certificate",
"historical ssl",
"communicating",
"contacted",
"resolutions",
"whois record",
"whois whois",
"whois parent",
"whois siblings",
"skynet",
"threat report",
"ip summary",
"url summary",
"summary",
"sample",
"samples",
"detection list",
"blacklist",
"cisco umbrella",
"site",
"safe site",
"million",
"team",
"microsoft",
"back",
"download",
"phishing",
"union",
"bank",
"malicious site",
"blacklist http",
"exit",
"traffic",
"node tcp",
"tor known",
"tor relayrouter",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"spammer",
"malware",
"dropped",
"unlocker",
"http",
"critical risk",
"redline stealer",
"core",
"hacktool",
"execution",
"type win32",
"exe size",
"first seen",
"file name",
"avast win32",
"win32",
"avg win32",
"fortinet",
"vitro",
"mb first",
"rmndrp",
"clean mx",
"undetected dns8",
"undetected vx",
"sophos",
"vault",
"zdb zeus",
"cmc threat",
"snort ip",
"feodo tracker",
"cybereason",
"send bug",
"pe yandex",
"no data",
"tag count",
"count blacklist",
"tag tag",
"algorithm",
"v3 serial",
"number",
"issuer",
"cus cnr3",
"olet",
"subject public",
"key info",
"key algorithm",
"key identifier",
"first",
"seen",
"valid",
"no na",
"no no",
"ip security",
"cndst root",
"ca x3",
"ca id",
"research group",
"cnisrg root",
"no expired",
"mozilla",
"android",
"malicious red team",
"tsara brashears",
"cyber stalking",
"malvertizing",
"invasion of privacy",
"threat",
"adult content",
"apple",
"iphone unlocker",
"android",
"exploited spyware",
"malware host",
"brute force",
"revenge-rat",
"banker",
"evasive",
"domain",
"redline",
"stealer",
"phishing",
"ramnit",
"unreliable subdomains",
"dridex",
"gating",
"msil",
"rat",
"loki",
"network",
"hacking",
"sinkhole",
"azorult",
"c2",
"historicalandnew",
"targeted attack",
"puffstealer",
"rultazo",
"lokibot",
"loki pws",
"burkina",
"banker,dde,dridex,exploit",
"banker,dridex,evasive",
"trickbot",
"ransomware,torrentlocker",
"exploit_source",
"blacknet",
"FileRepMalware",
"linux agent",
"blacknet",
"ios",
"phishing paypal",
"tagging",
"defacement",
"hit",
"bounty",
"phishing site",
"malware site",
"malware download",
"endangerment",
"Malicious domain - SANS Internet Storm Center",
"evasive,msil,rat,revenge-rat",
"prism_setting",
"prism_object",
"static engine",
"social engineering",
"jansky",
"worm",
"network rat",
"networm",
"Loki Password Stealer (PWS)",
"South Carolina Federal Credit Union phishing",
"darkweb",
"yandex",
"redirectors",
"blacknet threats",
"phishing,ransomware,sinkhole",
"wanacrypt0r,wannacry,wcry",
"tor c++",
"tor c++ client",
"python user",
"js user",
"hacker",
"hijacker",
"heur",
"maltiverse",
"alexa top",
"exploit",
"riskware",
"unsafe",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"crack",
"webtoolbar",
"search live",
"api blog",
"docs pricing",
"november",
"de indicators",
"domains",
"hashes",
"__convergedlogin_pcustomizationloader_44b450e8d543eb53930d",
"malicious url",
"financial",
"blacknet rat",
"azorult",
"stealer",
"deep scan",
"blacklist https",
"referrer",
"collections kp",
"incident ip",
"sneaky server",
"replacement",
"unauthorized",
"emotet",
"noname057",
"generic malware",
"engineering",
"cyber threat",
"facebook",
"paypal",
"dropbox",
"united",
"america",
"banking",
"wells fargo",
"steam",
"twitter",
"sliver",
"daum",
"swift",
"runescape",
"betabot",
"district",
"iframe",
"alexa",
"downldr",
"agent",
"presenoker",
"bladabindi",
"live",
"conduit",
"pony",
"covid19",
"malicious",
"cobalt strike",
"suppobox",
"ramnit",
"meterpreter",
"virut",
"njrat",
"pykspa",
"asyncrat",
"downloader",
"fakealert",
"binder",
"virustotal",
"formbook",
"necurs",
"trojan",
"msil",
"hiloti",
"vawtrak",
"simda",
"kraken",
"solimba",
"icedid",
"redirector",
"suspic",
"amadey",
"raccoon",
"nanocore rat",
"revenge rat",
"genkryptik",
"fuery",
"wacatac",
"service",
"cloudeye",
"tinba",
"domaiq",
"ave maria",
"zeus",
"ransomware",
"zbot",
"generic",
"trojanspy",
"states",
"inmortal",
"locky",
"strike",
"china cobalt",
"keybase",
"cutwail",
"citadel",
"radamant",
"kovter",
"bradesco",
"nymaim",
"amonetize",
"bondat",
"ghost rat",
"vjw0rm",
"bandoo",
"matsnu",
"dnspionage",
"darkgate",
"vidar",
"keylogger",
"remcos",
"agenttesla",
"detplock",
"win64",
"smokeloader",
"agent tesla",
"kgs0",
"kls0",
"urls",
"type name",
"dns replication",
"date",
"domain",
"win32 exe",
"files",
"detections type",
"name",
"drpsuinstaller",
"vdfsurfs",
"opera",
"icwrmind",
"notepad",
"installer",
"miner",
"unknown",
"networm",
"houdini",
"quasar rat",
"gamehack",
"dbatloader",
"qakbot",
"ursnif",
"CVE-2005-1790",
"CVE-2009-3672",
"CVE-2010-3962",
"CVE-2012-3993",
"CVE-2014-6332",
"CVE-2017-11882",
"CVE-2020-0601",
"CVE-2020-0674",
"hallrender.com",
"brian sabey",
"insurance",
"botnetwork",
"botmaster",
"command_and_control",
"CVE-2021-27065",
"CVE-2021-40444",
"CVE-2023-4966",
"CVE-2017-0199",
"CVE-2018-4893",
"CVE-2010-3333",
"CVE-2015-1641",
"CVE-2017-0147",
"CVE-2017-8570",
"CVE-2018-0802",
"CVE-2018-8373",
"CVE-2017-8759",
"CVE-2018-8453",
"CVE-2014-3153",
"CVE-2015-1650",
"CVE-2017-0143",
"CVE-2017-8464",
"Icefog",
"Delf.NBX",
"$WebWatson",
"Gen:Heur.Ransom.HiddenTears",
"mobilekey.pw",
"bitbucket.org",
"Anomalous.100%",
"malware distribution site",
"gootkit",
"edsaid",
"rightsaided",
"betabot",
"cobaltstrike4.tk",
"mas.to",
"BehavesLike.YahLover",
"srdvd16010404",
"languageenu",
"buildno",
"channelisales",
"vendorname2581",
"osregion",
"device",
"systemlocale",
"majorver16",
"quasar",
"find",
"lockbit",
"chaos",
"ransomexx",
"grandoreiro",
"evilnum",
"banker"
],
"references": [
"https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7",
"20.99.186.246 exploit source",
"fp2e7a.wpc.2be4.phicdn.net",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)",
"http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)",
"init.ess.apple.com (malicious code script)",
"https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )",
"https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators",
"VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection",
"Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246",
"IPv4 45.12.253.72. command_and_control",
"Hostname: ddos.dnsnb8.net command_and_control",
"IPv4 95.213.186.51 command_and_control",
"Hostname: www.supernetforme.com command_and_control",
"IPv4 103.224.182.246 command_and_control",
"IPv4 72.251.233.245 command_and_control",
"IPv4 63.251.106.25 command_and_control",
"IPv4 45.15.156.208 command_and_control",
"IPv4 104.247.81.51 command_and_control",
"http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)",
"https://downloaddevtools.ir/ (phishing)",
"happylifehappywife.com",
"apples.encryptedwork.com (Interesting in the blacknet)",
"https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)",
"https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)",
"https://www.apple.com/shop/browse/open/country_selector (exploit)",
"www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!",
"http://init-p01st.push.apple.com/bag (malicious web creator)",
"opencve.djgummikuh.de (CVE dispensary)",
"Maltiverse Research Team",
"URLscan.io",
"Deep Research",
"Hybrid Analysis",
"URLhaus Abuse.ch",
"Cyber Threat Coalition",
"ThreatFox Abuse.ch"
],
"public": 1,
"adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed",
"targeted_countries": [
"United States of America",
"France",
"Spain"
],
"malware_families": [
{
"id": "Feodo",
"display_name": "Feodo",
"target": null
},
{
"id": "Dridex",
"display_name": "Dridex",
"target": null
},
{
"id": "Redline Stealer",
"display_name": "Redline Stealer",
"target": null
},
{
"id": "Ramnit.N",
"display_name": "Ramnit.N",
"target": null
},
{
"id": "Loki Bot",
"display_name": "Loki Bot",
"target": null
},
{
"id": "Loki Password Stealer (PWS)",
"display_name": "Loki Password Stealer (PWS)",
"target": null
},
{
"id": "AZORult",
"display_name": "AZORult",
"target": null
},
{
"id": "Zbd Zeus",
"display_name": "Zbd Zeus",
"target": null
},
{
"id": "Trojan:MSIL/Burkina",
"display_name": "Trojan:MSIL/Burkina",
"target": "/malware/Trojan:MSIL/Burkina"
},
{
"id": "Generic.TrickBot.1",
"display_name": "Generic.TrickBot.1",
"target": null
},
{
"id": "Exploit.CVE",
"display_name": "Exploit.CVE",
"target": null
},
{
"id": "Injector.IS.gen",
"display_name": "Injector.IS.gen",
"target": null
},
{
"id": "Gen:Variant.Razy",
"display_name": "Gen:Variant.Razy",
"target": null
},
{
"id": "Trojan.Androm.Gen",
"display_name": "Trojan.Androm.Gen",
"target": null
},
{
"id": "HEUR:Trojan.Linux.Agent",
"display_name": "HEUR:Trojan.Linux.Agent",
"target": null
},
{
"id": "BScope.Trojan",
"display_name": "BScope.Trojan",
"target": null
},
{
"id": "VBA.Downloader",
"display_name": "VBA.Downloader",
"target": null
},
{
"id": "Trojan.Notifier",
"display_name": "Trojan.Notifier",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.Alien",
"display_name": "HEUR:Trojan.MSOffice.Alien",
"target": null
},
{
"id": "Unsafe.AI_Score_100%",
"display_name": "Unsafe.AI_Score_100%",
"target": null
},
{
"id": "Gen:Variant.Johnnie",
"display_name": "Gen:Variant.Johnnie",
"target": null
},
{
"id": "DangerousObject.Multi",
"display_name": "DangerousObject.Multi",
"target": null
},
{
"id": "Trojan:Python/Downldr",
"display_name": "Trojan:Python/Downldr",
"target": "/malware/Trojan:Python/Downldr"
},
{
"id": "Trojan:Linux/Downldr",
"display_name": "Trojan:Linux/Downldr",
"target": "/malware/Trojan:Linux/Downldr"
},
{
"id": "Trojan:VBA/Downldr",
"display_name": "Trojan:VBA/Downldr",
"target": "/malware/Trojan:VBA/Downldr"
},
{
"id": "TrojanDownloader:Linux/Downldr",
"display_name": "TrojanDownloader:Linux/Downldr",
"target": "/malware/TrojanDownloader:Linux/Downldr"
},
{
"id": "Kryptik.FPH.gen",
"display_name": "Kryptik.FPH.gen",
"target": null
},
{
"id": "TROJ_FRS.VSNTFK19",
"display_name": "TROJ_FRS.VSNTFK19",
"target": null
},
{
"id": "Trojan.Ransom.GenericKD",
"display_name": "Trojan.Ransom.GenericKD",
"target": null
},
{
"id": "Phish.JAT",
"display_name": "Phish.JAT",
"target": null
},
{
"id": "Phishing.HTML",
"display_name": "Phishing.HTML",
"target": null
},
{
"id": "Generic.ASMalwS",
"display_name": "Generic.ASMalwS",
"target": null
},
{
"id": "Phish.AB",
"display_name": "Phish.AB",
"target": null
},
{
"id": "Generic.Malware",
"display_name": "Generic.Malware",
"target": null
},
{
"id": "ml.Generic",
"display_name": "ml.Generic",
"target": null
},
{
"id": "Xegumumune.8596c22f",
"display_name": "Xegumumune.8596c22f",
"target": null
},
{
"id": "Generic.Malware.SMYB",
"display_name": "Generic.Malware.SMYB",
"target": null
},
{
"id": "malicious.moderate.ml",
"display_name": "malicious.moderate.ml",
"target": null
},
{
"id": "Agent.NBAE",
"display_name": "Agent.NBAE",
"target": null
},
{
"id": "AGEN.1045227",
"display_name": "AGEN.1045227",
"target": null
},
{
"id": "Riskware.Agent",
"display_name": "Riskware.Agent",
"target": null
},
{
"id": "Gen:Variant.Cerbu",
"display_name": "Gen:Variant.Cerbu",
"target": null
},
{
"id": "IL:Trojan.MSILZilla",
"display_name": "IL:Trojan.MSILZilla",
"target": null
},
{
"id": "Dropped:Generic.Ransom.DMR",
"display_name": "Dropped:Generic.Ransom.DMR",
"target": null
},
{
"id": "Delf.NBX",
"display_name": "Delf.NBX",
"target": null
},
{
"id": "malicious.f01f67",
"display_name": "malicious.f01f67",
"target": null
},
{
"id": "AGEN.1144657",
"display_name": "AGEN.1144657",
"target": null
},
{
"id": "Trojan.Heur",
"display_name": "Trojan.Heur",
"target": null
},
{
"id": "Trojan.Malware.300983",
"display_name": "Trojan.Malware.300983",
"target": null
},
{
"id": "SdBot.CAOC",
"display_name": "SdBot.CAOC",
"target": null
},
{
"id": "Trojan.DelShad",
"display_name": "Trojan.DelShad",
"target": null
},
{
"id": "Exploit CVE-2017-11882",
"display_name": "Exploit CVE-2017-11882",
"target": null
},
{
"id": "GameHack.NL",
"display_name": "GameHack.NL",
"target": null
},
{
"id": "JS:Trojan.HideLink",
"display_name": "JS:Trojan.HideLink",
"target": null
},
{
"id": "Script.Agent",
"display_name": "Script.Agent",
"target": null
},
{
"id": "Macro.Agent",
"display_name": "Macro.Agent",
"target": null
},
{
"id": "Macro.Downloader.AMIP",
"display_name": "Macro.Downloader.AMIP",
"target": null
},
{
"id": "Trojan.VBA",
"display_name": "Trojan.VBA",
"target": null
},
{
"id": "HEUR.VBA.Trojan",
"display_name": "HEUR.VBA.Trojan",
"target": null
},
{
"id": "VB.EmoooDldr.10",
"display_name": "VB.EmoooDldr.10",
"target": null
},
{
"id": "VB:Trojan.Valyria",
"display_name": "VB:Trojan.Valyria",
"target": null
},
{
"id": "OpenSubtitles.A",
"display_name": "OpenSubtitles.A",
"target": null
},
{
"id": "VB.EmoDldr.4",
"display_name": "VB.EmoDldr.4",
"target": null
},
{
"id": "Packed-GV",
"display_name": "Packed-GV",
"target": null
},
{
"id": "Adware.InstallMonetizer",
"display_name": "Adware.InstallMonetizer",
"target": null
},
{
"id": "Skynet",
"display_name": "Skynet",
"target": null
},
{
"id": "HW32.Packed",
"display_name": "HW32.Packed",
"target": null
},
{
"id": "Zpevdo.B",
"display_name": "Zpevdo.B",
"target": null
},
{
"id": "Presenoker",
"display_name": "Presenoker",
"target": null
},
{
"id": "SGeneric",
"display_name": "SGeneric",
"target": null
},
{
"id": "GameHack.DOM",
"display_name": "GameHack.DOM",
"target": null
},
{
"id": "BehavesLike.Ransom",
"display_name": "BehavesLike.Ransom",
"target": null
},
{
"id": "CIL.StupidCryptor",
"display_name": "CIL.StupidCryptor",
"target": null
},
{
"id": "Gen:Heur.Ransom.MSIL",
"display_name": "Gen:Heur.Ransom.MSIL",
"target": null
},
{
"id": "Black.Gen2",
"display_name": "Black.Gen2",
"target": null
},
{
"id": "GameHack.CRS",
"display_name": "GameHack.CRS",
"target": null
},
{
"id": "Trojan.HTML.PHISH",
"display_name": "Trojan.HTML.PHISH",
"target": null
},
{
"id": "Gen:Heur.MSIL.Inject",
"display_name": "Gen:Heur.MSIL.Inject",
"target": null
},
{
"id": "Program.Unwanted",
"display_name": "Program.Unwanted",
"target": null
},
{
"id": "HEUR/QVM42.3.72EB.Malware",
"display_name": "HEUR/QVM42.3.72EB.Malware",
"target": null
},
{
"id": "suspicious.low.ml",
"display_name": "suspicious.low.ml",
"target": null
},
{
"id": "JS:Trojan.Cryxos",
"display_name": "JS:Trojan.Cryxos",
"target": null
},
{
"id": "Suspicious_GEN.F47V0520",
"display_name": "Suspicious_GEN.F47V0520",
"target": null
},
{
"id": "Dropper.Trojan.Generic",
"display_name": "Dropper.Trojan.Generic",
"target": null
},
{
"id": "Trojan.TrickBot",
"display_name": "Trojan.TrickBot",
"target": null
},
{
"id": "Malware.Tk.Generic",
"display_name": "Malware.Tk.Generic",
"target": null
},
{
"id": "TrojanSpy.Java",
"display_name": "TrojanSpy.Java",
"target": null
},
{
"id": "Riskware.NetFilter",
"display_name": "Riskware.NetFilter",
"target": null
},
{
"id": "RiskWare.Crack",
"display_name": "RiskWare.Crack",
"target": null
},
{
"id": "BehavesLike.Exploit",
"display_name": "BehavesLike.Exploit",
"target": null
},
{
"id": "Gen:NN.ZemsilF.34128",
"display_name": "Gen:NN.ZemsilF.34128",
"target": null
},
{
"id": "Wacapew.C",
"display_name": "Wacapew.C",
"target": null
},
{
"id": "Trojan.Malware.121218",
"display_name": "Trojan.Malware.121218",
"target": null
},
{
"id": "RiskWare.HackTool.Agent",
"display_name": "RiskWare.HackTool.Agent",
"target": null
},
{
"id": "Artemis",
"display_name": "Artemis",
"target": null
},
{
"id": "Trojan.Generic",
"display_name": "Trojan.Generic",
"target": null
},
{
"id": "W32.Trojan",
"display_name": "W32.Trojan",
"target": null
},
{
"id": "BScope.Riskware",
"display_name": "BScope.Riskware",
"target": null
},
{
"id": "Gen:Variant.Bulz",
"display_name": "Gen:Variant.Bulz",
"target": null
},
{
"id": "Ransom:Win32/CVE-2017-0147",
"display_name": "Ransom:Win32/CVE-2017-0147",
"target": "/malware/Ransom:Win32/CVE-2017-0147"
},
{
"id": "Virus.Ramnit",
"display_name": "Virus.Ramnit",
"target": null
},
{
"id": "Virus.Virut",
"display_name": "Virus.Virut",
"target": null
},
{
"id": "Adware.KuziTui",
"display_name": "Adware.KuziTui",
"target": null
},
{
"id": "AGEN.1141126",
"display_name": "AGEN.1141126",
"target": null
},
{
"id": "W32.AIDetect",
"display_name": "W32.AIDetect",
"target": null
},
{
"id": "Trojan.Python",
"display_name": "Trojan.Python",
"target": null
},
{
"id": "W32.AIDetectVM",
"display_name": "W32.AIDetectVM",
"target": null
},
{
"id": "Suspicious.Save",
"display_name": "Suspicious.Save",
"target": null
},
{
"id": "Adware.Downware",
"display_name": "Adware.Downware",
"target": null
},
{
"id": "Ransom.Win64.Wacatac.oa",
"display_name": "Ransom.Win64.Wacatac.oa",
"target": null
},
{
"id": "OpenSubtitles.A",
"display_name": "OpenSubtitles.A",
"target": null
},
{
"id": "VB.EmoDldr.4",
"display_name": "VB.EmoDldr.4",
"target": null
},
{
"id": "Gen:Variant.Midie",
"display_name": "Gen:Variant.Midie",
"target": null
},
{
"id": "HEUR/QVM41.2.DA9B.Malware",
"display_name": "HEUR/QVM41.2.DA9B.Malware",
"target": null
},
{
"id": "Gen:Variant.Sirefef",
"display_name": "Gen:Variant.Sirefef",
"target": null
},
{
"id": "Macro.Trojan.Dropperd",
"display_name": "Macro.Trojan.Dropperd",
"target": null
},
{
"id": "BlackNET RAT",
"display_name": "BlackNET RAT",
"target": null
},
{
"id": "Gen:Variant.Ursu",
"display_name": "Gen:Variant.Ursu",
"target": null
},
{
"id": "Redcap.rlhse",
"display_name": "Redcap.rlhse",
"target": null
},
{
"id": "Trojan.Trickster",
"display_name": "Trojan.Trickster",
"target": null
},
{
"id": "HTML_REDIR.SMR",
"display_name": "HTML_REDIR.SMR",
"target": null
},
{
"id": "TROJ_FRS.VSNTFK19",
"display_name": "TROJ_FRS.VSNTFK19",
"target": null
},
{
"id": "Hoax.JS.Phish",
"display_name": "Hoax.JS.Phish",
"target": null
},
{
"id": "JS:Iframe",
"display_name": "JS:Iframe",
"target": null
},
{
"id": "Application.SQLCrack",
"display_name": "Application.SQLCrack",
"target": null
},
{
"id": "susp.lnk",
"display_name": "susp.lnk",
"target": null
},
{
"id": "QVM201.0.B70B.Malware",
"display_name": "QVM201.0.B70B.Malware",
"target": null
},
{
"id": "Immortal Stealer",
"display_name": "Immortal Stealer",
"target": null
},
{
"id": "WebMonitor RAT",
"display_name": "WebMonitor RAT",
"target": null
},
{
"id": "Tor - S0183",
"display_name": "Tor - S0183",
"target": null
},
{
"id": "WannaCry",
"display_name": "WannaCry",
"target": null
},
{
"id": "WannaCryptor",
"display_name": "WannaCryptor",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "BlackNET",
"display_name": "BlackNET",
"target": null
},
{
"id": "DeepScan:Generic.Ransom.GandCrab5",
"display_name": "DeepScan:Generic.Ransom.GandCrab5",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "States",
"display_name": "States",
"target": null
},
{
"id": "Inmortal",
"display_name": "Inmortal",
"target": null
},
{
"id": "Domains",
"display_name": "Domains",
"target": null
},
{
"id": "Locky",
"display_name": "Locky",
"target": null
},
{
"id": "Delf.NBX",
"display_name": "Delf.NBX",
"target": null
},
{
"id": "Gen:NN.ZexaF.32515",
"display_name": "Gen:NN.ZexaF.32515",
"target": null
},
{
"id": "FileRepMalware",
"display_name": "FileRepMalware",
"target": null
},
{
"id": "Gen:Variant.MSILPerseus",
"display_name": "Gen:Variant.MSILPerseus",
"target": null
},
{
"id": "Icefog",
"display_name": "Icefog",
"target": null
},
{
"id": "$WebWatson",
"display_name": "$WebWatson",
"target": null
},
{
"id": "Agent.AIK.gen",
"display_name": "Agent.AIK.gen",
"target": null
},
{
"id": "Agent.AIK.genCIL.StupidCryptor",
"display_name": "Agent.AIK.genCIL.StupidCryptor",
"target": null
},
{
"id": "Agent.YPEZ",
"display_name": "Agent.YPEZ",
"target": null
},
{
"id": "Application.InnovativSol",
"display_name": "Application.InnovativSol",
"target": null
},
{
"id": "Agent.ASO",
"display_name": "Agent.ASO",
"target": null
},
{
"id": "S-b748adc5",
"display_name": "S-b748adc5",
"target": null
},
{
"id": "W32.eHeur",
"display_name": "W32.eHeur",
"target": null
},
{
"id": "Kryptik.GUCB",
"display_name": "Kryptik.GUCB",
"target": null
},
{
"id": "AgentTesla",
"display_name": "AgentTesla",
"target": null
},
{
"id": "Autoit.bimwt",
"display_name": "Autoit.bimwt",
"target": null
},
{
"id": "HEUR:Trojan.OLE2.Alien",
"display_name": "HEUR:Trojan.OLE2.Alien",
"target": null
},
{
"id": "AGEN.1038489",
"display_name": "AGEN.1038489",
"target": null
},
{
"id": "Gen:Variant.Ser.Strictor",
"display_name": "Gen:Variant.Ser.Strictor",
"target": null
},
{
"id": "Packed.Themida.Gen",
"display_name": "Packed.Themida.Gen",
"target": null
},
{
"id": "AGEN.1043164",
"display_name": "AGEN.1043164",
"target": null
},
{
"id": "TrickBot - S0266",
"display_name": "TrickBot - S0266",
"target": null
},
{
"id": "Emotet",
"display_name": "Emotet",
"target": null
},
{
"id": "Trojan.PornoAsset",
"display_name": "Trojan.PornoAsset",
"target": null
},
{
"id": "Ransom.Win64.PORNOASSET.SM1",
"display_name": "Ransom.Win64.PORNOASSET.SM1",
"target": null
},
{
"id": "Gen:Variant.Ulise",
"display_name": "Gen:Variant.Ulise",
"target": null
},
{
"id": "Trojan.Win64",
"display_name": "Trojan.Win64",
"target": null
},
{
"id": "Dropper.Trojan.Agent",
"display_name": "Dropper.Trojan.Agent",
"target": null
},
{
"id": "Heur.BZC.YAX.Pantera.10",
"display_name": "Heur.BZC.YAX.Pantera.10",
"target": null
},
{
"id": "malicious.high.ml",
"display_name": "malicious.high.ml",
"target": null
},
{
"id": "CVE-2015-1650",
"display_name": "CVE-2015-1650",
"target": null
},
{
"id": "Worm.Win64.AutoRun",
"display_name": "Worm.Win64.AutoRun",
