{
"type": "URL",
"indicator": "https://e.event.data",
"general": {
"sections": [
"general",
"url_list",
"http_scans",
"screenshot"
],
"indicator": "https://e.event.data",
"type": "url",
"type_title": "URL",
"validation": [],
"base_indicator": {
"id": 3419877444,
"indicator": "https://e.event.data",
"type": "URL",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 40,
"pulses": [
{
"id": "67a7f06a5d0f22ad92684646",
"name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd",
"description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.",
"modified": "2025-05-14T21:27:17.040000",
"created": "2025-02-09T00:01:46.054000",
"tags": [
"null",
"nie mona",
"array",
"input",
"nonmsdombrowser",
"object",
"html",
"component",
"body",
"horizontal",
"date",
"calendar",
"february",
"april",
"june",
"august",
"iframe",
"form",
"friday",
"explorer",
"target",
"error",
"legend",
"this",
"type",
"regexp",
"elem",
"index",
"function",
"handle",
"check",
"safari",
"expando",
"android",
"false",
"hooks",
"copy",
"prop",
"class",
"mark",
"window",
"code",
"capture",
"accept",
"seed",
"override",
"hook",
"look",
"loop",
"install",
"pass",
"enough",
"bind",
"core",
"local",
"verify",
"done",
"find",
"internal",
"inject",
"possible",
"hold",
"middle",
"guard",
"fall",
"stop",
"panic",
"back",
"restrict",
"speed",
"turn",
"grab",
"getclass",
"jquery",
"bubble",
"anchor",
"shift"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1134",
"name": "Access Token Manipulation",
"display_name": "T1134 - Access Token Manipulation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 13,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Arek-BTC",
"id": "212764",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1143,
"domain": 155,
"hostname": 523,
"FileHash-SHA256": 151
},
"indicator_count": 1972,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 122,
"modified_text": "340 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "674afb83c67ff4443e9f953a",
"name": "PolymodXT.exe",
"description": "",
"modified": "2025-05-14T21:18:19.590000",
"created": "2024-11-30T11:48:19.052000",
"tags": [
"file",
"flagi",
"process sha256",
"process disc",
"pathway z",
"identyfikator",
"zawiera moliwo",
"klucz",
"zawiera",
"wybierz",
"nie mona",
"przechowywanie",
"haso",
"obiekt",
"cig uid",
"zilla",
"enumerate",
"defender",
"pragma",
"security",
"license v2",
"ff ff",
"fc e8",
"f8 ff",
"fc ff",
"c9 c3",
"e4 f8",
"cc cc",
"fc eb",
"confuserex mod",
"aspirecrypt",
"detects",
"reactor",
"beds protector",
"ps2exe",
"bsjb",
"boxedapp",
"cyaxsharp",
"cyaxpng",
"smartassembly",
"koivm",
"confuserex",
"obfuscator",
"aspack",
"titan",
"enigma",
"vmprotect",
"strings",
"rlpack",
"antiem",
"antisb",
"themida",
"loader",
"sality",
"dnguard",
"windows nt",
"gecko",
"khtml",
"msie",
"wow64",
"stealer",
"win64",
"error",
"userprofile",
"keylogger",
"encrypt",
"antivm",
"span",
"main",
"grabber",
"hello",
"android",
"dcrat",
"win32",
"kill",
"revengerat",
"sandbox",
"pass",
"chat",
"first",
"asyncrat",
"crypto",
"injector",
"dropper",
"infostealer",
"lockfile",
"worldwind",
"stealerium",
"toxiceye",
"avemaria",
"fast",
"persistence",
"trojan",
"restart",
"snakekeylogger",
"snake",
"accept",
"cookie",
"code",
"killproc",
"lazarus",
"dearcry",
"njrat",
"cyrus",
"powershell",
"info",
"body",
"floodfix",
"downloader",
"ransomware",
"core",
"loki",
"fpspy",
"klogexe",
"firebird",
"patch",
"explorer",
"avkiller",
"masslogger",
"baldr",
"modi rat",
"helpme",
"osno",
"import",
"keylog",
"screencapture",
"ransom",
"crypted",
"silent",
"xorddos",
"stormkitty",
"ordinal",
"locker",
"hyperbro",
"lamepyre",
"parallaxrat",
"null",
"shurk steal",
"arkeistealer",
"strongpity",
"desktop",
"myagent",
"bypass",
"fatduke",
"miniduke",
"polyglotduke",
"guildma",
"spyeye",
"corebot",
"killmbr",
"ooops",
"lcpdot",
"torisma",
"codec",
"prometheus",
"spook",
"crypt",
"logger",
"zegost",
"poshkeylogger",
"systembc",
"hdlocker",
"cryptolocker",
"fivehands",
"kitty",
"goldmax",
"rents",
"maurigo",
"done",
"hidewindow",
"bokbot",
"bladabindi",
"darktrack",
"darksky",
"alien",
"karkoff",
"inject",
"windigo",
"rest",
"softcnapp",
"elysiumstealer",
"leivion",
"banload",
"ultrareach",
"ultrasurf",
"buterat",
"tools",
"beasty",
"shut",
"gravityrat",
"fatalrat",
"discord",
"deadwood",
"turian",
"markirat",
"mark",
"klingonrat",
"path",
"reverserat",
"grab",
"meta",
"voidcrypt",
"darkvnc",
"ryzerlo",
"hiddentear",
"boxcaon",
"stream",
"crimsonrat",
"delfi",
"infinity",
"stealthworker",
"gasket",
"spoolss",
"lu0bot",
"target",
"attack",
"cobaltstrike",
"bits",
"chaos",
"bitcoin",
"wiper",
"delphi",
"slackbot",
"neshta",
"belarus",
"apanas",
"runner",
"darkcomet",
"macoute",
"iframe",
"vanillarat",
"sectoprat",
"melt",
"tomiris",
"apostle",
"blackbyte",
"kutaki",
"override",
"windealer",
"mkdir",
"brbbot",
"config",
"babylon rat",
"spynet",
"bazarloader",
"clipper",
"banker",
"gh0st",
"piratestealer",
"witch",
"killme",
"vulturi",
"tofsee",
"slow",
"owowa",
"flagpro",
"write",
"dazzlespy",
"decryptor",
"bandit stealer",
"bandit",
"darkeye",
"recordbreaker",
"truebot",
"svchost",
"clipbanker",
"service",
"arrowrat",
"ducktail",
"confuser",
"gobrat",
"modiloader",
"chilelocker",
"noclose",
"strelastealer",
"comfoo",
"babar",
"blankgrabber",
"solarmarker",
"darkgate",
"stub",
"banned",
"globeimposter",
"rhysida",
"janelarat",
"kraken",
"recon",
"quiterat",
"venomrat",
"venom rat",
"sapphirestealer",
"ntospy",
"raccoon",
"shifu",
"mediapi",
"poolrat",
"cicada3301",
"remoteexec"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 528,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Arek-BTC",
"id": "212764",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 414,
"FileHash-SHA1": 410,
"FileHash-SHA256": 1940,
"URL": 171,
"hostname": 56,
"domain": 134,
"YARA": 759,
"email": 4
},
"indicator_count": 3888,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 122,
"modified_text": "340 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "67f33233092ab19b74879403",
"name": "MacOS M2 Chip Infiltration: Game Center & XBOX Pod Game & Chat Server",
"description": "pulse explores a variety of files, objects, and functions that could be associated with different system components, libraries, and protocols. It highlights a wide range of potential vulnerabilities that may exist in software related to system functions, APIs, data handling, and device interactions, including issues in devices like game controllers, HID devices, and platform-specific services (such as Apple and Android). The pulse references several components across different platforms (macOS, iOS, ARM architectures, and others), with a focus on low-level code, encryption libraries, system utilities, and network protocols like TCP, IP, and Bluetooth. The identified vulnerabilities could involve buffer overflows, deprecated functions, improper memory handling, and potential exploit vectors related to system security, performance, and integrity.",
"modified": "2025-05-07T02:03:20.735000",
"created": "2025-04-07T02:02:27.322000",
"tags": [
"helper macro",
"param",
"param inccache",
"kerberos",
"ccache",
"api function",
"ccapi",
"api version",
"param ioccache",
"ccacheserver",
"win32",
"null",
"code",
"win64",
"error",
"union",
"ccapideprecated",
"ccacheapi",
"ccapiv2h",
"apple",
"export",
"united",
"ccache api",
"cplusplus",
"x8664",
"typedef",
"patheq",
"none",
"popen",
"terminate",
"false",
"winenv",
"winexe",
"frozen",
"winservice",
"python",
"posixthreads",
"pyhavecondvar",
"ntthreads",
"vista",
"pyemulatedwincv",
"ntddivista",
"semaphore",
"pycondt",
"win7",
"pybuildcore",
"fall",
"copyright",
"technology",
"all rights",
"reserved",
"america",
"government",
"within that",
"klprincipal",
"klloginoptions",
"inpassword",
"klboolean",
"klindex inindex",
"login",
"klstatus",
"kerberos login",
"inst",
"regexp",
"typeof e",
"function",
"typeof t",
"typeof o",
"width",
"typeof",
"pseudo",
"body",
"sticky",
"date",
"class",
"this",
"void",
"accept",
"span",
"krb5callconv",
"apoptsreserved",
"tktflgreserved",
"kdcoptreserved",
"krb5data",
"eblock",
"krb5address",
"krb5keyblock",
"service",
"realm",
"format",
"general",
"internal",
"entropy",
"mask",
"mcpeerid",
"mcsession",
"property",
"protocol",
"create",
"nsuinteger",
"notifies",
"mcsession api",
"interface",
"bonjour",
"ascii lowercase",
"abc company",
"section",
"bonjour txt",
"mcextern",
"attribute",
"mcextern extern",
"mcexternweak",
"nsenum",
"nsinteger",
"mcerrorcode",
"mcerrorunknown",
"mcerrortimedout",
"bonjour apis",
"stop",
"peer",
"example",
"tags",
"session",
"nsprogress",
"nserror",
"nsstring",
"nsurl",
"nsarray",
"note",
"ui element",
"utf8 encoding",
"nscopying",
"nsdictionary",
"webpackrequire",
"webpackexports",
"object",
"adobe systems",
"adobe",
"incorporated",
"dissemination",
"touchmove",
"window",
"launch",
"close",
"core",
"webview",
"nwebpackrequire",
"arraybuffer",
"name",
"typedarray",
"prototype",
"string",
"number",
"nvar",
"meta",
"infinity",
"generator",
"zero",
"epsilon",
"observer",
"android",
"freeze",
"trim",
"canvas",
"simple",
"bind",
"fast",
"next",
"patch",
"rest",
"middle",
"find",
"enumerate",
"facebook",
"executor",
"apiunavailable",
"gamecontroller",
"gcbuttoninput",
"gcswitchinput",
"nsobject",
"apiavailable",
"hid device",
"cfstr",
"iohiddeviceref",
"boolean value",
"c iohidmanager",
"iohidmanager",
"c iohiddevice",
"issequential",
"bool sequential",
"bool canwrap",
"nsset",
"nsunavailable",
"gcswitchelement",
"bool",
"share button",
"xbox controller",
"xbox elite",
"xbox series",
"gcxboxgamepad",
"gcpoint2",
"gcpoint2make",
"gcpoint2 p",
"cfinline bool",
