{
"type": "URL",
"indicator": "https://eu.m.z.call",
"general": {
"sections": [
"general",
"url_list",
"http_scans",
"screenshot"
],
"indicator": "https://eu.m.z.call",
"type": "url",
"type_title": "URL",
"validation": [],
"base_indicator": {
"id": 3155704343,
"indicator": "https://eu.m.z.call",
"type": "URL",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 50,
"pulses": [
{
"id": "68abf75bf3b03b94a6762409",
"name": "(Repost) How to connect listeners to e.intercom | serverhub.com eonix.net",
"description": "",
"modified": "2025-08-25T05:40:43.552000",
"created": "2025-08-25T05:40:43.552000",
"tags": [
"context",
"error",
"ajaxupdate",
"request",
"requestdata",
"name",
"xoctoberassets",
"datarequest",
"typesubmit",
"typetext",
"click",
"function",
"typeof c",
"bootstrap",
"javascript",
"azaz",
"popover",
"typeof f",
"typeof g",
"typeof h",
"vui",
"anda",
"tente",
"outubro",
"trackingclient",
"srpanj",
"rabu",
"vasaris",
"image",
"typeof atrkopts",
"800px",
"40px",
"i18n",
"blockedemail",
"typeof i18n",
"hubspot",
"captcha",
"date",
"please",
"april",
"august",
"close",
"february",
"june",
"form",
"klik",
"download",
"window",
"this",
"next",
"null",
"blank",
"este",
"anna",
"rserver",
"mais",
"void",
"object",
"typeerror",
"array",
"symbol",
"bound",
"typeof window",
"typeof t",
"invalid path",
"unknown method",
"phonenumber",
"ninja",
"typeof e",
"edge",
"dataname",
"intercom",
"typeof symbol",
"apple",
"webkiti",
"criosi",
"trident"
],
"references": [
"xfe-URL-Eonix.net-stix2-2.1-export.json",
"xfe-URL-Serverhub.com-stix2-2.1-export.json",
"xfe-URL-Enom.com-stix2-2.1-export 2.json",
"https://widget.intercom.io/widget/rbc8ok9w",
"https://js.hscollectedforms.net/collectedforms.js",
"https://js.hsleadflows.net/leadflows.js",
"https://d31qbv1cthcecs.cloudfront.net/atrk.js",
"https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688",
"https://serverhub.com/modules/system/assets/js/framework.js",
"https://js.hs-scripts.com/3844463.js",
"xfe-URL-Cloudfront.net-stix2-2.1-export.json",
"xfe-URL-Intercom.io-stix2-2.1-export.json"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Vui",
"display_name": "Vui",
"target": null
},
{
"id": "Outubro",
"display_name": "Outubro",
"target": null
},
{
"id": "Tente",
"display_name": "Tente",
"target": null
},
{
"id": "Anda",
"display_name": "Anda",
"target": null
},
{
"id": "Vasaris",
"display_name": "Vasaris",
"target": null
},
{
"id": "Rabu",
"display_name": "Rabu",
"target": null
},
{
"id": "Srpanj",
"display_name": "Srpanj",
"target": null
},
{
"id": "TrackingClient",
"display_name": "TrackingClient",
"target": null
}
],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": "62719a4dec6d0aa4631b9b2f",
"export_count": 14,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 5708,
"hostname": 1541,
"FileHash-SHA256": 876,
"domain": 915,
"CVE": 1,
"FileHash-MD5": 1
},
"indicator_count": 9042,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "237 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6570a958f96f9b29641ea020",
"name": "Fitbit app link IoC's",
"description": "",
"modified": "2023-12-06T17:03:20.219000",
"created": "2023-12-06T17:03:20.219000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 17,
"FileHash-SHA256": 3730,
"hostname": 1052,
"domain": 446,
"URL": 2806,
"FileHash-MD5": 173,
"FileHash-SHA1": 168,
"email": 1
},
"indicator_count": 8393,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 111,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6570a927b24b94cdd5d344d1",
"name": "Fitbit app link IoC's",
"description": "",
"modified": "2023-12-06T17:02:31.854000",
"created": "2023-12-06T17:02:31.854000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 17,
"FileHash-SHA256": 3730,
"hostname": 1052,
"domain": 446,
"URL": 2806,
"FileHash-MD5": 173,
"FileHash-SHA1": 168,
"email": 1
},
"indicator_count": 8393,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 111,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "657098ff4c59f8ac3f86f613",