"target": null
},
{
"id": "AIT.Heur.Cottonmouth.8.78F19BD7",
"display_name": "AIT.Heur.Cottonmouth.8.78F19BD7",
"target": null
},
{
"id": "Gen:Variant.Mikey",
"display_name": "Gen:Variant.Mikey",
"target": null
},
{
"id": "Trojan.Agent",
"display_name": "Trojan.Agent",
"target": null
},
{
"id": "Pua.Gen",
"display_name": "Pua.Gen",
"target": null
},
{
"id": "Trojan.Downloader.Generic",
"display_name": "Trojan.Downloader.Generic",
"target": null
},
{
"id": "Suspected of Trojan.Downloader.gen",
"display_name": "Suspected of Trojan.Downloader.gen",
"target": null
},
{
"id": "HEUR:RemoteAdmin.Generic",
"display_name": "HEUR:RemoteAdmin.Generic",
"target": null
},
{
"id": "Gen:Heur.Ransom.HiddenTears",
"display_name": "Gen:Heur.Ransom.HiddenTears",
"target": null
},
{
"id": "Nemucod.A",
"display_name": "Nemucod.A",
"target": null
},
{
"id": "Backdoor.Hupigon",
"display_name": "Backdoor.Hupigon",
"target": null
},
{
"id": "Trojan.Starter JS.Iframe",
"display_name": "Trojan.Starter JS.Iframe",
"target": null
},
{
"id": "fake ,promethiumm ,strongpity",
"display_name": "fake ,promethiumm ,strongpity",
"target": null
},
{
"id": "PUA.Reg1staid",
"display_name": "PUA.Reg1staid",
"target": null
},
{
"id": "Malware.Heur_Generic.A",
"display_name": "Malware.Heur_Generic.A",
"target": null
},
{
"id": "Bladabindi.Q",
"display_name": "Bladabindi.Q",
"target": null
},
{
"id": "W32.eHeur",
"display_name": "W32.eHeur",
"target": null
},
{
"id": "malicious.6e0700",
"display_name": "malicious.6e0700",
"target": null
},
{
"id": "Trojan.Inject",
"display_name": "Trojan.Inject",
"target": null
},
{
"id": "TSGeneric",
"display_name": "TSGeneric",
"target": null
},
{
"id": "RedCap.vneda",
"display_name": "RedCap.vneda",
"target": null
},
{
"id": "Trojan.Indiloadz",
"display_name": "Trojan.Indiloadz",
"target": null
},
{
"id": "Trojan.Ekstak",
"display_name": "Trojan.Ekstak",
"target": null
},
{
"id": "staticrr.paleokits.net",
"display_name": "staticrr.paleokits.net",
"target": null
},
{
"id": "MSIL.Downloader",
"display_name": "MSIL.Downloader",
"target": null
},
{
"id": "Trojan.Autoruns.GenericKDS",
"display_name": "Trojan.Autoruns.GenericKDS",
"target": null
},
{
"id": "MSIL.Trojan.BSE",
"display_name": "MSIL.Trojan.BSE",
"target": null
},
{
"id": "Adload.AD81",
"display_name": "Adload.AD81",
"target": null
},
{
"id": "Packed.Asprotect",
"display_name": "Packed.Asprotect",
"target": null
},
{
"id": "Gen:NN.ZemsilF.34062",
"display_name": "Gen:NN.ZemsilF.34062",
"target": null
},
{
"id": "Evo",
"display_name": "Evo",
"target": null
},
{
"id": "Agent.pwc",
"display_name": "Agent.pwc",
"target": null
},
{
"id": "RiskTool.Phpw",
"display_name": "RiskTool.Phpw",
"target": null
},
{
"id": "Gen:Variant.Symmi",
"display_name": "Gen:Variant.Symmi",
"target": null
},
{
"id": "Trojan.PWS",
"display_name": "Trojan.PWS",
"target": null
},
{
"id": "Generic.BitCoinMiner.3",
"display_name": "Generic.BitCoinMiner.3",
"target": null
},
{
"id": "Trojan.Tasker",
"display_name": "Trojan.Tasker",
"target": null
},
{
"id": "Gen:NN",
"display_name": "Gen:NN",
"target": null
},
{
"id": "Downloader.CertutilURLCache",
"display_name": "Downloader.CertutilURLCache",
"target": null
},
{
"id": "Elf",
"display_name": "Elf",
"target": null
},
{
"id": "Gen:Heur.MSIL.Androm",
"display_name": "Gen:Heur.MSIL.Androm",
"target": null
},
{
"id": "Kryptik.NRD",
"display_name": "Kryptik.NRD",
"target": null
},
{
"id": "Riskware",
"display_name": "Riskware",
"target": null
},
{
"id": "Kuluoz.B.gen",
"display_name": "Kuluoz.B.gen",
"target": null
},
{
"id": "Gen:Variant.RevengeRat",
"display_name": "Gen:Variant.RevengeRat",
"target": null
},
{
"id": "Gen:Variant.Mikey",
"display_name": "Gen:Variant.Mikey",
"target": null
},
{
"id": "VB.Chronos.7",
"display_name": "VB.Chronos.7",
"target": null
},
{
"id": "Kryptik.NOE",
"display_name": "Kryptik.NOE",
"target": null
},
{
"id": "HEUR:WebToolbar.Generic",
"display_name": "HEUR:WebToolbar.Generic",
"target": null
},
{
"id": "Gen:Variant.Barys",
"display_name": "Gen:Variant.Barys",
"target": null
},
{
"id": "Backdoor.Xtreme",
"display_name": "Backdoor.Xtreme",
"target": null
},
{
"id": "Trojan.MSIL",
"display_name": "Trojan.MSIL",
"target": null
},
{
"id": "Gen:Variant.Graftor",
"display_name": "Gen:Variant.Graftor",
"target": null
},
{
"id": "Backdoor.Agent",
"display_name": "Backdoor.Agent",
"target": null
},
{
"id": "Unsafe",
"display_name": "Unsafe",
"target": null
},
{
"id": "Trojan.PHP.Agent",
"display_name": "Trojan.PHP.Agent",
"target": null
},
{
"id": "Trojan.Agent",
"display_name": "Trojan.Agent",
"target": null
},
{
"id": "HEUR:Exploit.Generic",
"display_name": "HEUR:Exploit.Generic",
"target": null
},
{
"id": "Ransom_WCRY.SMALYM",
"display_name": "Ransom_WCRY.SMALYM",
"target": null
},
{
"id": "Ransom_WCRY.SMJ",
"display_name": "Ransom_WCRY.SMJ",
"target": null
},
{
"id": "Auslogics",
"display_name": "Auslogics",
"target": null
},
{
"id": "Gen:Variant.Jaiko",
"display_name": "Gen:Variant.Jaiko",
"target": null
},
{
"id": "Exploit.W32.Agent",
"display_name": "Exploit.W32.Agent",
"target": null
},
{
"id": "Trojan.Cud.Gen",
"display_name": "Trojan.Cud.Gen",
"target": null
},
{
"id": "Trojan.DOC.Downloader",
"display_name": "Trojan.DOC.Downloader",
"target": null
},
{
"id": "Backdoor.MSIL.Agent",
"display_name": "Backdoor.MSIL.Agent",
"target": null
},
{
"id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB",
"display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB",
"target": null
},
{
"id": "Gen:Variant.Kazy",
"display_name": "Gen:Variant.Kazy",
"target": null
},
{
"id": "Gen:Variant.Zusy",
"display_name": "Gen:Variant.Zusy",
"target": null
},
{
"id": "Ransom.WannaCrypt",
"display_name": "Ransom.WannaCrypt",
"target": null
},
{
"id": "Generic.ServStart.A",
"display_name": "Generic.ServStart.A",
"target": null
},
{
"id": "Trojan.Wanna",
"display_name": "Trojan.Wanna",
"target": null
},
{
"id": "Generic.MSIL.Bladabindi",
"display_name": "Generic.MSIL.Bladabindi",
"target": null
},
{
"id": "TROJ_GEN.R002C0OG518",
"display_name": "TROJ_GEN.R002C0OG518",
"target": null
},
{
"id": "Trojan.Chapak",
"display_name": "Trojan.Chapak",
"target": null
},
{
"id": "Indiloadz.BB",
"display_name": "Indiloadz.BB",
"target": null
},
{
"id": "BehavBehavesLike.PUPXBI",
"display_name": "BehavBehavesLike.PUPXBI",
"target": null
},
{
"id": "DeepScan:Generic.SpyAgent.6",
"display_name": "DeepScan:Generic.SpyAgent.6",
"target": null
},
{
"id": "Python.KeyLogger",
"display_name": "Python.KeyLogger",
"target": null
},
{
"id": "GameHack.CRS",
"display_name": "GameHack.CRS",
"target": null
},
{
"id": "Generic.MSIL.PasswordStealer",
"display_name": "Generic.MSIL.PasswordStealer",
"target": null
},
{
"id": "PSW.Agent",
"display_name": "PSW.Agent",
"target": null
},
{
"id": "malicious.8c45ba",
"display_name": "malicious.8c45ba",
"target": null
},
{
"id": "Dropper.Binder",
"display_name": "Dropper.Binder",
"target": null
},
{
"id": "Constructor.MSIL",
"display_name": "Constructor.MSIL",
"target": null
},
{
"id": "Linux.Agent",
"display_name": "Linux.Agent",
"target": null
},
{
"id": "Virus.3DMax.Script",
"display_name": "Virus.3DMax.Script",
"target": null
},
{
"id": "ScrInject.B",
"display_name": "ScrInject.B",
"target": null
},
{
"id": "Trojan.WisdomEyes.16070401.9500",
"display_name": "Trojan.WisdomEyes.16070401.9500",
"target": null
},
{
"id": "Application.SearchProtect",
"display_name": "Application.SearchProtect",
"target": null
},
{
"id": "JS:Trojan.Clicker",
"display_name": "JS:Trojan.Clicker",
"target": null
},
{
"id": "Faceliker.A",
"display_name": "Faceliker.A",
"target": null
},
{
"id": "JS:Trojan.JS.Faceliker",
"display_name": "JS:Trojan.JS.Faceliker",
"target": null
},
{
"id": "Constructor.MSIL Linux.Agent",
"display_name": "Constructor.MSIL Linux.Agent",
"target": null
},
{
"id": "PowerShell.Trojan",
"display_name": "PowerShell.Trojan",
"target": null
},
{
"id": "HTML:Script",
"display_name": "HTML:Script",
"target": null
},
{
"id": "ScrInject.B",
"display_name": "ScrInject.B",
"target": null
},
{
"id": "W32.AIDetectVM",
"display_name": "W32.AIDetectVM",
"target": null
},
{
"id": "HackTool.CheatEngine",
"display_name": "HackTool.CheatEngine",
"target": null
},
{
"id": "Injector.CLDS",
"display_name": "Injector.CLDS",
"target": null
},
{
"id": "VB.Downloader.2",
"display_name": "VB.Downloader.2",
"target": null
},
{
"id": "malicious.3e78cc",
"display_name": "malicious.3e78cc",
"target": null
},
{
"id": "malicious.d800d6",
"display_name": "malicious.d800d6",
"target": null
},
{
"id": "VB.PwShell.2",
"display_name": "VB.PwShell.2",
"target": null
},
{
"id": "Backdoor.RBot",
"display_name": "Backdoor.RBot",
"target": null
},
{
"id": "malicious.71b1a8",
"display_name": "malicious.71b1a8",
"target": null
},
{
"id": "TrojanSpy.KeyLogger",
"display_name": "TrojanSpy.KeyLogger",
"target": null
},
{
"id": "Injector.JDO",
"display_name": "Injector.JDO",
"target": null
},
{
"id": "Heur.Msword.Gen",
"display_name": "Heur.Msword.Gen",
"target": null
},
{
"id": "PSW.Discord",
"display_name": "PSW.Discord",
"target": null
},
{
"id": "Packed.VMProtect",
"display_name": "Packed.VMProtect",
"target": null
},
{
"id": "HEUR:AdWare.StartSurf",
"display_name": "HEUR:AdWare.StartSurf",
"target": null
},
{
"id": "Gen:Heur.NoobyProtect",
"display_name": "Gen:Heur.NoobyProtect",
"target": null
},
{
"id": "CIL.HeapOverride",
"display_name": "CIL.HeapOverride",
"target": null
},
{
"id": "HEUR:Trojan.Tasker",
"display_name": "HEUR:Trojan.Tasker",
"target": null
},
{
"id": "XLM.Trojan.Abracadabra.27",
"display_name": "XLM.Trojan.Abracadabra.27",
"target": null
},
{
"id": "HEUR:Backdoor.MSIL.NanoBot",
"display_name": "HEUR:Backdoor.MSIL.NanoBot",
"target": null
},
{
"id": "Trojan.PSW.Mimikatz",
"display_name": "Trojan.PSW.Mimikatz",
"target": null
},
{
"id": "TrojanSpy.Python",
"display_name": "TrojanSpy.Python",
"target": null
},
{
"id": "Trojan.Ole2.Vbs",
"display_name": "Trojan.Ole2.Vbs",
"target": null
},
{
"id": "Exploit.MSOffice",
"display_name": "Exploit.MSOffice",
"target": null
},
{
"id": "DeepScan:Generic.Ransom.AmnesiaE",
"display_name": "DeepScan:Generic.Ransom.AmnesiaE",
"target": null
},
{
"id": "Wacatac.D6",
"display_name": "Wacatac.D6",
"target": null
},
{
"id": "Backdoor.Androm",
"display_name": "Backdoor.Androm",
"target": null
},
{
"id": "Packed.NetSeal",
"display_name": "Packed.NetSeal",
"target": null
},
{
"id": "Trojan.MSIL.Injector",
"display_name": "Trojan.MSIL.Injector",
"target": null
},
{
"id": "Trojan.PWS.Agent",
"display_name": "Trojan.PWS.Agent",
"target": null
},
{
"id": "TScope.Trojan",
"display_name": "TScope.Trojan",
"target": null
},
{
"id": "PSW.Stealer",
"display_name": "PSW.Stealer",
"target": null
},
{
"id": "Trojan.PackedNET",
"display_name": "Trojan.PackedNET",
"target": null
},
{
"id": "Trojan.Java",
"display_name": "Trojan.Java",
"target": null
},
{
"id": "MalwareX",
"display_name": "MalwareX",
"target": null
},
{
"id": "Trojan.PSW.Python",
"display_name": "Trojan.PSW.Python",
"target": null
},
{
"id": "malicious.11abfc",
"display_name": "malicious.11abfc",
"target": null
},
{
"id": "Generic.ASMalwS",
"display_name": "Generic.ASMalwS",
"target": null
},
{
"id": "HEUR:Trojan.MSIL.Tasker",
"display_name": "HEUR:Trojan.MSIL.Tasker",
"target": null
},
{
"id": "PossibleThreat.PALLAS",
"display_name": "PossibleThreat.PALLAS",
"target": null
},
{
"id": "Backdoor.Poison",
"display_name": "Backdoor.Poison",
"target": null
},
{
"id": "Generic.MSIL.LimeRAT",
"display_name": "Generic.MSIL.LimeRAT",
"target": null
},
{
"id": "PWS-FCZZ",
"display_name": "PWS-FCZZ",
"target": null
},
{
"id": "Trojan.Script",
"display_name": "Trojan.Script",
"target": null
},
{
"id": "Gen:Heur.MSIL.Inject",
"display_name": "Gen:Heur.MSIL.Inject",
"target": null
},
{
"id": "Trojan.PWS.Growtopia",
"display_name": "Trojan.PWS.Growtopia",
"target": null
},
{
"id": "Spyware.Bobik",
"display_name": "Spyware.Bobik",
"target": null
},
{
"id": "HackTool.BruteForce",
"display_name": "HackTool.BruteForce",
"target": null
},
{
"id": "Hack.Patcher",
"display_name": "Hack.Patcher",
"target": null
},
{
"id": "PWS.p",
"display_name": "PWS.p",
"target": null
},
{
"id": "Suppobox",
"display_name": "Suppobox",
"target": null
},
{
"id": "index.php",
"display_name": "index.php",
"target": null
},
{
"id": "Packed.VMProtect",
"display_name": "Packed.VMProtect",
"target": null
},
{
"id": "SmokeLoader",
"display_name": "SmokeLoader",
"target": null
},
{
"id": "Generic.Malware",
"display_name": "Generic.Malware",
"target": null
},
{
"id": "SNH:Script [Dropper]",
"display_name": "SNH:Script [Dropper]",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.SAgent",
"display_name": "HEUR:Trojan.MSOffice.SAgent",
"target": null
},
{
"id": "Script.INF",
"display_name": "Script.INF",
"target": null
},
{
"id": "JS:Trojan.JS.Likejack",
"display_name": "JS:Trojan.JS.Likejack",
"target": null
},
{
"id": "SNH:Script [Dropper]",
"display_name": "SNH:Script [Dropper]",
"target": null
},
{
"id": "Trojan.JS.Agent",
"display_name": "Trojan.JS.Agent",
"target": null
},
{
"id": "APT Notes",
"display_name": "APT Notes",
"target": null
},
{
"id": "susp.rtf.objupdate",
"display_name": "susp.rtf.objupdate",
"target": null
},
{
"id": "RedCap.zoohz",
"display_name": "RedCap.zoohz",
"target": null
},
{
"id": "Trojan.Tasker",
"display_name": "Trojan.Tasker",
"target": null
},
{
"id": "virus.office.qexvmc",
"display_name": "virus.office.qexvmc",
"target": null
},
{
"id": "Trojan.KillProc",
"display_name": "Trojan.KillProc",
"target": null
},
{
"id": "Generic.MSIL.GrwtpStealer.1",
"display_name": "Generic.MSIL.GrwtpStealer.1",
"target": null
},
{
"id": "Suspicious.Cloud",
"display_name": "Suspicious.Cloud",
"target": null
},
{
"id": "PowerShell.DownLoader",
"display_name": "PowerShell.DownLoader",
"target": null
},
{
"id": "Downldr.gen",
"display_name": "Downldr.gen",
"target": null
},
{
"id": "AGEN.1030939",
"display_name": "AGEN.1030939",
"target": null
},
{
"id": "HackTool.Binder",
"display_name": "HackTool.Binder",
"target": null
},
{
"id": "Trojan.Inject",
"display_name": "Trojan.Inject",
"target": null
},
{
"id": "Dldr.Agent",
"display_name": "Dldr.Agent",
"target": null
},
{
"id": "Dropper.MSIL",
"display_name": "Dropper.MSIL",
"target": null
},
{
"id": "Trojan.VBKryjetor",
"display_name": "Trojan.VBKryjetor",
"target": null
},
{
"id": "PWSX",
"display_name": "PWSX",
"target": null
},
{
"id": "VB:Trojan.VBA.Agent",
"display_name": "VB:Trojan.VBA.Agent",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.Stratos",
"display_name": "HEUR:Trojan.MSOffice.Stratos",
"target": null
}
],
"attack_ids": [
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1071.001",
"name": "Web Protocols",
"display_name": "T1071.001 - Web Protocols"
},
{
"id": "T1071.004",
"name": "DNS",
"display_name": "T1071.004 - DNS"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1059.007",
"name": "JavaScript",
"display_name": "T1059.007 - JavaScript"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "TA0029",
"name": "Privilege Escalation",
"display_name": "TA0029 - Privilege Escalation"
},
{
"id": "T1449",
"name": "Exploit SS7 to Redirect Phone Calls/SMS",
"display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS"
},
{
"id": "T1190",
"name": "Exploit Public-Facing Application",
"display_name": "T1190 - Exploit Public-Facing Application"
},
{
"id": "T1210",
"name": "Exploitation of Remote Services",
"display_name": "T1210 - Exploitation of Remote Services"
},
{
"id": "T1450",
"name": "Exploit SS7 to Track Device Location",
"display_name": "T1450 - Exploit SS7 to Track Device Location"
},
{
"id": "T1211",
"name": "Exploitation for Defense Evasion",
"display_name": "T1211 - Exploitation for Defense Evasion"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "TA0011",
"name": "Command and Control",
"display_name": "TA0011 - Command and Control"
},
{
"id": "T1412",
"name": "Capture SMS Messages",
"display_name": "T1412 - Capture SMS Messages"
},
{
"id": "T1454",
"name": "Malicious SMS Message",
"display_name": "T1454 - Malicious SMS Message"
},
{
"id": "T1001",
"name": "Data Obfuscation",
"display_name": "T1001 - Data Obfuscation"
},
{
"id": "T1114",
"name": "Email Collection",
"display_name": "T1114 - Email Collection"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1498",
"name": "Network Denial of Service",
"display_name": "T1498 - Network Denial of Service"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 338,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 1184,
"FileHash-SHA1": 949,
"FileHash-SHA256": 3712,
"URL": 2925,
"domain": 627,
"hostname": 1319,
"CVE": 26,
"email": 8,
"CIDR": 2
},
"indicator_count": 10752,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "862 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "654c5970817e6bf8b0e5b5ff",
"name": "Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server | Apple iOS",
"description": "Darkside 2020 Ecosystem .BEware\nMalicious Tor server. Link found in pulse created prior. \nMalvertizing target: Tsara Brashears\nRevenge Porn.\nThere may me others. Malicious Apple activities, locating, CVE exploits, unlocking, hijacker, service transfer, spyware, malicious full auth, tracking, endless. Seems to originate from a law firm that goes to far to defend clients and silence alleged victims. \nSome State allow the same privileges and tools the federal government to insurance, workers compensation, investigators and insurance company law firms for investigations. \nFear tactics they seem willing to back up. I was approached and asked about my cyber knowledge by strangers. I am followed now for using a tool properly.\nALL terms auto populated from various tools from various tools used including, State, Brian Sabey, cyber stalking. Perhaps he's made contact with target. Danger!",
"modified": "2023-12-09T03:01:57.989000",
"created": "2023-11-09T04:00:48.087000",
"tags": [
"ssl certificate",
"historical ssl",
"communicating",
"contacted",
"resolutions",
"whois record",
"whois whois",
"whois parent",
"whois siblings",
"skynet",
"threat report",
"ip summary",
"url summary",
"summary",
"sample",
"samples",
"detection list",
"blacklist",
"cisco umbrella",
"site",
"safe site",
"million",
"team",
"microsoft",
"back",
"download",
"phishing",
"union",
"bank",
"malicious site",
"blacklist http",
"exit",
"traffic",
"node tcp",
"tor known",
"tor relayrouter",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"spammer",
"malware",
"dropped",
"unlocker",
"http",
"critical risk",
"redline stealer",
"core",
"hacktool",
"execution",
"type win32",
"exe size",
"first seen",
"file name",
"avast win32",
"win32",
"avg win32",
"fortinet",
"vitro",
"mb first",
"rmndrp",
"clean mx",
"undetected dns8",
"undetected vx",
"sophos",
"vault",
"zdb zeus",
"cmc threat",
"snort ip",
"feodo tracker",
"cybereason",
"send bug",
"pe yandex",
"no data",
"tag count",
"count blacklist",
"tag tag",
"algorithm",
"v3 serial",
"number",
"issuer",
"cus cnr3",
"olet",
"subject public",
"key info",
"key algorithm",
"key identifier",
"first",
"seen",
"valid",
"no na",
"no no",
"ip security",
"cndst root",
"ca x3",
"ca id",
"research group",
"cnisrg root",
"no expired",
"mozilla",
"android",
"malicious red team",
"tsara brashears",
"cyber stalking",
"malvertizing",
"invasion of privacy",
"threat",
"adult content",
"apple",
"iphone unlocker",
"android",
"exploited spyware",
"malware host",
"brute force",
"revenge-rat",
"banker",
"evasive",
"domain",
"redline",
"stealer",
"phishing",
"ramnit",
"unreliable subdomains",
"dridex",
"gating",
"msil",
"rat",
"loki",
"network",
"hacking",
"sinkhole",
"azorult",
"c2",
"historicalandnew",
"targeted attack",
"puffstealer",
"rultazo",
"lokibot",
"loki pws",
"burkina",
"banker,dde,dridex,exploit",
"banker,dridex,evasive",
"trickbot",
"ransomware,torrentlocker",
"exploit_source",
"blacknet",
"FileRepMalware",
"linux agent",
"blacknet",
"ios",
"phishing paypal",
"tagging",
"defacement",
"hit",
"bounty",
"phishing site",
"malware site",
"malware download",
"endangerment",
"Malicious domain - SANS Internet Storm Center",
"evasive,msil,rat,revenge-rat",
"prism_setting",
"prism_object",
"static engine",
"social engineering",
"jansky",
"worm",
"network rat",
"networm",
"Loki Password Stealer (PWS)",
"South Carolina Federal Credit Union phishing",
"darkweb",
"yandex",
"redirectors",
"blacknet threats",
"phishing,ransomware,sinkhole",
"wanacrypt0r,wannacry,wcry",
"tor c++",
"tor c++ client",
"python user",
"js user",
"hacker",
"hijacker",
"heur",
"maltiverse",
"alexa top",
"exploit",
"riskware",
"unsafe",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"crack",
"webtoolbar",
"search live",
"api blog",
"docs pricing",
"november",
"de indicators",
"domains",
"hashes",
"__convergedlogin_pcustomizationloader_44b450e8d543eb53930d",
"malicious url",
"financial",
"blacknet rat",
"azorult",
"stealer",
"deep scan",
"blacklist https",
"referrer",
"collections kp",
"incident ip",
"sneaky server",
"replacement",
"unauthorized",
"emotet",
"noname057",
"generic malware",
"engineering",
"cyber threat",
"facebook",
"paypal",
"dropbox",
"united",
"america",
"banking",
"wells fargo",
"steam",
"twitter",
"sliver",
"daum",
"swift",
"runescape",
"betabot",
"district",
"iframe",
"alexa",
