{ "type": "URL", "indicator": "https://e.tabs.map", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://e.tabs.map", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3238512756, "indicator": "https://e.tabs.map", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 25, "pulses": [ { "id": "69c1bd40f81db45dc044697c", "name": "Masterkey Clone By CallmeDoris", "description": "", "modified": "2026-03-23T22:22:56.940000", "created": "2026-03-23T22:22:56.940000", "tags": [ "dropped file", "chromeua", "runtime data", "drmedgeua", "edgeua", "generator", "win64", "null", "template", "unknown", "critical", "addressbar", "desktop", "dark", "light", "iframe", "cookie", "meta", "body", "legend", "dwis", "core", "tear", "malicious", "mozilla", "strings", "qakbot", "://masterkey.com.ua/download/MKClientSetup.exe" ], "references": [ "https://hybrid-analysis.com/sample/41859e0b198fbe88772ef12c577023c0481ec19867e410bab335e67fea87c1bb/642ca80cde2048242a0e097d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": "642db7b656049e54b2f71c20", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 949, "URL": 5642, "CVE": 2, "domain": 509, "FileHash-SHA256": 293, "FileHash-MD5": 550, "FileHash-SHA1": 60, "email": 5 }, "indicator_count": 8010, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "26 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6892e73b32af18aa302df0dc", "name": "Part 1.5", "description": "Dark web media \u2022 Political news \u2022 Malvertizing\nlocate \u2022\ntrack [stalk] \u2022 record calls \u2022 control media [youtube , etc] http://t.name?n[++i]=e:this.removeEventListener\t\t\nJeeng &\nPowebox [ accidentally left out in original post pulse]", "modified": "2025-09-05T04:03:06.929000", "created": "2025-08-06T05:25:15.369000", "tags": [ "chromeua", "optout", "object", "path", "value", "access type", "setval", "windir", "localappdata", "null", "win64", "error", "generator", "close", "roboto", "date", "format", "light", "span", "template", "void", "android", "body", "trident", "mexico", "sonic", "black", "critical", "desktop", "dark", "meta", "this", "june", "hybrid", "apache", "write", "crypto", "autodetect", "face", "courier", "gigi", "impact", "shadow", "click", "strings", "cray", "smwg", "eret", "footer", "infinity", "window", "canvas", "legend", "nuke", "lion", "4629", "ahav", "olsa", "false", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "spawns", "defense evasion", "t1480 execution", "file defense", "copy md5", "copy sha1", "copy sha256", "sha1", "sha256", "script", "mitre att", "pattern match", "show technique", "iframe", "refresh", "august", "general", "local", "tools", "demo", "look", "verify", "restart", "url http", "small", "pulses url", "tellyoun", "showing", "entries", "url https", "indicator role", "title added", "active related", "type indicator", "role title", "added active", "related pulses", "cc08", "f06a6b", "sfurl", "filehashsha256", "types", "indicators show", "search", "pulses", "filehashsha1", "adversaries", "found", "webp image", "ascii text", "riff", "size", "encrypt", "legacy", "filehashmd5", "united", "flag", "server", "markmonitor", "name server", "llc name", "overview dns", "requests domain", "country", "win32", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "medium risk", "yara", "detections", "malware", "copy", "show", "icmp traffic", "packing t1045", "t1045", "pdb path", "pe resource", "extraction", "data upload", "enter sc", "type", "extra data", "please", "failed", "review", "exclude data", "included review", "ic data", "suggeste", "stop", "type onow", "domain", "passive dns", "urls", "files related", "pulses none", "related tags", "none google", "safe browsing", "sc data", "extr amanuav", "review included", "manualy", "sugges excluded", "filehash", "md5 add", "pulse pulses", "url add", "http", "hostname", "files domain", "pulses otx", "virustotal", "hsmi192547107", "pulses hostname", "r dec", "customer dec", "iski dec", "decision dec", "va dec", "bitcoin", "bitcoin dec", "petra", "torstatus dec", "paul dec", "sodesc", "planet dec", "emilia", "heroin dec", "difference dec", "palantir dec", "loraxlive dec", "chaturbate dec", "sandra", "free dec", "marvel dec", "benjis dec", "fresh dec", "sodesc dec", "srdirport", "srhostname", "link dec", "types of", "italy", "china", "australia", "france", "turkey", "discovery", "information", "ck ids", "t1005", "local system", "t1007", "system service", "part", "track", "locate", "political", "civil society", "news", "created", "hours ago", "report spam", "t1555", "password", "t1560", "collected data", "t1573", "channel", "t1574", "execution flow", "scan", "iocs", "t1497", "u0lhmq", "mtawmq", "t1480", "guardrails", "t1486", "data encrypted", "learn more", "unsubscribe aug", "protocol", "t1074", "staged", "t1083", "t1102", "web service", "t1105", "tool transfer", "t1140", "data engineer", "candidate", "tlsv1", "odigicert inc", "stcalifornia", "lsan jose", "oadobe systems", "incorporated", "cndigicert sha2", "push", "next", "high", "write c", "ireland as16509", "delete", "dirty", "tags", "t1012", "flow endpoint", "security scan", "t1106", "copyright", "levelblue" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 608, "FileHash-SHA1": 433, "FileHash-SHA256": 3663, "URL": 17104, "domain": 1316, "email": 39, "hostname": 4208, "SSLCertFingerprint": 17 }, "indicator_count": 27388, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "226 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6892a73593f73dfc969779b0", "name": "Part I | Track | Locate | Political & Civil society \u2018news\u2019 campaigns", "description": "Part I | Track | Locate | Political & Civil society \u2018news\u2019 campaigns\n*[ddddd.msg]\n[http://tracking.eu1.glintinc.com]\n[stormer5v52vjsw66jmds7ndeecudq444woadhzr2plxlaayexnh6eqd]\n[stackstorm.ops.dev.az.glintinc.com]\n\u2022 http://stormer5v52vjsw66jmds7ndeecudq444woadhzr2plxlaayexnh6eqd.onion/peter-thiel-running-database-to-root-out-those-disloyal-to-the-leader/\\n \u2022\n[http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-at-concentra/360]\n[http://pixelrz.com/lists/keywords/tsara-brashears-dead/360]", "modified": "2025-09-05T00:03:23.223000", "created": "2025-08-06T00:52:05.051000", "tags": [ "url http", "small", "indicator role", "title added", "active related", "pulses hostname", "tellyoun", "n aug", "entries", "data upload", "extraction", "windows error", "june", "fwd urgent", "justice czech", "copy sha256", "rejectedfailed", "timestamp input", "message status", "actions august", "file", "actions june", "actions may", "cta4 https", "context related", "associated urls", "campaigncodedsc", "language", "uid http", "community", "sha256", "size42b type", "submitted", "august", "april", "internal error", "previous1", "iframe", "community score", "scan analysis", "malicious", "intelligence", "learn", "falcon sandbox", "submissions", "status", "adversaries", "ck id", "name tactics", "suspicious", "informative", "defense evasion", "windows folder", "found", "dlls", "impact", "chromeua", "optout", "object", "path", "value", "access type", "setval", "windir", "localappdata", "null", "win64", "error", "generator", "close", "roboto", "date", "format", "light", "span", "template", "void", "android", "body", "trident", "mexico", "sonic", "black", "critical", "desktop", "dark", "meta", "this", "hybrid", "apache", "write", "crypto", "autodetect", "face", "courier", "gigi", "shadow", "click", "strings", "cray", "smwg", "eret", "footer", "infinity", "window", "canvas", "legend", "nuke", "lion", "4629", "ahav", "olsa", "false" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 9062, "domain": 707, "hostname": 2318, "FileHash-MD5": 86, "FileHash-SHA1": 26, "FileHash-SHA256": 2096, "email": 5, "FilePath": 2, "URI": 1 }, "indicator_count": 14303, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "226 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709929c16e0817dea8f7ff", "name": "https://www.microsoft.com/en-US/servicesagreement/upcoming-faq.aspx", "description": "", "modified": "2023-12-06T15:54:17.119000", "created": "2023-12-06T15:54:17.119000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 963, "domain": 255, "hostname": 730, "URL": 2400, "FileHash-MD5": 50, "FileHash-SHA1": 50, "email": 1 }, "indicator_count": 4449, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657099064c0c0aa442282397", "name": "http://www.xiazai99.com/down/soft9106.html", "description": "", "modified": "2023-12-06T15:53:42.077000", "created": "2023-12-06T15:53:42.077000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1040, "domain": 293, "FileHash-MD5": 58, "FileHash-SHA1": 56, "hostname": 809, "URL": 2661, "email": 1 }, "indicator_count": 4918, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657098f7a0c84c2c55585e87", "name": "https://login.blockchain.com/?