"gcpoint2equal",
"gcpoint2 point1",
"gcpoint2 point2",
"gcrelativeinput",
"isanalog",
"bool analog",
"hasinclude",
"gcaxis2dinput",
"gcpoint2 value",
"gcaxiselement",
"certain",
"gcaxisinput",
"gcbuttonelement",
"gccontroller",
"nsnotification",
"chhapticengine",
"gcmicrogamepad",
"input",
"menu button",
"gcdevicelight",
"gccolor",
"x axis",
"xvalue",
"developers",
"functionality",
"options button",
"sf symbols",
"elements",
"gcdevice",
"gctouchstate",
"gctouchstateup",
"apideprecated",
"gckeyboard",
"gcmouse",
"nsswiftname",
"gcdevicebattery",
"battery level",
"direction pad",
"directionapad",
"thumbstick",
"gcdevicecursor",
"a controller",
"gccolor color",
"gcinputbuttona",
"gcinputbuttonb",
"button b",
"check",
"a element",
"c nil",
"nsenumerator",
"siri remote",
"equivalent",
"down",
"left",
"right",
"kindof",
"handle button",
"c device",
"immediate input",
"dualsense",
"positional",
"sony dualsense",
"gcmotion",
"dualshock",
"uievent",
"controllers",
"uikit user",
"uiview",
"method",
"nsdata",
"axes",
"nsdata source",
"return",
"nullable",
"nsdata object",
"button",
"shoulder",
"extended",
"gamepad profile",
"nsdata api",
"gcgamepad",
"sizeof",
"standard",
"gckeyboardinput",
"keyboard",
"nsstring const",
"controller",
"back buttons",
"game controller",
"back",
"keypad",
"delete",
"insert",
"home",
"right arrow",
"left arrow",
"down arrow",
"up arrow",
"korean",
"backspace",
"alongside",
"gckeyuparrow",
"gckeycode const",
"lang1",
"gclinearinput",
"gcquaternion",
"gcacceleration",
"y axis",
"z axis",
"gcmouse mouse",
"gcmouse class",
"mice",
"gcmouseinput",
"mouse profile",
"scroll",
"nsdata instance",
"a alias",
"press",
"micro profile",
"siri remotes",
"b button",
"a gcinput",
"button a",
"nsoptions",
"examining",
"c sfsymbolsname",
"apple tv",
"remote",
"control center",
"a set",
"game",
"gcracingwheel",
"gcbundlewithpid",
"gcinputbuttonx",
"gcinputbuttony",
"gcinputshifter",
"gckeya",
"gckeyb",
"gckeybackslash",
"rawvalue",
"apple swift",
"o librarylevel",
"swift import",
"element",
"indices",
"iterator",
"subsequence",
"kerberoscomerr",
"const",
"permission",
"mit software",
"suitability",
"athena",
"openvision",
"gssdllimp",
"gssapigenerich",
"this software",
"purpose",
"disclaims all",
"warranties with",
"regard to",
"constraint",
"kerberosprofile",
"krb5profileh",
"const names",
"newvalue",
"1429577728l",
"gnuc",
"mach",
"omuint32",
"gssapikrb5h",
"form",
"uid form",
"client function",
"asrep",
"including",
"preauth",
"db entry",
"free",
"pointer",
"rock",
"neither",
"direct",
"damage",
"minorstatus",
"gssbuffert",
"gssctxidt",
"gssoid",
"gssnamet",
"gsscredidt",
"gssoidset",
"gssapi",
"first",
"alcapi",
"alcapientry",
"alcboolean",
"targetosmac",
"alcdevice",
"alcenum param",
"alalch",
"alcchar",
"alcsizei",
"capture",
"but not",
"limited",
"openal cross",
"apple computer",
"redistribution",
"is provided",
"type",
"alvoid",
"alint",
"openal",
"aluint sid",
"alenum",
"alint value",
"aluint property",
"alvoid nonnull",
"alfloat",
"write",
"openalopenalh",
"umbrella header",
"alenum param",
"alapi",
"aluint bid",
"alsizei",
"alfloat value",
"alapientry",
"aluint",
"verify",
"play",
"speed",
"bits",
"albuffer3i",
"albufferdata",
"albufferf",
"albufferfv",
"albufferi",
"albufferiv",
"aldistancemodel",
"aldopplerfactor",
"algetbooleanv",
"algetbuffer3f",
"iousbhostdevice",
"iousbhostobject",
"iousbhostpipe",
"iousbhoststream",
"iousbhost",
"brief",
"usb host",
"bool yes",
"bool no",
"advance",
"iousbhostfamily",
"kernel",
"ioreturn status",
"nsnumber",
"ioreturn error",
"usb device",
"select",
"commands",
"enqueue",
"nsmutabledata",
"field",
"enum",
"options",
"retrieve",
"iosource",
"current address",
"bos descriptor",
"extract",
"a descriptor",
"license",
"io request",
"abort",
"discussion",
"stream",
"please",
"swift api",
"iousbbitrange",
"iousbbitrange64",
"iousbbit",
"client",
"usb controller",
"usb descriptor",
"unknown",
"critical",
"refer",
"link",
"send",
"same",
"common ui",
"bluetooth",
"service browser",
"option",
"1001",
"cfstringref",
"deprecated",
"macos",
"returns",
"abstract",
"nswindow",
"creates",
"mac os",
"uuids",
"uuid",
"sdp service",
"nsimage",
"nsview",
"mpasskeystring",
"nsmutablearray",
"uuid array",
"ioreturn",
"runmodal",
"group",
"command",
"byte",
"masks",
"pduid",
"l2cap",
"range",
"opcode",
"packet",
"major",
"local",
"profiles",
"iobluetooth",
"framework",
"support",
"host controller",
"rfcomm",
"minor class",
"pseudoclass",
"specific device",
"headset",
"peripheral",
"desktop",
"glasses",
"device reset",
"no hci",
"hci controller",
"returns number",
"variable number",
"packdata",
"cstring",
"pass",
"path",
"deprecated in",
"obex session",
"obexsessionref",
"rfcomm channel",
"obex",
"does not",
"l2cap channel",
"inrefcon",
"device",
"length",
"obex spec",
"error code",
"make",
"headerid",
"april",
"alarm",
"avrcplog",
"audiolog",
"bccmd16touint16",
"bccmd16touint8",
"bccmd32touint32",
"hfplog",
"obexcreatevcard",
"obexsessionget",
"uint16tobccmd16",
"intents",
"created",
"andrea gottardo",
"inimage",
"intentsui",
"project version",
"inshortcut",
"ibdesignable",
"invoiceshortcut",
"nsbundle",
"siri",
"beralloct",
"berbvarrayadd",
"berbvarrayfree",
"berbvdup",
"berbvecadd",
"berbvecfree",
"berbvfree",
"berdump",
"berdup",
"berdupbv",
"ldap",
"vdspinput1",
"vectorsize",
"iirchannel",
"osvkerndsplib",
"pragmaonce",
"paul chang",
"fri mar",
"original code",
"apple operating",
"modifications",
"apple public",
"source license",
"version",
"lframesize",
"i386",
"picify",
"callmcount",
"nonlazystub",
"align",
"roundtostack",
"leaf",
"import",
"carnegie mellon",
"carnegie",
"inline void",
"software",
"school",
"august",
"xnuarchi386selh",
"next computer",
"mike demoney",
"bruce martin",
"state segment",
"nxswappedfloat",
"osswapint32",
"inline float",
"inline double",
"osswapint64",
"armlimitsh",
"arm64",
"useclangtypes",
"bsdarmtypesh",
"int8t",
"gnuc typedef",
"uint8t",
"ansi c",
"ansi",
"use wchart",
"armmcontexth",
"mcontextt",
"armparamh",
"round",
"darwinsizet",
"darwinalign",
"uint32t",
"darwinalign32",
"warranties",
"a particular",
"university",
"armarch6zk",
"armarch6k",
"armarch4t",
"armarch4",
"http",
"capbitnb",
"legacy",
"armfeatureflag",
"california",
"notice",
"berkeley",
"limited to",
"define",
"useclanglimits",
"lp64",
"ansisource",
"darwincsource",
"longmin",
"ulongmax",
"parameter",
"vmmemcoherent",
"vmmemearlyack",
"vmmeminner",
"vmmemrt",
"vmmemguarded",
"armmemorytypesh",
"armpalroutinesh",
"read",
"struct",
"booleant",
"cluster",
"devbsize",
"mclbytes",
"unix system",
"laboratories",
"devbshift",
"thumb",
"armv5",
"armv7",
"cache",
"neon",
"swift",
"bsdarmprofileh",
"xxx todo",
"block",
"mcount",
"mcountinit",
"mcountenter",
"splhigh",
"armthreadh",
"armtraph",
"dflssiz",
"targetososx",
"maxssiz",
"rliminfinity",
"maxcsiz",
"bsdarmvmparamh",
"dfldsiz",
"maxdsiz",
"xxx stack",
"armsignal",
"int64t",
"armmachtypesh",
"int32t",
"methods",
"thread",
"hasapplepac",
"atmatmtypesh",
"libkernlocksh",
"fortifysource",
"libkerncopyioh",
"sizedby",
"darwinosinline",
"stdcversion",
"osswapint16",
"libkerncrch",
"blockexport",
"vaargs",
"blockrelease",
"blockh",
"collection",
"blockcopy",
"ososbaseh",
"base",
"byteoffset",
"host endianess",
"generic host",
"generic",
"osmalloc",
"osmalloctag tag",
"osmalloctag",
"pci device",
"uint32",
"uint32 mask",
"safecastptr",
"sint32",
"osaddatomic64",
"uint8",
"libkern c",
"internal error",
"core osreturn",
"libkern",
"values",
"pragmamark",
"kexts",
"kext",
"c string",
"grab",
"osostypesh",
"boolean",
"unsignedwide",
"uint32 hi",
"buildtime value",
"libkernversionh",
"versionmajor",
"versionminor",
"versionvariant",
"versionrevision",
"ostype",
"osrelease",
"libkernsysctlh",
"instructions",
"data cache",
"future",
"rbleft",
"rbright",
"rbgetparent",
"splayright",
"splayleft",
"rbsetcolor",
"rbblack",
"rbgetcolor",
"comp",
"main",
"stdc",
"msdos",
"windows",
"sys16bit",
"zlibdll",
"zextern",
"zconfh",
"model",
"zextern int",
"zstreamerror",
"znull",
"zbuferror",
"zmemerror",
"zstreamend",
"zdataerror",
"zfinish",
"enough",
"possible",
"trailer",
"compiler",
"countedby",
"sparta",
"osatomic",
"ipcipctypesh",
"ipcobjectnull",
"ipcobjectdead",
"osreturn",
"nfskrpch",
"xdrbuf",
"xdrbuf xbp",
"xbptr",
"xbleft",
"tlen",
"lval",
"xbcleanup",
"xbtype",
"xbflags",
"nfsargsversion",
"file",
"packed",
"nfshz",
"mount",
"term",
"restrict",
"stats",
"nfsbitmapset",
"nfsver3",
"nfsxunsigned",
"attr",
"nfsprogram",
"nfssmallfh",
"which",
"from",
"mark",
"obsolete",
"ip address",
"iaddrt",
"netinetbootph",
"nvmaxtext",
"magic",
"etheraddrlen",
"target",
"byteorder",
"bigendian",
"littleendian",
"dest",
"igmp",
"ushort",
"inpcbptr",
"inpcblistentry",
"ipsec",
"pcbs",
"cookie",
"netinetinstath",
"minimal",
"result",
"arp packet",
"icmpparamprob",
"icmpredirect",
"address",
"ditto",
"ip filter",
"ipv4",
"ip packet",
"inject",
"wifi",
"server",
"tcpmaxnotifyack",
"wired",
"ecn setup",
"notify",
"slow",
"definitions",
"tcptmax",
"retransmit",
"mptcp",
"tcpsclosewait",
"tcpsestablished",
"tcpstimewait",
"tcpseq",
"timer drift",
"sack",
"char",
"icmp",
"synack",
"tcpoptnop",
"syndata",
"ver",
"internet",
"iopcidevice",
"constant",
"perst",
"localonly",
"iooptionbits",
"optional access",
"ioservice",
"open",
"pcidriverkith",
"osmetaclassbase",
"iorpc rpc",
"auditpipeiobase",
"auditsdeviobase",
"ioctls",
"data",
"the software",
"stdargh",
"hasincludenext",
"eli friedman",
"as is",
"hack",
"atomic",
"atomicseqcst",
"clangstdatomich",
"stdchosted",
"stdboolh",
"needwintt",
"stddefh",
"hasbuiltin",
"const src",
"xnumembersize",
"const dst",
"wcharmax",