"name": "v2 of web.basemark.com plus all suggested ioc,s dont forget about the dropped js files from the 2nd hybrid link",
"description": "",
"modified": "2023-12-06T15:53:35.032000",
"created": "2023-12-06T15:53:35.032000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1168,
"hostname": 1366,
"domain": 412,
"URL": 3576,
"email": 2,
"FileHash-MD5": 61,
"FileHash-SHA1": 54
},
"indicator_count": 6639,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708ed8f7d4b5483117bb66",
"name": "abuse.ch",
"description": "",
"modified": "2023-12-06T15:10:16.397000",
"created": "2023-12-06T15:10:16.397000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 223,
"domain": 383,
"URL": 1639,
"hostname": 560,
"email": 1,
"FileHash-MD5": 2
},
"indicator_count": 2808,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 114,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708e2d7cb4228401888b63",
"name": "possibly a central bank",
"description": "",
"modified": "2023-12-06T15:07:25.990000",
"created": "2023-12-06T15:07:25.990000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 622,
"domain": 2558,
"URL": 4203,
"hostname": 1221,
"CVE": 1
},
"indicator_count": 8605,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708e0d95a8c74cc715f7a2",
"name": "West.cn",
"description": "",
"modified": "2023-12-06T15:06:53.350000",
"created": "2023-12-06T15:06:53.350000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 208,
"domain": 533,
"hostname": 757,
"URL": 1861,
"FileHash-MD5": 1
},
"indicator_count": 3360,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708d657f0895a860febf8f",
"name": "SafeFrame Container",
"description": "",
"modified": "2023-12-06T15:04:05.932000",
"created": "2023-12-06T15:04:05.932000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1416,
"domain": 2979,
"URL": 8250,
"hostname": 2262
},
"indicator_count": 14907,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708d2dc7aa57db55aab29c",
"name": "serverhub.com eonix.net",
"description": "",
"modified": "2023-12-06T15:03:09.373000",
"created": "2023-12-06T15:03:09.373000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"FileHash-SHA256": 876,
"URL": 5708,
"hostname": 1541,
"domain": 915,
"FileHash-MD5": 1
},
"indicator_count": 9042,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c8a9635f156e79238f1",
"name": "intel gained from a spam text",
"description": "",
"modified": "2023-12-06T15:00:26.727000",
"created": "2023-12-06T15:00:26.727000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"FileHash-SHA256": 823,
"domain": 717,
"URL": 2245,
"hostname": 615,
"email": 4,
"FileHash-MD5": 5,
"FileHash-SHA1": 1
},
"indicator_count": 4411,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c712f63f24552fa3e38",
"name": "bgp.net malicious hosting",
"description": "",
"modified": "2023-12-06T15:00:01.600000",
"created": "2023-12-06T15:00:01.600000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 173,
"hostname": 417,
"URL": 1208,
"domain": 267,
"CVE": 1
},
"indicator_count": 2066,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c534aadf7adf4f27d77",
"name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation",
"description": "",
"modified": "2023-12-06T14:59:31.122000",
"created": "2023-12-06T14:59:31.122000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 302,
"domain": 634,
"URL": 2988,
"hostname": 1208
},
"indicator_count": 5132,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c13ee010f81d3f9b3af",
"name": "Malware hosting - hostrocket.com",
"description": "",
"modified": "2023-12-06T14:58:27.115000",
"created": "2023-12-06T14:58:27.115000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 232,
"hostname": 963,
"domain": 412,
"URL": 2337,
"email": 3,
"FileHash-MD5": 1,
"FileHash-SHA1": 1
},
"indicator_count": 3949,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c0791fece390b1a096e",
"name": "Choopa.com - vultr",
"description": "",
"modified": "2023-12-06T14:58:15.734000",
"created": "2023-12-06T14:58:15.734000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 453,