#%2Fverify-email ->", "description": "", "modified": "2023-12-06T15:53:27.118000", "created": "2023-12-06T15:53:27.118000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 279, "FileHash-SHA256": 1027, "hostname": 933, "URL": 2201, "FileHash-MD5": 56, "FileHash-SHA1": 51, "email": 2 }, "indicator_count": 4549, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657098f2c33d291538754bc7", "name": "https://login.blockchain.com/?#%2Fverify-email ->", "description": "", "modified": "2023-12-06T15:53:22.011000", "created": "2023-12-06T15:53:22.011000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 279, "FileHash-SHA256": 1027, "hostname": 933, "URL": 2201, "FileHash-MD5": 56, "FileHash-SHA1": 51, "email": 2 }, "indicator_count": 4549, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c68b4f63f4ac0d16ff5", "name": "egihosting.com - malware", "description": "", "modified": "2023-12-06T14:59:52.017000", "created": "2023-12-06T14:59:52.017000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 120, "hostname": 352, "domain": 115, "URL": 934 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c27074200c710e3b35c", "name": "Malware hosting - metronetinc.com", "description": "", "modified": "2023-12-06T14:58:47.235000", "created": "2023-12-06T14:58:47.235000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 447, "hostname": 1241, "domain": 536, "URL": 3731 }, "indicator_count": 5955, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708b77797823dea739cc25", "name": "ReduceRight malware-", "description": "", "modified": "2023-12-06T14:55:51.023000", "created": "2023-12-06T14:55:51.023000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 110, "domain": 541, "URL": 2043, "hostname": 1106 }, "indicator_count": 3800, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6431d1244a8ae763a8d5ed74", "name": "http://hm732.com/ - v2 all and sundrie", "description": "", "modified": "2023-05-08T20:02:01.231000", "created": "2023-04-08T20:40:04.099000", "tags": [ "trojan", "chromeua", "dropped file", "optout", "runtime data", "object", "drmedgeua", "unicode", "optin", "edgeua", "span", "error", "win64", "date", "format", "addressbar", "generator", "path", "template", "suspicious", "unknown", "void", "desktop", "dark", "light", "mozilla", "this", "cookie", "meta", "iframe", "window", "legend", "null", "wind", "strings", "qakbot", "http://hm732.com/" ], "references": [ "https://hybrid-analysis.com/sample/bca1a3df6a236ec7870fbae8a5d5c5597347dad17f9b00e49c05ab1eb8e87f83/64319a805d10c703330b366e" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2345, "hostname": 951, "domain": 405, "FileHash-SHA256": 82, "FileHash-MD5": 63, "FileHash-SHA1": 61, "email": 5 }, "indicator_count": 3912, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1077 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "642fbeba84c7b4cbee43200a", "name": "https://www.microsoft.com/en-US/servicesagreement/upcoming-faq.aspx", "description": "", "modified": "2023-05-07T00:00:36.624000", "created": "2023-04-07T06:56:58.157000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "chromeua", "ansi", "dropped file", "optout", "runtime data", "object", "drmedgeua", "optin", "edgeua", "unicode", "span", "error", "generator", "void", "august", "body", "path", "close", "format", "template", "suspicious", "unknown", "critical", "addressbar", "desktop", "dark", "light", "meta", "chat", "this", "small", "june", "footer", "window", "legend", "hybrid", "click", "null", "april", "general", "strings", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/9318798ecf1cf2d52d10ec99e821454ff81196ced4cb4337dcab41b79dcca0ec/642ecd01f0ad4977b40ce225" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2400, "hostname": 730, "domain": 255, "FileHash-SHA256": 963, "email": 1, "FileHash-MD5": 50, "FileHash-SHA1": 50 }, "indicator_count": 4449, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1078 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "642db7b656049e54b2f71c20", "name": "masterkey.com.ua/download/MKClientSetup.exe - hybrid 100/100", "description": "The entire \"Ad\" eco system is compromised via all main channels , ie google, bing, msn etc utilising many top level domains and brands, its truly the biggest suppky chain attack ever known. So enormously thats its unbelievable and I guess many peeps just cant see it because its simply to overwhelming to consider a reality p plus many perhaps cant digest the advanced use of AI and self repairing neural networks along that are designed to work on standard default configs. its not till you step out of the defaults that you start to see nefariousness", "modified": "2023-05-05T16:00:23.366000", "created": "2023-04-05T18:02:30.403000", "tags": [ "dropped file", "chromeua", "runtime data", "drmedgeua", "edgeua", "generator", "win64", "null", "template", "unknown", "critical", "addressbar", "desktop", "dark", "light", "iframe", "cookie", "meta", "body", "legend", "dwis", "core", "tear", "malicious", "mozilla", "strings", "qakbot", "://masterkey.com.ua/download/MKClientSetup.exe" ], "references": [ "https://hybrid-analysis.com/sample/41859e0b198fbe88772ef12c577023c0481ec19867e410bab335e67fea87c1bb/642ca80cde2048242a0e097d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 949, "URL": 5642, "CVE": 2, "domain": 509, "FileHash-SHA256": 293, "FileHash-MD5": 550, "FileHash-SHA1": 60, "email": 5 }, "indicator_count": 8010, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1080 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "642c3e46df286e02b6685576", "name": "http://mat8a.xyz/ - IRAN", "description": "", "modified": "2023-05-04T14:02:11.229000", "created": "2023-04-04T15:12:06.538000", "tags": [ "malware", "trojan", "dropped file", "ansi", "chromeua", "optout", "runtime data", "object", "drmedgeua", "edgeua", "optin", "unicode", "error", "generator", "span", "win64", "void", "entropy", "date", "template", "unknown", "critical", "addressbar", "desktop", "dark", "light", "cookie", "cray", "smwg", "legend", "eret", "nuke", "lion", "ahav", "core", "malicious", "mozilla", "strings", "qakbot", "javascript", "http://mat8a.xyz/" ], "references": [ "http://mat8a.xyz/", "https://hybrid-analysis.com/sample/aae2d9c3cce607a9fef69337ac7924d67daa2eef5a385540445636a4e6f89bc3/6426fb0cd69b3b6b7e02b588" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2512, "hostname": 835, "domain": 233, "FileHash-SHA256": 118, "FileHash-MD5": 60, "FileHash-SHA1": 54, "email": 2 }, "indicator_count": 3814, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1081 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6428649b535c12c6f8d60b0b", "name": "http://www.xiazai99.com/down/soft9106.html", "description": "", "modified": "2023-05-01T15:05:10.466000", "created": "2023-04-01T17:06:35.022000", "tags": [ "chromeua", "ansi", "dropped file", "optout", "runtime data", "object", "drmedgeua", "optin", "edgeua", "unicode", "span", "error", "generator", "void", "path", "null", "entropy", "click", "template", "date", "unknown", "critical", "addressbar", "desktop", "dark", "light", "quicksearch", "this", "suspicious", "window", "legend", "hybrid", "hosts", "next", "main", "refresh", "hello", "voice", "malicious", "strings", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/45e147babe00d1834af72b2139dbc65043ee50cb09d1d4e470f9bd48ad50c6bf/64283fca3a07828f100b2551" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2661, "hostname": 809, "domain": 293, "FileHash-SHA256": 1040, "email": 1, "FileHash-MD5": 58, "FileHash-SHA1": 56 }, "indicator_count": 4918, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1084 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "641e0e41b1efe6e622d75902", "name": "https://login.blockchain.com/?