"downldr",
"agent",
"presenoker",
"bladabindi",
"live",
"conduit",
"pony",
"covid19",
"malicious",
"cobalt strike",
"suppobox",
"ramnit",
"meterpreter",
"virut",
"njrat",
"pykspa",
"asyncrat",
"downloader",
"fakealert",
"binder",
"virustotal",
"formbook",
"necurs",
"trojan",
"msil",
"hiloti",
"vawtrak",
"simda",
"kraken",
"solimba",
"icedid",
"redirector",
"suspic",
"amadey",
"raccoon",
"nanocore rat",
"revenge rat",
"genkryptik",
"fuery",
"wacatac",
"service",
"cloudeye",
"tinba",
"domaiq",
"ave maria",
"zeus",
"ransomware",
"zbot",
"generic",
"trojanspy",
"states",
"inmortal",
"locky",
"strike",
"china cobalt",
"keybase",
"cutwail",
"citadel",
"radamant",
"kovter",
"bradesco",
"nymaim",
"amonetize",
"bondat",
"ghost rat",
"vjw0rm",
"bandoo",
"matsnu",
"dnspionage",
"darkgate",
"vidar",
"keylogger",
"remcos",
"agenttesla",
"detplock",
"win64",
"smokeloader",
"agent tesla",
"kgs0",
"kls0",
"urls",
"type name",
"dns replication",
"date",
"domain",
"win32 exe",
"files",
"detections type",
"name",
"drpsuinstaller",
"vdfsurfs",
"opera",
"icwrmind",
"notepad",
"installer",
"miner",
"unknown",
"networm",
"houdini",
"quasar rat",
"gamehack",
"dbatloader",
"qakbot",
"ursnif",
"CVE-2005-1790",
"CVE-2009-3672",
"CVE-2010-3962",
"CVE-2012-3993",
"CVE-2014-6332",
"CVE-2017-11882",
"CVE-2020-0601",
"CVE-2020-0674",
"hallrender.com",
"brian sabey",
"insurance",
"botnetwork",
"botmaster",
"command_and_control",
"CVE-2021-27065",
"CVE-2021-40444",
"CVE-2023-4966",
"CVE-2017-0199",
"CVE-2018-4893",
"CVE-2010-3333",
"CVE-2015-1641",
"CVE-2017-0147",
"CVE-2017-8570",
"CVE-2018-0802",
"CVE-2018-8373",
"CVE-2017-8759",
"CVE-2018-8453",
"CVE-2014-3153",
"CVE-2015-1650",
"CVE-2017-0143",
"CVE-2017-8464",
"Icefog",
"Delf.NBX",
"$WebWatson",
"Gen:Heur.Ransom.HiddenTears",
"mobilekey.pw",
"bitbucket.org",
"Anomalous.100%",
"malware distribution site",
"gootkit",
"edsaid",
"rightsaided",
"betabot",
"cobaltstrike4.tk",
"mas.to",
"BehavesLike.YahLover",
"srdvd16010404",
"languageenu",
"buildno",
"channelisales",
"vendorname2581",
"osregion",
"device",
"systemlocale",
"majorver16",
"quasar",
"find",
"lockbit",
"chaos",
"ransomexx",
"grandoreiro",
"evilnum",
"banker"
],
"references": [
"https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7",
"20.99.186.246 exploit source",
"fp2e7a.wpc.2be4.phicdn.net",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)",
"http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)",
"init.ess.apple.com (malicious code script)",
"https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )",
"https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators",
"VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection",
"Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246",
"IPv4 45.12.253.72. command_and_control",
"Hostname: ddos.dnsnb8.net command_and_control",
"IPv4 95.213.186.51 command_and_control",
"Hostname: www.supernetforme.com command_and_control",
"IPv4 103.224.182.246 command_and_control",
"IPv4 72.251.233.245 command_and_control",
"IPv4 63.251.106.25 command_and_control",
"IPv4 45.15.156.208 command_and_control",
"IPv4 104.247.81.51 command_and_control",
"http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)",
"https://downloaddevtools.ir/ (phishing)",
"happylifehappywife.com",
"apples.encryptedwork.com (Interesting in the blacknet)",
"https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)",
"https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)",
"https://www.apple.com/shop/browse/open/country_selector (exploit)",
"www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!",
"http://init-p01st.push.apple.com/bag (malicious web creator)",
"opencve.djgummikuh.de (CVE dispensary)",
"Maltiverse Research Team",
"URLscan.io",
"Deep Research",
"Hybrid Analysis",
"URLhaus Abuse.ch",
"Cyber Threat Coalition",
"ThreatFox Abuse.ch"
],
"public": 1,
"adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed",
"targeted_countries": [
"United States of America",
"France",
"Spain"
],
"malware_families": [
{
"id": "Feodo",
"display_name": "Feodo",
"target": null
},
{
"id": "Dridex",
"display_name": "Dridex",
"target": null
},
{
"id": "Redline Stealer",
"display_name": "Redline Stealer",
"target": null
},
{
"id": "Ramnit.N",
"display_name": "Ramnit.N",
"target": null
},
{
"id": "Loki Bot",
"display_name": "Loki Bot",
"target": null
},
{
"id": "Loki Password Stealer (PWS)",
"display_name": "Loki Password Stealer (PWS)",
"target": null
},
{
"id": "AZORult",
"display_name": "AZORult",
"target": null
},
{
"id": "Zbd Zeus",
"display_name": "Zbd Zeus",
"target": null
},
{
"id": "Trojan:MSIL/Burkina",
"display_name": "Trojan:MSIL/Burkina",
"target": "/malware/Trojan:MSIL/Burkina"
},
{
"id": "Generic.TrickBot.1",
"display_name": "Generic.TrickBot.1",
"target": null
},
{
"id": "Exploit.CVE",
"display_name": "Exploit.CVE",
"target": null
},
{
"id": "Injector.IS.gen",
"display_name": "Injector.IS.gen",
"target": null
},
{
"id": "Gen:Variant.Razy",
"display_name": "Gen:Variant.Razy",
"target": null
},
{
"id": "Trojan.Androm.Gen",
"display_name": "Trojan.Androm.Gen",
"target": null
},
{
"id": "HEUR:Trojan.Linux.Agent",
"display_name": "HEUR:Trojan.Linux.Agent",
"target": null
},
{
"id": "BScope.Trojan",
"display_name": "BScope.Trojan",
"target": null
},
{
"id": "VBA.Downloader",
"display_name": "VBA.Downloader",
"target": null
},
{
"id": "Trojan.Notifier",
"display_name": "Trojan.Notifier",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.Alien",
"display_name": "HEUR:Trojan.MSOffice.Alien",
"target": null
},
{
"id": "Unsafe.AI_Score_100%",
"display_name": "Unsafe.AI_Score_100%",
"target": null
},
{
"id": "Gen:Variant.Johnnie",
"display_name": "Gen:Variant.Johnnie",
"target": null
},
{
"id": "DangerousObject.Multi",
"display_name": "DangerousObject.Multi",
"target": null
},
{
"id": "Trojan:Python/Downldr",
"display_name": "Trojan:Python/Downldr",
"target": "/malware/Trojan:Python/Downldr"
},
{
"id": "Trojan:Linux/Downldr",
"display_name": "Trojan:Linux/Downldr",
"target": "/malware/Trojan:Linux/Downldr"
},
{
"id": "Trojan:VBA/Downldr",
"display_name": "Trojan:VBA/Downldr",
"target": "/malware/Trojan:VBA/Downldr"
},
{
"id": "TrojanDownloader:Linux/Downldr",
"display_name": "TrojanDownloader:Linux/Downldr",
"target": "/malware/TrojanDownloader:Linux/Downldr"
},
{
"id": "Kryptik.FPH.gen",
"display_name": "Kryptik.FPH.gen",
"target": null
},
{
"id": "TROJ_FRS.VSNTFK19",
"display_name": "TROJ_FRS.VSNTFK19",
"target": null
},
{
"id": "Trojan.Ransom.GenericKD",
"display_name": "Trojan.Ransom.GenericKD",
"target": null
},
{
"id": "Phish.JAT",
"display_name": "Phish.JAT",
"target": null
},
{
"id": "Phishing.HTML",
"display_name": "Phishing.HTML",
"target": null
},
{
"id": "Generic.ASMalwS",
"display_name": "Generic.ASMalwS",
"target": null
},
{
"id": "Phish.AB",
"display_name": "Phish.AB",
"target": null
},
{
"id": "Generic.Malware",
"display_name": "Generic.Malware",
"target": null
},
{
"id": "ml.Generic",
"display_name": "ml.Generic",
"target": null
},
{
"id": "Xegumumune.8596c22f",
"display_name": "Xegumumune.8596c22f",
"target": null
},
{
"id": "Generic.Malware.SMYB",
"display_name": "Generic.Malware.SMYB",
"target": null
},
{
"id": "malicious.moderate.ml",
"display_name": "malicious.moderate.ml",
"target": null
},
{
"id": "Agent.NBAE",
"display_name": "Agent.NBAE",
"target": null
},
{
"id": "AGEN.1045227",
"display_name": "AGEN.1045227",
"target": null
},
{
"id": "Riskware.Agent",
"display_name": "Riskware.Agent",
"target": null
},
{
"id": "Gen:Variant.Cerbu",
"display_name": "Gen:Variant.Cerbu",
"target": null
},
{
"id": "IL:Trojan.MSILZilla",
"display_name": "IL:Trojan.MSILZilla",
"target": null
},
{
"id": "Dropped:Generic.Ransom.DMR",
"display_name": "Dropped:Generic.Ransom.DMR",
"target": null
},
{
"id": "Delf.NBX",
"display_name": "Delf.NBX",
"target": null
},
{
"id": "malicious.f01f67",
"display_name": "malicious.f01f67",
"target": null
},
{
"id": "AGEN.1144657",
"display_name": "AGEN.1144657",
"target": null
},
{
"id": "Trojan.Heur",
"display_name": "Trojan.Heur",
"target": null
},
{
"id": "Trojan.Malware.300983",
"display_name": "Trojan.Malware.300983",
"target": null
},
{
"id": "SdBot.CAOC",
"display_name": "SdBot.CAOC",
"target": null
},
{
"id": "Trojan.DelShad",
"display_name": "Trojan.DelShad",
"target": null
},
{
"id": "Exploit CVE-2017-11882",
"display_name": "Exploit CVE-2017-11882",
"target": null
},
{
"id": "GameHack.NL",
"display_name": "GameHack.NL",
"target": null
},
{
"id": "JS:Trojan.HideLink",
"display_name": "JS:Trojan.HideLink",
"target": null
},
{
"id": "Script.Agent",
"display_name": "Script.Agent",
"target": null
},
{
"id": "Macro.Agent",
"display_name": "Macro.Agent",
"target": null
},
{
"id": "Macro.Downloader.AMIP",
"display_name": "Macro.Downloader.AMIP",
"target": null
},
{
"id": "Trojan.VBA",
"display_name": "Trojan.VBA",
"target": null
},
{
"id": "HEUR.VBA.Trojan",
"display_name": "HEUR.VBA.Trojan",
"target": null
},
{
"id": "VB.EmoooDldr.10",
"display_name": "VB.EmoooDldr.10",
"target": null
},
{
"id": "VB:Trojan.Valyria",
"display_name": "VB:Trojan.Valyria",
"target": null
},
{
"id": "OpenSubtitles.A",
"display_name": "OpenSubtitles.A",
"target": null
},
{
"id": "VB.EmoDldr.4",
"display_name": "VB.EmoDldr.4",
"target": null
},
{
"id": "Packed-GV",
"display_name": "Packed-GV",
"target": null
},
{
"id": "Adware.InstallMonetizer",
"display_name": "Adware.InstallMonetizer",
"target": null
},
{
"id": "Skynet",
"display_name": "Skynet",
"target": null
},
{
"id": "HW32.Packed",
"display_name": "HW32.Packed",
"target": null
},
{
"id": "Zpevdo.B",
"display_name": "Zpevdo.B",
"target": null
},
{
"id": "Presenoker",
"display_name": "Presenoker",
"target": null
},
{
"id": "SGeneric",
"display_name": "SGeneric",
"target": null
},
{
"id": "GameHack.DOM",
"display_name": "GameHack.DOM",
"target": null
},
{
"id": "BehavesLike.Ransom",
"display_name": "BehavesLike.Ransom",
"target": null
},
{
"id": "CIL.StupidCryptor",
"display_name": "CIL.StupidCryptor",
"target": null
},
{
"id": "Gen:Heur.Ransom.MSIL",
"display_name": "Gen:Heur.Ransom.MSIL",
"target": null
},
{
"id": "Black.Gen2",
"display_name": "Black.Gen2",
"target": null
},
{
"id": "GameHack.CRS",
"display_name": "GameHack.CRS",
"target": null
},
{
"id": "Trojan.HTML.PHISH",
"display_name": "Trojan.HTML.PHISH",
"target": null
},
{
"id": "Gen:Heur.MSIL.Inject",
"display_name": "Gen:Heur.MSIL.Inject",
"target": null
},
{
"id": "Program.Unwanted",
"display_name": "Program.Unwanted",
"target": null
},
{
"id": "HEUR/QVM42.3.72EB.Malware",
"display_name": "HEUR/QVM42.3.72EB.Malware",
"target": null
},
{
"id": "suspicious.low.ml",
"display_name": "suspicious.low.ml",
"target": null
},
{
"id": "JS:Trojan.Cryxos",
"display_name": "JS:Trojan.Cryxos",
"target": null
},
{
"id": "Suspicious_GEN.F47V0520",
"display_name": "Suspicious_GEN.F47V0520",
"target": null
},
{
"id": "Dropper.Trojan.Generic",
"display_name": "Dropper.Trojan.Generic",
"target": null
},
{
"id": "Trojan.TrickBot",
"display_name": "Trojan.TrickBot",
"target": null
},
{
"id": "Malware.Tk.Generic",
"display_name": "Malware.Tk.Generic",
"target": null
},
{
"id": "TrojanSpy.Java",
"display_name": "TrojanSpy.Java",
"target": null
},
{
"id": "Riskware.NetFilter",
"display_name": "Riskware.NetFilter",
"target": null
},
{
"id": "RiskWare.Crack",
"display_name": "RiskWare.Crack",
"target": null
},
{
"id": "BehavesLike.Exploit",
"display_name": "BehavesLike.Exploit",
"target": null
},
{
"id": "Gen:NN.ZemsilF.34128",
"display_name": "Gen:NN.ZemsilF.34128",
"target": null
},
{
"id": "Wacapew.C",
"display_name": "Wacapew.C",
"target": null
},
{
"id": "Trojan.Malware.121218",
"display_name": "Trojan.Malware.121218",
"target": null
},
{
"id": "RiskWare.HackTool.Agent",
"display_name": "RiskWare.HackTool.Agent",
"target": null
},
{
"id": "Artemis",
"display_name": "Artemis",
"target": null
},
{
"id": "Trojan.Generic",
"display_name": "Trojan.Generic",
"target": null
},
{
"id": "W32.Trojan",
"display_name": "W32.Trojan",
"target": null
},
{
"id": "BScope.Riskware",
"display_name": "BScope.Riskware",
"target": null
},
{
"id": "Gen:Variant.Bulz",
"display_name": "Gen:Variant.Bulz",
"target": null
},
{
"id": "Ransom:Win32/CVE-2017-0147",
"display_name": "Ransom:Win32/CVE-2017-0147",
"target": "/malware/Ransom:Win32/CVE-2017-0147"
},
{
"id": "Virus.Ramnit",
"display_name": "Virus.Ramnit",
"target": null
},
{
"id": "Virus.Virut",
"display_name": "Virus.Virut",
"target": null
},
{
"id": "Adware.KuziTui",
"display_name": "Adware.KuziTui",
"target": null
},
{
"id": "AGEN.1141126",
"display_name": "AGEN.1141126",
"target": null
},
{
"id": "W32.AIDetect",
"display_name": "W32.AIDetect",
"target": null
},
{
"id": "Trojan.Python",
"display_name": "Trojan.Python",
"target": null
},
{
"id": "W32.AIDetectVM",
"display_name": "W32.AIDetectVM",
"target": null
},
{
"id": "Suspicious.Save",
"display_name": "Suspicious.Save",
"target": null
},
{
"id": "Adware.Downware",
"display_name": "Adware.Downware",
"target": null
},
{
"id": "Ransom.Win64.Wacatac.oa",
"display_name": "Ransom.Win64.Wacatac.oa",
"target": null
},
{
"id": "OpenSubtitles.A",
"display_name": "OpenSubtitles.A",
"target": null
},
{
"id": "VB.EmoDldr.4",
"display_name": "VB.EmoDldr.4",
"target": null
},
{
"id": "Gen:Variant.Midie",
"display_name": "Gen:Variant.Midie",
"target": null
},
{
"id": "HEUR/QVM41.2.DA9B.Malware",
"display_name": "HEUR/QVM41.2.DA9B.Malware",
"target": null
},
{
"id": "Gen:Variant.Sirefef",
"display_name": "Gen:Variant.Sirefef",
"target": null
},
{
"id": "Macro.Trojan.Dropperd",
"display_name": "Macro.Trojan.Dropperd",
"target": null
},
{
"id": "BlackNET RAT",
"display_name": "BlackNET RAT",
"target": null
},
{
"id": "Gen:Variant.Ursu",
"display_name": "Gen:Variant.Ursu",
"target": null
},
{
"id": "Redcap.rlhse",
"display_name": "Redcap.rlhse",
"target": null
},
{
"id": "Trojan.Trickster",
"display_name": "Trojan.Trickster",
"target": null
},
{
"id": "HTML_REDIR.SMR",
"display_name": "HTML_REDIR.SMR",
"target": null
},
{
"id": "TROJ_FRS.VSNTFK19",
"display_name": "TROJ_FRS.VSNTFK19",
"target": null
},
{
"id": "Hoax.JS.Phish",
"display_name": "Hoax.JS.Phish",
"target": null
},
{
"id": "JS:Iframe",
"display_name": "JS:Iframe",
"target": null
},
{
"id": "Application.SQLCrack",
"display_name": "Application.SQLCrack",
"target": null
},
{
"id": "susp.lnk",
"display_name": "susp.lnk",
"target": null
},
{
"id": "QVM201.0.B70B.Malware",
"display_name": "QVM201.0.B70B.Malware",
"target": null
},
{
"id": "Immortal Stealer",
"display_name": "Immortal Stealer",
"target": null
},
{
"id": "WebMonitor RAT",
"display_name": "WebMonitor RAT",
"target": null
},
{
"id": "Tor - S0183",
"display_name": "Tor - S0183",
"target": null
},
{
"id": "WannaCry",
"display_name": "WannaCry",
"target": null
},
{
"id": "WannaCryptor",
"display_name": "WannaCryptor",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "BlackNET",
"display_name": "BlackNET",
"target": null
},
{
"id": "DeepScan:Generic.Ransom.GandCrab5",
"display_name": "DeepScan:Generic.Ransom.GandCrab5",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "States",
"display_name": "States",
"target": null
},
{
"id": "Inmortal",
"display_name": "Inmortal",
"target": null
},
{
"id": "Domains",
"display_name": "Domains",
"target": null
},
{
"id": "Locky",
"display_name": "Locky",
"target": null
},
{
"id": "Delf.NBX",
"display_name": "Delf.NBX",
"target": null
},
{
"id": "Gen:NN.ZexaF.32515",
"display_name": "Gen:NN.ZexaF.32515",
"target": null
},
{
"id": "FileRepMalware",
"display_name": "FileRepMalware",
"target": null
},
{
"id": "Gen:Variant.MSILPerseus",
"display_name": "Gen:Variant.MSILPerseus",
"target": null
},
{
"id": "Icefog",
"display_name": "Icefog",
"target": null
},
{
"id": "$WebWatson",
"display_name": "$WebWatson",
"target": null
},
{
"id": "Agent.AIK.gen",
"display_name": "Agent.AIK.gen",
"target": null
},
{
"id": "Agent.AIK.genCIL.StupidCryptor",
"display_name": "Agent.AIK.genCIL.StupidCryptor",
"target": null
},
{
"id": "Agent.YPEZ",
"display_name": "Agent.YPEZ",
"target": null
},
{
"id": "Application.InnovativSol",
"display_name": "Application.InnovativSol",
"target": null
},
{
"id": "Agent.ASO",
"display_name": "Agent.ASO",
"target": null
},
{
"id": "S-b748adc5",
"display_name": "S-b748adc5",
"target": null
},
{
"id": "W32.eHeur",
"display_name": "W32.eHeur",
"target": null
},
{
"id": "Kryptik.GUCB",
"display_name": "Kryptik.GUCB",
"target": null
},
{
"id": "AgentTesla",
"display_name": "AgentTesla",
"target": null
},
{
"id": "Autoit.bimwt",
"display_name": "Autoit.bimwt",
"target": null
},
{
"id": "HEUR:Trojan.OLE2.Alien",
"display_name": "HEUR:Trojan.OLE2.Alien",
"target": null
},
{
"id": "AGEN.1038489",
"display_name": "AGEN.1038489",
"target": null
},
{
"id": "Gen:Variant.Ser.Strictor",
"display_name": "Gen:Variant.Ser.Strictor",
"target": null
},
{
"id": "Packed.Themida.Gen",
"display_name": "Packed.Themida.Gen",
"target": null
},
{
"id": "AGEN.1043164",
"display_name": "AGEN.1043164",
"target": null
},
{
"id": "TrickBot - S0266",
"display_name": "TrickBot - S0266",
"target": null
},
{
"id": "Emotet",
"display_name": "Emotet",
"target": null
},
{
"id": "Trojan.PornoAsset",
"display_name": "Trojan.PornoAsset",
"target": null
},
{
"id": "Ransom.Win64.PORNOASSET.SM1",
"display_name": "Ransom.Win64.PORNOASSET.SM1",
"target": null
},
{
"id": "Gen:Variant.Ulise",
"display_name": "Gen:Variant.Ulise",
"target": null
},
{
"id": "Trojan.Win64",
"display_name": "Trojan.Win64",
"target": null
},
{
"id": "Dropper.Trojan.Agent",
"display_name": "Dropper.Trojan.Agent",
"target": null
},
{
"id": "Heur.BZC.YAX.Pantera.10",
"display_name": "Heur.BZC.YAX.Pantera.10",
"target": null
},
{
"id": "malicious.high.ml",
"display_name": "malicious.high.ml",
"target": null
},
{
"id": "CVE-2015-1650",
"display_name": "CVE-2015-1650",
"target": null
},
{
"id": "Worm.Win64.AutoRun",
"display_name": "Worm.Win64.AutoRun",
"target": null
},
{
"id": "AIT.Heur.Cottonmouth.8.78F19BD7",
"display_name": "AIT.Heur.Cottonmouth.8.78F19BD7",
"target": null
},
{
"id": "Gen:Variant.Mikey",
"display_name": "Gen:Variant.Mikey",
"target": null
},
{
"id": "Trojan.Agent",
"display_name": "Trojan.Agent",
"target": null
},
{
"id": "Pua.Gen",
"display_name": "Pua.Gen",
"target": null
},
{
"id": "Trojan.Downloader.Generic",
"display_name": "Trojan.Downloader.Generic",
"target": null
},
{
"id": "Suspected of Trojan.Downloader.gen",
"display_name": "Suspected of Trojan.Downloader.gen",
"target": null
},
{
"id": "HEUR:RemoteAdmin.Generic",
"display_name": "HEUR:RemoteAdmin.Generic",
"target": null
},
{
"id": "Gen:Heur.Ransom.HiddenTears",
"display_name": "Gen:Heur.Ransom.HiddenTears",
"target": null
},
{
"id": "Nemucod.A",
"display_name": "Nemucod.A",
"target": null
},
{
"id": "Backdoor.Hupigon",
"display_name": "Backdoor.Hupigon",
"target": null
},
{
"id": "Trojan.Starter JS.Iframe",
"display_name": "Trojan.Starter JS.Iframe",
"target": null
},
{
"id": "fake ,promethiumm ,strongpity",
"display_name": "fake ,promethiumm ,strongpity",
"target": null
},
{
"id": "PUA.Reg1staid",
"display_name": "PUA.Reg1staid",
"target": null
},
{
"id": "Malware.Heur_Generic.A",
"display_name": "Malware.Heur_Generic.A",
"target": null
},
{
"id": "Bladabindi.Q",
"display_name": "Bladabindi.Q",
"target": null
},
{
"id": "W32.eHeur",
"display_name": "W32.eHeur",
"target": null
},
{
"id": "malicious.6e0700",
"display_name": "malicious.6e0700",
"target": null
},
{
"id": "Trojan.Inject",
"display_name": "Trojan.Inject",
"target": null
},
{
"id": "TSGeneric",
"display_name": "TSGeneric",
"target": null
},
{
"id": "RedCap.vneda",
"display_name": "RedCap.vneda",
"target": null
},
{
"id": "Trojan.Indiloadz",
"display_name": "Trojan.Indiloadz",
"target": null
},
{
"id": "Trojan.Ekstak",
"display_name": "Trojan.Ekstak",
"target": null
},
{
"id": "staticrr.paleokits.net",
"display_name": "staticrr.paleokits.net",
"target": null
},
{
"id": "MSIL.Downloader",
"display_name": "MSIL.Downloader",
"target": null
},
{
"id": "Trojan.Autoruns.GenericKDS",
"display_name": "Trojan.Autoruns.GenericKDS",
"target": null
},
{
"id": "MSIL.Trojan.BSE",
"display_name": "MSIL.Trojan.BSE",
"target": null
},
{
"id": "Adload.AD81",
"display_name": "Adload.AD81",
"target": null
},
{
"id": "Packed.Asprotect",
"display_name": "Packed.Asprotect",
"target": null
},
{
"id": "Gen:NN.ZemsilF.34062",
"display_name": "Gen:NN.ZemsilF.34062",
"target": null
},
{
"id": "Evo",
"display_name": "Evo",
"target": null
},
{
"id": "Agent.pwc",
"display_name": "Agent.pwc",
"target": null
},
{
"id": "RiskTool.Phpw",
"display_name": "RiskTool.Phpw",
"target": null
},
{
"id": "Gen:Variant.Symmi",
"display_name": "Gen:Variant.Symmi",
"target": null
},
{
"id": "Trojan.PWS",
"display_name": "Trojan.PWS",
"target": null
},
{
"id": "Generic.BitCoinMiner.3",
"display_name": "Generic.BitCoinMiner.3",
"target": null
},
{
"id": "Trojan.Tasker",
"display_name": "Trojan.Tasker",
"target": null
},
{
"id": "Gen:NN",
"display_name": "Gen:NN",
"target": null
},
{
"id": "Downloader.CertutilURLCache",
"display_name": "Downloader.CertutilURLCache",
"target": null
},
{
"id": "Elf",
"display_name": "Elf",
"target": null
},
{
"id": "Gen:Heur.MSIL.Androm",
"display_name": "Gen:Heur.MSIL.Androm",
"target": null
},
{