"wcharmin",
"limits",
"kernelstdinth",
"lp64 typedef",
"intmaxc",
"uintmaxc",
"ptrauth",
"olddata",
"value",
"declkey",
"abi pointer",
"c function",
"float16",
"fltevalmethod",
"legacy bsd",
"c standard",
"sincospi",
"cosp",
"x8664monotonich",
"staticifentry",
"hasmte",
"vmmemorytypesh",
"vmwimgdefault",
"wimg",
"extvectortype",
"utilfunction",
"aligned",
"srcptr",
"vmpmaph",
"vmdyldpagerh",
"vmvmfaulth",
"vmvmmaph",
"development",
"debug",
"vmvmoptionsh",
"vmvmpageouth",
"kasantbi",
"machvmmemtagh",
"given",
"vmmemtagptrsize",
"vmmemtagtagsize",
"copy",
"vmsharedregionh",
"vfsvfssupporth",
"veclib",
"master",
"world wide",
"various",
"veclibtypes",
"carbonlib",
"availability",
"carbon",
"noncarbon cfm",
"vbasicops",
"shift",
"vforceh",
"vdsplength n",
"realp",
"nonnull",
"vector",
"dspsplitcomplex",
"ieee",
"dspcomplex",
"uuiduuidh",
"uuiddefine",
"public",
"uuid library",
"kernelserver",
"simpleroutine",
"undkey",
"execution",
"strings array",
"user",
"title string",
"info",
"1024",
"xmldatat",
"undreplyref",
"kernsuccess",
"osaction",
"targetosiphone",
"istargetvendor",
"targetcpux8664",
"targetosunix",
"targetcpuppc",
"targetcpuppc64",
"targetcpux86",
"targetrtmaccfm",
"bridge",
"svflags",
"svpavreal",
"svpavreify",
"xpvav",
"svany",
"avfillp",
"for apidoc",
"mutableav",
"avrealoff",
"pltopenv",
"stmtstart",
"stmtend",
"copfile",
"plcurstackinfo",
"copfilegv",
"cophinthashget",
"loop",
"stack",
"beware",
"orig",
"loops",
"this file",
"the build",
"plbitcount",
"u8 value",
"cvflags",
"xpvcv",
"mutableptr",
"perlcore",
"cvgv",
"cvfile",
"cvfmethod",
"cvflvalue",
"cvfconst",
"anon",
"doinit extconst",
"ebcdic",
"extconst u8",
"index",
"ascii platform",
"confusingly",
"u8 pla2e",
"pla2e",
"u8 ple2a",
"guard",
"declspec",
"extconst",
"ext externc",
"init",
"larry wall",
"gnu general",
"readme file",
"multiplicity",
"plsawampersand",
"do not",
"perliogetc",
"perlioputc",
"perliostdoutf",
"perlio",
"perlfeatureh",
"featuresubbit",
"featuremyrefbit",
"featurefcbit",
"featureisabit",
"featuresaybit",
"featurestatebit",
"featuretrybit",
"hintfeaturemask",
"ffspace",
"process",
"ffdecimal",
"ffend",
"gvgp",
"gvflags",
"gvnamehek",
"svtype",
"gvegv",
"gvstash",
"gvxpvgv",
"svtpvgv",
"svtpvlv",
"super",
"edit directly",
"djgpp",
"bitbucket",
"perlsysinitbody",
"perlioinit",
"perlsystermbody",
"w macros",
"wexitstatus",
"shpath",
"mkdir",
"rotl64",
"rotl32",
"rotate x",
"rotr32",
"can64bithash",
"rotr64",
"ivsize",
"u8to16le",
"rotluv",
"rotruv",
"sbox32maxlen",
"plhashstate",
"perlhash",
"perl",
"usehashseed",
"perlseenhvfunch",
"perlhashseed",
"siphash24",
"siphash13",
"seed",
"c program",
"c type",
"c compiler",
"gcc attribute",
"longsize",
"c preprocessor",
"install",
"kill",
"cont",
"thus",
"ext declspec",
"dext",
"for apidocitem",
"utf8",
"ascii",
"fitsin8bits",
"nativetolatin1",
"strwithlen",
"u8 end",
"test",
"poison",
"february",
"cray",
"prior",
"behaviour",
"except",
"alpha",
"perlvar",
"perlvari",
"perlvara",
"padoffset",
"true",
"pmop",
"hooks",
"hook",
"sv invlist",
"perlinregcompc",
"svcur",
"perlinopc",
"tointernalsize",
"svtinvlist",
"invlistlen",
"strlen",
"hvaux",
"heklen",
"svook",
"hekutf8",
"hekkey",
"hekflags",
"mutablehv",
"hvnameheknn",
"gosh",
"leave",
"iperlsock",
"plsock",
"iperlstdio",
"plstdio",
"iperlproc",
"plproc",
"iperllio",
"pllio",
"perlimplicitsys",
"plink",
"keypackage",
"keyend",
"keysub",
"keydump",
"keylog",
"keysend",
"keystate",
"perlioclose",
"perlmemcollxfrm",
"nativetoneed",
"plclocaleobj",
"plno",
"plwarnall",
"plwarnnone",
"plyes",
"plzero",
"plc9utf8dfatab",
"nomathoms",
"perlintokec",
"perlinutf8c",
"perlinsvc",
"perlinregexecc",
"debugging",
"perlinlocalec",
"pfinet",
"snoop",
"ccprint",
"ccgraph",
"cccharnamecont",
"ccascii",
"ccwordchar",
"ccalphanumeric",
"ccidfirst",
"ccquotemeta",
"ccalpha",
"cccased",
"ordinal",
"magicvtablemax",
"extra",
"regex match",
"env hash",
"isa array",
"debugger",
"sig hash",
"available",
"shadow",
"array length",
"magic mg",
"sv sv",
"mgftainteddir",
"hefsvkey",
"mutablesv",
"ssizet",
"mgvtbl entry",
"mgfbytes",
"perlmagicsv 0",
"special",
"perlmagicarylen",
"perlmagicrhash",
"extra data",
"perlmagicpos",
"perlmagicsymtab",
"provides",
"dtrace probes",
"stdioh",
"stdioincluded",
"sfioversion",
"rxfpmfcharset",
"rxfpmfmultiline",
"rxfpmffold",
"rxfpmfextended",
"rxfpmfnocapture",
"rxfpmfkeepcopy",
"flags",
"rxfpmfstrict",
"ocshift",
"plop",
"perlbitfield16",
"baseop op",
"useithreads",
"pmfonce",
"padop",
"perlcknull",
"perlckfun",
"opparg1mask",
"opparg4mask",
"opparg2mask",
"perlckftst",
"perlppftrowned",
"perlckbitop",
"perlckcmp",
"perlcklfun",
"dump",
"chroot",
"syscall",
"flip",
"undef",
"crypt",
"push",
"stub",
"trans",
"predec",
"flop",
"prtf",
"shutdown",
"perlcontext cx",
"perlmemlog",
"c pointer",
"cxtype",
"logic",
"toavamg",
"tohvamg",
"opftrread",
"oplt",
"opincmp",
"opbitand",
"opsbitor",
"opsend",
"opgetpeername",
"opfteexec",
"opftbinary",
"opclose",
"plparser",
"yylex",
"lexshared",
"position",
"repl",
"memsize",
"malloct",
"perlmallocctlh",
"uv nfree",
"uv ntotal",
"iv topbucket",
"iv totalsbrk",
"iv minbucket",
"level",
"plcomppad",
"plcurpad",
"uvxf",
"ptr2uv",
"avarray",
"padnameflags",
"plcopseqmax",
"padlistarray",
"c array",
"padnametype",
"incpushperl5lib",
"appllibexp",
"privlibexp",
"defineincmacros",
"perlfsversion",
"perl5lib",
"sitearchexp",
"perllanginfoh",
"hasnllanginfo",
"ilanginfo",
"codeset",
"codeset 1",
"dtfmt",
"dtfmt 2",
"dfmt",
"dfmt 3",
"sipround",
"u8to64le",
"fallthrough",
"uint64c",
"perlsiphashfnc",
"siprounds",
"strlen inlen",
"sipfinalrounds",
"could",
"configure",
"plout",
"mine001",
"argv",
"plin",
"localpatchcount",
"perlapih",
"xs code",
"portingglossary",
"first version",
"brand",
"symbols",
"haswcrtomb",
"perlionotstdio",
"perlcallconv",
"perlio f",
"perlioh",
"usestdio",
"case",
"bufsiz",
"sizet",
"perlstability",
"perltypedefs",
"perldtracehin",
"perlloadedfile",
"perlloadingfile",
"perlopentry",
"perlphasechange",
"perlsubentry",
"perlsubreturn",
"generated",
"perlcallconv iv",
"sizet count",
"sv arg",
"mode",
"perliofuncs tab",
"stdchar",
"perliolistt",
"sv args",
"mutex",
"perlinterpreter",
"sigsize",
"perlioisstdio",
"perlcallconv op",
"perldokv",
"perlppaassign",
"perlppabs",
"perlppaccept",
"perlppadd",
"perlppaeach",
"perlppaelem",
"public license",
"free software",
"foundation",
"yydebug",
"bison",
"bareword",
"funcmeth",
"arrow",
"targ",
"pushs",
"tops",
"does",
"xsub",
"pops",
"xpushs",
"erange",
"perlreentrapi",
"perlreentrapi0",
"hostentsize",
"getgrentrproto",
"getpwentrproto",
"getnetentrproto",
"grentbuffer",
"grentsize",
"hostenterrno",
"redebugflag",
"debugvtest",
"debugr",
"u16 nextoff",
"argset",
"u8 type",
"nextoff",
"strings",
"problem",
"june",
"invert",
"perlfpclass",
"longdoublekind",
"plstatusvalue",
"pldebug",
"numclasses",
"locale",
"grok",
"pragma",
"dword",
"attack",
"little",
"lynx",
"done",
"reany",
"rxpextflags",
"rxextflags",
"checkpoint cp",
"rxftaintedseen",
"rxfcopydone",
"plsavestackix",
"plsavestack",
"plsavestackmax",
"ssmaxpush",
"enter",
"debugscope",
"state",
"u32 state",
"debugsbox32hash",
"sbox32warn5",
"line",
"mutexunlock",
"mutexinit",
"noop",
"mutexlock",
"condinit",
"detach",
"panic",
"usetm64",
"should",
"bsd extension",
"configuration",
"time64debug",
"int64t nv",
"gnu extension",
"perltime64h",
"time64t",
"int64t int64",
"int64 time64t",
"i32 year",
"tm64",
"hastmtmgmtoff",
"decide",
"svpvx",
"svgmagic",
"bonk",
"anything",
"turn",
"crash",
"fstat",
"perlmicro",
"hasioctl",
"hasutime",
"hasgroup",
"haspasswd",
"usemybinmode",
"idirent",
"likely",
"generated code",
"utfebcdic",
"unicode",
"step",
"ufeff",
"u00a0",
"u00df",
"u00b5",
"ufffd",
"u017f",
"u0300",
"unlikely",
"nativeutf8toi8",
"utf8skip",
"nativetouni",
"lazy",
"extrasize",
"regnodemax",
"exact",
"match",
"whilem",
"anyof",
"curly",
"trie",
"curlym",
"eval",
"star",
"perlutilh",
"hsmapiverlen",
"hsxsverlenmax",
"hskeyp",
"tools",
"sv vs",
"perlversionlt",
"svpvxnolenconst",
"perlckwarner",
"u32 err",
"scroakxsusage",
"pluumap",
"warnings",
"categories",
"plcurcop",
"perlckwarn",
"perlckwarnd",
"perlwarnisset",
"perlwarnoff",
"perlwarnbit",
"xsversion",
"xsreturn",
"perlxshandshake",
"plstackbase",
"hskey",
"zaphod32mix",
"u8to32le",
"zaphod32warn4",
"zaphod32warn3",
"zaphod32warn6",
"perlform",
"i8tonativeutf8",
"warnutf8",
"myshift",
"c extension",
"libs",
"cflags",
"afkuserlog",
"kafkeventcancel",
"kafkeventerror",
"adamsbagmanager",
"adjinglerequest",
"isinternalbuild",
"kickmcxdforuid",
"loadappkit",
"ardconfig",
"authenticator",
"dsauthenticator",
"dsnode",
"dsrecord",
"hostconfig",
"addtofront",
"calcslope",
"copyarray",
"createcachenode",
"defaultebecurve",
"deletecache",
"disablehcucache",
"dumpcache",
"dumpoutputhcu",
"enablet1sim",
"ascagent",
"ascagentproxy",
"asdevice",
"ddrangecompare",
"wdosloglauncher",
"wdoslogprotocol",
"findchar",
"ddasllogger",
"ddfilelogger",
"ddlog",
"ddlogfileinfo",
"ddlogmessage",
"ddloggernode",
"mkurlparser",
"mkerrordomain",
"mkintegerhash",
"mklonghash",
"mkmaprectinset",
"mkmaprectnull",
"mkmaprectoffset",
"mkmaprectworld",
"mkmapsizeworld",
"kextensionnonui",
"wkarraycreate",
"wkbooleancreate",
"wkcontextcreate",
"wkdatacreate",
"wkdatagettypeid",
"wkdoublecreate",
"wkframecopyurl",
"wkgettypeid",
"wkimagecreate",
"wkpagecandelete",
"webkit",
"methodkind",
"wkerrordomain",
"by apple",
"document",
"a block",
"wkcontentworld",
"wkwebview",
"javascript",
"wkerrorcode",
"wkerrorunknown",
"nsswiftasync",
"wkswiftasync",
"wkcookiepolicy",
"nshttpcookie",
"whether",
"wknavigation",
"wkdownload",
"decides",
"mime type",
"wkscriptmessage",