#%2Fverify-email ->", "description": "email confirmation link sent for blockchain wallet on iphone", "modified": "2023-04-23T19:00:53.967000", "created": "2023-03-24T20:55:29.514000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "chromeua", "dropped file", "ansi", "optout", "license", "runtime data", "drmedgeua", "localappdata", "edgeua", "optin", "error", "span", "template", "unknown", "class", "window", "legend", "mexico", "hybrid", "suspicious", "general", "malicious", "close", "click", "date", "hosts", "express", "strings", "format", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/b324856ed3acdd48a6d7583e9ae0f36a110c28e6b1b185c231129dd4f88049af/640f60d8e122e6ac3a0f1d7e", "Full URL from email", "https://login.blockchain.com/?#%2Fverify-email%2FLIhC1RPA4qIlUzBPvep8xn5FkBPW4XQlsbo7MBIxQcqfNxPUykgf2GINwzEeUKYkJMV6FJbewOlqaND96%2BR7de%2Bja2BIbLW6E6ZF2zbr05wOyVqAHx7gtq6Y4bhqFinCB3PIOH%2BlVxnfVwrzIbISyMnp7mdw%2FQU5LKoGTTnPq4v1W1uPN7iQcBlIhnNQ6QwO%3Fcontext%3DSETTINGS'" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2201, "hostname": 933, "domain": 279, "FileHash-SHA256": 1027, "email": 2, "FileHash-MD5": 56, "FileHash-SHA1": 51 }, "indicator_count": 4549, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1092 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "641e0e3da4fbafac633c0124", "name": "https://login.blockchain.com/?#%2Fverify-email ->", "description": "email confirmation link sent for blockchain wallet on iphone", "modified": "2023-04-23T19:00:53.967000", "created": "2023-03-24T20:55:25.579000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "chromeua", "dropped file", "ansi", "optout", "license", "runtime data", "drmedgeua", "localappdata", "edgeua", "optin", "error", "span", "template", "unknown", "class", "window", "legend", "mexico", "hybrid", "suspicious", "general", "malicious", "close", "click", "date", "hosts", "express", "strings", "format", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/b324856ed3acdd48a6d7583e9ae0f36a110c28e6b1b185c231129dd4f88049af/640f60d8e122e6ac3a0f1d7e", "Full URL from email", "https://login.blockchain.com/?#%2Fverify-email%2FLIhC1RPA4qIlUzBPvep8xn5FkBPW4XQlsbo7MBIxQcqfNxPUykgf2GINwzEeUKYkJMV6FJbewOlqaND96%2BR7de%2Bja2BIbLW6E6ZF2zbr05wOyVqAHx7gtq6Y4bhqFinCB3PIOH%2BlVxnfVwrzIbISyMnp7mdw%2FQU5LKoGTTnPq4v1W1uPN7iQcBlIhnNQ6QwO%3Fcontext%3DSETTINGS'" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2201, "hostname": 933, "domain": 279, "FileHash-SHA256": 1027, "email": 2, "FileHash-MD5": 56, "FileHash-SHA1": 51 }, "indicator_count": 4549, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1092 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63a3b9aaaca8891186e6f7a2", "name": "vt errors on edge 21 dec 2022", "description": "var n-i,n-n, r.test, is a new type of webpack, which uses a set of rules to store data in the form of a single address, or code.", "modified": "2023-01-21T00:01:41.590000", "created": "2022-12-22T01:58:02.495000", "tags": [ "eaca", "eace", "iaca", "iace", "boolean", "object", "path", "aacf", "customevent", "string", "span", "error", "code", "virustotal", "date", "null", "contact", "blank", "close", "twitter", "unknown", "download", "this", "easy", "desktop", "body", "requires", "footer", "refresh", "patch", "write", "cobalt strike", "shell", "zero", "harmless", "main", "aalfe", "getclass", "copy", "iframe", "divi", "roboto", "insert", "template", "class", "void", "form", "back", "ransomware", "trace", "comment", "tools", "premium", "bufferwriter", "bufferreader", "array", "typeerror", "vtuibutton", "number", "typeof o", "urls", "please", "javascript", "https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d651", "https://www.virustotal.com/gui/main.900e36f7a852b9863014.js" ], "references": [ "https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js/ Depreciated", "https://www.virustotal.com/gui/main.900e36f7a852b9863014.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BufferReader", "display_name": "BufferReader", "target": null }, { "id": "BufferWriter", "display_name": "BufferWriter", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1051, "FileHash-SHA256": 204, "hostname": 275, "domain": 212, "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 1745, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628bc74f5b92614c08d99f88", "name": "Update Agent - Dinan.", "description": "", "modified": "2022-05-23T17:41:35.234000", "created": "2022-05-23T17:41:35.234000", "tags": [ "dinan", "performance", "update agent", "help center", "products", "lubricants", "engine hardware", "exhaust", "dinan dealer", "dealer login", "mini", "contact", "agent", "download", "alpha", "verdana", "arial", "opacity35", "copyright", "foundation", "opacity0", "opacity70", "opacity80", "hubspot script", "loader", "closure library", "number", "string", "regexp", "uint8array", "date", "fnumber", "aw1027984682", "xdfunction", "code", "null", "error", "activexobject", "xmlhttprequest", "android", "worker", "installtrigger", "ccon", "false", "error occured", "body", "please", "shippingphone", "event", "item", "shippingaddress", "billingphone", "promise", "click", "window", "this", "close", "model", "drop", "main", "facebook", "form", "next", "february", "april", "june", "august", "atom", "cookie", "back", "bounce", "open", "express", "spinner", "copy", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "function", "typeof module", "0x4b3a", "error message", "signifydglobal", "0x1c7d", "current order", "x0x4b3a", "gtmpkdjjpc", "host", "path", "adfunction" ], "references": [ "https://www.googletagmanager.com/gtm.js?id=GTM-PKDJJPC", "https://cdn-scripts.signifyd.com/api/script-tag.js", "https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js", "https://www.dinancars.com/assets/js/combine/min/v1653077793/e88cd3e3db8ab2b910e50cf4deb60529f/default;jquery-ui.min;js.cookie;util;nav;cart;accountfunctions;jquery.activity-indicator-1.0.0.min;drawer_plugin;floating_label_gen;jquery.autoellipsis-1.0.10;fresco;fresco-custom;isotope_imagesloaded.min;promo_autoplus_helpers;slick.min;widgets;jquery.custom-carousel;waterfall_helpers/", "https://imgs.signifyd.com/fp/tags.js?org_id=w2txo5aa&session_id=7632E9E9-DE48-41D8-9BAC-1E27A98D17EC&pageid=2", "https://www.googletagmanager.com/gtag/js?id=AW-1027984682", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027984682/?random=1653327072015&cv=9&fst=1653327072015&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=6&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa5b0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.dinancars.com%2Fabout%2F&ref=https%3A%2F%2Fwww.dinancars.com%2Fupdate-agent&tiba=About%20Dinan%20-%20Dinan&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://js.hs-scripts.com/8009596.js", "https://www.dinancars.com/assets/css/jquery-ui-custom.css", "https://www.dinancars.com/update-agent" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1806, "hostname": 