"hostname": 1241,
"domain": 430,
"URL": 3454
},
"indicator_count": 5578,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c01dca4e6c505e4fca0",
"name": "Hostgator - whitelisted",
"description": "",
"modified": "2023-12-06T14:58:09.135000",
"created": "2023-12-06T14:58:09.135000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 692,
"hostname": 1339,
"domain": 1260,
"URL": 4622,
"FileHash-MD5": 3,
"FileHash-SHA1": 1
},
"indicator_count": 7917,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708aa1dca4e6c505e4fc9e",
"name": "Botnet c&c",
"description": "",
"modified": "2023-12-06T14:52:16.286000",
"created": "2023-12-06T14:52:16.286000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 214,
"hostname": 334,
"URL": 1182,
"FileHash-SHA256": 33
},
"indicator_count": 1763,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "657080d20f7e10c1e37fcf89",
"name": "TarrantCounty.com ~ 03.01.2022",
"description": "",
"modified": "2023-12-06T14:10:26.301000",
"created": "2023-12-06T14:10:26.301000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1078,
"domain": 838,
"hostname": 1607,
"URL": 4134,
"email": 3,
"FileHash-SHA1": 2,
"CIDR": 4,
"FileHash-MD5": 15
},
"indicator_count": 7681,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "657080735501c11ddbb7a988",
"name": "Dominionvoting.com 03.03.22",
"description": "",
"modified": "2023-12-06T14:08:51.329000",
"created": "2023-12-06T14:08:51.329000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 663,
"hostname": 588,
"domain": 413,
"URL": 2183,
"FileHash-MD5": 7
},
"indicator_count": 3854,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6570805953274b32ec1f981b",
"name": "Votebuilder.com",
"description": "",
"modified": "2023-12-06T14:08:25.588000",
"created": "2023-12-06T14:08:25.588000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 869,
"domain": 834,
"URL": 4755,
"hostname": 1559,
"CIDR": 2,
"FileHash-MD5": 10
},
"indicator_count": 8029,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65707e5b7df6f60133e8fb50",
"name": "Jeeng / Powerbox",
"description": "",
"modified": "2023-12-06T13:59:55.129000",
"created": "2023-12-06T13:59:55.129000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 3,
"FileHash-SHA256": 9072,
"domain": 2500,
"hostname": 3584,
"URL": 13548,
"FileHash-MD5": 197,
"FileHash-SHA1": 162,
"email": 19,
"CIDR": 20,
"SSLCertFingerprint": 2,
"BitcoinAddress": 1
},
"indicator_count": 29108,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "653f147a7e55dd916fe9e3e2",
"name": "Fitbit app link IoC's",
"description": "",
"modified": "2023-11-13T22:04:06.580000",
"created": "2023-10-30T02:27:06.140000",
"tags": [
"ssl certificate",
"contacted",
"contacted urls",
"referrer",
"march",
"historical ssl",
"whois sslcert",
"suspicious",
"execution",
"malware",
"core",
"name verdict",
"falco",
"pattern match",
"ascii text",
"file",
"png image",
"sdcwhb",
"windows nt",
"jpeg image",
"jfif",
"appdata",
"kg2exe",
"date",
"unknown",
"general",
"hybrid",
"this",
"click",
"strings",
"class",
"critical",
"error",
"zfaoz",
"falcon sandbox",
"exit",
"node tcp",
"traffic",
"et tor",
"known tor",
"relayrouter",
"tor known",
"tor relayrouter",
"detection list",
"ip address",
"cisco umbrella",
"heur",
"site",
"safe site",
"alexa top",
"million",
"maltiverse",
"malicious url",
"malicious site",
"unsafe",
"riskware",
"swrort",
"downldr",
"artemis",
"team",
"phishing",
"iframe",
"crack",
"xrat",
"installcore",
"facebook",
"bank",
"opencandy",
"nircmd",
"exploit",
"filetour",
"cleaner",
"wacatac",
"win64",
"unruy",
"blacknet rat",
"stealer",
"azorult",
"service",
"runescape",
"download",
"tiggre",
"presenoker",
"conduit",
"xtrat",
"agent",
"patcher",
"adload",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"adaptivebee",
"iobit",
"dropper",
"trojanx",
"webshell",
"adposhel",
"union",
"trojanspy",
"webtoolbar",
"blacklist https",
"blacklist",
"command_and_control",
"Fitbit",
"hidden tear",
"google",
"spyware",
"potentially unwanted progams",