"id": "Kryptik.NRD",
"display_name": "Kryptik.NRD",
"target": null
},
{
"id": "Riskware",
"display_name": "Riskware",
"target": null
},
{
"id": "Kuluoz.B.gen",
"display_name": "Kuluoz.B.gen",
"target": null
},
{
"id": "Gen:Variant.RevengeRat",
"display_name": "Gen:Variant.RevengeRat",
"target": null
},
{
"id": "Gen:Variant.Mikey",
"display_name": "Gen:Variant.Mikey",
"target": null
},
{
"id": "VB.Chronos.7",
"display_name": "VB.Chronos.7",
"target": null
},
{
"id": "Kryptik.NOE",
"display_name": "Kryptik.NOE",
"target": null
},
{
"id": "HEUR:WebToolbar.Generic",
"display_name": "HEUR:WebToolbar.Generic",
"target": null
},
{
"id": "Gen:Variant.Barys",
"display_name": "Gen:Variant.Barys",
"target": null
},
{
"id": "Backdoor.Xtreme",
"display_name": "Backdoor.Xtreme",
"target": null
},
{
"id": "Trojan.MSIL",
"display_name": "Trojan.MSIL",
"target": null
},
{
"id": "Gen:Variant.Graftor",
"display_name": "Gen:Variant.Graftor",
"target": null
},
{
"id": "Backdoor.Agent",
"display_name": "Backdoor.Agent",
"target": null
},
{
"id": "Unsafe",
"display_name": "Unsafe",
"target": null
},
{
"id": "Trojan.PHP.Agent",
"display_name": "Trojan.PHP.Agent",
"target": null
},
{
"id": "Trojan.Agent",
"display_name": "Trojan.Agent",
"target": null
},
{
"id": "HEUR:Exploit.Generic",
"display_name": "HEUR:Exploit.Generic",
"target": null
},
{
"id": "Ransom_WCRY.SMALYM",
"display_name": "Ransom_WCRY.SMALYM",
"target": null
},
{
"id": "Ransom_WCRY.SMJ",
"display_name": "Ransom_WCRY.SMJ",
"target": null
},
{
"id": "Auslogics",
"display_name": "Auslogics",
"target": null
},
{
"id": "Gen:Variant.Jaiko",
"display_name": "Gen:Variant.Jaiko",
"target": null
},
{
"id": "Exploit.W32.Agent",
"display_name": "Exploit.W32.Agent",
"target": null
},
{
"id": "Trojan.Cud.Gen",
"display_name": "Trojan.Cud.Gen",
"target": null
},
{
"id": "Trojan.DOC.Downloader",
"display_name": "Trojan.DOC.Downloader",
"target": null
},
{
"id": "Backdoor.MSIL.Agent",
"display_name": "Backdoor.MSIL.Agent",
"target": null
},
{
"id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB",
"display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB",
"target": null
},
{
"id": "Gen:Variant.Kazy",
"display_name": "Gen:Variant.Kazy",
"target": null
},
{
"id": "Gen:Variant.Zusy",
"display_name": "Gen:Variant.Zusy",
"target": null
},
{
"id": "Ransom.WannaCrypt",
"display_name": "Ransom.WannaCrypt",
"target": null
},
{
"id": "Generic.ServStart.A",
"display_name": "Generic.ServStart.A",
"target": null
},
{
"id": "Trojan.Wanna",
"display_name": "Trojan.Wanna",
"target": null
},
{
"id": "Generic.MSIL.Bladabindi",
"display_name": "Generic.MSIL.Bladabindi",
"target": null
},
{
"id": "TROJ_GEN.R002C0OG518",
"display_name": "TROJ_GEN.R002C0OG518",
"target": null
},
{
"id": "Trojan.Chapak",
"display_name": "Trojan.Chapak",
"target": null
},
{
"id": "Indiloadz.BB",
"display_name": "Indiloadz.BB",
"target": null
},
{
"id": "BehavBehavesLike.PUPXBI",
"display_name": "BehavBehavesLike.PUPXBI",
"target": null
},
{
"id": "DeepScan:Generic.SpyAgent.6",
"display_name": "DeepScan:Generic.SpyAgent.6",
"target": null
},
{
"id": "Python.KeyLogger",
"display_name": "Python.KeyLogger",
"target": null
},
{
"id": "GameHack.CRS",
"display_name": "GameHack.CRS",
"target": null
},
{
"id": "Generic.MSIL.PasswordStealer",
"display_name": "Generic.MSIL.PasswordStealer",
"target": null
},
{
"id": "PSW.Agent",
"display_name": "PSW.Agent",
"target": null
},
{
"id": "malicious.8c45ba",
"display_name": "malicious.8c45ba",
"target": null
},
{
"id": "Dropper.Binder",
"display_name": "Dropper.Binder",
"target": null
},
{
"id": "Constructor.MSIL",
"display_name": "Constructor.MSIL",
"target": null
},
{
"id": "Linux.Agent",
"display_name": "Linux.Agent",
"target": null
},
{
"id": "Virus.3DMax.Script",
"display_name": "Virus.3DMax.Script",
"target": null
},
{
"id": "ScrInject.B",
"display_name": "ScrInject.B",
"target": null
},
{
"id": "Trojan.WisdomEyes.16070401.9500",
"display_name": "Trojan.WisdomEyes.16070401.9500",
"target": null
},
{
"id": "Application.SearchProtect",
"display_name": "Application.SearchProtect",
"target": null
},
{
"id": "JS:Trojan.Clicker",
"display_name": "JS:Trojan.Clicker",
"target": null
},
{
"id": "Faceliker.A",
"display_name": "Faceliker.A",
"target": null
},
{
"id": "JS:Trojan.JS.Faceliker",
"display_name": "JS:Trojan.JS.Faceliker",
"target": null
},
{
"id": "Constructor.MSIL Linux.Agent",
"display_name": "Constructor.MSIL Linux.Agent",
"target": null
},
{
"id": "PowerShell.Trojan",
"display_name": "PowerShell.Trojan",
"target": null
},
{
"id": "HTML:Script",
"display_name": "HTML:Script",
"target": null
},
{
"id": "ScrInject.B",
"display_name": "ScrInject.B",
"target": null
},
{
"id": "W32.AIDetectVM",
"display_name": "W32.AIDetectVM",
"target": null
},
{
"id": "HackTool.CheatEngine",
"display_name": "HackTool.CheatEngine",
"target": null
},
{
"id": "Injector.CLDS",
"display_name": "Injector.CLDS",
"target": null
},
{
"id": "VB.Downloader.2",
"display_name": "VB.Downloader.2",
"target": null
},
{
"id": "malicious.3e78cc",
"display_name": "malicious.3e78cc",
"target": null
},
{
"id": "malicious.d800d6",
"display_name": "malicious.d800d6",
"target": null
},
{
"id": "VB.PwShell.2",
"display_name": "VB.PwShell.2",
"target": null
},
{
"id": "Backdoor.RBot",
"display_name": "Backdoor.RBot",
"target": null
},
{
"id": "malicious.71b1a8",
"display_name": "malicious.71b1a8",
"target": null
},
{
"id": "TrojanSpy.KeyLogger",
"display_name": "TrojanSpy.KeyLogger",
"target": null
},
{
"id": "Injector.JDO",
"display_name": "Injector.JDO",
"target": null
},
{
"id": "Heur.Msword.Gen",
"display_name": "Heur.Msword.Gen",
"target": null
},
{
"id": "PSW.Discord",
"display_name": "PSW.Discord",
"target": null
},
{
"id": "Packed.VMProtect",
"display_name": "Packed.VMProtect",
"target": null
},
{
"id": "HEUR:AdWare.StartSurf",
"display_name": "HEUR:AdWare.StartSurf",
"target": null
},
{
"id": "Gen:Heur.NoobyProtect",
"display_name": "Gen:Heur.NoobyProtect",
"target": null
},
{
"id": "CIL.HeapOverride",
"display_name": "CIL.HeapOverride",
"target": null
},
{
"id": "HEUR:Trojan.Tasker",
"display_name": "HEUR:Trojan.Tasker",
"target": null
},
{
"id": "XLM.Trojan.Abracadabra.27",
"display_name": "XLM.Trojan.Abracadabra.27",
"target": null
},
{
"id": "HEUR:Backdoor.MSIL.NanoBot",
"display_name": "HEUR:Backdoor.MSIL.NanoBot",
"target": null
},
{
"id": "Trojan.PSW.Mimikatz",
"display_name": "Trojan.PSW.Mimikatz",
"target": null
},
{
"id": "TrojanSpy.Python",
"display_name": "TrojanSpy.Python",
"target": null
},
{
"id": "Trojan.Ole2.Vbs",
"display_name": "Trojan.Ole2.Vbs",
"target": null
},
{
"id": "Exploit.MSOffice",
"display_name": "Exploit.MSOffice",
"target": null
},
{
"id": "DeepScan:Generic.Ransom.AmnesiaE",
"display_name": "DeepScan:Generic.Ransom.AmnesiaE",
"target": null
},
{
"id": "Wacatac.D6",
"display_name": "Wacatac.D6",
"target": null
},
{
"id": "Backdoor.Androm",
"display_name": "Backdoor.Androm",
"target": null
},
{
"id": "Packed.NetSeal",
"display_name": "Packed.NetSeal",
"target": null
},
{
"id": "Trojan.MSIL.Injector",
"display_name": "Trojan.MSIL.Injector",
"target": null
},
{
"id": "Trojan.PWS.Agent",
"display_name": "Trojan.PWS.Agent",
"target": null
},
{
"id": "TScope.Trojan",
"display_name": "TScope.Trojan",
"target": null
},
{
"id": "PSW.Stealer",
"display_name": "PSW.Stealer",
"target": null
},
{
"id": "Trojan.PackedNET",
"display_name": "Trojan.PackedNET",
"target": null
},
{
"id": "Trojan.Java",
"display_name": "Trojan.Java",
"target": null
},
{
"id": "MalwareX",
"display_name": "MalwareX",
"target": null
},
{
"id": "Trojan.PSW.Python",
"display_name": "Trojan.PSW.Python",
"target": null
},
{
"id": "malicious.11abfc",
"display_name": "malicious.11abfc",
"target": null
},
{
"id": "Generic.ASMalwS",
"display_name": "Generic.ASMalwS",
"target": null
},
{
"id": "HEUR:Trojan.MSIL.Tasker",
"display_name": "HEUR:Trojan.MSIL.Tasker",
"target": null
},
{
"id": "PossibleThreat.PALLAS",
"display_name": "PossibleThreat.PALLAS",
"target": null
},
{
"id": "Backdoor.Poison",
"display_name": "Backdoor.Poison",
"target": null
},
{
"id": "Generic.MSIL.LimeRAT",
"display_name": "Generic.MSIL.LimeRAT",
"target": null
},
{
"id": "PWS-FCZZ",
"display_name": "PWS-FCZZ",
"target": null
},
{
"id": "Trojan.Script",
"display_name": "Trojan.Script",
"target": null
},
{
"id": "Gen:Heur.MSIL.Inject",
"display_name": "Gen:Heur.MSIL.Inject",
"target": null
},
{
"id": "Trojan.PWS.Growtopia",
"display_name": "Trojan.PWS.Growtopia",
"target": null
},
{
"id": "Spyware.Bobik",
"display_name": "Spyware.Bobik",
"target": null
},
{
"id": "HackTool.BruteForce",
"display_name": "HackTool.BruteForce",
"target": null
},
{
"id": "Hack.Patcher",
"display_name": "Hack.Patcher",
"target": null
},
{
"id": "PWS.p",
"display_name": "PWS.p",
"target": null
},
{
"id": "Suppobox",
"display_name": "Suppobox",
"target": null
},
{
"id": "index.php",
"display_name": "index.php",
"target": null
},
{
"id": "Packed.VMProtect",
"display_name": "Packed.VMProtect",
"target": null
},
{
"id": "SmokeLoader",
"display_name": "SmokeLoader",
"target": null
},
{
"id": "Generic.Malware",
"display_name": "Generic.Malware",
"target": null
},
{
"id": "SNH:Script [Dropper]",
"display_name": "SNH:Script [Dropper]",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.SAgent",
"display_name": "HEUR:Trojan.MSOffice.SAgent",
"target": null
},
{
"id": "Script.INF",
"display_name": "Script.INF",
"target": null
},
{
"id": "JS:Trojan.JS.Likejack",
"display_name": "JS:Trojan.JS.Likejack",
"target": null
},
{
"id": "SNH:Script [Dropper]",
"display_name": "SNH:Script [Dropper]",
"target": null
},
{
"id": "Trojan.JS.Agent",
"display_name": "Trojan.JS.Agent",
"target": null
},
{
"id": "APT Notes",
"display_name": "APT Notes",
"target": null
},
{
"id": "susp.rtf.objupdate",
"display_name": "susp.rtf.objupdate",
"target": null
},
{
"id": "RedCap.zoohz",
"display_name": "RedCap.zoohz",
"target": null
},
{
"id": "Trojan.Tasker",
"display_name": "Trojan.Tasker",
"target": null
},
{
"id": "virus.office.qexvmc",
"display_name": "virus.office.qexvmc",
"target": null
},
{
"id": "Trojan.KillProc",
"display_name": "Trojan.KillProc",
"target": null
},
{
"id": "Generic.MSIL.GrwtpStealer.1",
"display_name": "Generic.MSIL.GrwtpStealer.1",
"target": null
},
{
"id": "Suspicious.Cloud",
"display_name": "Suspicious.Cloud",
"target": null
},
{
"id": "PowerShell.DownLoader",
"display_name": "PowerShell.DownLoader",
"target": null
},
{
"id": "Downldr.gen",
"display_name": "Downldr.gen",
"target": null
},
{
"id": "AGEN.1030939",
"display_name": "AGEN.1030939",
"target": null
},
{
"id": "HackTool.Binder",
"display_name": "HackTool.Binder",
"target": null
},
{
"id": "Trojan.Inject",
"display_name": "Trojan.Inject",
"target": null
},
{
"id": "Dldr.Agent",
"display_name": "Dldr.Agent",
"target": null
},
{
"id": "Dropper.MSIL",
"display_name": "Dropper.MSIL",
"target": null
},
{
"id": "Trojan.VBKryjetor",
"display_name": "Trojan.VBKryjetor",
"target": null
},
{
"id": "PWSX",
"display_name": "PWSX",
"target": null
},
{
"id": "VB:Trojan.VBA.Agent",
"display_name": "VB:Trojan.VBA.Agent",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.Stratos",
"display_name": "HEUR:Trojan.MSOffice.Stratos",
"target": null
}
],
"attack_ids": [
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1071.001",
"name": "Web Protocols",
"display_name": "T1071.001 - Web Protocols"
},
{
"id": "T1071.004",
"name": "DNS",
"display_name": "T1071.004 - DNS"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1059.007",
"name": "JavaScript",
"display_name": "T1059.007 - JavaScript"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "TA0029",
"name": "Privilege Escalation",
"display_name": "TA0029 - Privilege Escalation"
},
{
"id": "T1449",
"name": "Exploit SS7 to Redirect Phone Calls/SMS",
"display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS"
},
{
"id": "T1190",
"name": "Exploit Public-Facing Application",
"display_name": "T1190 - Exploit Public-Facing Application"
},
{
"id": "T1210",
"name": "Exploitation of Remote Services",
"display_name": "T1210 - Exploitation of Remote Services"
},
{
"id": "T1450",
"name": "Exploit SS7 to Track Device Location",
"display_name": "T1450 - Exploit SS7 to Track Device Location"
},
{
"id": "T1211",
"name": "Exploitation for Defense Evasion",
"display_name": "T1211 - Exploitation for Defense Evasion"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "TA0011",
"name": "Command and Control",
"display_name": "TA0011 - Command and Control"
},
{
"id": "T1412",
"name": "Capture SMS Messages",
"display_name": "T1412 - Capture SMS Messages"
},
{
"id": "T1454",
"name": "Malicious SMS Message",
"display_name": "T1454 - Malicious SMS Message"
},
{
"id": "T1001",
"name": "Data Obfuscation",
"display_name": "T1001 - Data Obfuscation"
},
{
"id": "T1114",
"name": "Email Collection",
"display_name": "T1114 - Email Collection"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1498",
"name": "Network Denial of Service",
"display_name": "T1498 - Network Denial of Service"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 339,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 1184,
"FileHash-SHA1": 949,
"FileHash-SHA256": 3712,
"URL": 2925,
"domain": 627,
"hostname": 1319,
"CVE": 26,
"email": 8,
"CIDR": 2
},
"indicator_count": 10752,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 220,
"modified_text": "862 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6558126013aef7ce80968842",
"name": "PuffStealer",
"description": "",
"modified": "2023-12-09T03:01:57.989000",
"created": "2023-11-18T01:24:48.887000",
"tags": [
"ssl certificate",
"historical ssl",
"communicating",
"contacted",
"resolutions",
"whois record",
"whois whois",
"whois parent",
"whois siblings",
"skynet",
"threat report",
"ip summary",
"url summary",
"summary",
"sample",
"samples",
"detection list",
"blacklist",
"cisco umbrella",
"site",
"safe site",
"million",
"team",
"microsoft",
"back",
"download",
"phishing",
"union",
"bank",
"malicious site",
"blacklist http",
"exit",
"traffic",
"node tcp",
"tor known",
"tor relayrouter",
"et tor",
"known tor",
"relayrouter",
"anonymizer",
"spammer",
"malware",
"dropped",
"unlocker",
"http",
"critical risk",
"redline stealer",
"core",
"hacktool",
"execution",
"type win32",
"exe size",
"first seen",
"file name",
"avast win32",
"win32",
"avg win32",
"fortinet",
"vitro",
"mb first",
"rmndrp",
"clean mx",
"undetected dns8",
"undetected vx",
"sophos",
"vault",
"zdb zeus",
"cmc threat",
"snort ip",
"feodo tracker",
"cybereason",
"send bug",
"pe yandex",
"no data",
"tag count",
"count blacklist",
"tag tag",
"algorithm",
"v3 serial",
"number",
"issuer",
"cus cnr3",
"olet",
"subject public",
"key info",
"key algorithm",
"key identifier",
"first",
"seen",
"valid",
"no na",
"no no",
"ip security",
"cndst root",
"ca x3",
"ca id",
"research group",
"cnisrg root",
"no expired",
"mozilla",
"android",
"malicious red team",
"tsara brashears",
"cyber stalking",
"malvertizing",
"invasion of privacy",
"threat",
"adult content",
"apple",
"iphone unlocker",
"android",
"exploited spyware",
"malware host",
"brute force",
"revenge-rat",
"banker",
"evasive",
"domain",
"redline",
"stealer",
"phishing",
"ramnit",
"unreliable subdomains",
"dridex",
"gating",
"msil",
"rat",
"loki",
"network",
"hacking",
"sinkhole",
"azorult",
"c2",
"historicalandnew",
"targeted attack",
"puffstealer",
"rultazo",
"lokibot",
"loki pws",
"burkina",
"banker,dde,dridex,exploit",
"banker,dridex,evasive",
"trickbot",
"ransomware,torrentlocker",
"exploit_source",
"blacknet",
"FileRepMalware",
"linux agent",
"blacknet",
"ios",
"phishing paypal",
"tagging",
"defacement",
"hit",
"bounty",
"phishing site",
"malware site",
"malware download",
"endangerment",
"Malicious domain - SANS Internet Storm Center",
"evasive,msil,rat,revenge-rat",
"prism_setting",
"prism_object",
"static engine",
"social engineering",
"jansky",
"worm",
"network rat",
"networm",
"Loki Password Stealer (PWS)",
"South Carolina Federal Credit Union phishing",
"darkweb",
"yandex",
"redirectors",
"blacknet threats",
"phishing,ransomware,sinkhole",
"wanacrypt0r,wannacry,wcry",
"tor c++",
"tor c++ client",
"python user",
"js user",
"hacker",
"hijacker",
"heur",
"maltiverse",
"alexa top",
"exploit",
"riskware",
"unsafe",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"swrort",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"artemis",
"installcore",
"webshell",
"crack",
"webtoolbar",
"search live",
"api blog",
"docs pricing",
"november",
"de indicators",
"domains",
"hashes",
"__convergedlogin_pcustomizationloader_44b450e8d543eb53930d",
"malicious url",
"financial",
"blacknet rat",
"azorult",
"stealer",
"deep scan",
"blacklist https",
"referrer",
"collections kp",
"incident ip",
"sneaky server",
"replacement",
"unauthorized",
"emotet",
"noname057",
"generic malware",
"engineering",
"cyber threat",
"facebook",
"paypal",
"dropbox",
"united",
"america",
"banking",
"wells fargo",
"steam",
"twitter",
"sliver",
"daum",
"swift",
"runescape",
"betabot",
"district",
"iframe",
"alexa",
"downldr",
"agent",
"presenoker",
"bladabindi",
"live",
"conduit",
"pony",
"covid19",
"malicious",
"cobalt strike",
"suppobox",
"ramnit",
"meterpreter",
"virut",
"njrat",
"pykspa",
"asyncrat",
"downloader",
"fakealert",
"binder",
"virustotal",
"formbook",
"necurs",
"trojan",
"msil",
"hiloti",
"vawtrak",
"simda",
"kraken",
"solimba",
"icedid",
"redirector",
"suspic",
"amadey",
"raccoon",
"nanocore rat",
"revenge rat",
"genkryptik",
"fuery",
"wacatac",
"service",
"cloudeye",
"tinba",
"domaiq",
"ave maria",
"zeus",
"ransomware",
"zbot",
"generic",
"trojanspy",
"states",
"inmortal",
"locky",
"strike",
"china cobalt",
"keybase",
"cutwail",
"citadel",
"radamant",
"kovter",
"bradesco",
"nymaim",
"amonetize",
"bondat",
"ghost rat",
"vjw0rm",
"bandoo",
"matsnu",
"dnspionage",
"darkgate",
"vidar",
"keylogger",
"remcos",
"agenttesla",
"detplock",
"win64",
"smokeloader",
"agent tesla",
"kgs0",
"kls0",
"urls",
"type name",
"dns replication",
"date",
"domain",
"win32 exe",
"files",
"detections type",
"name",
"drpsuinstaller",
"vdfsurfs",
"opera",
"icwrmind",
"notepad",
"installer",
"miner",
"unknown",
"networm",
"houdini",
"quasar rat",
"gamehack",
"dbatloader",
"qakbot",
"ursnif",
"CVE-2005-1790",
"CVE-2009-3672",
"CVE-2010-3962",
"CVE-2012-3993",
"CVE-2014-6332",
"CVE-2017-11882",
"CVE-2020-0601",
"CVE-2020-0674",
"hallrender.com",
"brian sabey",
"insurance",
"botnetwork",
"botmaster",
"command_and_control",
"CVE-2021-27065",
"CVE-2021-40444",
"CVE-2023-4966",
"CVE-2017-0199",
"CVE-2018-4893",
"CVE-2010-3333",
"CVE-2015-1641",
"CVE-2017-0147",
"CVE-2017-8570",
"CVE-2018-0802",
"CVE-2018-8373",
"CVE-2017-8759",
"CVE-2018-8453",
"CVE-2014-3153",
"CVE-2015-1650",
"CVE-2017-0143",
"CVE-2017-8464",
"Icefog",
"Delf.NBX",
"$WebWatson",
"Gen:Heur.Ransom.HiddenTears",
"mobilekey.pw",
"bitbucket.org",
"Anomalous.100%",
"malware distribution site",
"gootkit",
"edsaid",
"rightsaided",
"betabot",
"cobaltstrike4.tk",
"mas.to",
"BehavesLike.YahLover",
"srdvd16010404",
"languageenu",
"buildno",
"channelisales",
"vendorname2581",
"osregion",
"device",
"systemlocale",
"majorver16",
"quasar",
"find",
"lockbit",
"chaos",
"ransomexx",
"grandoreiro",
"evilnum",
"banker"
],
"references": [
"https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7",
"20.99.186.246 exploit source",
"fp2e7a.wpc.2be4.phicdn.net",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)",
"http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)",
"init.ess.apple.com (malicious code script)",
"https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )",
"https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators",
"VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection",
"Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246",
"IPv4 45.12.253.72. command_and_control",
"Hostname: ddos.dnsnb8.net command_and_control",
"IPv4 95.213.186.51 command_and_control",
"Hostname: www.supernetforme.com command_and_control",
"IPv4 103.224.182.246 command_and_control",
"IPv4 72.251.233.245 command_and_control",
"IPv4 63.251.106.25 command_and_control",
"IPv4 45.15.156.208 command_and_control",
"IPv4 104.247.81.51 command_and_control",
"http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)",
"https://downloaddevtools.ir/ (phishing)",
"happylifehappywife.com",
"apples.encryptedwork.com (Interesting in the blacknet)",
"https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)",
"https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)",
"https://www.apple.com/shop/browse/open/country_selector (exploit)",
"www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!",
"http://init-p01st.push.apple.com/bag (malicious web creator)",
"opencve.djgummikuh.de (CVE dispensary)",
"Maltiverse Research Team",
"URLscan.io",
"Deep Research",
"Hybrid Analysis",
"URLhaus Abuse.ch",
"Cyber Threat Coalition",
"ThreatFox Abuse.ch"
],
"public": 1,
"adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed",
"targeted_countries": [
"United States of America",
"France",
"Spain"
],
"malware_families": [
{
"id": "Feodo",
"display_name": "Feodo",
"target": null
},
{
"id": "Dridex",
"display_name": "Dridex",
"target": null
},
{
"id": "Redline Stealer",
"display_name": "Redline Stealer",