682, "FileHash-SHA256": 240, "domain": 274 }, "indicator_count": 3002, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1427 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62626072973e68ce985c7a64", "name": "egihosting.com - malware", "description": "Here is the full code of the code, following the basic rules::. (t.2*o, t.3) for each of n's bizo-data-partner.", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T07:59:46.386000", "tags": [ "ui tabs", "http", "foundation", "mit license", "typeof define", "width", "ui core", "usemap", "backspace8", "comma188", "delete46", "this", "datasecret", "date", "image", "dorandvlxthvep", "click", "chat", "linux", "chrome", "safari", "konqueror", "opera", "false", "body", "regexp", "function", "typeof b", "error", "pseudo", "child", "null", "array", "sufeffxa0", "class", "void", "accept", "attr", "string", "number", "script", "copyright", "closure library", "typeerror", "symbol", "array int8array", "caregexp", "legacy", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install" ], "references": [ "xfe-URL-egihosting.com-stix2-2.1-export.json", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.googleadservices.com/pagead/conversion_async.js", "https://egihosting.com/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://egihosting.com/wp-includes/js/wp-embed.min.js?ver=4.9.20", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/530527736/?random=1650613875466&cv=9&fst=1650613875466&num=1&rdp=1&label=R7TDCJOysOMBEPjr_PwB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=5&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fegihosting.com%2F&tiba=Best%20dedicated%20server%20for%20hosting%20in%20Silicon%20Valley%20%7C%20EGI&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://egihosting.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 934, "hostname": 352, "domain": 115, "FileHash-SHA256": 120 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1428 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625f93fe2c0237a71e262354", "name": "Malware hosting - metronetinc.com", "description": "If(65535) by the end of the year, if (65534) a.sigBytes is a single word, then if, as expected, b.com(d)", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T05:02:54.354000", "tags": [ "ebattid", "click", "getclicktarget", "date", "contexttrack", "view", "installtrigger", "processlink", "typeof blog", "msie", "image", "function", "asyncfunction", "proxy", "typeof t", "symbol", "typeof n", "typeerror", "typeof window", "array", "foundation", "mit license", "http", "typeof define", "ui disable", "selection", "ui focusable", "this", "typeof module", "handles", "notice block", "dataid", "block", "desc", "ofyncl", "sorry", "cloc", "null", "object", "makes", "close", "code", "find", "typeof e", "nullt", "bottom", "left", "html", "right", "width", "next", "february", "april", "june", "august", "back", "bounce", "atom", "cookie", "must", "number", "livevalidation", "copyright", "alec hill", "modified", "oracle", "format", "email", "error", "closure library", "zindex1", "msgesture", "mspointerdown", "fnumber", "woothemes", "tyler smith", "regexp", "class", "attr", "pseudo", "child", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "ud83dudc6cud83c", "script", "boolean", "reduceright", "x3ex3cscriptx3e", "x3ex3ciframex3e", "string", "custom", "trackevent", "path", "derek", "void", "iterator", "facebook pixel", "pixel code", "facebook", "service", "phonenumber", "meta", "optin", "elqsitevisited", "qnew date", "rnew date", "dlkey", "dllookup", "httponly", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "g3xj902fy6q", "r300", "uint8array", "typeof d", "caca", "array int8array", "caregexp", "legacy", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "window", "math", "redfq", "base64", "azaz09s", "jeff mott", "https", "kenji urushima", "explorer" ], "references": [ "xfe-URL-metronetinc.com-stix2-2.1-export.json", "https://a2.adform.net/Serving/TrackPoint/?pm=508052&ADFPageName=Metronet%7CHomepage&ADFdivider=%7C&ord=735079476141&Set1=en-US%7Cen-US%7C390x844%7C32&ADFtpmode=2&loc=https%3A%2F%2Fwww.metronetinc.com%2F", "https://a2.adform.net/serving/scripts/trackpoint/async/", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.googletagmanager.com/gtag/js?id=G-3XJ902FY6Q&l=dataLayer&cx=c", "https://www.google-analytics.com/analytics.js", "https://img03.en25.com/i/elqCfg.min.js", "https://connect.facebook.net/signals/config/2196524664009793?v=2.9.57&r=stable", "https://connect.facebook.net/signals/plugins/identity.js?v=2.9.57", "https://www.googletagmanager.com/gtm.js?id=GTM-W3GQ4F", "https://static.zdassets.com/ekr/snippet.js?key=e7dd7ff5-a219-47a1-b096-069f750c234f", "https://www.metronetinc.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.4", "https://www.metronetinc.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://www.metronetinc.com/wp-content/themes/MetroNet/js/jquery.flexslider-min.js?ver=5.8.4", "https://www.metronetinc.com/wp-content/themes/MetroNet/js/flexslider-init.js?ver=5.8.4", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982771034/?random=1650430003990&cv=9&fst=1650430003990&num=1&label=Remarketing%20-%20All%20Pages&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.metronetinc.com%2F&tiba=MetroNet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%2C%20Streaming%20TV%2C", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/646812378/?random=1650430003991&cv=9&fst=1650430003991&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.metronetinc.com%2F&tiba=MetroNet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%2C%20Streaming%20TV%2C%20and%20Phone&hn=www.googleadservic", "https://www.googleadservices.com/pagead/conversion/646812378/?random=1650430003991&cv=9&fst=1650430003991&num=1&value=0&label=6dFBCIm13s4BENqltrQC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.metronetinc.com%2F&tiba=MetroNet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%2C%20Streaming%20TV%2C%20and%20Phone&", "https://bat.bing.com/p/action/140000459.js", "https://img03.en25.com/i/livevalidation_standalone.compressed.js", "https://www.metronetinc.com/wp-content/plugins/lt-ajax-mn-channelguide/jquery-ui.min.js?ver=1.2", "https://www.metronetinc.com/wp-content/plugins/lt-ajax-mn-channelguide/lt-ajax-mn-channelguide.js?ver=1.1", "https://www.metronetinc.com/wp-content/plugins/atomic-blocks/dist/assets/js/dismiss.js?ver=1625889728", "https://www.metronetinc.com/wp-includes/js/hoverIntent.min.js?ver=1.10.1", "https://www.metronetinc.com/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1", "https://www.metronetinc.com/wp-content/plugins/pixel-caffeine/build/frontend.js?ver=2.3.3", "https://stats.wp.com/e-202216.js", "https://bs.serving-sys.com/Serving/ActivityServer.bs?cn=as&ActivityID=1073779012&rnd=922949.8781851793", "https://secure-ds.serving-sys.com/SemiCachedScripts/ebAttribution.js", "https://11057407.fls.doubleclick.net/activityi;src=11057407;type=count0;cat=sitev0;ord=1;num=5426507653008;gtm=2wg4i1;auiddc=1460077727.1650429649;~oref=https%3A%2F%2Fwww.metronetinc.com%2F", "xfe-URL-bat.bing.com-stix2-2.1-export 2.json" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia", "United States of America" ], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 447, "hostname": 1241, "URL": 3731, "domain": 536 }, "indicator_count": 5955, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1430 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625f86049cb1c945f7701075", "name": "Hetzner - malware hosting", "description": "function ar(aw,av,au,at) is a new type of tracking, which uses the same code as the Matomo tracking tool and its built-up functionality to track where a tracker is located.