"wkframeinfo",
"information",
"url scheme",
"wkcontentmode",
"wkuserscript",
"wkextern",
"media",
"promise",
"fulfill",
"cgfloat",
"targetoswatch",
"sign",
"password",
"provider",
"uicontrol",
"nscontrol",
"opaque user",
"apple id",
"nsstring user",
"asuseragerange",
"initiate",
"asauthorization",
"confirms",
"apple upgrade",
"nserrorenum",
"operation",
"relying party",
"targetosvision",
"a byte",
"nsdata userid",
"relying",
"a string",
"asapiavailable",
"http response",
"authorization",
"oauth",
"saml",
"nsdata readdata",
"bool didwrite",
"a cose",
"nsstring name",
"bool appid",
"targetosxr",
"a state",
"a json",
"web token",
"private seckeys",
"nsstring appid",
"mdm profile",
"nsurl url",
"returns yes",
"lacontext",
"asswiftsendable",
"keychain",
"cose algorithm",
"ecdsa",
"sha256",
"cose curve",
"p256",
"nsinteger rank",
"enables",
"bool success",
"remove",
"call",
"complete",
"prepare",
"attempt",
"list",
"nsextension",
"settings",
"initializes",
"a key",
"extensions",
"hash",
"json",
"initialize",
"nsstring origin",
"settings app",
"urls",
"https urls",
"safari",
"cancel",
"nsuuid uuid",
"asextern extern",
"asextern",
"nsswiftsendable",
"uiwindow",
"propertykind",
"gkplayer",
"n tags",
"gkerrordomain",
"gamecenter",
"targetosios",
"targetostv",
"nsavailable",
"gkachievement",
"local player",
"view",
"present",
"optional",
"gkbaseplayer",
"game center",
"uiimage",
"app store",
"gkchallenge",
"gklocalplayer",
"nsdeprecated",
"a singleton",
"gkcloudplayer",
"returns nil",
"nsdeprecatedmac",
"internal2",
"internal3",
"internal4",
"gkscore",
"gkextern",
"gkextern extern",
"gkexternweak",
"gkerrorcode",
"gkerrorunknown",
"gkerrorunderage",
"friendplayer",
"standard view",
"nsresponder",
"parentwindow",
"ibaction",
"gkgamesession",
"apis",
"gkplayer player",
"nsinteger score",
"nsdate date",
"gkleaderboard",
"connect",
"nsinteger value",
"load",
"gktransporttype",
"nsstring title",
"loads array",
"localized",
"gkmatch",
"gkmatchrequest",
"gkinvite",
"gksession",
"gksession api",
"gamekit",
"asynchronously",
"welcome",
"nstimeinterval",
"delegate",
"delivery",
"gksenddatamode",
"gksessionmode",
"gkphotosize",
"callbacks",
"gkmatchdelegate",
"gksavedgame",
"default value",
"gksessionerror",
"gkvoicechat",
"participant",
"voice chat",
"clienta"
],
"references": [
"CredentialsCache.h",
"CredentialsCache2.h",
"config.xml",
"popen_spawn_win32.py",
"pycore_condvar.h",
"Kerberos.h",
"KerberosLogin.h",
"plugin.js",
"krb5.h",
"MultipeerConnectivity.tbd",
"MCBrowserViewController.h",
"MCNearbyServiceAdvertiser.h",
"MCError.h",
"MCAdvertiserAssistant.h",
"MCNearbyServiceBrowser.h",
"MultipeerConnectivity.apinotes",
"MultipeerConnectivity.h",
"MCSession.h",
"MCPeerID.h",
"canvas.html",
"capture_0.bundle.js",
"capture_resize.js",
"GCRacingWheelInput.h",
"GCSyntheticDeviceKeys.h",
"GCSwitchPositionInput.h",
"GCSteeringWheelElement.h",
"GCSwitchElement.h",
"GCTouchedStateInput.h",
"GCXboxGamepad.h",
"GCTypes.h",
"GCRelativeInput.h",
"GameController.h",
"GCAxis2DInput.h",
"GCAxisElement.h",
"GCAxisInput.h",
"GCButtonElement.h",
"GCController.h",
"GCColor.h",
"GCControllerAxisInput.h",
"GCControllerDirectionPad.h",
"GCControllerInput.h",
"GCControllerElement.h",
"GCControllerTouchpad.h",
"GCDevice.h",
"GCDeviceBattery.h",
"GCDeviceCursor.h",
"GCDeviceHaptics.h",
"GCDeviceLight.h",
"GCDevicePhysicalInputState.h",
"GCDevicePhysicalInputStateDiff.h",
"GCDirectionalGamepad.h",
"GCDirectionPadElement.h",
"GCDevicePhysicalInput.h",
"GCDualSenseAdaptiveTrigger.h",
"GCDualSenseGamepad.h",
"GCDualShockGamepad.h",
"GCEventViewController.h",
"GCExtendedGamepadSnapshot.h",
"GCExtern.h",
"GCExtendedGamepad.h",
"GCGamepadSnapshot.h",
"GCGearShifterElement.h",
"GCGamepad.h",
"GCKeyboard.h",
"GCInputNames.h",
"GCControllerButtonInput.h",
"GCKeyNames.h",
"GCKeyboardInput.h",
"GCKeyCodes.h",
"GCLinearInput.h",
"GCMotion.h",
"GCMouse.h",
"GCMouseInput.h",
"GCMicroGamepadSnapshot.h",
"GCPhysicalInputElement.h",
"GCMicroGamepad.h",
"GCPhysicalInputProfile.h",
"GCPhysicalInputSource.h",
"GCPressedStateInput.h",
"GCProductCategories.h",
"GCRacingWheel.h",
"GameController.tbd",
"arm64e-apple-macos.swiftinterface",
"x86_64-apple-macos.swiftinterface",
"module.modulemap",
"com_err.h",
"gssapi_generic.h",
"locate_plugin.h",
"profile.h",
"gssapi_krb5.h",
"preauth_plugin.h",
"gssapi.h",
"alc.h",
"oalStaticBufferExtension.h",
"oalMacOSX_OALExtensions.h",
"OpenAL.h",
"al.h",
"OpenAL.tbd",
"IOUSBHost.tbd",
"IOUSBHostCIEndpointStateMachine.h",
"IOUSBHostCIControllerStateMachine.h",
"IOUSBHost.h",
"IOUSBHostCIPortStateMachine.h",
"IOUSBHostCIDeviceStateMachine.h",
"IOUSBHostControllerInterfaceHelpers.h",
"IOUSBHostDevice.h",
"IOUSBHostControllerInterface.h",
"IOUSBHostDefinitions.h",
"IOUSBHostInterface.h",
"IOUSBHostIOSource.h",
"AppleUSBDescriptorParsing.h",
"IOUSBHostStream.h",
"IOUSBHostObject.h",
"IOUSBHostControllerInterfaceDefinitions.h",
"IOUSBHostPipe.h",
"IOBluetoothUIUserLib.h",
"IOBluetoothUI.h",
"IOBluetoothObjectPushUIController.h",
"IOBluetoothDeviceSelectorController.h",
"IOBluetoothPasskeyDisplay.h",
"IOBluetoothPairingController.h",
"IOBluetoothServiceBrowserController.h",
"IOBluetoothUI.tbd",
"Bluetooth.h",
"IOBluetooth.h",
"BluetoothAssignedNumbers.h",
"IOBluetoothTypes.h",
"IOBluetoothUtilities.h",
"OBEXBluetooth.h",
"IOBluetoothUserLib.h",
"OBEX.h",
"IOBluetooth.tbd",
"INImage+IntentsUI.h",
"IntentsUI.h",
"INUIAddVoiceShortcutButton.h",
"IntentsUI.apinotes",
"INUIEditVoiceShortcutViewController.h",
"INUIAddVoiceShortcutViewController.h",
"LDAP.tbd",
"OSvKernDSPLib.h",
"cpu.h",
"asm_help.h",
"desc.h",
"pio.h",
"io.h",
"sel.h",
"reg_help.h",
"tss.h",
"table.h",
"byte_order.h",
"_limits.h",
"_types.h",
"_mcontext.h",
"_param.h",
"_endian.h",
"arch.h",
"cpuid_internal.h",
"cpu_capabilities_public.h",
"arm_features.inc",
"endian.h",
"locks.h",
"limits.h",
"atomic.h",
"machine_cpuid.h",
"memory_types.h",
"pal_routines.h",
"machine_routines.h",
"param.h",
"cpuid.h",
"thread.h",
"trap.h",
"vmparam.h",
"signal.h",
"types.h",
"AFKMemoryDescriptorOptions.h",
"machine_machdep.h",
"atm_types.h",
"copyio.h",
"_OSByteOrder.h",
"crc.h",
"Block.h",
"OSBase.h",
"OSByteOrder.h",
"OSDebug.h",
"OSMalloc.h",
"OSAtomic.h",
"OSReturn.h",
"OSKextLib.h",
"OSTypes.h",
"version.h",
"sysctl.h",
"tree.h",
"zconf.h",
"zlib.h",
"libkern.h",
"kdp_callout.h",
"kdp_en_debugger.h",
"ipc_types.h",
"krpc.h",
"rpcv2.h",
"xdr_subs.h",
"nfs.h",
"nfsproto.h",
"bootp.h",
"if_ether.h",
"icmp6.h",
"icmp_var.h",
"igmp_var.h",
"igmp.h",
"in_pcb.h",
"in_stat.h",
"in_private.h",
"in_arp.h",
"in_var.h",
"in_systm.h",
"ip_var.h",
"ip_icmp.h",
"kpi_ipfilter.h",
"ip6.h",
"tcp_private.h",
"ip.h",
"tcp_timer.h",
"tcp_fsm.h",
"udp_var.h",
"tcp_seq.h",
"tcpip.h",
"udp.h",
"tcp_var.h",
"tcp.h",
"IOPCIFamilyDefinitions.h",
"IOPCIDevice.iig",
"PCIDriverKit.h",
"IOPCIDevice.h",
"audit_ioctl.h",
"stdarg.h",
"stdatomic.h",
"stdbool.h",
"stddef.h",
"string.h",
"stdint.h",
"ptrauth.h",
"math.h",
"monotonic.h",
"static_if.h",
"machine_kpc.h",
"machine_remote_time.h",
"ipc_pthread_priority_types.h",
"lz4_assembly_select.h",
"vm_compressor_algorithms.h",
"lz4.h",
"pmap.h",
"vm_dyld_pager.h",
"vm_far.h",
"vm_fault.h",
"vm_map.h",
"lz4_constants.h",
"vm_options.h",
"vm_pageout.h",
"vm_memtag.h",
"vm_shared_region.h",
"vm_kern.h",
"vfs_support.h",
"vecLib.h",
"vecLibTypes.h",
"vBasicOps.h",
"vForce.h",
"vDSP.h",
"uuid.h",
"UNDReply.defs",
"UNDRequest.defs",
"KUNCUserNotifications.h",
"UNDTypes.defs",
"UNDTypes.h",
"TargetConditionals.h",
"apfs_boot_mount.tbd",
"av.h",
"cop.h",
"bitcount.h",
"cv.h",
"ebcdic_tables.h",
"EXTERN.h",
"embedvar.h",
"fakesdio.h",
"feature.h",
"form.h",
"gv.h",
"git_version.h",
"dosish.h",
"hv_macro.h",
"hv_func.h",
"config.h",
"INTERN.h",
"handy.h",
"intrpvar.h",
"invlist_inline.h",
"hv.h",
"iperlsys.h",
"keywords.h",
"libperl.tbd",
"embed.h",
"l1_char_class_tab.h",
"mg_data.h",
"mg_raw.h",
"mg.h",
"mg_vtable.h",
"mydtrace.h",
"nostdio.h",
"op_reg_common.h",
"op.h",
"opcode.h",
"inline.h",
"overload.h",
"opnames.h",
"parser.h",
"malloc_ctl.h",
"pad.h",
"perl_inc_macro.h",
"perl_langinfo.h",
"perl_siphash.h",
"patchlevel.h",
"perlapi.h",
"metaconfig.h",
"perlio.h",
"perldtrace.h",
"perliol.h",
"perlvars.h",
"perlsdio.h",
"pp_proto.h",
"perly.h",
"pp.h",
"reentr.h",
"regcomp.h",
"perl.h",
"regexp.h",
"scope.h",
"sbox32_hash.h",
"time64_config.h",
"time64.h",
"sv.h",
"unixish.h",
"uconfig.h",
"utfebcdic.h",
"unicode_constants.h",
"utf8.h",
"regnodes.h",
"util.h",
"vutil.h",
"uudmap.h",
"warnings.h",
"XSUB.h",
"zaphod32_hash.h",
"encode.h",
"python-3.9.pc",
"python-3.9-embed.pc",
"python3-embed.pc",
"python3.pc",
"AFKUser.tbd",
"AdID.tbd",
"Admin.tbd",
"AirPlayReceiver.tbd",
"AppSandbox.tbd",
"ASEProcessing.tbd",
"AuthenticationServicesCore.tbd",
"WebGPU.tbd",
"WebDriver.tbd",
"MapKit.tbd",
"SwiftUI.swiftoverlay",
"WebKit.tbd",
"WebKit.apinotes",
"WKBackForwardList.h",
"NSAttributedString.h",
"WebKit.h",
"WKBackForwardListItem.h",
"WKContentRuleList.h",
"WKContentRuleListStore.h",
"WKContextMenuElementInfo.h",
"WKDataDetectorTypes.h",
"WKContentWorld.h",
"WKError.h",
"WKFoundation.h",
"WKFindResult.h",
"WKHTTPCookieStore.h",
"WKFrameInfo.h",
"WKNavigation.h",
"WKFindConfiguration.h",
"WKNavigationDelegate.h",
"WKNavigationResponse.h",
"WKOpenPanelParameters.h",
"WebKitLegacy.h",
"WKPreviewActionItem.h",
"WKNavigationAction.h",
"WKPreferences.h",
"WKPreviewActionItemIdentifiers.h",
"WKPreviewElementInfo.h",
"WKProcessPool.h",
"WKDownload.h",
"WKPDFConfiguration.h",
"WKScriptMessage.h",
"WKSecurityOrigin.h",
"WKScriptMessageHandler.h",
"WKSnapshotConfiguration.h",
"WKUIDelegate.h",