"target": null
},
{
"id": "Ramnit.N",
"display_name": "Ramnit.N",
"target": null
},
{
"id": "Loki Bot",
"display_name": "Loki Bot",
"target": null
},
{
"id": "Loki Password Stealer (PWS)",
"display_name": "Loki Password Stealer (PWS)",
"target": null
},
{
"id": "AZORult",
"display_name": "AZORult",
"target": null
},
{
"id": "Zbd Zeus",
"display_name": "Zbd Zeus",
"target": null
},
{
"id": "Trojan:MSIL/Burkina",
"display_name": "Trojan:MSIL/Burkina",
"target": "/malware/Trojan:MSIL/Burkina"
},
{
"id": "Generic.TrickBot.1",
"display_name": "Generic.TrickBot.1",
"target": null
},
{
"id": "Exploit.CVE",
"display_name": "Exploit.CVE",
"target": null
},
{
"id": "Injector.IS.gen",
"display_name": "Injector.IS.gen",
"target": null
},
{
"id": "Gen:Variant.Razy",
"display_name": "Gen:Variant.Razy",
"target": null
},
{
"id": "Trojan.Androm.Gen",
"display_name": "Trojan.Androm.Gen",
"target": null
},
{
"id": "HEUR:Trojan.Linux.Agent",
"display_name": "HEUR:Trojan.Linux.Agent",
"target": null
},
{
"id": "BScope.Trojan",
"display_name": "BScope.Trojan",
"target": null
},
{
"id": "VBA.Downloader",
"display_name": "VBA.Downloader",
"target": null
},
{
"id": "Trojan.Notifier",
"display_name": "Trojan.Notifier",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.Alien",
"display_name": "HEUR:Trojan.MSOffice.Alien",
"target": null
},
{
"id": "Unsafe.AI_Score_100%",
"display_name": "Unsafe.AI_Score_100%",
"target": null
},
{
"id": "Gen:Variant.Johnnie",
"display_name": "Gen:Variant.Johnnie",
"target": null
},
{
"id": "DangerousObject.Multi",
"display_name": "DangerousObject.Multi",
"target": null
},
{
"id": "Trojan:Python/Downldr",
"display_name": "Trojan:Python/Downldr",
"target": "/malware/Trojan:Python/Downldr"
},
{
"id": "Trojan:Linux/Downldr",
"display_name": "Trojan:Linux/Downldr",
"target": "/malware/Trojan:Linux/Downldr"
},
{
"id": "Trojan:VBA/Downldr",
"display_name": "Trojan:VBA/Downldr",
"target": "/malware/Trojan:VBA/Downldr"
},
{
"id": "TrojanDownloader:Linux/Downldr",
"display_name": "TrojanDownloader:Linux/Downldr",
"target": "/malware/TrojanDownloader:Linux/Downldr"
},
{
"id": "Kryptik.FPH.gen",
"display_name": "Kryptik.FPH.gen",
"target": null
},
{
"id": "TROJ_FRS.VSNTFK19",
"display_name": "TROJ_FRS.VSNTFK19",
"target": null
},
{
"id": "Trojan.Ransom.GenericKD",
"display_name": "Trojan.Ransom.GenericKD",
"target": null
},
{
"id": "Phish.JAT",
"display_name": "Phish.JAT",
"target": null
},
{
"id": "Phishing.HTML",
"display_name": "Phishing.HTML",
"target": null
},
{
"id": "Generic.ASMalwS",
"display_name": "Generic.ASMalwS",
"target": null
},
{
"id": "Phish.AB",
"display_name": "Phish.AB",
"target": null
},
{
"id": "Generic.Malware",
"display_name": "Generic.Malware",
"target": null
},
{
"id": "ml.Generic",
"display_name": "ml.Generic",
"target": null
},
{
"id": "Xegumumune.8596c22f",
"display_name": "Xegumumune.8596c22f",
"target": null
},
{
"id": "Generic.Malware.SMYB",
"display_name": "Generic.Malware.SMYB",
"target": null
},
{
"id": "malicious.moderate.ml",
"display_name": "malicious.moderate.ml",
"target": null
},
{
"id": "Agent.NBAE",
"display_name": "Agent.NBAE",
"target": null
},
{
"id": "AGEN.1045227",
"display_name": "AGEN.1045227",
"target": null
},
{
"id": "Riskware.Agent",
"display_name": "Riskware.Agent",
"target": null
},
{
"id": "Gen:Variant.Cerbu",
"display_name": "Gen:Variant.Cerbu",
"target": null
},
{
"id": "IL:Trojan.MSILZilla",
"display_name": "IL:Trojan.MSILZilla",
"target": null
},
{
"id": "Dropped:Generic.Ransom.DMR",
"display_name": "Dropped:Generic.Ransom.DMR",
"target": null
},
{
"id": "Delf.NBX",
"display_name": "Delf.NBX",
"target": null
},
{
"id": "malicious.f01f67",
"display_name": "malicious.f01f67",
"target": null
},
{
"id": "AGEN.1144657",
"display_name": "AGEN.1144657",
"target": null
},
{
"id": "Trojan.Heur",
"display_name": "Trojan.Heur",
"target": null
},
{
"id": "Trojan.Malware.300983",
"display_name": "Trojan.Malware.300983",
"target": null
},
{
"id": "SdBot.CAOC",
"display_name": "SdBot.CAOC",
"target": null
},
{
"id": "Trojan.DelShad",
"display_name": "Trojan.DelShad",
"target": null
},
{
"id": "Exploit CVE-2017-11882",
"display_name": "Exploit CVE-2017-11882",
"target": null
},
{
"id": "GameHack.NL",
"display_name": "GameHack.NL",
"target": null
},
{
"id": "JS:Trojan.HideLink",
"display_name": "JS:Trojan.HideLink",
"target": null
},
{
"id": "Script.Agent",
"display_name": "Script.Agent",
"target": null
},
{
"id": "Macro.Agent",
"display_name": "Macro.Agent",
"target": null
},
{
"id": "Macro.Downloader.AMIP",
"display_name": "Macro.Downloader.AMIP",
"target": null
},
{
"id": "Trojan.VBA",
"display_name": "Trojan.VBA",
"target": null
},
{
"id": "HEUR.VBA.Trojan",
"display_name": "HEUR.VBA.Trojan",
"target": null
},
{
"id": "VB.EmoooDldr.10",
"display_name": "VB.EmoooDldr.10",
"target": null
},
{
"id": "VB:Trojan.Valyria",
"display_name": "VB:Trojan.Valyria",
"target": null
},
{
"id": "OpenSubtitles.A",
"display_name": "OpenSubtitles.A",
"target": null
},
{
"id": "VB.EmoDldr.4",
"display_name": "VB.EmoDldr.4",
"target": null
},
{
"id": "Packed-GV",
"display_name": "Packed-GV",
"target": null
},
{
"id": "Adware.InstallMonetizer",
"display_name": "Adware.InstallMonetizer",
"target": null
},
{
"id": "Skynet",
"display_name": "Skynet",
"target": null
},
{
"id": "HW32.Packed",
"display_name": "HW32.Packed",
"target": null
},
{
"id": "Zpevdo.B",
"display_name": "Zpevdo.B",
"target": null
},
{
"id": "Presenoker",
"display_name": "Presenoker",
"target": null
},
{
"id": "SGeneric",
"display_name": "SGeneric",
"target": null
},
{
"id": "GameHack.DOM",
"display_name": "GameHack.DOM",
"target": null
},
{
"id": "BehavesLike.Ransom",
"display_name": "BehavesLike.Ransom",
"target": null
},
{
"id": "CIL.StupidCryptor",
"display_name": "CIL.StupidCryptor",
"target": null
},
{
"id": "Gen:Heur.Ransom.MSIL",
"display_name": "Gen:Heur.Ransom.MSIL",
"target": null
},
{
"id": "Black.Gen2",
"display_name": "Black.Gen2",
"target": null
},
{
"id": "GameHack.CRS",
"display_name": "GameHack.CRS",
"target": null
},
{
"id": "Trojan.HTML.PHISH",
"display_name": "Trojan.HTML.PHISH",
"target": null
},
{
"id": "Gen:Heur.MSIL.Inject",
"display_name": "Gen:Heur.MSIL.Inject",
"target": null
},
{
"id": "Program.Unwanted",
"display_name": "Program.Unwanted",
"target": null
},
{
"id": "HEUR/QVM42.3.72EB.Malware",
"display_name": "HEUR/QVM42.3.72EB.Malware",
"target": null
},
{
"id": "suspicious.low.ml",
"display_name": "suspicious.low.ml",
"target": null
},
{
"id": "JS:Trojan.Cryxos",
"display_name": "JS:Trojan.Cryxos",
"target": null
},
{
"id": "Suspicious_GEN.F47V0520",
"display_name": "Suspicious_GEN.F47V0520",
"target": null
},
{
"id": "Dropper.Trojan.Generic",
"display_name": "Dropper.Trojan.Generic",
"target": null
},
{
"id": "Trojan.TrickBot",
"display_name": "Trojan.TrickBot",
"target": null
},
{
"id": "Malware.Tk.Generic",
"display_name": "Malware.Tk.Generic",
"target": null
},
{
"id": "TrojanSpy.Java",
"display_name": "TrojanSpy.Java",
"target": null
},
{
"id": "Riskware.NetFilter",
"display_name": "Riskware.NetFilter",
"target": null
},
{
"id": "RiskWare.Crack",
"display_name": "RiskWare.Crack",
"target": null
},
{
"id": "BehavesLike.Exploit",
"display_name": "BehavesLike.Exploit",
"target": null
},
{
"id": "Gen:NN.ZemsilF.34128",
"display_name": "Gen:NN.ZemsilF.34128",
"target": null
},
{
"id": "Wacapew.C",
"display_name": "Wacapew.C",
"target": null
},
{
"id": "Trojan.Malware.121218",
"display_name": "Trojan.Malware.121218",
"target": null
},
{
"id": "RiskWare.HackTool.Agent",
"display_name": "RiskWare.HackTool.Agent",
"target": null
},
{
"id": "Artemis",
"display_name": "Artemis",
"target": null
},
{
"id": "Trojan.Generic",
"display_name": "Trojan.Generic",
"target": null
},
{
"id": "W32.Trojan",
"display_name": "W32.Trojan",
"target": null
},
{
"id": "BScope.Riskware",
"display_name": "BScope.Riskware",
"target": null
},
{
"id": "Gen:Variant.Bulz",
"display_name": "Gen:Variant.Bulz",
"target": null
},
{
"id": "Ransom:Win32/CVE-2017-0147",
"display_name": "Ransom:Win32/CVE-2017-0147",
"target": "/malware/Ransom:Win32/CVE-2017-0147"
},
{
"id": "Virus.Ramnit",
"display_name": "Virus.Ramnit",
"target": null
},
{
"id": "Virus.Virut",
"display_name": "Virus.Virut",
"target": null
},
{
"id": "Adware.KuziTui",
"display_name": "Adware.KuziTui",
"target": null
},
{
"id": "AGEN.1141126",
"display_name": "AGEN.1141126",
"target": null
},
{
"id": "W32.AIDetect",
"display_name": "W32.AIDetect",
"target": null
},
{
"id": "Trojan.Python",
"display_name": "Trojan.Python",
"target": null
},
{
"id": "W32.AIDetectVM",
"display_name": "W32.AIDetectVM",
"target": null
},
{
"id": "Suspicious.Save",
"display_name": "Suspicious.Save",
"target": null
},
{
"id": "Adware.Downware",
"display_name": "Adware.Downware",
"target": null
},
{
"id": "Ransom.Win64.Wacatac.oa",
"display_name": "Ransom.Win64.Wacatac.oa",
"target": null
},
{
"id": "OpenSubtitles.A",
"display_name": "OpenSubtitles.A",
"target": null
},
{
"id": "VB.EmoDldr.4",
"display_name": "VB.EmoDldr.4",
"target": null
},
{
"id": "Gen:Variant.Midie",
"display_name": "Gen:Variant.Midie",
"target": null
},
{
"id": "HEUR/QVM41.2.DA9B.Malware",
"display_name": "HEUR/QVM41.2.DA9B.Malware",
"target": null
},
{
"id": "Gen:Variant.Sirefef",
"display_name": "Gen:Variant.Sirefef",
"target": null
},
{
"id": "Macro.Trojan.Dropperd",
"display_name": "Macro.Trojan.Dropperd",
"target": null
},
{
"id": "BlackNET RAT",
"display_name": "BlackNET RAT",
"target": null
},
{
"id": "Gen:Variant.Ursu",
"display_name": "Gen:Variant.Ursu",
"target": null
},
{
"id": "Redcap.rlhse",
"display_name": "Redcap.rlhse",
"target": null
},
{
"id": "Trojan.Trickster",
"display_name": "Trojan.Trickster",
"target": null
},
{
"id": "HTML_REDIR.SMR",
"display_name": "HTML_REDIR.SMR",
"target": null
},
{
"id": "TROJ_FRS.VSNTFK19",
"display_name": "TROJ_FRS.VSNTFK19",
"target": null
},
{
"id": "Hoax.JS.Phish",
"display_name": "Hoax.JS.Phish",
"target": null
},
{
"id": "JS:Iframe",
"display_name": "JS:Iframe",
"target": null
},
{
"id": "Application.SQLCrack",
"display_name": "Application.SQLCrack",
"target": null
},
{
"id": "susp.lnk",
"display_name": "susp.lnk",
"target": null
},
{
"id": "QVM201.0.B70B.Malware",
"display_name": "QVM201.0.B70B.Malware",
"target": null
},
{
"id": "Immortal Stealer",
"display_name": "Immortal Stealer",
"target": null
},
{
"id": "WebMonitor RAT",
"display_name": "WebMonitor RAT",
"target": null
},
{
"id": "Tor - S0183",
"display_name": "Tor - S0183",
"target": null
},
{
"id": "WannaCry",
"display_name": "WannaCry",
"target": null
},
{
"id": "WannaCryptor",
"display_name": "WannaCryptor",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "BlackNET",
"display_name": "BlackNET",
"target": null
},
{
"id": "DeepScan:Generic.Ransom.GandCrab5",
"display_name": "DeepScan:Generic.Ransom.GandCrab5",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "States",
"display_name": "States",
"target": null
},
{
"id": "Inmortal",
"display_name": "Inmortal",
"target": null
},
{
"id": "Domains",
"display_name": "Domains",
"target": null
},
{
"id": "Locky",
"display_name": "Locky",
"target": null
},
{
"id": "Delf.NBX",
"display_name": "Delf.NBX",
"target": null
},
{
"id": "Gen:NN.ZexaF.32515",
"display_name": "Gen:NN.ZexaF.32515",
"target": null
},
{
"id": "FileRepMalware",
"display_name": "FileRepMalware",
"target": null
},
{
"id": "Gen:Variant.MSILPerseus",
"display_name": "Gen:Variant.MSILPerseus",
"target": null
},
{
"id": "Icefog",
"display_name": "Icefog",
"target": null
},
{
"id": "$WebWatson",
"display_name": "$WebWatson",
"target": null
},
{
"id": "Agent.AIK.gen",
"display_name": "Agent.AIK.gen",
"target": null
},
{
"id": "Agent.AIK.genCIL.StupidCryptor",
"display_name": "Agent.AIK.genCIL.StupidCryptor",
"target": null
},
{
"id": "Agent.YPEZ",
"display_name": "Agent.YPEZ",
"target": null
},
{
"id": "Application.InnovativSol",
"display_name": "Application.InnovativSol",
"target": null
},
{
"id": "Agent.ASO",
"display_name": "Agent.ASO",
"target": null
},
{
"id": "S-b748adc5",
"display_name": "S-b748adc5",
"target": null
},
{
"id": "W32.eHeur",
"display_name": "W32.eHeur",
"target": null
},
{
"id": "Kryptik.GUCB",
"display_name": "Kryptik.GUCB",
"target": null
},
{
"id": "AgentTesla",
"display_name": "AgentTesla",
"target": null
},
{
"id": "Autoit.bimwt",
"display_name": "Autoit.bimwt",
"target": null
},
{
"id": "HEUR:Trojan.OLE2.Alien",
"display_name": "HEUR:Trojan.OLE2.Alien",
"target": null
},
{
"id": "AGEN.1038489",
"display_name": "AGEN.1038489",
"target": null
},
{
"id": "Gen:Variant.Ser.Strictor",
"display_name": "Gen:Variant.Ser.Strictor",
"target": null
},
{
"id": "Packed.Themida.Gen",
"display_name": "Packed.Themida.Gen",
"target": null
},
{
"id": "AGEN.1043164",
"display_name": "AGEN.1043164",
"target": null
},
{
"id": "TrickBot - S0266",
"display_name": "TrickBot - S0266",
"target": null
},
{
"id": "Emotet",
"display_name": "Emotet",
"target": null
},
{
"id": "Trojan.PornoAsset",
"display_name": "Trojan.PornoAsset",
"target": null
},
{
"id": "Ransom.Win64.PORNOASSET.SM1",
"display_name": "Ransom.Win64.PORNOASSET.SM1",
"target": null
},
{
"id": "Gen:Variant.Ulise",
"display_name": "Gen:Variant.Ulise",
"target": null
},
{
"id": "Trojan.Win64",
"display_name": "Trojan.Win64",
"target": null
},
{
"id": "Dropper.Trojan.Agent",
"display_name": "Dropper.Trojan.Agent",
"target": null
},
{
"id": "Heur.BZC.YAX.Pantera.10",
"display_name": "Heur.BZC.YAX.Pantera.10",
"target": null
},
{
"id": "malicious.high.ml",
"display_name": "malicious.high.ml",
"target": null
},
{
"id": "CVE-2015-1650",
"display_name": "CVE-2015-1650",
"target": null
},
{
"id": "Worm.Win64.AutoRun",
"display_name": "Worm.Win64.AutoRun",
"target": null
},
{
"id": "AIT.Heur.Cottonmouth.8.78F19BD7",
"display_name": "AIT.Heur.Cottonmouth.8.78F19BD7",
"target": null
},
{
"id": "Gen:Variant.Mikey",
"display_name": "Gen:Variant.Mikey",
"target": null
},
{
"id": "Trojan.Agent",
"display_name": "Trojan.Agent",
"target": null
},
{
"id": "Pua.Gen",
"display_name": "Pua.Gen",
"target": null
},
{
"id": "Trojan.Downloader.Generic",
"display_name": "Trojan.Downloader.Generic",
"target": null
},
{
"id": "Suspected of Trojan.Downloader.gen",
"display_name": "Suspected of Trojan.Downloader.gen",
"target": null
},
{
"id": "HEUR:RemoteAdmin.Generic",
"display_name": "HEUR:RemoteAdmin.Generic",
"target": null
},
{
"id": "Gen:Heur.Ransom.HiddenTears",
"display_name": "Gen:Heur.Ransom.HiddenTears",
"target": null
},
{
"id": "Nemucod.A",
"display_name": "Nemucod.A",
"target": null
},
{
"id": "Backdoor.Hupigon",
"display_name": "Backdoor.Hupigon",
"target": null
},
{
"id": "Trojan.Starter JS.Iframe",
"display_name": "Trojan.Starter JS.Iframe",
"target": null
},
{
"id": "fake ,promethiumm ,strongpity",
"display_name": "fake ,promethiumm ,strongpity",
"target": null
},
{
"id": "PUA.Reg1staid",
"display_name": "PUA.Reg1staid",
"target": null
},
{
"id": "Malware.Heur_Generic.A",
"display_name": "Malware.Heur_Generic.A",
"target": null
},
{
"id": "Bladabindi.Q",
"display_name": "Bladabindi.Q",
"target": null
},
{
"id": "W32.eHeur",
"display_name": "W32.eHeur",
"target": null
},
{
"id": "malicious.6e0700",
"display_name": "malicious.6e0700",
"target": null
},
{
"id": "Trojan.Inject",
"display_name": "Trojan.Inject",
"target": null
},
{
"id": "TSGeneric",
"display_name": "TSGeneric",
"target": null
},
{
"id": "RedCap.vneda",
"display_name": "RedCap.vneda",
"target": null
},
{
"id": "Trojan.Indiloadz",
"display_name": "Trojan.Indiloadz",
"target": null
},
{
"id": "Trojan.Ekstak",
"display_name": "Trojan.Ekstak",
"target": null
},
{
"id": "staticrr.paleokits.net",
"display_name": "staticrr.paleokits.net",
"target": null
},
{
"id": "MSIL.Downloader",
"display_name": "MSIL.Downloader",
"target": null
},
{
"id": "Trojan.Autoruns.GenericKDS",
"display_name": "Trojan.Autoruns.GenericKDS",
"target": null
},
{
"id": "MSIL.Trojan.BSE",
"display_name": "MSIL.Trojan.BSE",
"target": null
},
{
"id": "Adload.AD81",
"display_name": "Adload.AD81",
"target": null
},
{
"id": "Packed.Asprotect",
"display_name": "Packed.Asprotect",
"target": null
},
{
"id": "Gen:NN.ZemsilF.34062",
"display_name": "Gen:NN.ZemsilF.34062",
"target": null
},
{
"id": "Evo",
"display_name": "Evo",
"target": null
},
{
"id": "Agent.pwc",
"display_name": "Agent.pwc",
"target": null
},
{
"id": "RiskTool.Phpw",
"display_name": "RiskTool.Phpw",
"target": null
},
{
"id": "Gen:Variant.Symmi",
"display_name": "Gen:Variant.Symmi",
"target": null
},
{
"id": "Trojan.PWS",
"display_name": "Trojan.PWS",
"target": null
},
{
"id": "Generic.BitCoinMiner.3",
"display_name": "Generic.BitCoinMiner.3",
"target": null
},
{
"id": "Trojan.Tasker",
"display_name": "Trojan.Tasker",
"target": null
},
{
"id": "Gen:NN",
"display_name": "Gen:NN",
"target": null
},
{
"id": "Downloader.CertutilURLCache",
"display_name": "Downloader.CertutilURLCache",
"target": null
},
{
"id": "Elf",
"display_name": "Elf",
"target": null
},
{
"id": "Gen:Heur.MSIL.Androm",
"display_name": "Gen:Heur.MSIL.Androm",
"target": null
},
{
"id": "Kryptik.NRD",
"display_name": "Kryptik.NRD",
"target": null
},
{
"id": "Riskware",
"display_name": "Riskware",
"target": null
},
{
"id": "Kuluoz.B.gen",
"display_name": "Kuluoz.B.gen",
"target": null
},
{
"id": "Gen:Variant.RevengeRat",
"display_name": "Gen:Variant.RevengeRat",
"target": null
},
{
"id": "Gen:Variant.Mikey",
"display_name": "Gen:Variant.Mikey",
"target": null
},
{
"id": "VB.Chronos.7",
"display_name": "VB.Chronos.7",
"target": null
},
{
"id": "Kryptik.NOE",
"display_name": "Kryptik.NOE",
"target": null
},
{
"id": "HEUR:WebToolbar.Generic",
"display_name": "HEUR:WebToolbar.Generic",
"target": null
},
{
"id": "Gen:Variant.Barys",
"display_name": "Gen:Variant.Barys",
"target": null
},
{
"id": "Backdoor.Xtreme",
"display_name": "Backdoor.Xtreme",
"target": null
},
{
"id": "Trojan.MSIL",
"display_name": "Trojan.MSIL",
"target": null
},
{
"id": "Gen:Variant.Graftor",
"display_name": "Gen:Variant.Graftor",
"target": null
},
{
"id": "Backdoor.Agent",
"display_name": "Backdoor.Agent",
"target": null
},
{
"id": "Unsafe",
"display_name": "Unsafe",
"target": null
},
{
"id": "Trojan.PHP.Agent",
"display_name": "Trojan.PHP.Agent",
"target": null
},
{
"id": "Trojan.Agent",
"display_name": "Trojan.Agent",
"target": null
},
{
"id": "HEUR:Exploit.Generic",
"display_name": "HEUR:Exploit.Generic",
"target": null
},
{
"id": "Ransom_WCRY.SMALYM",
"display_name": "Ransom_WCRY.SMALYM",
"target": null
},
{
"id": "Ransom_WCRY.SMJ",
"display_name": "Ransom_WCRY.SMJ",
"target": null
},
{
"id": "Auslogics",
"display_name": "Auslogics",
"target": null
},
{
"id": "Gen:Variant.Jaiko",
"display_name": "Gen:Variant.Jaiko",
"target": null
},
{
"id": "Exploit.W32.Agent",
"display_name": "Exploit.W32.Agent",
"target": null
},
{
"id": "Trojan.Cud.Gen",
"display_name": "Trojan.Cud.Gen",
"target": null
},
{
"id": "Trojan.DOC.Downloader",
"display_name": "Trojan.DOC.Downloader",
"target": null
},
{
"id": "Backdoor.MSIL.Agent",
"display_name": "Backdoor.MSIL.Agent",
"target": null
},
{
"id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB",
"display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB",
"target": null
},
{
"id": "Gen:Variant.Kazy",
"display_name": "Gen:Variant.Kazy",
"target": null
},
{
"id": "Gen:Variant.Zusy",
"display_name": "Gen:Variant.Zusy",
"target": null
},
{
"id": "Ransom.WannaCrypt",
"display_name": "Ransom.WannaCrypt",
"target": null
},
{
"id": "Generic.ServStart.A",
"display_name": "Generic.ServStart.A",
"target": null
},
{
"id": "Trojan.Wanna",
"display_name": "Trojan.Wanna",
"target": null
},
{
"id": "Generic.MSIL.Bladabindi",
"display_name": "Generic.MSIL.Bladabindi",
"target": null
},
{
"id": "TROJ_GEN.R002C0OG518",
"display_name": "TROJ_GEN.R002C0OG518",
"target": null
},
{
"id": "Trojan.Chapak",
"display_name": "Trojan.Chapak",
"target": null
},
{
"id": "Indiloadz.BB",
"display_name": "Indiloadz.BB",
"target": null
},
{
"id": "BehavBehavesLike.PUPXBI",
"display_name": "BehavBehavesLike.PUPXBI",
"target": null
},
{
"id": "DeepScan:Generic.SpyAgent.6",
"display_name": "DeepScan:Generic.SpyAgent.6",
"target": null
},
{
"id": "Python.KeyLogger",
"display_name": "Python.KeyLogger",
"target": null
},
{
"id": "GameHack.CRS",
"display_name": "GameHack.CRS",
"target": null
},
{
"id": "Generic.MSIL.PasswordStealer",
"display_name": "Generic.MSIL.PasswordStealer",
"target": null
},
{
"id": "PSW.Agent",
"display_name": "PSW.Agent",
"target": null
},
{
"id": "malicious.8c45ba",
"display_name": "malicious.8c45ba",
"target": null
},
{
"id": "Dropper.Binder",
"display_name": "Dropper.Binder",
"target": null
},
{
"id": "Constructor.MSIL",
"display_name": "Constructor.MSIL",
"target": null
},
{
"id": "Linux.Agent",
"display_name": "Linux.Agent",
"target": null
},
{
"id": "Virus.3DMax.Script",
"display_name": "Virus.3DMax.Script",
"target": null
},
{
"id": "ScrInject.B",
"display_name": "ScrInject.B",
"target": null
},
{
"id": "Trojan.WisdomEyes.16070401.9500",
"display_name": "Trojan.WisdomEyes.16070401.9500",
"target": null
},
{
"id": "Application.SearchProtect",
"display_name": "Application.SearchProtect",
"target": null
},
{
"id": "JS:Trojan.Clicker",
"display_name": "JS:Trojan.Clicker",