"network",
"bundlers",
"aware"
],
"references": [
"https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile",
"https://www.hybrid-analysis.com/sample/1e5fe7747a445f340ed8db6bd946b6fb2cf2db123b08c3ac818cb8a1c2ae28d0"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "ZfAoz",
"display_name": "ZfAoz",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "MediaMagnet",
"display_name": "MediaMagnet",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "WisdomEyes.16070401.9500",
"display_name": "WisdomEyes.16070401.9500",
"target": null
},
{
"id": "Wacatac",
"display_name": "Wacatac",
"target": null
},
{
"id": "Trojan:Win32/Tiggre",
"display_name": "Trojan:Win32/Tiggre",
"target": "/malware/Trojan:Win32/Tiggre"
},
{
"id": "Unruy",
"display_name": "Unruy",
"target": null
},
{
"id": "BlackNET RAT",
"display_name": "BlackNET RAT",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1114",
"name": "Email Collection",
"display_name": "T1114 - Email Collection"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "652b2a8048e6a285461c4a5d",
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 1052,
"FileHash-MD5": 173,
"FileHash-SHA1": 168,
"FileHash-SHA256": 3730,
"URL": 2806,
"domain": 446,
"CVE": 17,
"email": 1
},
"indicator_count": 8393,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 218,
"modified_text": "888 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "652b2a8048e6a285461c4a5d",
"name": "Fitbit app link IoC's",
"description": "Critical. Fitbit download link found in Google search results.\n[https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile]\n\nBlackNET is a Remote Access Trojan (RAT) - Advanced Windows Botnet.\nCapabilities: stealing/grabbing files and passwords, keylogging, cryptojacking, loading files, executing commands, etc. \n\nOpenCandy , PUP\nCapabilities: Browser home page hijacker, installs unwanted toolbars, plug-ins, and extensions to web browsers, collects information, user\u2019s surfing habits, distribution to third parties without user consent.\n\nProcess Injection: Privilege escalation adversaries use to inject arbitrary code.",
"modified": "2023-11-13T22:04:06.580000",
"created": "2023-10-14T23:55:42.972000",
"tags": [
"ssl certificate",
"contacted",
"contacted urls",
"referrer",
"march",
"historical ssl",
"whois sslcert",
"suspicious",
"execution",
"malware",
"core",
"name verdict",
"falco",
"pattern match",
"ascii text",
"file",
"png image",
"sdcwhb",
"windows nt",
"jpeg image",
"jfif",
"appdata",
"kg2exe",
"date",
"unknown",
"general",
"hybrid",
"this",
"click",
"strings",
"class",
"critical",
"error",
"zfaoz",
"falcon sandbox",
"exit",
"node tcp",
"traffic",
"et tor",
"known tor",
"relayrouter",
"tor known",
"tor relayrouter",
"detection list",
"ip address",
"cisco umbrella",
"heur",
"site",
"safe site",
"alexa top",
"million",
"maltiverse",
"malicious url",
"malicious site",
"unsafe",
"riskware",
"swrort",
"downldr",
"artemis",
"team",
"phishing",
"iframe",
"crack",
"xrat",
"installcore",
"facebook",
"bank",
"opencandy",
"nircmd",
"exploit",
"filetour",
"cleaner",
"wacatac",
"win64",
"unruy",
"blacknet rat",
"stealer",
"azorult",
"service",
"runescape",
"download",
"tiggre",
"presenoker",
"conduit",
"xtrat",
"agent",
"patcher",
"adload",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"adaptivebee",
"iobit",
"dropper",
"trojanx",
"webshell",
"adposhel",
"union",
"trojanspy",
"webtoolbar",
"blacklist https",
"blacklist",
"command_and_control",
"Fitbit",
"hidden tear",
"google",
"spyware",
"potentially unwanted progams",
"network",
"bundlers",
"aware"
],
"references": [
"https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile",
"https://www.hybrid-analysis.com/sample/1e5fe7747a445f340ed8db6bd946b6fb2cf2db123b08c3ac818cb8a1c2ae28d0"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "ZfAoz",
"display_name": "ZfAoz",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "MediaMagnet",
"display_name": "MediaMagnet",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "WisdomEyes.16070401.9500",