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T04:03:16.817000", "tags": [ "param", "locale", "return", "stripped", "regexp", "html", "lang", "lightweight", "dual", "javascript i18n", "entity", "body", "meta", "typeradio", "ttav", "width", "ttaelt", "shadowwidth", "tagtotip", "html element", "shadow", "closebtncolors", "fadein", "null", "sticky", "close", "false", "path", "config", "span", "iframe", "kill", "inside", "first", "typetext", "typepassword", "input", "typeof define", "typeof module", "html tags", "px20trnf", "dom element", "date", "this", "typeof e", "function", "left", "bottom", "nullt", "right", "next", "february", "april", "june", "august", "atom", "cookie", "back", "bounce", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "error", "captcha", "access site", "click", "strong", "ddos", "hetzner online", "gmbh element", "lztextlink", "script", "lzrscr", "scrb64d", "livezilladata", "ovlcwm", "activedocument", "lzsds", "lzsde", "lzsdeg", "cant load", "gv1023", "typecheckbox", "5deg", "20deg", "45deg", "2000px00", "2000px0", "10px00", "60px0", "mintime", "await", "number", "typeof n", "typeof symbol", "cookieconsent", "showcookiemodal", "cookie banner", "agree", "agreed", "expiresthu", "anchorregex", "typeerror", "swiper", "hammer", "bnm", "software", "azaz", "form", "void", "zert", "accept", "android", "trace", "import", "string", "please", "blob", "matomo", "post", "javascript", "link", "license" ], "references": [ "xfe-IP-136.243.64.87-stix2-2.1-export.json", "https://matomo.hetzner.com/matomo.js", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://accounts.hetzner.com/login", "https://accounts.hetzner.com/build/runtime.188fa053.js", "https://accounts.hetzner.com/build/755.5a8586e9.js", "https://accounts.hetzner.com/build/app.dc073715.js", "https://accounts.hetzner.com/build/802.3a7546ef.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ActiveDocument", "display_name": "ActiveDocument", "target": null }, { "id": "OVLCWM", "display_name": "OVLCWM", "target": null }, { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "BNM", "display_name": "BNM", "target": null } ], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2308, "hostname": 949, "FileHash-SHA256": 125, "domain": 372, "FileHash-SHA1": 3, "FileHash-MD5": 256 }, "indicator_count": 4013, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1430 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625f05c71e903844d907b1ae", "name": "Russian Malware Strain", "description": "The full text of the new Dictionary of Human Rights, compiled by the Office of National Statistics (ONS), has been published on the internet, with the help of a few words: \"Glasgow\".", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T18:56:07.131000", "tags": [ "bapunycode", "s700", "array", "topmailru", "error", "tmrtmr", "rbclickid", "tmrdebug1", "tadaeaxbyb", "bbdaea", "cbdaea", "uadaea", "ver1", "typemini", "verb0", "youtube", "content", "smartbanner", "null", "text", "smart banner", "copyright", "android", "windows store", "title", "price", "click", "date", "twitter", "string", "regexp", "number", "typeerror", "symbol", "array int8array", "argument", "rafunction", "iframe", "please", "image", "v[1]-1:k+=", "dpjquery", "document", "function", "this", "left", "bottom", "html", "nulle", "next", "february", "april", "june", "august", "atom", "cookie", "back", "bounce", "attr", "class", "invalid json", "domparser", "edge", "sxa0", "qafunction", "trident", "ondomready", "make sure", "gc", "65535", "boolean", "counter", "segoe ui", "lucida", "ecommerce", "ext link", "comic", "form", "impact", "light", "bad idp", "cvtx", "bad event", "typeof b", "closure library", "f1518500249", "f1859775393", "body" ], "references": [ "xfe-IP-185.44.14.140-stix2-2.1-export 2.json", "xfe-URL-Xelent.ru-stix2-2.1-export.json", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_1?le=scs", "http://mc.yandex.ru/metrika/watch.js", "http://metrika.installtraffic.com/js/watch.js", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs", "http://loviotvet.ru/lib/jquery/jquery-1.7.2.min.js", "http://loviotvet.ru/lib/jquery-ui/jquery-ui-1.10.1.custom.min.js", "http://loviotvet.ru/lib/project/common.js", "http://loviotvet.ru/lib/fancybox/jquery.fancybox.pack.js", "https://apis.google.com/js/plusone.js", "http://loviotvet.ru/lib/smartbanner/jquery.smartbanner.js", "http://www.youtube.com/embed/MoDJIS6UH5U?rel=0", "https://top-fwz1.mail.ru/js/code.js", "https://bitrix.info/ba.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "V[1]-1:k+=", "display_name": "V[1]-1:k+=", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1987, "hostname": 733, "FileHash-SHA256": 294, "domain": 354 }, "indicator_count": 3368, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1431 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62549aabb033e7afc5069f98", "name": "Malware - victim=fr", "description": "Mme, Mlle, M. Compte, yn \u00f4l \u00c2\u00a31.5m (\u20ac2.4m; \u00e2\u201a\u00ac1m)", "modified": "2022-05-11T21:04:45.103000", "created": "2022-04-11T21:16:27.786000", "tags": [ "freebox", "free", "mois pendant", "sabonner voir", "fibre free", "la fibre", "votre", "wifi", "freebox en", "offre", "delta", "face", "prix", "date", "this", "typeof e", "true", "function", "left", "bottom", "html", "nullt", "false", "next", "february", "april", "june", "august", "atom", "cookie", "close", "null", "back", "bounce", "kolab", "target", "object", "tcfuiservice", "reflect", "typeof proxy", "boolean", "agree", "disagree", "select", "save", "learn", "click", "gnu gpl", "copyright", "javascript code", "license", "extwin1", "framed1", "roundcube", "webmail client", "script", "team", "format", "regexp", "software", "error", "pseudo", "child", "the software", "sufeffxa0", "class", "attr", "javascript", "express", "nous", "didomi", "typeof t", "hmuvfyyh", "sekindo", "lkqd", "aol cdn", "ffffff", "montserrat", "adsl", "offres adsl", "internet", "t\u00e9l\u00e9phone", "t\u00e9l\u00e9phonie", "mobiles", "forfaits mobiles", "tv", "t\u00e9l\u00e9vision", "vod", "vid\u00e9o \u00e0 la demande", "multiposte", "radio", "routeur", "freeplayer", "multiplay", "d\u00e9groupage", "total", "partiel", "e-mail", "mail", "m\u00e9l", "fournisseur d'acc\u00e8s", "i.s.p.", "isp", "internaute", "internautes", "france", "fran\u00e7ais", "zimbra", "le webmail", "free fait", "webmail imp", "cela n", "webmail zimbra", "stockage", "pour migrer", "accder", "testteltext", "sans", "testziptext", "testziptext i", "testteltext i", "typenumber", "screenh", "tvbycanal", "tvbycanal147", "tvbycanal204", "tvbycanal83", "tvbycanal80", "tvbycanal34", "4000", "typeof console", "console", "nullc", "nulld", "customevent", "msanimationend", "typeof n", "typeof r", "x20trnf", "width", "accept", "json", "moz o", "custom build", "https", "xmlhttprequest", "typeof module", "webkit", "android", "flash", "span", "un espace", "phpmysql", "helvetica" ], "references": [ "xfe-IP-212.27.63.109-stix2-2.1-export.json", "http://pageperso.free.fr/im/css/free.css", "http://passback.free.fr/pub/pp_300x250.html", "https://subscribe.free.fr/accesgratuit/index.html", "https://subscribe.free.fr/assets/js/vendor/modernizr.custom.js", "https://subscribe.free.fr/assets/js/vendor/jquery-1.9.1.min.js", "https://subscribe.free.fr/assets/js/plugins.min.js", "https://subscribe.free.fr/assets/js/vendor/wow.min.js", "https://subscribe.free.fr/assets/js/main.min.js", "https://subscribe.free.fr/assets/css/accesgratuit.min.css", "https://subscribe.free.fr/assets/css/app2.min.css", "https://webmail.free.fr/", "https://sdk.privacy-center.org/87df2f8d-232a-4617-8efc-3764b3bbd0c0/loader.js?target=webmail.free.fr", "https://webmail.free.fr/program/js/jquery.min.js?s=1510166541", "https://webmail.free.fr/program/js/app.min.js?s=1510166525", "https://sdk.privacy-center.org/ui-gdpr-en.a96c69ed0cb8f37a2deea6c49dd453517875ac60.js", "https://webmail.free.fr/plugins/jqueryui/js/jquery-ui.min.js?s=1510166524", "https://www.free.fr/freebox/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1078, "URL": 2104, "domain": 290, "FileHash-SHA256": 117, "FileHash-MD5": 4, "FileHash-SHA1": 2 }, "indicator_count": 3595, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6252f5fd2d3d29e0ac449f15", "name": "ReduceRight malware-", "description": "In e, a new RegExp, has been added to the list of properties that can be used to store information in a single place, as well as a \"sizzle\" on the side of the page.