"target": null
},
{
"id": "Faceliker.A",
"display_name": "Faceliker.A",
"target": null
},
{
"id": "JS:Trojan.JS.Faceliker",
"display_name": "JS:Trojan.JS.Faceliker",
"target": null
},
{
"id": "Constructor.MSIL Linux.Agent",
"display_name": "Constructor.MSIL Linux.Agent",
"target": null
},
{
"id": "PowerShell.Trojan",
"display_name": "PowerShell.Trojan",
"target": null
},
{
"id": "HTML:Script",
"display_name": "HTML:Script",
"target": null
},
{
"id": "ScrInject.B",
"display_name": "ScrInject.B",
"target": null
},
{
"id": "W32.AIDetectVM",
"display_name": "W32.AIDetectVM",
"target": null
},
{
"id": "HackTool.CheatEngine",
"display_name": "HackTool.CheatEngine",
"target": null
},
{
"id": "Injector.CLDS",
"display_name": "Injector.CLDS",
"target": null
},
{
"id": "VB.Downloader.2",
"display_name": "VB.Downloader.2",
"target": null
},
{
"id": "malicious.3e78cc",
"display_name": "malicious.3e78cc",
"target": null
},
{
"id": "malicious.d800d6",
"display_name": "malicious.d800d6",
"target": null
},
{
"id": "VB.PwShell.2",
"display_name": "VB.PwShell.2",
"target": null
},
{
"id": "Backdoor.RBot",
"display_name": "Backdoor.RBot",
"target": null
},
{
"id": "malicious.71b1a8",
"display_name": "malicious.71b1a8",
"target": null
},
{
"id": "TrojanSpy.KeyLogger",
"display_name": "TrojanSpy.KeyLogger",
"target": null
},
{
"id": "Injector.JDO",
"display_name": "Injector.JDO",
"target": null
},
{
"id": "Heur.Msword.Gen",
"display_name": "Heur.Msword.Gen",
"target": null
},
{
"id": "PSW.Discord",
"display_name": "PSW.Discord",
"target": null
},
{
"id": "Packed.VMProtect",
"display_name": "Packed.VMProtect",
"target": null
},
{
"id": "HEUR:AdWare.StartSurf",
"display_name": "HEUR:AdWare.StartSurf",
"target": null
},
{
"id": "Gen:Heur.NoobyProtect",
"display_name": "Gen:Heur.NoobyProtect",
"target": null
},
{
"id": "CIL.HeapOverride",
"display_name": "CIL.HeapOverride",
"target": null
},
{
"id": "HEUR:Trojan.Tasker",
"display_name": "HEUR:Trojan.Tasker",
"target": null
},
{
"id": "XLM.Trojan.Abracadabra.27",
"display_name": "XLM.Trojan.Abracadabra.27",
"target": null
},
{
"id": "HEUR:Backdoor.MSIL.NanoBot",
"display_name": "HEUR:Backdoor.MSIL.NanoBot",
"target": null
},
{
"id": "Trojan.PSW.Mimikatz",
"display_name": "Trojan.PSW.Mimikatz",
"target": null
},
{
"id": "TrojanSpy.Python",
"display_name": "TrojanSpy.Python",
"target": null
},
{
"id": "Trojan.Ole2.Vbs",
"display_name": "Trojan.Ole2.Vbs",
"target": null
},
{
"id": "Exploit.MSOffice",
"display_name": "Exploit.MSOffice",
"target": null
},
{
"id": "DeepScan:Generic.Ransom.AmnesiaE",
"display_name": "DeepScan:Generic.Ransom.AmnesiaE",
"target": null
},
{
"id": "Wacatac.D6",
"display_name": "Wacatac.D6",
"target": null
},
{
"id": "Backdoor.Androm",
"display_name": "Backdoor.Androm",
"target": null
},
{
"id": "Packed.NetSeal",
"display_name": "Packed.NetSeal",
"target": null
},
{
"id": "Trojan.MSIL.Injector",
"display_name": "Trojan.MSIL.Injector",
"target": null
},
{
"id": "Trojan.PWS.Agent",
"display_name": "Trojan.PWS.Agent",
"target": null
},
{
"id": "TScope.Trojan",
"display_name": "TScope.Trojan",
"target": null
},
{
"id": "PSW.Stealer",
"display_name": "PSW.Stealer",
"target": null
},
{
"id": "Trojan.PackedNET",
"display_name": "Trojan.PackedNET",
"target": null
},
{
"id": "Trojan.Java",
"display_name": "Trojan.Java",
"target": null
},
{
"id": "MalwareX",
"display_name": "MalwareX",
"target": null
},
{
"id": "Trojan.PSW.Python",
"display_name": "Trojan.PSW.Python",
"target": null
},
{
"id": "malicious.11abfc",
"display_name": "malicious.11abfc",
"target": null
},
{
"id": "Generic.ASMalwS",
"display_name": "Generic.ASMalwS",
"target": null
},
{
"id": "HEUR:Trojan.MSIL.Tasker",
"display_name": "HEUR:Trojan.MSIL.Tasker",
"target": null
},
{
"id": "PossibleThreat.PALLAS",
"display_name": "PossibleThreat.PALLAS",
"target": null
},
{
"id": "Backdoor.Poison",
"display_name": "Backdoor.Poison",
"target": null
},
{
"id": "Generic.MSIL.LimeRAT",
"display_name": "Generic.MSIL.LimeRAT",
"target": null
},
{
"id": "PWS-FCZZ",
"display_name": "PWS-FCZZ",
"target": null
},
{
"id": "Trojan.Script",
"display_name": "Trojan.Script",
"target": null
},
{
"id": "Gen:Heur.MSIL.Inject",
"display_name": "Gen:Heur.MSIL.Inject",
"target": null
},
{
"id": "Trojan.PWS.Growtopia",
"display_name": "Trojan.PWS.Growtopia",
"target": null
},
{
"id": "Spyware.Bobik",
"display_name": "Spyware.Bobik",
"target": null
},
{
"id": "HackTool.BruteForce",
"display_name": "HackTool.BruteForce",
"target": null
},
{
"id": "Hack.Patcher",
"display_name": "Hack.Patcher",
"target": null
},
{
"id": "PWS.p",
"display_name": "PWS.p",
"target": null
},
{
"id": "Suppobox",
"display_name": "Suppobox",
"target": null
},
{
"id": "index.php",
"display_name": "index.php",
"target": null
},
{
"id": "Packed.VMProtect",
"display_name": "Packed.VMProtect",
"target": null
},
{
"id": "SmokeLoader",
"display_name": "SmokeLoader",
"target": null
},
{
"id": "Generic.Malware",
"display_name": "Generic.Malware",
"target": null
},
{
"id": "SNH:Script [Dropper]",
"display_name": "SNH:Script [Dropper]",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.SAgent",
"display_name": "HEUR:Trojan.MSOffice.SAgent",
"target": null
},
{
"id": "Script.INF",
"display_name": "Script.INF",
"target": null
},
{
"id": "JS:Trojan.JS.Likejack",
"display_name": "JS:Trojan.JS.Likejack",
"target": null
},
{
"id": "SNH:Script [Dropper]",
"display_name": "SNH:Script [Dropper]",
"target": null
},
{
"id": "Trojan.JS.Agent",
"display_name": "Trojan.JS.Agent",
"target": null
},
{
"id": "APT Notes",
"display_name": "APT Notes",
"target": null
},
{
"id": "susp.rtf.objupdate",
"display_name": "susp.rtf.objupdate",
"target": null
},
{
"id": "RedCap.zoohz",
"display_name": "RedCap.zoohz",
"target": null
},
{
"id": "Trojan.Tasker",
"display_name": "Trojan.Tasker",
"target": null
},
{
"id": "virus.office.qexvmc",
"display_name": "virus.office.qexvmc",
"target": null
},
{
"id": "Trojan.KillProc",
"display_name": "Trojan.KillProc",
"target": null
},
{
"id": "Generic.MSIL.GrwtpStealer.1",
"display_name": "Generic.MSIL.GrwtpStealer.1",
"target": null
},
{
"id": "Suspicious.Cloud",
"display_name": "Suspicious.Cloud",
"target": null
},
{
"id": "PowerShell.DownLoader",
"display_name": "PowerShell.DownLoader",
"target": null
},
{
"id": "Downldr.gen",
"display_name": "Downldr.gen",
"target": null
},
{
"id": "AGEN.1030939",
"display_name": "AGEN.1030939",
"target": null
},
{
"id": "HackTool.Binder",
"display_name": "HackTool.Binder",
"target": null
},
{
"id": "Trojan.Inject",
"display_name": "Trojan.Inject",
"target": null
},
{
"id": "Dldr.Agent",
"display_name": "Dldr.Agent",
"target": null
},
{
"id": "Dropper.MSIL",
"display_name": "Dropper.MSIL",
"target": null
},
{
"id": "Trojan.VBKryjetor",
"display_name": "Trojan.VBKryjetor",
"target": null
},
{
"id": "PWSX",
"display_name": "PWSX",
"target": null
},
{
"id": "VB:Trojan.VBA.Agent",
"display_name": "VB:Trojan.VBA.Agent",
"target": null
},
{
"id": "HEUR:Trojan.MSOffice.Stratos",
"display_name": "HEUR:Trojan.MSOffice.Stratos",
"target": null
}
],
"attack_ids": [
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1071.001",
"name": "Web Protocols",
"display_name": "T1071.001 - Web Protocols"
},
{
"id": "T1071.004",
"name": "DNS",
"display_name": "T1071.004 - DNS"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1059.007",
"name": "JavaScript",
"display_name": "T1059.007 - JavaScript"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "TA0029",
"name": "Privilege Escalation",
"display_name": "TA0029 - Privilege Escalation"
},
{
"id": "T1449",
"name": "Exploit SS7 to Redirect Phone Calls/SMS",
"display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS"
},
{
"id": "T1190",
"name": "Exploit Public-Facing Application",
"display_name": "T1190 - Exploit Public-Facing Application"
},
{
"id": "T1210",
"name": "Exploitation of Remote Services",
"display_name": "T1210 - Exploitation of Remote Services"
},
{
"id": "T1450",
"name": "Exploit SS7 to Track Device Location",
"display_name": "T1450 - Exploit SS7 to Track Device Location"
},
{
"id": "T1211",
"name": "Exploitation for Defense Evasion",
"display_name": "T1211 - Exploitation for Defense Evasion"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "TA0011",
"name": "Command and Control",
"display_name": "TA0011 - Command and Control"
},
{
"id": "T1412",
"name": "Capture SMS Messages",
"display_name": "T1412 - Capture SMS Messages"
},
{
"id": "T1454",
"name": "Malicious SMS Message",
"display_name": "T1454 - Malicious SMS Message"
},
{
"id": "T1001",
"name": "Data Obfuscation",
"display_name": "T1001 - Data Obfuscation"
},
{
"id": "T1114",
"name": "Email Collection",
"display_name": "T1114 - Email Collection"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1498",
"name": "Network Denial of Service",
"display_name": "T1498 - Network Denial of Service"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "654c5970817e6bf8b0e5b5ff",
"export_count": 334,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 1184,
"FileHash-SHA1": 949,
"FileHash-SHA256": 3712,
"URL": 2925,
"domain": 627,
"hostname": 1319,
"CVE": 26,
"email": 8,
"CIDR": 2
},
"indicator_count": 10752,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 225,
"modified_text": "862 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6570a989843b7acf6d0a79ac",
"name": "Qakbot. Again. Today. Pulled from own device. Quasar RAT, Malvertizing",
"description": "",
"modified": "2023-12-06T17:04:09.133000",
"created": "2023-12-06T17:04:09.133000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 15,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 290,
"FileHash-SHA256": 1478,
"hostname": 1047,
"URL": 4055,
"FileHash-MD5": 89,
"FileHash-SHA1": 85,
"email": 1,
"FilePath": 2,
"Mutex": 1,
"CIDR": 1
},
"indicator_count": 7051,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401dbe47ce126e7468a2dc",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I'm actually uncomfortable finding this.",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:18:54.411000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 85,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4603,
"hostname": 4187,
"CIDR": 2,
"CVE": 23
},
"indicator_count": 25940,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401d5ee5a7359a5e815a6a",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I don't want to be dramatic but...Main source of cyber attacks. Includes - governmentattic.org, tulach.cc, malvertizing, monitoring. remote attacks, endangered Tsara Brashears attack, BotNet, CNC, telephone service, Apple hacking. https://bgp.tools/prefix/167.203.96.0, adult content, moo.com, afraid.org. I'm assuming accessed by attorneys and insurance companies to silence people forever. Death references. I can't verify if government complicity is accurate or spoofed. Stranger was owned by American International Group, found in an STSH domain (AIG.com). Last night Ben Cartwright became the sole owner of domain after being a verified AIG domain. Terrifying. Looks like the main target is the same. Tsara Brashears. \nFound in an attack against a device 'malicious sorry index' that caused research effort. \n[auto populated: BGP.TOOLS - bgp.tools - has published its full list of historical records for BGP, which are based on its current IP address address and routing system (PGP).]",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:17:18.712000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 82,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401d73e96dd70037ed22a7",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I don't want to be dramatic but...Main source of cyber attacks. Includes - governmentattic.org, tulach.cc, malvertizing, monitoring. remote attacks, endangered Tsara Brashears attack, BotNet, CNC, telephone service, Apple hacking. https://bgp.tools/prefix/167.203.96.0, adult content, moo.com, afraid.org. I'm assuming accessed by attorneys and insurance companies to silence people forever. Death references. I can't verify if government complicity is accurate or spoofed. Stranger was owned by American International Group, found in an STSH domain (AIG.com). Last night Ben Cartwright became the sole owner of domain after being a verified AIG domain. Terrifying. Looks like the main target is the same. Tsara Brashears. \nFound in an attack against a device 'malicious sorry index' that caused research effort. \n[auto populated: BGP.TOOLS - bgp.tools - has published its full list of historical records for BGP, which are based on its current IP address address and routing system (PGP).]",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:17:39.802000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 82,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401d76b057b79aaf7ba4a7",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I don't want to be dramatic but...Main source of cyber attacks. Includes - governmentattic.org, tulach.cc, malvertizing, monitoring. remote attacks, endangered Tsara Brashears attack, BotNet, CNC, telephone service, Apple hacking. https://bgp.tools/prefix/167.203.96.0, adult content, moo.com, afraid.org. I'm assuming accessed by attorneys and insurance companies to silence people forever. Death references. I can't verify if government complicity is accurate or spoofed. Stranger was owned by American International Group, found in an STSH domain (AIG.com). Last night Ben Cartwright became the sole owner of domain after being a verified AIG domain. Terrifying. Looks like the main target is the same. Tsara Brashears. \nFound in an attack against a device 'malicious sorry index' that caused research effort. \n[auto populated: BGP.TOOLS - bgp.tools - has published its full list of historical records for BGP, which are based on its current IP address address and routing system (PGP).]",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:17:40.239000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 84,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401d8480e4a9ed725f6458",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I don't want to be dramatic but...Main source of cyber attacks. Includes - governmentattic.org, tulach.cc, malvertizing, monitoring. remote attacks, endangered Tsara Brashears attack, BotNet, CNC, telephone service, Apple hacking. https://bgp.tools/prefix/167.203.96.0, adult content, moo.com, afraid.org. I'm assuming accessed by attorneys and insurance companies to silence people forever. Death references. I can't verify if government complicity is accurate or spoofed. Stranger was owned by American International Group, found in an STSH domain (AIG.com). Last night Ben Cartwright became the sole owner of domain after being a verified AIG domain. Terrifying. Looks like the main target is the same. Tsara Brashears. \nFound in an attack against a device 'malicious sorry index' that caused research effort. \n[auto populated: BGP.TOOLS - bgp.tools - has published its full list of historical records for BGP, which are based on its current IP address address and routing system (PGP).]",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:17:56.820000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 83,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 220,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401da888067e7f6379d23e",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I'm actually uncomfortable finding this.",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:18:32.141000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 84,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4603,
"hostname": 4187,
"CIDR": 2,
"CVE": 23
},
"indicator_count": 25940,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401fddb74fe1ea8506132d",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "Law Enforcement? DOJ? ACLU? Help? This is CRAZY.\nSilencing.\nI like her song clicked on link but it was malicious. I was redirected to an Indian link that looked like YouTube.\nI am a professional, awarded researcher in many areas, parent, security researcher, graphic designer, supplier, music lover , disabled. overly curious and hacked. HELP. SCARED",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:27:57.026000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 92,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4603,
"hostname": 4187,
"CIDR": 2,
"CVE": 23
},
"indicator_count": 25940,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65402a8dec948bec8b0a0372",
"name": "24 CVE's | Health Liability bDarkside 2020 Ecosystem .BEware",
"description": "Matrix of cyber crime attacks appears to involved legal entities and a division of Workers Compensation Colorado, possibly used nationally. Targeting, monitoring, tracking, malvertizing, cyber attacks, CNC. Critical.\nCould probably be disputed $$$$ though undisputable. \nEd Said. \nhttp://1.116.132.182/weblogic_CVE_2020_2551.jar\t\t\t\nCVE-2020-0601\t\t\t\t\t\nCVE-2018-8174\t\t\t\nCVE-2018-4893\t\t\t\nCVE-2018-0802\t\t\t\nCVE-2017-8759\t\t\t\t\t\t\nCVE-2017-8464\t\t\t\nCVE-2017-1188\t\t\t\t\nCVE-2017-0143\t\t\t\nCVE-2016-7262\t\t\t\nCVE-2014-6352\t\t\t\nCVE-2013-2465\t\t\t\nCVE-2011-2110\t\t\t\nCVE-2011-0609\t\t\t\nCVE-2010-2568\t\t\t\nCVE-2018-8453\t\t\t\nCVE-2013-1331\nCVE-2012-1856\t\t\t\t\nCVE-2012-0158\t\t\t\t\t\t\nCVE-2017-8570\t\t\t\nCVE-2017-11882\t\t\t\nCVE-2017-0199\t\t\t\t\t\t\nCVE-2017-0147\t\t\t\t\t\t\nCVE-2014-3153",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T22:13:33.427000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 92,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4603,
"hostname": 4187,
"CIDR": 2,
"CVE": 23
},
"indicator_count": 25940,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65403022038832e42175601f",
"name": "CRITICAL!!! | Health Insurance Cyber threat Matrix - Darkside 2020 Ecosystem .BEware ",
"description": "",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T22:37:22.425000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": "65402a8dec948bec8b0a0372",
"export_count": 95,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4604,
"hostname": 4187,
"CIDR": 2,
"CVE": 23,
"URI": 1
},
"indicator_count": 25942,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 227,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "654140bae73f795aa914e8de",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-31T18:00:26.439000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": "65401d73e96dd70037ed22a7",
"export_count": 98,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 223,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6544cbbca7610e92e4262c47",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Targeting",
"description": "",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-11-03T10:30:20.965000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": "654140bae73f795aa914e8de",
"export_count": 108,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401fcb063a0a34fa323603",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "Law Enforcement? DOJ? ACLU? Help? This is CRAZY.\nSilencing.\nI like her song clicked on link but it was malicious. I was redirected to an Indian link that looked like YouTube.\nI am a professional, awarded researcher in many areas, parent, security researcher, graphic designer, supplier, music lover , disabled. overly curious and hacked. HELP. SCARED",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:27:39.980000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 87,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4603,
"hostname": 4187,
"CIDR": 2,
"CVE": 23
},
"indicator_count": 25940,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "653fd47a852cc130c72de9e5",
"name": "BGP.Tools",
"description": "",
"modified": "2023-11-29T05:05:42.592000",
"created": "2023-10-30T16:06:18.567000",
"tags": [
"ssl certificate",
"whois record",
"referrer",
"whois whois",
"communicating",
"relacionada",
"resolutions",
"historical ssl",
"collections new",
"family",
"lolkek",
"dark power",
"ransomware",
"play ransomware",
"makop",
"core",
"redline stealer",
"hacktool",
"emotet",
"quasar rat",
"wiper",
"ursnif",
"malware",
"http response",
"final url",
"ip address",
"status code",
"body length",
"kb body",
"sha256",
"self",
"server",
"date wed",
"html info",
"meta tags",
"name verdict",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"ascii text",
"et tor",
"known tor",
"meta",
"monitoring",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"date",
"unknown",
"hybrid",
"general",
"local",
"click",
"strings",
"class",
"generator",
"critical",
"error",
"njrat",
"cobalt strike"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "653f4d0c4cca0c5f58530600",
"export_count": 39,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 3631,
"FileHash-MD5": 45,
"FileHash-SHA1": 44,
"FileHash-SHA256": 1788,
"CVE": 5,
"domain": 543,
"hostname": 1328,
"CIDR": 2,
"email": 1
},
"indicator_count": 7387,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 225,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
}
],
"references": [
"Tracking: mailtrack.io \u2022 nr-data.net \u2022 tracking.bullseyeedu.com \u2022 https://smtp.mail.pentrack.com \u2022 tracking.vetsindexes.com",