"display_name": "WisdomEyes.16070401.9500",
"target": null
},
{
"id": "Wacatac",
"display_name": "Wacatac",
"target": null
},
{
"id": "Trojan:Win32/Tiggre",
"display_name": "Trojan:Win32/Tiggre",
"target": "/malware/Trojan:Win32/Tiggre"
},
{
"id": "Unruy",
"display_name": "Unruy",
"target": null
},
{
"id": "BlackNET RAT",
"display_name": "BlackNET RAT",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1114",
"name": "Email Collection",
"display_name": "T1114 - Email Collection"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 18,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 1052,
"FileHash-MD5": 173,
"FileHash-SHA1": 168,
"FileHash-SHA256": 3730,
"URL": 2806,
"domain": 446,
"CVE": 17,
"email": 1
},
"indicator_count": 8393,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 228,
"modified_text": "888 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "652b2a50c4487060d52346fd",
"name": "Fitbit app link IoC's",
"description": "Critical. Fitbit download link found in Google search results.\n[https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile]\n\nBlackNET is a Remote Access Trojan (RAT) - Advanced Windows Botnet.\nCapabilities: stealing/grabbing files and passwords, keylogging, cryptojacking, loading files, executing commands, etc. \n\nOpenCandy , PUP\nCapabilities: Browser home page hijacker, installs unwanted toolbars, plug-ins, and extensions to web browsers, collects information, user\u2019s surfing habits, distribution to third parties without user consent.\n\nProcess Injection: Privilege escalation adversaries use to inject arbitrary code.",
"modified": "2023-11-13T22:04:06.580000",
"created": "2023-10-14T23:54:55.973000",
"tags": [
"ssl certificate",
"contacted",
"contacted urls",
"referrer",
"march",
"historical ssl",
"whois sslcert",
"suspicious",
"execution",
"malware",
"core",
"name verdict",
"falco",
"pattern match",
"ascii text",
"file",
"png image",
"sdcwhb",
"windows nt",
"jpeg image",
"jfif",
"appdata",
"kg2exe",
"date",
"unknown",
"general",
"hybrid",
"this",
"click",
"strings",
"class",
"critical",
"error",
"zfaoz",
"falcon sandbox",
"exit",
"node tcp",
"traffic",
"et tor",
"known tor",
"relayrouter",
"tor known",
"tor relayrouter",
"detection list",
"ip address",
"cisco umbrella",
"heur",
"site",
"safe site",
"alexa top",
"million",
"maltiverse",
"malicious url",
"malicious site",
"unsafe",
"riskware",
"swrort",
"downldr",
"artemis",
"team",
"phishing",
"iframe",
"crack",
"xrat",
"installcore",
"facebook",
"bank",
"opencandy",
"nircmd",
"exploit",
"filetour",
"cleaner",
"wacatac",
"win64",
"unruy",
"blacknet rat",
"stealer",
"azorult",
"service",
"runescape",
"download",
"tiggre",
"presenoker",
"conduit",
"xtrat",
"agent",
"patcher",
"adload",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"adaptivebee",
"iobit",
"dropper",
"trojanx",
"webshell",
"adposhel",
"union",
"trojanspy",
"webtoolbar",
"blacklist https",
"blacklist",
"command_and_control",
"Fitbit",
"hidden tear",
"google",
"spyware",
"potentially unwanted progams",
"network",
"bundlers",
"aware"
],
"references": [
"https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile",
"https://www.hybrid-analysis.com/sample/1e5fe7747a445f340ed8db6bd946b6fb2cf2db123b08c3ac818cb8a1c2ae28d0"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "ZfAoz",
"display_name": "ZfAoz",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "MediaMagnet",
"display_name": "MediaMagnet",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "WisdomEyes.16070401.9500",
"display_name": "WisdomEyes.16070401.9500",
"target": null
},
{
"id": "Wacatac",
"display_name": "Wacatac",
"target": null
},
{
"id": "Trojan:Win32/Tiggre",
"display_name": "Trojan:Win32/Tiggre",
"target": "/malware/Trojan:Win32/Tiggre"
},
{
"id": "Unruy",
"display_name": "Unruy",
"target": null
},
{
"id": "BlackNET RAT",
"display_name": "BlackNET RAT",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1114",
"name": "Email Collection",