"WKURLSchemeTask.h",
"WKWebpagePreferences.h",
"WKUserContentController.h",
"WKWebsiteDataStore.h",
"WKWebsiteDataRecord.h",
"WKUserScript.h",
"WKURLSchemeHandler.h",
"WKWebViewConfiguration.h",
"WKWebView.h",
"WKScriptMessageHandlerWithReply.h",
"WKWindowFeatures.h",
"WKDownloadDelegate.h",
"ASAccountAuthenticationModificationController.h",
"ASAccountAuthenticationModificationViewController.h",
"ASAuthorization.h",
"ASAuthorizationAppleIDButton.h",
"ASAccountAuthenticationModificationRequest.h",
"ASAuthorizationAppleIDProvider.h",
"ASAuthorizationAppleIDRequest.h",
"ASAuthorizationAppleIDCredential.h",
"ASAuthorizationController.h",
"ASAuthorizationCredential.h",
"ASAccountAuthenticationModificationExtensionContext.h",
"ASAuthorizationError.h",
"ASAuthorizationCustomMethod.h",
"ASAuthorizationPasswordRequest.h",
"ASAuthorizationOpenIDRequest.h",
"ASAuthorizationPlatformPublicKeyCredentialDescriptor.h",
"ASAuthorizationPlatformPublicKeyCredentialProvider.h",
"ASAccountAuthenticationModificationReplacePasswordWithSignInWithAppleRequest.h",
"ASAccountAuthenticationModificationUpgradePasswordToStrongPasswordRequest.h",
"ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest.h",
"ASAuthorizationPlatformPublicKeyCredentialRegistration.h",
"ASAuthorizationProvider.h",
"ASAuthorizationPlatformPublicKeyCredentialAssertion.h",
"ASAuthorizationPublicKeyCredentialAssertion.h",
"ASAuthorizationPublicKeyCredentialAssertionRequest.h",
"ASAuthorizationPublicKeyCredentialConstants.h",
"ASAuthorizationProviderExtensionAuthorizationResult.h",
"ASAuthorizationPublicKeyCredentialDescriptor.h",
"ASAuthorizationPublicKeyCredentialLargeBlobAssertionOutput.h",
"ASAuthorizationPasswordProvider.h",
"ASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput.h",
"ASAuthorizationPublicKeyCredentialParameters.h",
"ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput.h",
"ASAuthorizationPublicKeyCredentialRegistration.h",
"ASAuthorizationPublicKeyCredentialRegistrationRequest.h",
"ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialAssertion.h",
"ASAuthorizationRequest.h",
"ASAuthorizationPlatformPublicKeyCredentialAssertionRequest.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialProvider.h",
"ASAuthorizationSingleSignOnCredential.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialDescriptor.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialAssertionRequest.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialRegistration.h",
"ASAuthorizationSingleSignOnProvider.h",
"ASAuthorizationWebBrowserExternallyAuthenticatableRequest.h",
"ASAuthorizationWebBrowserPlatformPublicKeyCredentialAssertionRequest.h",
"ASAuthorizationWebBrowserPlatformPublicKeyCredentialRegistrationRequest.h",
"ASAuthorizationWebBrowserPublicKeyCredentialManager.h",
"ASAuthorizationWebBrowserPlatformPublicKeyCredential.h",
"ASAuthorizationWebBrowserSecurityKeyPublicKeyCredentialAssertionRequest.h",
"ASAuthorizationWebBrowserSecurityKeyPublicKeyCredentialRegistrationRequest.h",
"ASCOSEConstants.h",
"ASCredentialIdentity.h",
"ASAuthorizationSingleSignOnRequest.h",
"ASCredentialIdentityStore.h",
"ASAuthorizationWebBrowserSecurityKeyPublicKeyCredentialProvider.h",
"ASCredentialProviderExtensionContext.h",
"ASCredentialProviderViewController.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequest.h",
"ASCredentialServiceIdentifier.h",
"ASExtensionErrors.h",
"ASAuthorizationProviderExtensionAuthorizationRequest.h",
"ASCredentialRequest.h",
"ASAuthorizationWebBrowserPlatformPublicKeyCredentialProvider.h",
"ASPasskeyAssertionCredential.h",
"ASPasskeyCredentialRequest.h",
"ASPasskeyCredentialRequestParameters.h",
"ASCredentialIdentityStoreState.h",
"ASPasskeyRegistrationCredential.h",
"ASPasswordCredential.h",
"ASPublicKeyCredential.h",
"ASPasskeyCredentialIdentity.h",
"ASPublicKeyCredentialClientData.h",
"ASSettingsHelper.h",
"ASWebAuthenticationSessionCallback.h",
"ASWebAuthenticationSession.h",
"ASWebAuthenticationSessionRequest.h",
"ASWebAuthenticationSessionWebBrowserSessionManager.h",
"AuthenticationServices.h",
"ASFoundation.h",
"AuthenticationServices.apinotes",
"ASWebAuthenticationSessionWebBrowserSessionHandling.h",
"ASPasswordCredentialIdentity.h",
"ASPasswordCredentialRequest.h",
"GameKit.apinotes",
"GKAccessPoint.h",
"GameKit.h",
"GKAchievement.h",
"GKAchievementViewController.h",
"GKBasePlayer.h",
"GKAchievementDescription.h",
"GKChallengeEventHandler.h",
"GKCloudPlayer.h",
"GKChallengesViewController.h",
"GKChallenge.h",
"GKDefines.h",
"GKError.h",
"GKEventListener.h",
"GKFriendRequestComposeViewController.h",
"GKDialogController.h",
"GKGameSessionEventListener.h",
"GKGameSessionError.h",
"GKGameCenterViewController.h",
"GKGameSessionSharingViewController.h",
"GKLeaderboardEntry.h",
"GKLeaderboard.h",
"GKLeaderboardScore.h",
"GKGameSession.h",
"GKLeaderboardSet.h",
"GKLocalPlayer.h",
"GKLeaderboardViewController.h",
"GKMatch.h",
"GKMatchmaker.h",
"GKMatchmakerViewController.h",
"GKPeerPickerController.h",
"GKNotificationBanner.h",
"GKPublicConstants.h",
"GKPlayer.h",
"GKPublicProtocols.h",
"GKSavedGameListener.h",
"GKScore.h",
"GKSessionError.h",
"GKVoiceChat.h",
"GKTurnBasedMatchmakerViewController.h",
"GKSession.h",
"GKTurnBasedMatch.h",
"GKSavedGame.h",
"GKVoiceChatService.h"
],
"public": 1,
"adversary": "Turla Group, FIN7, APT34, APT28, DragonForce Malaysia Hacker Group, Indonesia Islamic Warriors Counc",
"targeted_countries": [
"United States of America",
"India",
"Australia"
],
"malware_families": [
{
"id": "OSAtomic",
"display_name": "OSAtomic",
"target": null
},
{
"id": "OSReturn",
"display_name": "OSReturn",
"target": null
},
{
"id": "Ver",
"display_name": "Ver",
"target": null
},
{
"id": "Internet",
"display_name": "Internet",
"target": null
}
],
"attack_ids": [
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1123",
"name": "Audio Capture",
"display_name": "T1123 - Audio Capture"
},
{
"id": "T1070",
"name": "Indicator Removal on Host",
"display_name": "T1070 - Indicator Removal on Host"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1095",
"name": "Non-Application Layer Protocol",
"display_name": "T1095 - Non-Application Layer Protocol"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1119",
"name": "Automated Collection",
"display_name": "T1119 - Automated Collection"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1016",
"name": "System Network Configuration Discovery",
"display_name": "T1016 - System Network Configuration Discovery"
},
{
"id": "T1574",
"name": "Hijack Execution Flow",
"display_name": "T1574 - Hijack Execution Flow"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1049",
"name": "System Network Connections Discovery",
"display_name": "T1049 - System Network Connections Discovery"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1553",
"name": "Subvert Trust Controls",
"display_name": "T1553 - Subvert Trust Controls"
},
{
"id": "T1010",
"name": "Application Window Discovery",
"display_name": "T1010 - Application Window Discovery"
},
{
"id": "T1112",
"name": "Modify Registry",
"display_name": "T1112 - Modify Registry"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 39,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "ilyailya",
"id": "298851",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1968,
"domain": 526,
"FileHash-SHA256": 207,
"hostname": 972,
"email": 55,
"FileHash-SHA1": 9,
"FileHash-MD5": 4,
"CVE": 2,
"CIDR": 10
},
"indicator_count": 3753,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 34,
"modified_text": "347 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "66c9103736c51f12e3bcfac8",
"name": "VGT INTERNET - pozycjonowanie, serwery, domeny, strony www, poligrafia",
"description": "Willi Echo wedi dweud wrthod wybodaeth iawno i'wodraeth o oryginalnej architekturze, a ddydd Sadwrn.",
"modified": "2024-12-27T01:07:36.247000",
"created": "2024-08-23T22:41:59.321000",
"tags": [
"adres url",
"profesjonalne",
"projektowanie",
"tworzenie",
"stron",
"internetowych",
"strony",
"internetowe",
"pozycjonowanie",
"poligrafia",
"web design",
"hosting",
"internet",
"cms",
"reklama",
"vgt internet",
"skuteczna",
"przegldaj",
"skontaktuj",
"z nami",
"info",
"ssl domeny",
"copyright",
"authority key",
"identifier id",
"win32",
"whasz",
"oszczdno",
"win32 exe",
"magia plik",
"pe32 dla",
"ms windows",
"intel",
"oglny plik",
"windos",
"generic",
"typ pliku",
"typ jzyk",
"ikona rt",
"neutralny",
"tekst ascii",
"wersja rt",
"angielski usa",
"plik",
"file name",
"type win32",
"exe size",
"mb first",
"seen",
"size",
"first seen",
"avg win32",
"bkav undetected",
"malicious",
"drweb",
"sha1",
"sha256",
"pehash",
"richhash",
"meble na wymiar",
"meble na zam\u00f3wienie",
"szafy",
"meble \u0142azienkowe",
"meble kuchenne",
"meble biurowe",
"zabudowy wn\u0119k",
"blaty kamienne",
"sprawd",
"strong",
"wirtualne",
"kreatywne meble",
"produkcja",
"kuchnie",
"zabudowa",
"zwizualizuj",
"kliknij",
"speedtest",
"files proofs",
"vin syd",
"sgp sbg",
"rbx hil",
"gra eri",
"bom bhs",
"ssl certificate",
"noclegi szklarska por\u0119ba",
"nocleg w szklarskiej por\u0119bie",
"szklarska por\u0119ba pensjonat",
"szklarska por\u0119ba",
"pokoje",
"pensjonat",
"spa",
"wakacje",
"relaks",
"wypoczynek",
"willa echo",
"willi echo",
"szrenic",
"tobie",
"pastwu",
"znajduje si",
"azienka",
"wifi",
"z naczyniami",
"bajeczne",
"e1 f7",
"c5 e0",
"algorithm",
"key identifier",
"x509v3 subject",
"number",
"cus olet",
"encrypt cnr10",
"validity",
"subject public",
"key info",
"key algorithm",
"vhash",
"ssdeep",
"file type",
"ini text"
],
"references": [
"http://sanselo.pl",
"http://www.sanselo.pl",
"http://vgt.pl",