"https://plussizedesi.com/wp-content/uploads/2022/07/SniperGhostWarrior2BlackBox_Version_Download_INSTALL.pdf",
"opencve.djgummikuh.de (CVE dispensary)",
"Dear US Government, the man who assaulted targets name is Jeffrey Scott Reimer of Chester Springs, PA",
"IPv4 45.15.156.208 command_and_control",
"https://bi.phncdn.com/www-static/js/lib/generated-lib.js?cache=2017051919",
"xred.mooo.com",
"Honestly, you\u2019ve never seen or met her no many how many people you\u2019ve sent out. That\u2019s why you quiz.",
"IPv4 72.251.233.245 command_and_control",
"brazzers.com",
"https://www.facebooksunglassshop.com/",
"nsscacheserver2.corp.google.com",
"URLscan.io",
"https://static.pornhat.com/contents/videos_screenshots/642000/642793/640x360/1.jpg",
"https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635 [apple media compromise. Pega behavior?]",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)",
"Target left unattended by anyone in a hospital except a security guard. Hospital refused care. Ignored rare brain incident from high cervical & brain assault injuries aggravated by car accident.",
"https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators",
"Hostname: ddos.dnsnb8.net command_and_control",
"all-live.secure2storeapple.xxianzi.com \u2022 https://www.symbios.pk/apple-ipod-5-32gb",
"dataconnector.corp.google.com",
"http://911porn.org/home.php?mod=space&uid=47570&do=profile&from=space",
"Is the family allowed to have a funeral for Tsara or print an obituary",
"Remote threats: http://watchhers.net/index.php \u2022 http://eye.infunvip.com/appinterface/other/login.remote",
"Link found in https://house.mo.com",
"CVE-2023-22518",
"1.2016 M.Brian Sabey filed a complaint about? Jeffrey Reimer refused Lie detector test and False memory exam",
"Remarks online \u2018 T\u2019*#^^ is not a runner\u2019 a size 00 broke two track records at a major universities.",
"Cyber Threat Coalition",
"3-4 Police presence. 25 + hospital employees prepped radiology room. No one left room so was it for her?",
"zeroeyes.host \u2022 media.defense.gov \u2022 defense.gov \u2022 23.222.155.67",
"gimmebar.com",
"wallpapers-nature.com",
"CVE-2017-0147 \u2022 CVE-2023-4966 \u2022 CVE-2023-22518",
"fp2e7a.wpc.2be4.phicdn.net",
"https://media.defense.gov/2024/sep/18/2003547016/-1/-1/0/csa-prc-linked-actors-botnet.pdf",
"If someone is believed to be a threat they have right to due process.",
"ThreatFox Abuse.ch",
"http://init-p01st.push.apple.com/bag [= Google.com.uy modified browser - malicious] apple.com-auth.eu \u2022 appleid.apple.com-auth.eu\u2022",
"edgedl.me.gvt1.com",
"VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection",
"http://init-p01st.push.apple.com/bag (malicious web creator)",
"IPv4 103.224.182.246 command_and_control",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)",
"https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net",
"https://pics-storage-1.pornhat.com/contents/albums/main/1920x1080/135000/135855/9537375.jp",
"20.99.186.246 exploit source",
"https://www.apple.com/shop/browse/open/country_selector (exploit)",
"http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)",
"https://meumundogay-com.sexogratis.page/locker",
"Deep Research",
"http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)",
"https://ispy-official.com/ X Cache: Redirect from cloudfront Via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net CloudFront X Amz Cf",
"https://rto.bappam.eu/ai-n2cdl/mirai-2025-ven5k-telugu-movie-watch-online.html",
"Target agreed and complied with all lie detector measures.",
"www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!",
"https://es.pornhat.com/models/the-sex-creator/",
"https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )",
"https://media.defense.gov/2020/jun/09/2002313081/-1/-1/0/csi-detect-and-prevent-web-shell-malware-20200422.pdf",
"iamrobert.com Y.A.S.",
"Pop: HIO50 C1 X Amz Cf Id: Jt aBPO2nI3Nt D0E4nzqpun66btDLhJ41kQwhDASrIukoWyUOWE1w==",
"Can the DoD no questions asked target a SA victim",
"https://downloaddevtools.ir/ (phishing)",
"No, they put Tsara in her mom\u2019s obituary, she couldn\u2019t grieve, she had to take it down.",
"socialmedia \u2022 socialmedia.defense.gov \u2022 static.defense.gov",
"https://www-pornocarioca-com.sexogratis.page/videos/bbb/ex",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ [ phishing \u2022 apple collection]",
"brazzersnetwork.com",
"datafoundry.com",
"https://members.engine.com/login \u2022 https://members.engine.com/payment-details/220210",
"IPv4 45.12.253.72. command_and_control",
"I am very upset. Whoever is doing this is sick.",
"http://m.xiang5.com/keyword/17655.html&ht=%E9%98%BF%E6%BD%BC%E5%B0%8F%E8%AF%B4%E5%9C%A8%E7%BA%BF%E9%98%85%E8%AF%BB%E5%85%8D%E8%B4%B9%E9%98%85%E8%AF%BB_%E9%98%BF%E6%BD%BC%E5%B0%8F%E8%AF%B4%E5%9C%A8%E7%BA%BF%E9%98%85%E8%AF%BB%E5%85%A8%E6%9C%AC%E6%97%A0%E5%BC%B9%E7%AA%97-%E9%A6%99%E7%BD%91%E5%B0%8F%E8%AF%B4%E6%89%8B%E6%9C%BA%E7%89%88&uaddr=https:/www.sogou.com/link?url=58p16RfDRLtDzo-0AEmfJoGs8rDRUEq4ejjohgXqBYnQGuHk6xSRXg..&h=1080&w=1920&cd=24&lg=zh-CN&ua=mozilla/5.0%20(windows%20nt%2010.0;%20win64;%20x64)%20",
"Hostname: www.supernetforme.com command_and_control",
"youjazz.911porn.org",
"https://maisexo-com.putaria.info/casting \u2022 https://contosadultos-club.sexogratis.page/tudo",
"https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)",
"Red Team Abuse? Starfield ? DoD? You need a real criminal Jeffrey Reimer.",
"ftp.iamrobert.com ? \u2022 https://www.meritshealth.com/templates/iamrobert/fonts/Graphik-Regular.eot",
"https://webcams.itsyourporn.com/ \u2022 https://members.itsyourporn.com/",
"Infectious Disease UC Health denied target medication they said she needed as questionable liquid seeped into her brain.",
"There\u2019s a problem with terrorizing victims, relatives of, associates of and stealing their property intellectual or otherwise",
"https://www.meritshealth.com/ Defense.Gov Mobility Co? ",
"http://missing.hi2.ro/missing.html [malware hosting]",
"apple.com-auth.eu [Find apple] | https://applemusic-spotlight.myunidays.com/US/en-US? [compromise via apple media]",
"https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7",
"happylifehappywife.com",
"She was a researcher not a hacker. A mother not a criminal. Most talented and least impressed person I have ever known.",
"js.stripe.com [url redirects to]",
"IPv4 63.251.106.25 command_and_control",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
"https://wallpapers-nature.com/%20tsara-brashears/urlscan-io",
"206.189.61.126 [command and control]",
"https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)",
"apples.encryptedwork.com (Interesting in the blacknet)",
"https://www2.itsyourporn.com/license.php \u2022 https://www.lovephoto.tw/members",
"URLhaus Abuse.ch",
"There is fear in silence or speaking out",
"Hybrid Analysis",
"init.ess.apple.com (malicious code script)",
"Maltiverse Research Team",
"IPv4 95.213.186.51 command_and_control",
"https://wallpapers-nature.com/tsara-brashears/urlscan-io",
"IPv4 104.247.81.51 command_and_control",
"https://pornokind.vgt.pl \u2022 https://cdn2.video.itsyourporn.com",
"https://d1rozh26tys225.cloudfront.net/robot-suspicion.svg (mobility company no one has heard of)",
"https://media.defense.gov/2022/Mar/17/2002958406/-1/-1/1/SUMMARY-OF-THE-JOINT-ALL-DOMAIN-COMMAND-AND-CONTROL-STRATEGY.pdf",
"hello-world-mute-unit-3072.a-rahimi-farahani.workers.dev",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [ iOS unlocker & password decryption]",
"Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246",
"https://quantilnetworks.com/ [phishing]"
],
"related": {
"alienvault": {
"adversary": [],
"malware_families": [],
"industries": [],
"unique_indicators": 0
},
"other": {
"adversary": [
"Lucky Mouse APT27 | NoName057(16) | Unnamed"
],
"malware_families": [
"Agen.1045227",
"Trojan.js.agent",
"Backdoor.xtreme",
"Immortal stealer",
"Vb.emodldr.4",
"Nsis",
"Redcap.rlhse",
"Kryptik.noe",
"Apt notes",
"Dropper.msil",
"Heur:trojan.msoffice.alien",
"Trojan.pws",
"Trojan.inject",
"Trojanspy.keylogger",
"Zpevdo.b",
"Agent.aso",
"Heur:trojan.msil.tasker",
"$webwatson",
"Loki bot",
"Il:trojan.msilzilla",
"Js:trojan.cryxos",
"Evo",
"Packed.asprotect",
"Generic.trickbot.1",
"Heur:trojan.ole2.alien",
"Malware.tk.generic",
"Susp.rtf.objupdate",
"Ransom:win32/genasom.am",
"Ml.generic",
"Hacktool",
"Macro.trojan.dropperd",
"Application.sqlcrack",
"Malwarex",
"Hsbc",
"Silent",
"Maltiverse",
"Html_redir.smr",
"Ransom_wcry.smj",
"Nemucod.a",
"Exploit.msoffice",
"Dropped:generic.ransom.dmr",
"Dropper.trojan.agent",
"Alf:trojan:win64/psbanker.mfp!mtb",
"Qvm201.0.b70b.malware",
"Tsgeneric",
"Gen:variant.jaiko",
"Generic.msil.bladabindi",
"Malicious.8c45ba",
"Application.searchprotect",
"Malware.heur_generic.a",
"Adware.installmonetizer",
"Powershell.downloader",
"Trojan.agent",
"Gen:variant.msilperseus",
"Hacktool.cheatengine",
"Packed-gv",
"Backdoor.androm",
"Trojan.pornoasset",
"Trojandownloader:linux/downldr",
"Psw.agent",
"Pws:win32/primarypass.ad!mtb",
"Index.php",
"Dridex",
"Vb.pwshell.2",
"Malicious.71b1a8",
"Autoit.bimwt",
"Vb.downloader.2",
"Virus.office.qexvmc",
"Wacatac.d6",
"Gen:variant.mikey",
"Trojan.tasker",
"Heur:trojan.tasker",
"Vb:trojan.vba.agent",
"Gen:heur.noobyprotect",
"Zbd zeus",
"Trojan.generic",
"Trojan:msil/burkina",
"Backdoor.hupigon",
"Vb.emooodldr.10",
"Riskware.crack",
"Trojan.vbkryjetor",
"Faceliker.a",
"Hack.patcher",
"Vb:trojan.valyria",
"Agen.1043164",
"Msil.downloader",
"Malware",
"Gen:variant.ser.strictor",
"Trojan.html.phish",
"Auslogics",
"Heur.bzc.yax.pantera.10",
"Gen:variant.revengerat",
"Loki password stealer (pws)",
"Program.unwanted",
"Riskware",
"Backdoor.agent",
"Python.keylogger",
"Backdoor.msil.agent",
"Radar ineractive",
"Gen:variant.graftor",
"Macro.downloader.amip",
"Cve-2015-1650",
"Generic.servstart.a",
"Behavbehaveslike.pupxbi",
"Cil.heapoverride",
"Js:trojan.clicker",
"Phish.jat",
"Heur:trojan.linux.agent",
"Trojan.php.agent",
"Js:trojan.js.likejack",
"Snh:script [dropper]",
"Exploit.w32.agent",
"Pws-fczz",
"Tor - s0183",
"Trojan.ekstak",
"Malicious.d800d6",
"Trojan.chapak",
"Heur:backdoor.msil.nanobot",
"W32.eheur",
"Gamehack.dom",
"Trojan.ole2.vbs",
"Agent.aik.gencil.stupidcryptor",
"Trojan.androm.gen",
"Agen.1141126",
"Trojan.killproc",
"Virus.ramnit",
"Redcap.zoohz",
"Pua.gen",
"Backdoor:win32/vb.kq",
"Trojan.msil",
"S-b748adc5",
"Msil:genmalicious-zc\\ [trj]",
"Adware.kuzitui",
"Trojan.autoruns.generickds",
"Heur/qvm41.2.da9b.malware",
"Gen:nn.zexaf.32515",
"Dropper.binder",
"Trojan.wisdomeyes.16070401.9500",
"Adware.downware",
"Heur:webtoolbar.generic",
"Generic.malware.smyb",
"Trojan.msil.injector",
"Cil.stupidcryptor",
"Heur:remoteadmin.generic",
"Gamehack.crs",
"Agen.1144657",
"Linux.agent",
"Possiblethreat.pallas",
"Xlm.trojan.abracadabra.27",
"Suppobox",
"Opensubtitles.a",
"Pwsx",
"Agen.1030939",
"Msil.trojan.bse",
"Malicious.f01f67",
"Deepscan:generic.spyagent.6",
"Pws.p",
"Unsafe.ai_score_100%",
"Js:trojan.js.faceliker",
"Sgeneric",
"Downldr.gen",
"Behaveslike.ransom",
"Pua.reg1staid",
"Blacknet rat",
"Trojanspy.python",
"Trojan.ransom.generickd",
"Scrinject.b",
"Heur/qvm42.3.72eb.malware",
"Kuluoz.b.gen",
"Backdoor:msil/asyncrat.zb!mtb",
"Gamehack.nl",
"Skynet",
"Quasar rat",
"W32.trojan",
"Trojan:vba/downldr",
"Gen:variant.barys",
"Backdoor.rbot",
"Exploit cve-2017-11882",
"Staticrr.paleokits.net",
"Gen:variant.razy",
"Agent.nbae",
"Smokeloader",
"Troj_gen.r002c0og518",
"Gen:trojan.heur2.lptbhw@w64.hfsautob",
"Suspicious.cloud",
"Ransom:win32/somhoveran.c",
"Agent.ypez",
"Trojan.starter js.iframe",
"Riskware.hacktool.agent",
"Generic.msil.passwordstealer",
"Gen:variant.kazy",
"Heur:exploit.generic",
"Presenoker",
"Agent.pwc",
"Gen:nn.zemsilf.34128",
"Delf.nbx",
"Agen.1038489",
"Heur.vba.trojan",
"Trojan.script",
"Application.innovativsol",
"Azorult",
"Packed.themida.gen",
"Elf",
"Worm.win64.autorun",
"Dropper.trojan.generic",
"Kryptik.nrd",
"Agenttesla",
"Backdoor:win32/tofsee.t",
"Heur.msword.gen",
"Hw32.packed",
"Redcap.vneda",
"Constructor.msil linux.agent",
"Apnic",
"Virus.3dmax.script",
"Js:iframe",
"Orcus rat",
"Gen:variant.ulise",
"Kryptik",
"Malicious.3e78cc",
"Trojan.pws.growtopia",
"Ransom.wannacrypt",
"Black.gen2",
"Ransom.win64.wacatac.oa",
"Malicious.6e0700",
"Trojan.doc.downloader",
"Pegasus",
"Trojan.malware.121218",
"Trickbot - s0266",
"Wannacry",
"Redline",
"Gen:variant.cerbu",
"Susp.lnk",
"Bscope.riskware",
"Wacapew.c",
"W32.aidetectvm",
"Trojan.win64",
"Gen:variant.bulz",
"Ait.heur.cottonmouth.8.78f19bd7",
"Trojan.notifier",
"Generic.bitcoinminer.3",
"Bscope.trojan",
"Js:trojan.hidelink",
"Exploit.cve",
"Script.inf",
"Gen:variant.ursu",
"Downloader.certutilurlcache",
"Trojan.mydoom/memscan",
"Trojan.malware.300983",
"Injector.jdo",
"Generic.asmalws",
"Psw.discord",
"Agent.aik.gen",
"Powershell.trojan",
"Suspected of trojan.downloader.gen",
"Lumma",
"Alf:trojan:bat/envvarcharreplacement.custom",
"Trojan.psw.mimikatz",
"Macro.agent",
"Trojan.heur",
"Malicious.high.ml",
"Ransom_wcry.smalym",
"Xegumumune.8596c22f",
"Script.agent",
"Icefog",
"Unsafe",
"Riskware.agent",
"Riskware.netfilter",
"Malicious.moderate.ml",
"Heur:trojan.msoffice.stratos",
"Gen:variant.johnnie",
"Webtoolbar",
"Emotet",
"Packed.netseal",
"Trojan.pws.agent",
"Suspicious.low.ml",
"Malicious.11abfc",
"Artemis",
"Backdoor.poison",
"Spyware.bobik",
"Invicta stealer",
"Gen:heur.ransom.msil",
"Bladabindi.q",
"Dangerousobject.multi",
"Trojan:linux/downldr",
"Trojan.wanna",
"Gen:heur.msil.androm",
"Packed.vmprotect",
"Indiloadz.bb",
"Vb.chronos.7",
"Injector.clds",
"Hoax.js.phish",
"Vba.downloader",
"Webmonitor rat",
"Gen:variant.symmi",
"Wannacryptor",
"Generic.malware",
"Deepscan:generic.ransom.gandcrab5",
"Phishing.html",
"Gen:nn.zemsilf.34062",
"Hacktool.binder",
"Redline stealer",
"W32.aidetect",
"Feodo",
"Phish.ab",
"Trojan.trickbot",
"Trojanspy.java",
"Gen:variant.midie",
"Suspicious_gen.f47v0520",
"Adload.ad81",
"Behaveslike.exploit",
"Ransom:win32/cve-2017-0147",
"Virus.virut",
"Generic.msil.limerat",
"Ransom.win64.pornoasset.sm1",
"Trojan.delshad",
"Trojan.indiloadz",
"Tscope.trojan",
"Trojan.psw.python",
"Trojanspy",
"Beach research",
"Gen:nn",
"Trojan.java",
"Ramnit.n",
"Injector.is.gen",
"Trojan.packednet",
"Troj_frs.vsntfk19",
"Heur:adware.startsurf",
"Trojan.trickster",
"Gen:variant.zusy",
"Constructor.msil",
"Trojan.cud.gen",
"Trojan.python",
"Filerepmalware",
"Trojan:python/downldr",
"Kryptik.gucb",
"Kryptik.fph.gen",
"Dldr.agent",
"Gen:heur.ransom.hiddentears",
"Generic.msil.grwtpstealer.1",
"Risktool.phpw",
"Gen:variant.sirefef",
"Trojan.vba",
"Locky",
"Suspicious.save",
"States",
"Blacknet",
"Fake ,promethiumm ,strongpity",
"Hacktool.bruteforce",
"Trojan.downloader.generic",
"Domains",
"Heur:trojan.msoffice.sagent",
"Psw.stealer",
"Deepscan:generic.ransom.amnesiae",
"Backdoor:msil/bladabindi.aj",
"Sdbot.caoc",
"Html:script",
"Inmortal",
"Gen:heur.msil.inject"
],
"industries": [
"Medicine",
"Civil society",
"Health",
"Nutritional",
"Government",
"Medical",
"Technology"
],
"unique_indicators": 190975
}
}
},
"false_positive": [],
"alexa": "http://www.alexa.com/siteinfo/alphawars.com",
"whois": "http://whois.domaintools.com/alphawars.com",
"domain": "alphawars.com",
"hostname": "de.4.alphawars.com"
},
"geo": {},
"geo_ipapicom": {},
"pulse_count": 50,
"pulses": [
{
"id": "68e2bb5d9ee8577ab5519f2c",
"name": "Meritshealth with DoD links? ",
"description": "",
"modified": "2026-01-13T00:05:56.401000",
"created": "2025-10-05T18:39:25.286000",
"tags": [
"gtmk5nxqc6",
"utc amazon",
"utc na",
"acceptencoding",
"gmt contenttype",
"connection",
"true pragma",
"gmt setcookie",
"httponly",
"gmt vary",
"nc000000 up",
"html document",
"unicode text",
"utf8 text",
"oc0006 http",
"http traffic",
"https http",
"mitre att",
"control ta0011",
"protocol t1071",
"match info",
"t1573 severity",
"info",
"number",
"ja3s",
"algorithm",
"azure rsa",
"tls issuing",
"cus subject",
"stwa lredmond",
"cnmicrosoft ecc",
"update secure",
"server ca",
"omicrosoft cus",
"get http",
"dns resolutions",
"registrar",
"markmonitor inc",
"country",
"resolver domain",
"type name",
"html",
"apnic",
"apnic whois",
"please",
"rirs",
"cidr",
"learn",
"ck id",
"name tactics",
"suspicious",
"informative",
"command",
"adversaries",
"development att",
"name tactics",
"binary file",
"ck matrix",
"wheelchair",
"iamrobert",
"pattern match",
"ascii text",
"href",
"united",
"general",
"local",
"path",
"encrypt",
"click",
"passive dns",
"urls",
"files",
"reverse dns",
"netherlands",
"present aug",
"a domains",
"moved",
"first pqc",
"ip address",
"unknown ns",
"unknown aaaa",
"title",
"body",
"meta",
"window",
"accept",
"body doctype",
"welcome",
"ok server",
"gmt content",
"present jul",
"present sep",
"aaaa",
"hostname",
"error",
"defense evasion",
"windows nt",
"response",
"vary",
"strings",
"core",
"t1027.013 encrypted/encoded",
"michelin lazy k",
"prefetch8",
"flag",
"date",
"starfield",
"hybrid",
"mobility cr",
"extraction",
"data upload",
"include",
"o url",
"url url",
"included i0",
"review ioc",
"excluded ic",
"suggested",
"find sugi",
"failed",
"cre pul",
"enter",
"enter sc",
"type",
"enric",
"extra",
"type opaste",
"data u",
"included",
"copy md5",
"copy sha1",
"copy sha256",
"null",
"refresh",
"tools",
"look",
"verify",
"restart",
"t1480 execution",
"expiration",
"url https",
"no expiration",
"iocs",
"ipv4",
"text drag",
"drop or",
"browse to",
"select file",
"redacted for",
"server",
"privacy tech",
"privacy admin",
"postal code",
"stateprovince",
"organization",
"email",
"code",
"quantum rooms",
"sam somalia",
"emp",
"porn",
"media defense",
"gov porn",
"suck my nips",
"reimer suspect",
"jeffrey reimer",
"dod",
"department of defense",
"show",
"date checked",
"url hostname",
"server response",
"google safe",
"results may",
"entries http",
"scans record",
"value status",
"sabey type",
"merits fake",
"y.a.s.",
"pornography",
"ramsom"
],
"references": [
"https://www.meritshealth.com/ Defense.Gov Mobility Co? ",
"zeroeyes.host \u2022 media.defense.gov \u2022 defense.gov \u2022 23.222.155.67",
"https://media.defense.gov/2022/Mar/17/2002958406/-1/-1/1/SUMMARY-OF-THE-JOINT-ALL-DOMAIN-COMMAND-AND-CONTROL-STRATEGY.pdf",
"https://media.defense.gov/2020/jun/09/2002313081/-1/-1/0/csi-detect-and-prevent-web-shell-malware-20200422.pdf",
"https://rto.bappam.eu/ai-n2cdl/mirai-2025-ven5k-telugu-movie-watch-online.html",
"https://pornokind.vgt.pl \u2022 https://cdn2.video.itsyourporn.com",
"https://webcams.itsyourporn.com/ \u2022 https://members.itsyourporn.com/",
"https://pics-storage-1.pornhat.com/contents/albums/main/1920x1080/135000/135855/9537375.jp",
"https://static.pornhat.com/contents/videos_screenshots/642000/642793/640x360/1.jpg",
"https://d1rozh26tys225.cloudfront.net/robot-suspicion.svg (mobility company no one has heard of)",
"https://www2.itsyourporn.com/license.php \u2022 https://www.lovephoto.tw/members",
"https://members.engine.com/login \u2022 https://members.engine.com/payment-details/220210",
"https://www-pornocarioca-com.sexogratis.page/videos/bbb/ex",
"https://media.defense.gov/2024/sep/18/2003547016/-1/-1/0/csa-prc-linked-actors-botnet.pdf",
"https://maisexo-com.putaria.info/casting \u2022 https://contosadultos-club.sexogratis.page/tudo",
"https://meumundogay-com.sexogratis.page/locker",
"https://es.pornhat.com/models/the-sex-creator/",
"Dear US Government, the man who assaulted targets name is Jeffrey Scott Reimer of Chester Springs, PA",
"Can the DoD no questions asked target a SA victim",
"Red Team Abuse? Starfield ? DoD? You need a real criminal Jeffrey Reimer.",
"There\u2019s a problem with terrorizing victims, relatives of, associates of and stealing their property intellectual or otherwise",
"socialmedia \u2022 socialmedia.defense.gov \u2022 static.defense.gov",
"There is fear in silence or speaking out",
"Target left unattended by anyone in a hospital except a security guard. Hospital refused care. Ignored rare brain incident from high cervical & brain assault injuries aggravated by car accident.",
"3-4 Police presence. 25 + hospital employees prepped radiology room. No one left room so was it for her?",
"If someone is believed to be a threat they have right to due process.",
"Infectious Disease UC Health denied target medication they said she needed as questionable liquid seeped into her brain.",
"She was a researcher not a hacker. A mother not a criminal. Most talented and least impressed person I have ever known.",
"Remarks online \u2018 T\u2019*#^^ is not a runner\u2019 a size 00 broke two track records at a major universities.",
"Honestly, you\u2019ve never seen or met her no many how many people you\u2019ve sent out. That\u2019s why you quiz.",
"ftp.iamrobert.com ? \u2022 https://www.meritshealth.com/templates/iamrobert/fonts/Graphik-Regular.eot",
"iamrobert.com Y.A.S.",
"1.2016 M.Brian Sabey filed a complaint about? Jeffrey Reimer refused Lie detector test and False memory exam",
"Target agreed and complied with all lie detector measures.",
"Is the family allowed to have a funeral for Tsara or print an obituary",
"No, they put Tsara in her mom\u2019s obituary, she couldn\u2019t grieve, she had to take it down.",
"I am very upset. Whoever is doing this is sick."