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-10T15:21:33.873000", "tags": [ "post", "regexp", "error parsing", "adresponse", "body", "typeof t", "ads returned", "bingapistraceid", "accept", "error", "azaz09", "date", "typeof e", "uint8array", "typeof module", "typeof define", "notset", "genericdata", "ipv4address", "ipv6address", "phonenumber", "reduceright", "number", "string", "g34x541384l", "r300", "copyright", "dafunction", "gafunction", "void", "function", "bootstrap", "javascript", "typeof c", "twitter", "mit license", "focus", "azaz", "this", "nullt", "bottom", "left", "html", "right", "width", "next", "february", "april", "june", "august", "null", "back", "bounce", "atom", "cookie", "close", "pseudo", "child", "sufeffxa0", "class", "attr" ], "references": [ "xfe-URL-tvsqpjwdni.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js", "https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js", "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js", "https://www.googletagmanager.com/gtag/js?id=G-34X541384L", "https://h6.msn.com/bingna/lib/aria-webjs-compact-sdk/aria-webjs-compact-sdk-1.2.1.min.js", "https://h6.msn.com/nativeads/ms-nativeads-airfind.min.js?date=2022310" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1106, "URL": 2043, "domain": 541, "FileHash-SHA256": 110 }, "indicator_count": 3800, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1440 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982771034/?random=1650430003990&cv=9&fst=1650430003990&num=1&label=Remarketing%20-%20All%20Pages&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.metronetinc.com%2F&tiba=MetroNet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%2C%20Streaming%20TV%2C", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "https://subscribe.free.fr/accesgratuit/index.html", "https://subscribe.free.fr/assets/css/accesgratuit.min.css", "https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js", "https://www.free.fr/freebox/", "https://www.dinancars.com/assets/css/jquery-ui-custom.css", "https://accounts.hetzner.com/login", "https://subscribe.free.fr/assets/css/app2.min.css", "https://sdk.privacy-center.org/ui-gdpr-en.a96c69ed0cb8f37a2deea6c49dd453517875ac60.js", "https://webmail.free.fr/program/js/app.min.js?s=1510166525", "https://hybrid-analysis.com/sample/aae2d9c3cce607a9fef69337ac7924d67daa2eef5a385540445636a4e6f89bc3/6426fb0cd69b3b6b7e02b588", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js", "xfe-URL-Xelent.ru-stix2-2.1-export.json", "https://egihosting.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4", "https://bitrix.info/ba.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/646812378/?random=1650430003991&cv=9&fst=1650430003991&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.metronetinc.com%2F&tiba=MetroNet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%2C%20Streaming%20TV%2C%20and%20Phone&hn=www.googleadservic", "https://www.metronetinc.com/wp-content/plugins/lt-ajax-mn-channelguide/jquery-ui.min.js?ver=1.2", "http://loviotvet.ru/lib/project/common.js", "http://loviotvet.ru/lib/jquery/jquery-1.7.2.min.js", "https://imgs.signifyd.com/fp/tags.js?org_id=w2txo5aa&session_id=7632E9E9-DE48-41D8-9BAC-1E27A98D17EC&pageid=2", "https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js/ Depreciated", "https://www.metronetinc.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://cdn-scripts.signifyd.com/api/script-tag.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "http://mat8a.xyz/", "https://www.dinancars.com/update-agent", "https://bat.bing.com/p/action/140000459.js", "https://accounts.hetzner.com/build/755.5a8586e9.js", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "https://www.metronetinc.com/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1", "https://www.googletagmanager.com/gtm.js?id=GTM-W3GQ4F", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027984682/?random=1653327072015&cv=9&fst=1653327072015&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=6&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa5b0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.dinancars.com%2Fabout%2F&ref=https%3A%2F%2Fwww.dinancars.com%2Fupdate-agent&tiba=About%20Dinan%20-%20Dinan&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.metronetinc.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.4", "https://www.googleadservices.com/pagead/conversion_async.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "https://www.metronetinc.com/wp-content/themes/MetroNet/js/jquery.flexslider-min.js?ver=5.8.4", "https://static.zdassets.com/ekr/snippet.js?key=e7dd7ff5-a219-47a1-b096-069f750c234f", "https://top-fwz1.mail.ru/js/code.js", "https://subscribe.free.fr/assets/js/plugins.min.js", "https://login.blockchain.com/?#%2Fverify-email%2FLIhC1RPA4qIlUzBPvep8xn5FkBPW4XQlsbo7MBIxQcqfNxPUykgf2GINwzEeUKYkJMV6FJbewOlqaND96%2BR7de%2Bja2BIbLW6E6ZF2zbr05wOyVqAHx7gtq6Y4bhqFinCB3PIOH%2BlVxnfVwrzIbISyMnp7mdw%2FQU5LKoGTTnPq4v1W1uPN7iQcBlIhnNQ6QwO%3Fcontext%3DSETTINGS'", "https://bs.serving-sys.com/Serving/ActivityServer.bs?cn=as&ActivityID=1073779012&rnd=922949.8781851793", "https://www.metronetinc.com/wp-content/plugins/pixel-caffeine/build/frontend.js?ver=2.3.3", "https://hybrid-analysis.com/sample/41859e0b198fbe88772ef12c577023c0481ec19867e410bab335e67fea87c1bb/642ca80cde2048242a0e097d", "xfe-URL-egihosting.com-stix2-2.1-export.json", "https://accounts.hetzner.com/build/802.3a7546ef.js", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_1?le=scs", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://www.metronetinc.com/wp-content/plugins/atomic-blocks/dist/assets/js/dismiss.js?ver=1625889728", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://secure-ds.serving-sys.com/SemiCachedScripts/ebAttribution.js", "https://www.virustotal.com/gui/main.900e36f7a852b9863014.