"http://www.vgt.pl",
"http://franas.pl",
"http://www.franas.pl",
"https://kreatywne-meble.pl",
"http://ovh.net/common/font/lato/light/webfont.svg",
"https://ws.nperf.com/partner/js?l=05d1f5db-f38f-42ed-924b-87e3b0f2d5b6",
"http://willaecho.pl/",
"http://www.willaecho.pl/",
"http://www.tomasz.franas.pl"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Arek-BTC",
"id": "212764",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 438,
"domain": 128,
"hostname": 524,
"URL": 943,
"IPv4": 23,
"FileHash-SHA256": 3021,
"FileHash-SHA1": 397,
"email": 4,
"CVE": 1
},
"indicator_count": 5479,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 123,
"modified_text": "478 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "663d2869e0f3a42bbddc42ff",
"name": "UPX executable packer.",
"description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"",
"modified": "2024-10-14T00:01:17.069000",
"created": "2024-05-09T19:47:53.786000",
"tags": [
"cioch adrian",
"centrum usug",
"sieciowych",
"elf binary",
"upx compression",
"roth",
"nextron",
"info",
"javascript",
"html",
"office open",
"xml document",
"network capture",
"win32 exe",
"xml pakietu",
"pdf zestawy",
"przechwytywanie",
"office",
"filehashsha1",
"url https",
"cve cve20201070",
"cve cve20203153",
"cve cve20201048",
"cve cve20211732",
"cve20201048 apr",
"filehashmd5",
"cve cve20010901",
"cve cve20021841",
"cve20153202 apr",
"cve cve20160728",
"cve cve20161807",
"cve cve20175123",
"cve20185407 apr",
"cve cve20054605",
"cve cve20060745",
"cve cve20070452",
"cve cve20070453",
"cve cve20070454",
"cve cve20071355",
"cve cve20071358",
"cve cve20071871",
"cve20149614 apr",
"cve cve20151503",
"cve cve20152080",
"cve cve20157377",
"cve cve20170131",
"cve20200796 may",
"cve cve20113403"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 6861,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Arek-BTC",
"id": "212764",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 5771,
"domain": 3139,
"URL": 14525,
"FileHash-SHA1": 2610,
"IPv4": 108,
"CIDR": 40,
"FileHash-SHA256": 10705,
"FileHash-MD5": 3373,
"YARA": 2,
"CVE": 148,
"Mutex": 7,
"FilePath": 3,
"SSLCertFingerprint": 3,
"email": 23,
"JA3": 1,
"IPv6": 2
},
"indicator_count": 40460,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 137,
"modified_text": "552 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "657096b22a51f1cc56dcfb53",
"name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world",
"description": "",
"modified": "2023-12-06T15:43:46.083000",
"created": "2023-12-06T15:43:46.083000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 802,
"hostname": 392,
"domain": 134,
"FileHash-SHA256": 82,
"FileHash-MD5": 1
},
"indicator_count": 1411,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708eb824dc4c51811f6de9",
"name": "Indusface - in YOUR face ;)",
"description": "",
"modified": "2023-12-06T15:09:44.273000",
"created": "2023-12-06T15:09:44.273000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 307,
"hostname": 333,
"domain": 192,
"URL": 1143,
"FileHash-MD5": 1
},
"indicator_count": 1976,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708e0d95a8c74cc715f7a2",
"name": "West.cn",
"description": "",
"modified": "2023-12-06T15:06:53.350000",
"created": "2023-12-06T15:06:53.350000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 208,
"domain": 533,
"hostname": 757,
"URL": 1861,
"FileHash-MD5": 1
},
"indicator_count": 3360,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c37c54dd9e78f85c0fa",
"name": "\u7ea2\u674f\u89c6\u9891 malware",
"description": "",
"modified": "2023-12-06T14:59:03.859000",
"created": "2023-12-06T14:59:03.859000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 4,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1686,
"hostname": 2218,
"URL": 5740,
"domain": 901,
"FileHash-MD5": 3
},
"indicator_count": 10548,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c1c5e2cc4dfe8d0ed97",
"name": "CPANEL-TUCOWS \u2014malware hosting",
"description": "",
"modified": "2023-12-06T14:58:36.254000",
"created": "2023-12-06T14:58:36.254000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 815,
"hostname": 3487,
"domain": 1182,
"URL": 10194,
"FileHash-MD5": 3,
"FileHash-SHA1": 1
},
"indicator_count": 15682,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 111,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708bbc4c8bf557c17688e1",
"name": "\u9ad8\u5c71tv,\u9ad8\u5c71tv,\u9ad8\u5c71tv\u5f71\u9662,\u9ad8\u5c71tv\u770b\u7247\u7f51",
"description": "",
"modified": "2023-12-06T14:57:00.280000",
"created": "2023-12-06T14:57:00.280000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"FileHash-SHA256": 233,
"domain": 361,
"hostname": 563,
"URL": 1374,
"FileHash-SHA1": 1,
"FileHash-MD5": 1
},
"indicator_count": 2534,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708b5e9b8ce0f5fd87fb98",
"name": "ewqopweowia543.ga",
"description": "",
"modified": "2023-12-06T14:55:26.621000",
"created": "2023-12-06T14:55:26.621000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"hostname": 706,
"domain": 234,
"FileHash-SHA256": 238,
"URL": 1386
},
"indicator_count": 2565,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401da888067e7f6379d23e",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I'm actually uncomfortable finding this.",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:18:32.141000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 84,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4603,
"hostname": 4187,
"CIDR": 2,
"CVE": 23
},
"indicator_count": 25940,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6544cbbca7610e92e4262c47",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Targeting",
"description": "",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-11-03T10:30:20.965000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": "654140bae73f795aa914e8de",
"export_count": 108,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "654140bae73f795aa914e8de",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-31T18:00:26.439000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": "65401d73e96dd70037ed22a7",
"export_count": 98,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 223,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65403022038832e42175601f",
"name": "CRITICAL!!! | Health Insurance Cyber threat Matrix - Darkside 2020 Ecosystem .BEware ",
"description": "",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T22:37:22.425000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": "65402a8dec948bec8b0a0372",
"export_count": 95,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4604,
"hostname": 4187,
"CIDR": 2,
"CVE": 23,
"URI": 1
},
"indicator_count": 25942,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 227,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65402a8dec948bec8b0a0372",
"name": "24 CVE's | Health Liability bDarkside 2020 Ecosystem .BEware",
"description": "Matrix of cyber crime attacks appears to involved legal entities and a division of Workers Compensation Colorado, possibly used nationally. Targeting, monitoring, tracking, malvertizing, cyber attacks, CNC. Critical.\nCould probably be disputed $$$$ though undisputable. \nEd Said. \nhttp://1.116.132.182/weblogic_CVE_2020_2551.jar\t\t\t\nCVE-2020-0601\t\t\t\t\t\nCVE-2018-8174\t\t\t\nCVE-2018-4893\t\t\t\nCVE-2018-0802\t\t\t\nCVE-2017-8759\t\t\t\t\t\t\nCVE-2017-8464\t\t\t\nCVE-2017-1188\t\t\t\t\nCVE-2017-0143\t\t\t\nCVE-2016-7262\t\t\t\nCVE-2014-6352\t\t\t\nCVE-2013-2465\t\t\t\nCVE-2011-2110\t\t\t\nCVE-2011-0609\t\t\t\nCVE-2010-2568\t\t\t\nCVE-2018-8453\t\t\t\nCVE-2013-1331\nCVE-2012-1856\t\t\t\t\nCVE-2012-0158\t\t\t\t\t\t\nCVE-2017-8570\t\t\t\nCVE-2017-11882\t\t\t\nCVE-2017-0199\t\t\t\t\t\t\nCVE-2017-0147\t\t\t\t\t\t\nCVE-2014-3153",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T22:13:33.427000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 92,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4603,
"hostname": 4187,
"CIDR": 2,
"CVE": 23
},
"indicator_count": 25940,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401fddb74fe1ea8506132d",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "Law Enforcement? DOJ? ACLU? Help? This is CRAZY.\nSilencing.\nI like her song clicked on link but it was malicious. I was redirected to an Indian link that looked like YouTube.\nI am a professional, awarded researcher in many areas, parent, security researcher, graphic designer, supplier, music lover , disabled. overly curious and hacked. HELP. SCARED",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:27:57.026000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 92,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4603,
"hostname": 4187,
"CIDR": 2,
"CVE": 23
},
"indicator_count": 25940,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401fcb063a0a34fa323603",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "Law Enforcement? DOJ? ACLU? Help? This is CRAZY.\nSilencing.\nI like her song clicked on link but it was malicious. I was redirected to an Indian link that looked like YouTube.\nI am a professional, awarded researcher in many areas, parent, security researcher, graphic designer, supplier, music lover , disabled. overly curious and hacked. HELP. SCARED",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:27:39.980000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 87,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4603,
"hostname": 4187,
"CIDR": 2,
"CVE": 23
},