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "APNIC",
"display_name": "APNIC",
"target": null
},
{
"id": "Malware",
"display_name": "Malware",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1069",
"name": "Permission Groups Discovery",
"display_name": "T1069 - Permission Groups Discovery"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1480",
"name": "Execution Guardrails",
"display_name": "T1480 - Execution Guardrails"
},
{
"id": "T1553",
"name": "Subvert Trust Controls",
"display_name": "T1553 - Subvert Trust Controls"
},
{
"id": "T1566",
"name": "Phishing",
"display_name": "T1566 - Phishing"
},
{
"id": "T1568",
"name": "Dynamic Resolution",
"display_name": "T1568 - Dynamic Resolution"
},
{
"id": "T1583",
"name": "Acquire Infrastructure",
"display_name": "T1583 - Acquire Infrastructure"
},
{
"id": "T1069.002",
"name": "Domain Groups",
"display_name": "T1069.002 - Domain Groups"
},
{
"id": "T1071.001",
"name": "Web Protocols",
"display_name": "T1071.001 - Web Protocols"
},
{
"id": "T1583.001",
"name": "Domains",
"display_name": "T1583.001 - Domains"
},
{
"id": "TA0042",
"name": "Resource Development",
"display_name": "TA0042 - Resource Development"
},
{
"id": "TA0005",
"name": "Defense Evasion",
"display_name": "TA0005 - Defense Evasion"
},
{
"id": "T1553.002",
"name": "Code Signing",
"display_name": "T1553.002 - Code Signing"
},
{
"id": "T1528",
"name": "Steal Application Access Token",
"display_name": "T1528 - Steal Application Access Token"
},
{
"id": "T1071.004",
"name": "DNS",
"display_name": "T1071.004 - DNS"
},
{
"id": "T1113",
"name": "Screen Capture",
"display_name": "T1113 - Screen Capture"
},
{
"id": "T1590",
"name": "Gather Victim Network Information",
"display_name": "T1590 - Gather Victim Network Information"
},
{
"id": "T1591",
"name": "Gather Victim Org Information",
"display_name": "T1591 - Gather Victim Org Information"
},
{
"id": "T1132",
"name": "Data Encoding",
"display_name": "T1132 - Data Encoding"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1457",
"name": "Malicious Media Content",
"display_name": "T1457 - Malicious Media Content"
},
{
"id": "T1562.001",
"name": "Disable or Modify Tools",
"display_name": "T1562.001 - Disable or Modify Tools"
},
{
"id": "T1562.004",
"name": "Disable or Modify System Firewall",
"display_name": "T1562.004 - Disable or Modify System Firewall"
},
{
"id": "T1089",
"name": "Disabling Security Tools",
"display_name": "T1089 - Disabling Security Tools"
},
{
"id": "T1562.008",
"name": "Disable Cloud Logs",
"display_name": "T1562.008 - Disable Cloud Logs"
},
{
"id": "T1125",
"name": "Video Capture",
"display_name": "T1125 - Video Capture"
},
{
"id": "T1056.003",
"name": "Web Portal Capture",
"display_name": "T1056.003 - Web Portal Capture"
},
{
"id": "T1512",
"name": "Capture Camera",
"display_name": "T1512 - Capture Camera"
},
{
"id": "T1180",
"name": "Screensaver",
"display_name": "T1180 - Screensaver"
}
],
"industries": [],
"TLP": "white",
"cloned_from": "68e2b14d83bb63502feac65e",
"export_count": 17,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1365,
"URL": 11172,
"hostname": 2780,
"FileHash-MD5": 381,
"FileHash-SHA256": 4420,
"FileHash-SHA1": 338,
"CIDR": 4,
"SSLCertFingerprint": 24,
"CVE": 1,
"email": 1
},
"indicator_count": 20486,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 139,
"modified_text": "96 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68e2b14d83bb63502feac65e",
"name": "Did the \u2018real\u2019 DoD kill Targets wheelchair as promised? It\u2019s alive again.",
"description": "I\u2019d never think the DoD would be found when researching a wheelchair company NO ONE has ever heard of in this region. \n\nA wheelchair was ordered for target early spring, it was received in early summer. \n\nSettings became a crazy mess. Suspicion was immediate as a toothless tech tried to identify if dealing w/target by birth year , quizzing, fear tactics (doomsday wheelchair) , familiar Then warns about EMP attacks against wheelchair? His son is a hacker (gamer) + software engineer. He left not knowing if target status after quizzing tech knowledge? I intentionally verbalized the truth , target was a very early adopter of Ruby & Ruby on Rails & everything tech, he dropped his tools & left breaking the arm of wheelchair. New tech needed. Later denies ever being a mobility technician. They killed a new wheelchair. Why?. You\u2019re allowed to donate your equipment Vets & uninsured NEED mobility equipment. Stop the craziness. Is it possible gamer hackers are riding the DoD w/o their knowledge?",
"modified": "2026-01-07T00:00:30.717000",
"created": "2025-10-05T17:56:29.109000",
"tags": [
"gtmk5nxqc6",
"utc amazon",
"utc na",
"acceptencoding",
"gmt contenttype",
"connection",
"true pragma",
"gmt setcookie",
"httponly",
"gmt vary",
"nc000000 up",
"html document",
"unicode text",
"utf8 text",
"oc0006 http",
"http traffic",
"https http",
"mitre att",
"control ta0011",
"protocol t1071",
"match info",
"t1573 severity",
"info",
"number",
"ja3s",
"algorithm",
"azure rsa",
"tls issuing",
"cus subject",
"stwa lredmond",
"cnmicrosoft ecc",
"update secure",
"server ca",
"omicrosoft cus",
"get http",
"dns resolutions",
"registrar",
"markmonitor inc",
"country",
"resolver domain",
"type name",
"html",
"apnic",
"apnic whois",
"please",
"rirs",
"cidr",
"learn",
"ck id",
"name tactics",
"suspicious",
"informative",
"command",
"adversaries",
"development att",
"name tactics",
"binary file",
"ck matrix",
"wheelchair",
"iamrobert",
"pattern match",
"ascii text",
"href",
"united",
"general",
"local",
"path",
"encrypt",
"click",
"passive dns",
"urls",
"files",
"reverse dns",
"netherlands",
"present aug",
"a domains",
"moved",
"first pqc",
"ip address",
"unknown ns",
"unknown aaaa",
"title",
"body",
"meta",
"window",
"accept",
"body doctype",
"welcome",
"ok server",
"gmt content",
"present jul",
"present sep",
"aaaa",
"hostname",
"error",
"defense evasion",
"windows nt",
"response",
"vary",
"strings",
"core",
"t1027.013 encrypted/encoded",
"michelin lazy k",
"prefetch8",
"flag",
"date",
"starfield",
"hybrid",
"mobility cr",
"extraction",
"data upload",
"include",
"o url",
"url url",
"included i0",
"review ioc",
"excluded ic",
"suggested",
"find sugi",
"failed",
"cre pul",
"enter",
"enter sc",
"type",
"enric",
"extra",
"type opaste",
"data u",
"included",
"copy md5",
"copy sha1",
"copy sha256",
"null",
"refresh",
"tools",
"look",
"verify",
"restart",
"t1480 execution",
"expiration",
"url https",
"no expiration",
"iocs",
"ipv4",
"text drag",
"drop or",
"browse to",
"select file",
"redacted for",
"server",
"privacy tech",
"privacy admin",
"postal code",
"stateprovince",
"organization",
"email",
"code",
"quantum rooms",
"sam somalia",
"emp",
"porn",
"media defense",
"gov porn",
"suck my nips",
"reimer suspect",
"jeffrey reimer",
"dod",
"department of defense",
"show",
"date checked",
"url hostname",
"server response",
"google safe",
"results may",
"entries http",
"scans record",
"value status",
"sabey type",
"merits fake",
"y.a.s.",
"pornography",
"ramsom"
],
"references": [
"https://www.meritshealth.com/ Defense.Gov Mobility Co? ",
"zeroeyes.host \u2022 media.defense.gov \u2022 defense.gov \u2022 23.222.155.67",
"https://media.defense.gov/2022/Mar/17/2002958406/-1/-1/1/SUMMARY-OF-THE-JOINT-ALL-DOMAIN-COMMAND-AND-CONTROL-STRATEGY.pdf",
"https://media.defense.gov/2020/jun/09/2002313081/-1/-1/0/csi-detect-and-prevent-web-shell-malware-20200422.pdf",
"https://rto.bappam.eu/ai-n2cdl/mirai-2025-ven5k-telugu-movie-watch-online.html",
"https://pornokind.vgt.pl \u2022 https://cdn2.video.itsyourporn.com",
"https://webcams.itsyourporn.com/ \u2022 https://members.itsyourporn.com/",
"https://pics-storage-1.pornhat.com/contents/albums/main/1920x1080/135000/135855/9537375.jp",
"https://static.pornhat.com/contents/videos_screenshots/642000/642793/640x360/1.jpg",
"https://d1rozh26tys225.cloudfront.net/robot-suspicion.svg (mobility company no one has heard of)",
"https://www2.itsyourporn.com/license.php \u2022 https://www.lovephoto.tw/members",
"https://members.engine.com/login \u2022 https://members.engine.com/payment-details/220210",
"https://www-pornocarioca-com.sexogratis.page/videos/bbb/ex",
"https://media.defense.gov/2024/sep/18/2003547016/-1/-1/0/csa-prc-linked-actors-botnet.pdf",
"https://maisexo-com.putaria.info/casting \u2022 https://contosadultos-club.sexogratis.page/tudo",
"https://meumundogay-com.sexogratis.page/locker",
"https://es.pornhat.com/models/the-sex-creator/",
"Dear US Government, the man who assaulted targets name is Jeffrey Scott Reimer of Chester Springs, PA",
"Can the DoD no questions asked target a SA victim",
"Red Team Abuse? Starfield ? DoD? You need a real criminal Jeffrey Reimer.",
"There\u2019s a problem with terrorizing victims, relatives of, associates of and stealing their property intellectual or otherwise",
"socialmedia \u2022 socialmedia.defense.gov \u2022 static.defense.gov",
"There is fear in silence or speaking out",
"Target left unattended by anyone in a hospital except a security guard. Hospital refused care. Ignored rare brain incident from high cervical & brain assault injuries aggravated by car accident.",
"3-4 Police presence. 25 + hospital employees prepped radiology room. No one left room so was it for her?",
"If someone is believed to be a threat they have right to due process.",
"Infectious Disease UC Health denied target medication they said she needed as questionable liquid seeped into her brain.",
"She was a researcher not a hacker. A mother not a criminal. Most talented and least impressed person I have ever known.",
"Remarks online \u2018 T\u2019*#^^ is not a runner\u2019 a size 00 broke two track records at a major universities.",
"Honestly, you\u2019ve never seen or met her no many how many people you\u2019ve sent out. That\u2019s why you quiz.",
"ftp.iamrobert.com ? \u2022 https://www.meritshealth.com/templates/iamrobert/fonts/Graphik-Regular.eot",
"iamrobert.com Y.A.S.",
"1.2016 M.Brian Sabey filed a complaint about? Jeffrey Reimer refused Lie detector test and False memory exam",
"Target agreed and complied with all lie detector measures.",
"Is the family allowed to have a funeral for Tsara or print an obituary",
"No, they put Tsara in her mom\u2019s obituary, she couldn\u2019t grieve, she had to take it down.",
"I am very upset. Whoever is doing this is sick."
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "APNIC",
"display_name": "APNIC",
"target": null
},
{
"id": "Malware",
"display_name": "Malware",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1069",
"name": "Permission Groups Discovery",
"display_name": "T1069 - Permission Groups Discovery"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1480",
"name": "Execution Guardrails",
"display_name": "T1480 - Execution Guardrails"
},
{
"id": "T1553",
"name": "Subvert Trust Controls",
"display_name": "T1553 - Subvert Trust Controls"
},
{
"id": "T1566",
"name": "Phishing",
"display_name": "T1566 - Phishing"
},
{
"id": "T1568",
"name": "Dynamic Resolution",
"display_name": "T1568 - Dynamic Resolution"
},
{
"id": "T1583",
"name": "Acquire Infrastructure",
"display_name": "T1583 - Acquire Infrastructure"
},
{
"id": "T1069.002",
"name": "Domain Groups",
"display_name": "T1069.002 - Domain Groups"
},
{
"id": "T1071.001",
"name": "Web Protocols",
"display_name": "T1071.001 - Web Protocols"
},
{
"id": "T1583.001",
"name": "Domains",
"display_name": "T1583.001 - Domains"
},
{
"id": "TA0042",
"name": "Resource Development",
"display_name": "TA0042 - Resource Development"
},
{
"id": "TA0005",
"name": "Defense Evasion",
"display_name": "TA0005 - Defense Evasion"
},
{
"id": "T1553.002",
"name": "Code Signing",
"display_name": "T1553.002 - Code Signing"
},
{
"id": "T1528",
"name": "Steal Application Access Token",
"display_name": "T1528 - Steal Application Access Token"
},
{
"id": "T1071.004",
"name": "DNS",
"display_name": "T1071.004 - DNS"
},
{
"id": "T1113",
"name": "Screen Capture",
"display_name": "T1113 - Screen Capture"
},
{
"id": "T1590",
"name": "Gather Victim Network Information",
"display_name": "T1590 - Gather Victim Network Information"
},
{
"id": "T1591",
"name": "Gather Victim Org Information",
"display_name": "T1591 - Gather Victim Org Information"
},
{
"id": "T1132",
"name": "Data Encoding",
"display_name": "T1132 - Data Encoding"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1457",
"name": "Malicious Media Content",
"display_name": "T1457 - Malicious Media Content"
},
{
"id": "T1562.001",
"name": "Disable or Modify Tools",
"display_name": "T1562.001 - Disable or Modify Tools"
},
{
"id": "T1562.004",
"name": "Disable or Modify System Firewall",
"display_name": "T1562.004 - Disable or Modify System Firewall"
},
{
"id": "T1089",
"name": "Disabling Security Tools",
"display_name": "T1089 - Disabling Security Tools"
},
{
"id": "T1562.008",
"name": "Disable Cloud Logs",
"display_name": "T1562.008 - Disable Cloud Logs"
},
{
"id": "T1125",
"name": "Video Capture",
"display_name": "T1125 - Video Capture"
},
{
"id": "T1056.003",
"name": "Web Portal Capture",
"display_name": "T1056.003 - Web Portal Capture"
},
{
"id": "T1512",
"name": "Capture Camera",
"display_name": "T1512 - Capture Camera"
},
{
"id": "T1180",
"name": "Screensaver",
"display_name": "T1180 - Screensaver"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 1,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1328,
"URL": 9931,
"hostname": 2621,
"FileHash-MD5": 381,
"FileHash-SHA256": 4360,
"FileHash-SHA1": 338,
"CIDR": 4,
"SSLCertFingerprint": 24,
"CVE": 1,
"email": 1
},
"indicator_count": 18989,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 139,
"modified_text": "102 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6846860ee9b4faefae8d4cf9",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:58:22.091000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6846860a0c5ff214f345717c",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:58:17.902000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68468511340fb7ba8eeb7aae",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:54:09.116000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6846850783baea1a6beb7e71",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. I won\u2019t be surprised if OTX cannot pull the threat. My account isn\u2019t allowing me full permissions. \n\n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:53:59.933000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68468505ee31db44fe063e82",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:53:57.123000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68468501eb091ae414509121",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:53:53.417000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 137,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68468500f573317422968c7c",
"name": "Crowdsourced research | IP 192.229.221.95",
"description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net",
"modified": "2025-07-09T05:00:24.293000",
"created": "2025-06-09T06:53:52.404000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 284,
"FileHash-SHA1": 285,
"FileHash-SHA256": 3666,
"domain": 511,
"hostname": 845,
"URL": 3282,
"CVE": 2,
"email": 1
},
"indicator_count": 8876,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 137,
"modified_text": "284 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65caca061fbb7674de86ec7b",
"name": "Invicta Stealer",
"description": "Invicta Stealer is equipped to steal data from most locations of a system which makes it a dangerous threat.\nLink found in https://house.mo.com",
"modified": "2024-03-14T01:01:47.115000",
"created": "2024-02-13T01:46:46.969000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"historical ssl",
"resolutions",
"communicating",
"whois whois",
"subdomains",
"referrer",
"problems",
"core",
"startpage",
"june",
"passive dns",
"urls",
"domain",
"otx telemetry",
"body",
"gmt content",
"x adblock",
"scan endpoints",
"all octoseek",
"hostname",
"date",
"encrypt",
"threat roundup",
"october",
"november",
"march",
"february",
"apple ios",
"april",
"tsara brashears",
"copy",
"hacktool",
"phishing",
"metro",
"crypto",
"installer",
"awful",
"united",
"unknown",
"germany unknown",
"search",
"servers",
"registrar",
"name servers",
"status",
"next",
"moved",
"address",
"creation date",
"showing",
"ipv4",
"pulse submit",
"url analysis",
"accept",
"aaaa",
"record type",
"ttl value",
"html document",
"ascii text",
"anchor hrefs",
"hrefs",
"anchor",
"anchor href",
"threat",
"paste",
"iocs",
"analyze",
"hostnames",
"url https",
"sample",
"server",
"code",
"registry domain",
"dnssec",
"registrar url",
"registrar whois",
"iana id",
"registrar abuse",
"tech email",
"fake update",
"utilizes new",
"idat loader",
"stealc",
"urls http",
"isadultno",
"adposbottom",
"adformatplain",
"adnetworks",
"quasar rat",
"ip detections",
"country",
"cellbrite",
"execution",
"pegasus",
"malware",
"agent tesla",
"attack",
"ukraine",
"silent",
"invicta stealer",
"redline stealer",
"orcus rat",
"files",
"germany asn",
"as196763",
"a domains",
"redacted for",
"record value",
"for privacy",
"emails",
"name",
"contacted urls",
"bundled",
"de indicators",
"domains",
"hashes",
"gmbh version",
"status page",
"service privacy",
"legal",
"impressum",
"pulse pulses",
"location united",
"open",
"cookie",
"customer",
"0 report",
"sea alt",
"certificate",
"#targeting",
"#discordwallets",
"house.mo.gov"
],
"references": [
"https://www.facebooksunglassshop.com/",
"CVE-2017-0147 \u2022 CVE-2023-4966 \u2022 CVE-2023-22518",
"https://ispy-official.com/ X Cache: Redirect from cloudfront Via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net CloudFront X Amz Cf",
"Pop: HIO50 C1 X Amz Cf Id: Jt aBPO2nI3Nt D0E4nzqpun66btDLhJ41kQwhDASrIukoWyUOWE1w==",
"apple.com-auth.eu [Find apple] | https://applemusic-spotlight.myunidays.com/US/en-US? [compromise via apple media]",
"http://init-p01st.push.apple.com/bag [= Google.com.uy modified browser - malicious] apple.com-auth.eu \u2022 appleid.apple.com-auth.eu\u2022",
"https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635 [apple media compromise. Pega behavior?]",
"all-live.secure2storeapple.xxianzi.com \u2022 https://www.symbios.pk/apple-ipod-5-32gb",
"http://m.xiang5.com/keyword/17655.html&ht=%E9%98%BF%E6%BD%BC%E5%B0%8F%E8%AF%B4%E5%9C%A8%E7%BA%BF%E9%98%85%E8%AF%BB%E5%85%8D%E8%B4%B9%E9%98%85%E8%AF%BB_%E9%98%BF%E6%BD%BC%E5%B0%8F%E8%AF%B4%E5%9C%A8%E7%BA%BF%E9%98%85%E8%AF%BB%E5%85%A8%E6%9C%AC%E6%97%A0%E5%BC%B9%E7%AA%97-%E9%A6%99%E7%BD%91%E5%B0%8F%E8%AF%B4%E6%89%8B%E6%9C%BA%E7%89%88&uaddr=https:/www.sogou.com/link?url=58p16RfDRLtDzo-0AEmfJoGs8rDRUEq4ejjohgXqBYnQGuHk6xSRXg..&h=1080&w=1920&cd=24&lg=zh-CN&ua=mozilla/5.0%20(windows%20nt%2010.0;%20win64;%20x64)%20",
"Tracking: mailtrack.io \u2022 nr-data.net \u2022 tracking.bullseyeedu.com \u2022 https://smtp.mail.pentrack.com \u2022 tracking.vetsindexes.com",
"Remote threats: http://watchhers.net/index.php \u2022 http://eye.infunvip.com/appinterface/other/login.remote",
"https://plussizedesi.com/wp-content/uploads/2022/07/SniperGhostWarrior2BlackBox_Version_Download_INSTALL.pdf",
"https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [ iOS unlocker & password decryption]",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ [ phishing \u2022 apple collection]",
"https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net",
"wallpapers-nature.com",
"https://wallpapers-nature.com/%20tsara-brashears/urlscan-io",
"https://wallpapers-nature.com/tsara-brashears/urlscan-io",
"hello-world-mute-unit-3072.a-rahimi-farahani.workers.dev",
"edgedl.me.gvt1.com",
"Link found in https://house.mo.com"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Invicta Stealer",
"display_name": "Invicta Stealer",
"target": null
},
{
"id": "HackTool",
"display_name": "HackTool",
"target": null
},
{
"id": "Quasar RAT",
"display_name": "Quasar RAT",
"target": null
},
{
"id": "Pegasus",
"display_name": "Pegasus",
"target": null
},
{
"id": "RedLine Stealer",
"display_name": "RedLine Stealer",
"target": null
},
{
"id": "Orcus RAT",
"display_name": "Orcus RAT",
"target": null
},
{
"id": "Silent",
"display_name": "Silent",
"target": null
}
],
"attack_ids": [],
"industries": [
"Government",
"Civil Society",
"Technology"
],
"TLP": "white",
"cloned_from": null,
"export_count": 65,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 153,
"FileHash-SHA1": 145,
"FileHash-SHA256": 3848,
"CVE": 3,
"URL": 8291,
"domain": 2541,
"hostname": 3034,
"email": 13
},
"indicator_count": 18028,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "766 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
}
],
"error": null,
"vt": {
"error": "VirusTotal rate limit reached. Try again shortly.",
"indicator": "https://de.4.alphawars.com",
"type": "URL"
},
"abuseipdb": null,
"urlhaus": {
"indicator": "https://de.4.alphawars.com",
"type": "URL",
"found": false,
"verdict": "clean",
"error": null
},
"from_cache": true,
"_cached_at": 1776641501.2765114
}