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/530527736/?random=1650613875466&cv=9&fst=1650613875466&num=1&rdp=1&label=R7TDCJOysOMBEPjr_PwB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=5&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fegihosting.com%2F&tiba=Best%20dedicated%20server%20for%20hosting%20in%20Silicon%20Valley%20%7C%20EGI&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://11057407.fls.doubleclick.net/activityi;src=11057407;type=count0;cat=sitev0;ord=1;num=5426507653008;gtm=2wg4i1;auiddc=1460077727.1650429649;~oref=https%3A%2F%2Fwww.metronetinc.com%2F", "https://www.googleadservices.com/pagead/conversion/646812378/?random=1650430003991&cv=9&fst=1650430003991&num=1&value=0&label=6dFBCIm13s4BENqltrQC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.metronetinc.com%2F&tiba=MetroNet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%20%E2%80%93%20100%25%20Fiber%20Optic%20Internet%2C%20Streaming%20TV%2C%20and%20Phone&", "http://mc.yandex.ru/metrika/watch.js", "https://www.metronetinc.com/wp-content/plugins/lt-ajax-mn-channelguide/lt-ajax-mn-channelguide.js?ver=1.1", "https://a2.adform.net/serving/scripts/trackpoint/async/", "https://subscribe.free.fr/assets/js/vendor/wow.min.js", "https://accounts.hetzner.com/build/app.dc073715.js", "https://www.metronetinc.com/wp-includes/js/hoverIntent.min.js?ver=1.10.1", "https://subscribe.free.fr/assets/js/main.min.js", "https://hybrid-analysis.com/sample/45e147babe00d1834af72b2139dbc65043ee50cb09d1d4e470f9bd48ad50c6bf/64283fca3a07828f100b2551", "https://www.googletagmanager.com/gtm.js?id=GTM-PKDJJPC", "https://accounts.hetzner.com/build/runtime.188fa053.js", "http://loviotvet.ru/lib/smartbanner/jquery.smartbanner.js", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json", "https://subscribe.free.fr/assets/js/vendor/modernizr.custom.js", "http://loviotvet.ru/lib/fancybox/jquery.fancybox.pack.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "http://loviotvet.ru/lib/jquery-ui/jquery-ui-1.10.1.custom.min.js", "https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js", "xfe-IP-185.44.14.140-stix2-2.1-export 2.json", "https://www.google-analytics.com/analytics.js", "https://matomo.hetzner.com/matomo.js", "xfe-IP-212.27.63.109-stix2-2.1-export.json", "xfe-URL-metronetinc.com-stix2-2.1-export.json", "http://passback.free.fr/pub/pp_300x250.html", "https://stats.wp.com/e-202216.js", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json", "xfe-URL-bat.bing.com-stix2-2.1-export 2.json", "https://img03.en25.com/i/elqCfg.min.js", "https://webmail.free.fr/", "https://hybrid-analysis.com/sample/9318798ecf1cf2d52d10ec99e821454ff81196ced4cb4337dcab41b79dcca0ec/642ecd01f0ad4977b40ce225", "https://connect.facebook.net/signals/config/2196524664009793?v=2.9.57&r=stable", "https://hybrid-analysis.com/sample/bca1a3df6a236ec7870fbae8a5d5c5597347dad17f9b00e49c05ab1eb8e87f83/64319a805d10c703330b366e", "xfe-IP-136.243.64.87-stix2-2.1-export.json", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs", "http://pageperso.free.fr/im/css/free.css", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://egihosting.com/wp-includes/js/wp-embed.min.js?ver=4.9.20", "xfe-URL-tvsqpjwdni.com-stix2-2.1-export.json", "https://subscribe.free.fr/assets/js/vendor/jquery-1.9.1.min.js", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "https://www.googletagmanager.com/gtag/js?id=G-3XJ902FY6Q&l=dataLayer&cx=c", "https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js", "https://h6.msn.com/bingna/lib/aria-webjs-compact-sdk/aria-webjs-compact-sdk-1.2.1.min.js", "https://www.googletagmanager.com/gtag/js?id=AW-1027984682", "https://egihosting.com/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://js.hs-scripts.com/8009596.js", "https://www.dinancars.com/assets/js/combine/min/v1653077793/e88cd3e3db8ab2b910e50cf4deb60529f/default;jquery-ui.min;js.cookie;util;nav;cart;accountfunctions;jquery.activity-indicator-1.0.0.min;drawer_plugin;floating_label_gen;jquery.autoellipsis-1.0.10;fresco;fresco-custom;isotope_imagesloaded.min;promo_autoplus_helpers;slick.min;widgets;jquery.custom-carousel;waterfall_helpers/", "https://hybrid-analysis.com/sample/b324856ed3acdd48a6d7583e9ae0f36a110c28e6b1b185c231129dd4f88049af/640f60d8e122e6ac3a0f1d7e", "https://connect.facebook.net/signals/plugins/identity.js?v=2.9.57", "http://metrika.installtraffic.com/js/watch.js", "https://img03.en25.com/i/livevalidation_standalone.compressed.js", "https://webmail.free.fr/plugins/jqueryui/js/jquery-ui.min.js?s=1510166524", "https://sdk.privacy-center.org/87df2f8d-232a-4617-8efc-3764b3bbd0c0/loader.js?target=webmail.free.fr", "https://a2.adform.net/Serving/TrackPoint/?pm=508052&ADFPageName=Metronet%7CHomepage&ADFdivider=%7C&ord=735079476141&Set1=en-US%7Cen-US%7C390x844%7C32&ADFtpmode=2&loc=https%3A%2F%2Fwww.metronetinc.com%2F", "http://www.youtube.com/embed/MoDJIS6UH5U?rel=0", "https://www.metronetinc.com/wp-content/themes/MetroNet/js/flexslider-init.js?ver=5.8.4", "https://webmail.free.fr/program/js/jquery.min.js?s=1510166541", "https://www.googletagmanager.com/gtag/js?id=G-34X541384L", "https://h6.msn.com/nativeads/ms-nativeads-airfind.min.js?date=2022310", "https://apis.google.com/js/plusone.js", "Full URL from email" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Bufferwriter", "V[1]-1:k+=", "Ovlcwm", "Bufferreader", "Hammer", "Reduceright", "Gc", "Bnm", "Activedocument" ], "industries": [], "unique_indicators": 54207 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/tabs.map", "whois": "http://whois.domaintools.com/tabs.map", "domain": "tabs.map", "hostname": "e.tabs.map" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 25, "pulses": [ { "id": "69c1bd40f81db45dc044697c", "name": "Masterkey Clone By CallmeDoris", "description": "", "modified": "2026-03-23T22:22:56.940000", "created": "2026-03-23T22:22:56.940000", "tags": [ "dropped file", "chromeua", "runtime data", "drmedgeua", "edgeua", "generator", "win64", "null", "template", "unknown", "critical", "addressbar", "desktop", "dark", "light", "iframe", "cookie", "meta", "body", "legend", "dwis", "core", "tear", "malicious", "mozilla", "strings", "qakbot", "://masterkey.com.ua/download/MKClientSetup.exe" ], "references": [ "https://hybrid-analysis.com/sample/41859e0b198fbe88772ef12c577023c0481ec19867e410bab335e67fea87c1bb/642ca80cde2048242a0e097d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": "642db7b656049e54b2f71c20", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 949, "URL": 5642, "CVE": 2, "domain": 509, "FileHash-SHA256": 293, "FileHash-MD5": 550, "FileHash-SHA1": 60, "email": 5 }, "indicator_count": 8010, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "26 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6892e73b32af18aa302df0dc", "name": "Part 1.5", "description": "Dark web media \u2022 Political news \u2022 Malvertizing\nlocate \u2022\ntrack [stalk] \u2022 record calls \u2022 control media [youtube , etc] http://t.name?n[++i]=e:this.removeEventListener\t\t\nJeeng &\nPowebox [ accidentally left out in original post pulse]", "modified": "2025-09-05T04:03:06.929000", "created": "2025-08-06T05:25:15.369000", "tags": [ "chromeua", "optout", "object", "path", "value", "access type", "setval", "windir", "localappdata", "null", "win64", "error", "generator", "close", "roboto", "date", "format", "light", "span", "template", "void", "android", "body", "trident", "mexico", "sonic", "black", "critical", "desktop", "dark", "meta", "this", "june", "hybrid", "apache", "write", "crypto", "autodetect", "face", "courier", "gigi", "impact", "shadow", "click", "strings", "cray", "smwg", "eret", "footer", "infinity", "window", "canvas", "legend", "nuke", "lion", "4629", "ahav", "olsa", "false", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "spawns", "defense evasion", "t1480 execution", "file defense", "copy md5", "copy sha1", "copy sha256", "sha1", "sha256", "script", "mitre att", "pattern match", "show technique", "iframe", "refresh", "august", "general", "local", "tools", "demo", "look", "verify", "restart", "url http", "small", "pulses url", "tellyoun", "showing", "entries", "url https", "indicator role", "title added", "active related", "type indicator", "role title", "added active", "related pulses", "cc08", "f06a6b", "sfurl", "filehashsha256", "types", "indicators show", "search", "pulses", "filehashsha1", "adversaries", "found", "webp image", "ascii