"indicator_count": 25940,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401dbe47ce126e7468a2dc",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I'm actually uncomfortable finding this.",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:18:54.411000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 85,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 8601,
"URL": 7499,
"domain": 4603,
"hostname": 4187,
"CIDR": 2,
"CVE": 23
},
"indicator_count": 25940,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401d8480e4a9ed725f6458",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I don't want to be dramatic but...Main source of cyber attacks. Includes - governmentattic.org, tulach.cc, malvertizing, monitoring. remote attacks, endangered Tsara Brashears attack, BotNet, CNC, telephone service, Apple hacking. https://bgp.tools/prefix/167.203.96.0, adult content, moo.com, afraid.org. I'm assuming accessed by attorneys and insurance companies to silence people forever. Death references. I can't verify if government complicity is accurate or spoofed. Stranger was owned by American International Group, found in an STSH domain (AIG.com). Last night Ben Cartwright became the sole owner of domain after being a verified AIG domain. Terrifying. Looks like the main target is the same. Tsara Brashears. \nFound in an attack against a device 'malicious sorry index' that caused research effort. \n[auto populated: BGP.TOOLS - bgp.tools - has published its full list of historical records for BGP, which are based on its current IP address address and routing system (PGP).]",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:17:56.820000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 83,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 220,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401d76b057b79aaf7ba4a7",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I don't want to be dramatic but...Main source of cyber attacks. Includes - governmentattic.org, tulach.cc, malvertizing, monitoring. remote attacks, endangered Tsara Brashears attack, BotNet, CNC, telephone service, Apple hacking. https://bgp.tools/prefix/167.203.96.0, adult content, moo.com, afraid.org. I'm assuming accessed by attorneys and insurance companies to silence people forever. Death references. I can't verify if government complicity is accurate or spoofed. Stranger was owned by American International Group, found in an STSH domain (AIG.com). Last night Ben Cartwright became the sole owner of domain after being a verified AIG domain. Terrifying. Looks like the main target is the same. Tsara Brashears. \nFound in an attack against a device 'malicious sorry index' that caused research effort. \n[auto populated: BGP.TOOLS - bgp.tools - has published its full list of historical records for BGP, which are based on its current IP address address and routing system (PGP).]",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:17:40.239000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 84,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401d73e96dd70037ed22a7",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I don't want to be dramatic but...Main source of cyber attacks. Includes - governmentattic.org, tulach.cc, malvertizing, monitoring. remote attacks, endangered Tsara Brashears attack, BotNet, CNC, telephone service, Apple hacking. https://bgp.tools/prefix/167.203.96.0, adult content, moo.com, afraid.org. I'm assuming accessed by attorneys and insurance companies to silence people forever. Death references. I can't verify if government complicity is accurate or spoofed. Stranger was owned by American International Group, found in an STSH domain (AIG.com). Last night Ben Cartwright became the sole owner of domain after being a verified AIG domain. Terrifying. Looks like the main target is the same. Tsara Brashears. \nFound in an attack against a device 'malicious sorry index' that caused research effort. \n[auto populated: BGP.TOOLS - bgp.tools - has published its full list of historical records for BGP, which are based on its current IP address address and routing system (PGP).]",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:17:39.802000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 82,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65401d5ee5a7359a5e815a6a",
"name": "Darkside 2020 Ecosystem .BEware | BGP.tools | Target Tsara Brashears",
"description": "I don't want to be dramatic but...Main source of cyber attacks. Includes - governmentattic.org, tulach.cc, malvertizing, monitoring. remote attacks, endangered Tsara Brashears attack, BotNet, CNC, telephone service, Apple hacking. https://bgp.tools/prefix/167.203.96.0, adult content, moo.com, afraid.org. I'm assuming accessed by attorneys and insurance companies to silence people forever. Death references. I can't verify if government complicity is accurate or spoofed. Stranger was owned by American International Group, found in an STSH domain (AIG.com). Last night Ben Cartwright became the sole owner of domain after being a verified AIG domain. Terrifying. Looks like the main target is the same. Tsara Brashears. \nFound in an attack against a device 'malicious sorry index' that caused research effort. \n[auto populated: BGP.TOOLS - bgp.tools - has published its full list of historical records for BGP, which are based on its current IP address address and routing system (PGP).]",
"modified": "2023-11-29T14:03:31.663000",
"created": "2023-10-30T21:17:18.712000",
"tags": [
"ssl certificate",
"whois record",
"contacted",
"referrer",
"communicating",
"resolutions",
"historical ssl",
"whois whois",
"http",
"critical risk",
"dark power",
"cobalt strike",
"malware",
"core",
"critical",
"copy",
"formbook",
"submission",
"sophos sophos",
"xcitium verdict",
"cloud xcitium",
"verdict cloud",
"history first",
"analysis",
"utc http",
"response final",
"url https",
"march",
"execution",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"file",
"et tor",
"known tor",
"meta",
"monitoring",
"date",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"unknown",
"hybrid",
"general",
"click",
"strings",
"class",
"generator",
"error",
"pe resource",
"redline stealer",
"april",
"lockbit",
"emotet",
"hacktool",
"apple",
"tsara brashears",
"tmobile",
"pyinstaller",
"password",
"dns poisoning",
"domains",
"abuse",
"kiannas law",
"cyber security",
"cisco umbrella",
"site",
"malware site",
"malicious site",
"safe site",
"alexa top",
"million",
"phishing site",
"team phishing",
"exploit",
"download",
"unruy",
"alexa",
"riskware",
"back",
"azorult",
"phishing",
"service",
"runescape",
"facebook",
"bank",
"team",
"cutwail",
"adload",
"maltiverse",
"kryptik",
"united",
"cyber threat",
"engineering",
"bambernek",
"strike",
"zbot",
"suppobox",
"malicious",
"ransomware",
"virut",
"bandoo",
"matsnu",
"iframe",
"zeus",
"agent",
"steam",
"nymaim",
"citadel",
"heur",
"covid19",
"simda",
"artemis",
"bradesco",
"pony",
"pykspa",
"sodinokibi",
"betabot",
"virustotal",
"tinba",
"domaiq",
"ave maria",
"revil",
"downloader",
"tofsee",
"vawtrak",
"hotmail",
"dnspionage",
"nexus",
"generic",
"andromeda",
"dropper",
"crypt",
"outbreak",
"wacatac",
"mimikatz",
"trojanx",
"astaroth",
"keybase",
"stealer",
"radamant",
"kovter",
"unsafe",
"win64",
"conduit",
"presenoker",
"opencandy",
"remcos",
"miner",
"agenttesla",
"trojan",
"detplock",
"networm",
"fusioncore",
"acint",
"installpack",
"xtrat",
"nircmd",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"nanocore",
"keygen",
"fareit",
"secrisk",
"fakealert",
"filetour",
"installcore",
"floxif",
"cleaner",
"patcher",
"kgs0",
"kls0",
"threat report",
"ip summary",
"url summary",
"summary",
"urls",
"detection list",
"blacklist http",
"samples",
"blacklist"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Kryptik",
"display_name": "Kryptik",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1068",
"name": "Exploitation for Privilege Escalation",
"display_name": "T1068 - Exploitation for Privilege Escalation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1496",
"name": "Resource Hijacking",
"display_name": "T1496 - Resource Hijacking"
}
],
"industries": [
"Health"
],
"TLP": "green",
"cloned_from": null,
"export_count": 82,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 518,
"FileHash-SHA1": 507,
"FileHash-SHA256": 10945,
"URL": 19764,
"domain": 5110,
"hostname": 8668,
"CIDR": 2,
"CVE": 24
},
"indicator_count": 45538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "653fd47a852cc130c72de9e5",
"name": "BGP.Tools",
"description": "",
"modified": "2023-11-29T05:05:42.592000",
"created": "2023-10-30T16:06:18.567000",
"tags": [
"ssl certificate",
"whois record",
"referrer",
"whois whois",
"communicating",
"relacionada",
"resolutions",
"historical ssl",
"collections new",
"family",
"lolkek",
"dark power",
"ransomware",
"play ransomware",
"makop",
"core",
"redline stealer",
"hacktool",
"emotet",
"quasar rat",
"wiper",
"ursnif",
"malware",
"http response",
"final url",
"ip address",
"status code",
"body length",
"kb body",
"sha256",
"self",
"server",
"date wed",
"html info",
"meta tags",
"name verdict",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"ascii text",
"et tor",
"known tor",
"meta",
"monitoring",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"date",
"unknown",
"hybrid",
"general",
"local",
"click",
"strings",
"class",
"generator",
"critical",
"error",
"njrat",
"cobalt strike"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "653f4d0c4cca0c5f58530600",
"export_count": 39,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 3631,
"FileHash-MD5": 45,
"FileHash-SHA1": 44,
"FileHash-SHA256": 1788,
"CVE": 5,
"domain": 543,
"hostname": 1328,