"display_name": "T1114 - Email Collection"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 16,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 1052,
"FileHash-MD5": 173,
"FileHash-SHA1": 168,
"FileHash-SHA256": 3730,
"URL": 2806,
"domain": 446,
"CVE": 17,
"email": 1
},
"indicator_count": 8393,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 225,
"modified_text": "888 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6425a2f9c155fd53b9922bcd",
"name": "v2 of web.basemark.com plus all suggested ioc,s dont forget about the dropped js files from the 2nd hybrid link",
"description": "hope peeps are gona learn from 3cx that false positives are in fact often not false",
"modified": "2023-04-29T13:05:05.409000",
"created": "2023-03-30T14:55:53.652000",
"tags": [
"trojan",
"apt",
"ansi",
"dropped file",
"runtime data",
"chromeua",
"optout",
"programfiles",
"typeof e",
"localappdata",
"error",
"date",
"generator",
"path",
"null",
"void",
"win64",
"twitter",
"this",
"critical",
"desktop",
"dark",
"light",
"meta",
"roboto",
"span",
"class",
"template",
"blink",
"suspicious",
"facebook",
"mexico",
"malicious",
"mozilla",
"strings",
"qakbot",
"://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00"
],
"references": [
"https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9",
"https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9/641e30763dcad56bc2075661",
"http://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 412,
"FileHash-SHA256": 1168,
"URL": 3576,
"hostname": 1366,
"email": 2,
"FileHash-MD5": 61,
"FileHash-SHA1": 54
},
"indicator_count": 6639,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 92,
"modified_text": "1086 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "63ed86228ecb2b03d35b046f",
"name": "just a load of errors on edge watching twitch",
"description": "load of unknown user pics, but that could just be a twitch thing",
"modified": "2023-03-18T00:05:45.328000",
"created": "2023-02-16T01:25:54.305000",
"tags": [
"object",
"typeerror",
"typeof symbol",
"error",
"typeof t",
"array",
"string",
"typeof e",
"typeof n",
"referenceerror",
"date",
"body",
"null",
"local",
"generator",
"class",
"typeof tcfapi",
"tcfapi",
"daten",
"image",
"typeof comscore",
"true",
"regexp",
"config",
"nolbundle",
"novmsjs",
"nlssdk",
"retry request",
"nolsdkbundle",
"typeof o",
"bsdk check",
"optout",
"basever",
"lsid",
"qqfunction",
"nielsen log",
"info",
"stop",
"logger",
"android",
"donate",
"ukraine relief",
"requestbuilder",
"slotbuilder",
"uint8array",
"nthis",
"promise",
"symbol",
"fullscreen",
"adload",
"false",
"facebook",
"unknown",
"meta",
"direct",
"this",
"close",
"locale",
"model",
"survey",
"companion",
"scroll",
"backspace",
"insert",
"infinity",
"sandbox",
"malware",
"analysis",
"online",
"submit",
"vxstream",
"sample",
"download",
"trojan",
"apt",
"runtime data",
"ansi",
"path",
"hybrid analysis",
"api call",
"registry access",
"function",
"calls",
"window",
"hybrid",
"general",
"click",
"ransomware",
"february",
"strings",
"suspicious",
"irequestslot",
"islotbuilder",
"amazonerrorcode",
"errortype",
"adunit",
"conflict",
"please"
],
"references": [
"https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520",
"webpack buildin global.js",
"SlotBuilder.ts",
"P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js",
"apstag.js",
"nlsSDK600.bundle.min.js",
"v6s.js",
"https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604",
"https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=",
"https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/",
"beacon.js",
"https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "SlotBuilder",
"display_name": "SlotBuilder",
"target": null
},
{
"id": "RequestBuilder",
"display_name": "RequestBuilder",
"target": null
}
],
"attack_ids": [
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1353,
"hostname": 363,
"domain": 201,
"FileHash-SHA256": 203,
"FileHash-MD5": 9,
"FileHash-SHA1": 3
},
"indicator_count": 2132,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 90,