text", "riff", "size", "encrypt", "legacy", "filehashmd5", "united", "flag", "server", "markmonitor", "name server", "llc name", "overview dns", "requests domain", "country", "win32", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "medium risk", "yara", "detections", "malware", "copy", "show", "icmp traffic", "packing t1045", "t1045", "pdb path", "pe resource", "extraction", "data upload", "enter sc", "type", "extra data", "please", "failed", "review", "exclude data", "included review", "ic data", "suggeste", "stop", "type onow", "domain", "passive dns", "urls", "files related", "pulses none", "related tags", "none google", "safe browsing", "sc data", "extr amanuav", "review included", "manualy", "sugges excluded", "filehash", "md5 add", "pulse pulses", "url add", "http", "hostname", "files domain", "pulses otx", "virustotal", "hsmi192547107", "pulses hostname", "r dec", "customer dec", "iski dec", "decision dec", "va dec", "bitcoin", "bitcoin dec", "petra", "torstatus dec", "paul dec", "sodesc", "planet dec", "emilia", "heroin dec", "difference dec", "palantir dec", "loraxlive dec", "chaturbate dec", "sandra", "free dec", "marvel dec", "benjis dec", "fresh dec", "sodesc dec", "srdirport", "srhostname", "link dec", "types of", "italy", "china", "australia", "france", "turkey", "discovery", "information", "ck ids", "t1005", "local system", "t1007", "system service", "part", "track", "locate", "political", "civil society", "news", "created", "hours ago", "report spam", "t1555", "password", "t1560", "collected data", "t1573", "channel", "t1574", "execution flow", "scan", "iocs", "t1497", "u0lhmq", "mtawmq", "t1480", "guardrails", "t1486", "data encrypted", "learn more", "unsubscribe aug", "protocol", "t1074", "staged", "t1083", "t1102", "web service", "t1105", "tool transfer", "t1140", "data engineer", "candidate", "tlsv1", "odigicert inc", "stcalifornia", "lsan jose", "oadobe systems", "incorporated", "cndigicert sha2", "push", "next", "high", "write c", "ireland as16509", "delete", "dirty", "tags", "t1012", "flow endpoint", "security scan", "t1106", "copyright", "levelblue" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 608, "FileHash-SHA1": 433, "FileHash-SHA256": 3663, "URL": 17104, "domain": 1316, "email": 39, "hostname": 4208, "SSLCertFingerprint": 17 }, "indicator_count": 27388, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "226 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6892a73593f73dfc969779b0", "name": "Part I | Track | Locate | Political & Civil society \u2018news\u2019 campaigns", "description": "Part I | Track | Locate | Political & Civil society \u2018news\u2019 campaigns\n*[ddddd.msg]\n[http://tracking.eu1.glintinc.com]\n[stormer5v52vjsw66jmds7ndeecudq444woadhzr2plxlaayexnh6eqd]\n[stackstorm.ops.dev.az.glintinc.com]\n\u2022 http://stormer5v52vjsw66jmds7ndeecudq444woadhzr2plxlaayexnh6eqd.onion/peter-thiel-running-database-to-root-out-those-disloyal-to-the-leader/\\n \u2022\n[http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-at-concentra/360]\n[http://pixelrz.com/lists/keywords/tsara-brashears-dead/360]", "modified": "2025-09-05T00:03:23.223000", "created": "2025-08-06T00:52:05.051000", "tags": [ "url http", "small", "indicator role", "title added", "active related", "pulses hostname", "tellyoun", "n aug", "entries", "data upload", "extraction", "windows error", "june", "fwd urgent", "justice czech", "copy sha256", "rejectedfailed", "timestamp input", "message status", "actions august", "file", "actions june", "actions may", "cta4 https", "context related", "associated urls", "campaigncodedsc", "language", "uid http", "community", "sha256", "size42b type", "submitted", "august", "april", "internal error", "previous1", "iframe", "community score", "scan analysis", "malicious", "intelligence", "learn", "falcon sandbox", "submissions", "status", "adversaries", "ck id", "name tactics", "suspicious", "informative", "defense evasion", "windows folder", "found", "dlls", "impact", "chromeua", "optout", "object", "path", "value", "access type", "setval", "windir", "localappdata", "null", "win64", "error", "generator", "close", "roboto", "date", "format", "light", "span", "template", "void", "android", "body", "trident", "mexico", "sonic", "black", "critical", "desktop", "dark", "meta", "this", "hybrid", "apache", "write", "crypto", "autodetect", "face", "courier", "gigi", "shadow", "click", "strings", "cray", "smwg", "eret", "footer", "infinity", "window", "canvas", "legend", "nuke", "lion", "4629", "ahav", "olsa", "false" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 9062, "domain": 707, "hostname": 2318, "FileHash-MD5": 86, "FileHash-SHA1": 26, "FileHash-SHA256": 2096, "email": 5, "FilePath": 2, "URI": 1 }, "indicator_count": 14303, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "226 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709929c16e0817dea8f7ff", "name": "https://www.microsoft.com/en-US/servicesagreement/upcoming-faq.aspx", "description": "", "modified": "2023-12-06T15:54:17.119000", "created": "2023-12-06T15:54:17.119000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 963, "domain": 255, "hostname": 730, "URL": 2400, "FileHash-MD5": 50, "FileHash-SHA1": 50, "email": 1 }, "indicator_count": 4449, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657099064c0c0aa442282397", "name": "http://www.xiazai99.com/down/soft9106.html", "description": "", "modified": "2023-12-06T15:53:42.077000", "created": "2023-12-06T15:53:42.077000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1040, "domain": 293, "FileHash-MD5": 58, "FileHash-SHA1": 56, "hostname": 809, "URL": 2661, "email": 1 }, "indicator_count": 4918, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657098f7a0c84c2c55585e87", "name": "https://login.blockchain.com/?#%2Fverify-email ->", "description": "", "modified": "2023-12-06T15:53:27.118000", "created": "2023-12-06T15:53:27.118000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 279, "FileHash-SHA256": 1027, "hostname": 933, "URL": 2201, "FileHash-MD5": 56, "FileHash-SHA1": 51, "email": 2 }, "indicator_count": 4549, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657098f2c33d291538754bc7", "name": "https://login.blockchain.com/?#%2Fverify-email ->", "description": "", "modified": "2023-12-06T15:53:22.011000", "created": "2023-12-06T15:53:22.011000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 279, "FileHash-SHA256": 1027, "hostname": 933, "URL": 2201, "FileHash-MD5": 56, "FileHash-SHA1": 51, "email": 2 }, "indicator_count": 4549, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c68b4f63f4ac0d16ff5", "name": "egihosting.com - malware", "description": "", "modified": "2023-12-06T14:59:52.017000", "created": "2023-12-06T14:59:52.017000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 120, "hostname": 352, "domain": 115, "URL": 934 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c27074200c710e3b35c", "name": "Malware hosting - metronetinc.com", "description": "", "modified": "2023-12-06T14:58:47.235000", "created": "2023-12-06T14:58:47.235000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 447, "hostname": 1241, "domain": 536, "URL": 3731 }, "indicator_count": 5955, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708b77797823dea739cc25", "name": "ReduceRight malware-", "description": "", "modified": "2023-12-06T14:55:51.023000", "created": "2023-12-06T14:55:51.023000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 110, "domain": 541, "URL": 2043, "hostname": 1106 }, "indicator_count": 3800, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://e.tabs.map", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://e.tabs.map", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776631341.5824287 }