"CIDR": 2,
"email": 1
},
"indicator_count": 7387,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 225,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "653f4d0c4cca0c5f58530600",
"name": "BGP.Tools",
"description": "BGP is a very malicious, developed spyware tool. Attorneys, insurance companies use tool. BGP Hurricane. In the past they will call target and a modem connects draining ALL content. It can CNC device, erase everything from it, manipulate dropbox as well as other clouds. Very destructive.Once you're a target your privacy is gone for good. Assertions from threat crowd that CISA/Valmet are government phishing entities concerns me. BGP gets a 100% malicious score. Listed as part of infrastructure is CISA. A familiar name in adult content and other commands, vulnerabilities,etc. I'm not sure what to believe, or what's going on.",
"modified": "2023-11-29T05:05:42.592000",
"created": "2023-10-30T06:28:28.160000",
"tags": [
"ssl certificate",
"whois record",
"referrer",
"whois whois",
"communicating",
"relacionada",
"resolutions",
"historical ssl",
"collections new",
"family",
"lolkek",
"dark power",
"ransomware",
"play ransomware",
"makop",
"core",
"redline stealer",
"hacktool",
"emotet",
"quasar rat",
"wiper",
"ursnif",
"malware",
"http response",
"final url",
"ip address",
"status code",
"body length",
"kb body",
"sha256",
"self",
"server",
"date wed",
"html info",
"meta tags",
"name verdict",
"falcon sandbox",
"pattern match",
"changelog",
"header",
"layer",
"data",
"ipv4",
"function",
"ascii text",
"et tor",
"known tor",
"meta",
"monitoring",
"body",
"form",
"august",
"june",
"friendly",
"main",
"footer",
"date",
"unknown",
"hybrid",
"general",
"local",
"click",
"strings",
"class",
"generator",
"critical",
"error",
"njrat",
"cobalt strike"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 42,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 3631,
"FileHash-MD5": 45,
"FileHash-SHA1": 44,
"FileHash-SHA256": 1788,
"CVE": 5,
"domain": 543,
"hostname": 1328,
"CIDR": 2,
"email": 1
},
"indicator_count": 7387,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 220,
"modified_text": "872 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "645c9552d2976bc754de54f3",
"name": ";https://ssl.kaptcha.com/collect/sdk?m=700000",
"description": "[",
"modified": "2023-05-11T07:12:18.292000",
"created": "2023-05-11T07:12:18.292000",
"tags": [],
"references": [
"https://ssl.kaptcha.com/collect/sdk?m=700000",
"https://www.hybrid-analysis.com/sample/161727a812a1c449bd581cbe577ba30fff74533887ce55dccdc7eaad27753b2c/645bf4aed69ba630d909ae5f"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1555",
"name": "Credentials from Password Stores",
"display_name": "T1555 - Credentials from Password Stores"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1177,
"domain": 162,
"hostname": 321,
"FileHash-SHA256": 81,
"IPv4": 6,
"FileHash-MD5": 71,
"FileHash-SHA1": 53,
"email": 3
},
"indicator_count": 1874,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 91,
"modified_text": "1074 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6431d1244a8ae763a8d5ed74",
"name": "http://hm732.com/ - v2 all and sundrie",
"description": "",
"modified": "2023-05-08T20:02:01.231000",
"created": "2023-04-08T20:40:04.099000",
"tags": [
"trojan",
"chromeua",
"dropped file",
"optout",
"runtime data",
"object",
"drmedgeua",
"unicode",
"optin",
"edgeua",
"span",
"error",
"win64",
"date",
"format",
"addressbar",
"generator",
"path",
"template",
"suspicious",
"unknown",
"void",
"desktop",
"dark",
"light",
"mozilla",
"this",
"cookie",
"meta",
"iframe",
"window",
"legend",
"null",
"wind",
"strings",
"qakbot",
"http://hm732.com/"
],
"references": [
"https://hybrid-analysis.com/sample/bca1a3df6a236ec7870fbae8a5d5c5597347dad17f9b00e49c05ab1eb8e87f83/64319a805d10c703330b366e"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1574",
"name": "Hijack Execution Flow",
"display_name": "T1574 - Hijack Execution Flow"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 5,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 2345,
"hostname": 951,
"domain": 405,
"FileHash-SHA256": 82,
"FileHash-MD5": 63,
"FileHash-SHA1": 61,
"email": 5
},
"indicator_count": 3912,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 92,
"modified_text": "1077 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "63dbbf6ae4f5433c2bab52e9",
"name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world",
"description": "A guide to some of the key methods used by the web browser, jQuery, to create web pages and add links to the search engine and other parts of its web address system, as well as the address bar.",
"modified": "2023-03-04T13:00:43.098000",
"created": "2023-02-02T13:49:30.620000",
"tags": [
"null",
"copyright",
"jan sorgalla",
"built",
"bill scott",
"http",
"error",
"function",
"title",
"method",
"play",
"fast",
"click",
"return",
"href",
"target",
"span",
"pass",
"linear",
"timebuff",
"block",
"trigger",
"nivoslider",
"display",
"width",
"show",
"next",
"arrow",
"restart",
"stop",
"iframe",
"alpha",
"factory",
"type",
"handle",
"sizzle",
"match",
"check",
"make sure",
"elem",
"name",
"regexp",
"hooks",
"false",
"date",
"class",
"internal",
"done",
"bind",
"test",
"body",
"copy",
"hold",
"mozilla",
"logic",
"flash",
"jquery",
"fall",
"bubble",
"prop",
"meta",
"middle",
"mark",
"thus",
"form",
"script script",
"a li",
"div div",
"mua bn",
"link",
"a div",
"trang ch",
"gii thiu",
"tin tc",
"header http2",
"gmt cache",
"gmt server",
"litespeed",
"443 ma2592000",
"172.217.16.232",
"http://lhr48s28-in-f8.1e100.net"
],
"references": [
"[object Object] is a string representation of an object instance. Take this example: When the alert runs, it returns [object Object] in the alert modal. It tries to return a string representation of what was passed into alert, but because the engine sees this as an object, and not a string, it tells us that its an instance of an Object instead.",
"443 Header\tHTTP/2 200 x powered by: PHP/7.4.29 set cookie: PHPSESSID=9158e16820bdbb5be0d1faa520b7dc19 path=/ expires: Thu 19 Nov 1981 08:52:00 GMT cache control: no store no cache must revalidate pragma: no cache content type: text/html charset=UTF 8 date: Thu 02 Feb 2023 13:37:37 GMT server: LiteSpeed alt svc: quic= :443 ma=2592000 v= 35 39 43 44",
"whitelists are really not the way forward unless you validate the integrity often Speedtest are also being screwed with ie allowing your neural controlled network out on a temp basis to prevent you from ousting the APT controlling your home broadband / wifi network",
"xml version= 1.0 encoding= utf 8 DOCTYPE html PUBLIC //WAPFORUM//DTD XHTML Mobile 1.0//EN http://www.wapforum.org/DTD/xhtml mobile10.dtd html xmlns= http://www.w3.org/1999/xhtml head meta http equiv= Content Type content= text/html charset=utf 8 / title mua bn nh t cho thu nh t sang nhng sang nhng ca hng /title meta name= copyright content= 2010 2020 bds247.vn / meta name= google site verification content= suyiBYZARDnZ4zGeoAiF VajqMQ0pgLGnEm69aZ aIY / meta name= robots content= index follow / meta name= key",
"https://m.bds247.vn//view/js/jquery6_1.js 443",
"https://www.googletagmanager.com/gtag/js?id=G-56M7ZWVN9L",
"https://m.bds247.vn/lib/nivo-slider/slider.js 443 Script",
"https://m.bds247.vn/view/js/page.js 443 Script",
"https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js 443 Script",
"https://m.bds247.vn/lib/pikachoose/lib/jquery.pikachoose.js",
"This is the full text of the XHTML mobile10.dtd.xml, which is based on the code created by the developers of Google's search engine, iPlayer and other sites.",
"https://m.bds247.vn//view/js/jquery6_1.js",
"https://m.bds247.vn/lib/nivo-slider/slider.js",
"https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1218",
"name": "Signed Binary Proxy Execution",
"display_name": "T1218 - Signed Binary Proxy Execution"
},
{
"id": "T1546",
"name": "Event Triggered Execution",
"display_name": "T1546 - Event Triggered Execution"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 802,
"hostname": 392,
"FileHash-SHA256": 82,
"domain": 134,
"FileHash-MD5": 1
},
"indicator_count": 1411,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 93,
"modified_text": "1142 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "62e1ca167a1591e7b4ca1129",
"name": "VirusTotal view-source on https://www.virustotal.com/en/file/undefined/analysis/",
"description": "someone really needs to figure out wtf this is all doing it has to be part of the net.sh",
"modified": "2022-07-28T02:05:04.183000",
"created": "2022-07-27T23:28:22.504000",
"tags": [
"array",
"object",
"typeof t",
"layer1",
"error",
"path",
"function",
"typeerror",
"date",
"svg export",
"span",
"null",
"unknown",
"click",
"february",
"april",
"june",
"august",
"this",
"void",
"bounce",
"string",
"regexp",
"number",
"sxa0",
"amptoken",
"optout",
"notfound",
"contenttype",
"form",
"copyright",
"element",
"polymer project",
"authors",
"bsd style",
"code",
"google",
"software",
"window",
"generator",
"comment",
"trident",
"typeof e",
"typeof symbol",
"typeof btoa",
"btoa",
"typeof reflect",
"boolean",
"customevent",
"plugin",
"build",
"home",
"intelligence",
"graph",
"report",
"urls",
"please",
"javascript",
"https://www.virustotal.com/en/file/undefined/analysis/",
"net.sh"
],
"references": [
"entity%3Aip%20whois%3Ainfo%40anodicnetwork.com.html",
"14.main.bundle.91f9f7ff635e0b797de3.js",
"5.main.bundle.e92e5e24e074f9c2a52b.js",
"0.main.bundle.a9d68f5204cd3ac257b6.js",
"webcomponent-polyfill.js",
"analytics.js",
"12.main.bundle.50be73a11d1d3745a5ee.js",
"\" Page not found Page not found