"modified_text": "1128 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "63ed8628367c1a4f3f8e773a",
"name": "just a load of errors on edge watching twitch",
"description": "load of unknown user pics, but that could just be a twitch thing",
"modified": "2023-03-18T00:05:45.328000",
"created": "2023-02-16T01:26:00.959000",
"tags": [
"object",
"typeerror",
"typeof symbol",
"error",
"typeof t",
"array",
"string",
"typeof e",
"typeof n",
"referenceerror",
"date",
"body",
"null",
"local",
"generator",
"class",
"typeof tcfapi",
"tcfapi",
"daten",
"image",
"typeof comscore",
"true",
"regexp",
"config",
"nolbundle",
"novmsjs",
"nlssdk",
"retry request",
"nolsdkbundle",
"typeof o",
"bsdk check",
"optout",
"basever",
"lsid",
"qqfunction",
"nielsen log",
"info",
"stop",
"logger",
"android",
"donate",
"ukraine relief",
"requestbuilder",
"slotbuilder",
"uint8array",
"nthis",
"promise",
"symbol",
"fullscreen",
"adload",
"false",
"facebook",
"unknown",
"meta",
"direct",
"this",
"close",
"locale",
"model",
"survey",
"companion",
"scroll",
"backspace",
"insert",
"infinity",
"sandbox",
"malware",
"analysis",
"online",
"submit",
"vxstream",
"sample",
"download",
"trojan",
"apt",
"runtime data",
"ansi",
"path",
"hybrid analysis",
"api call",
"registry access",
"function",
"calls",
"window",
"hybrid",
"general",
"click",
"ransomware",
"february",
"strings",
"suspicious",
"irequestslot",
"islotbuilder",
"amazonerrorcode",
"errortype",
"adunit",
"conflict",
"please"
],
"references": [
"https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520",
"webpack buildin global.js",
"SlotBuilder.ts",
"P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js",
"apstag.js",
"nlsSDK600.bundle.min.js",
"v6s.js",
"https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604",
"https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=",
"https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/",
"beacon.js",
"https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "SlotBuilder",
"display_name": "SlotBuilder",
"target": null
},
{
"id": "RequestBuilder",
"display_name": "RequestBuilder",
"target": null
}
],
"attack_ids": [
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1353,
"hostname": 363,
"domain": 201,
"FileHash-SHA256": 203,
"FileHash-MD5": 9,
"FileHash-SHA1": 3
},
"indicator_count": 2132,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 90,
"modified_text": "1128 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "63b580a925bb698985fa83ea",
"name": "vendor.bundle.js",
"description": "",
"modified": "2023-02-03T13:00:02.804000",
"created": "2023-01-04T13:35:37.535000",
"tags": [
"vxstream",
"trojan",
"apt",
"memoryfile scan",
"error",
"progresstype",
"graytext",
"typeof e",
"highlight",
"bg96gwp",
"typeof",
"window",
"null",
"date",
"span",
"path",
"meta",
"push",
"unknown",
"roboto",
"scroll",
"suspicious",
"close",
"light",
"template",
"abcd",
"android",
"trident",
"backspace",
"insert",
"4096",
"void",
"legend",
"iframe",
"webview",
"infinity",
"ransomware",
"malicious",
"accept toggle",
"voice",
"upgrade"
],
"references": [
"https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d",
"This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.",
"original dropped file discovery url",
"http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css",
"Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)",
"https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1012",
"name": "Query Registry",
"display_name": "T1012 - Query Registry"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1106",
"name": "Native API",
"display_name": "T1106 - Native API"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 16,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 205,
"URL": 1340,
"FileHash-SHA256": 407,
"hostname": 491,
"FileHash-MD5": 8,
"email": 1,
"FileHash-SHA1": 1
},
"indicator_count": 2453,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 90,
"modified_text": "1171 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "62e1ca167a1591e7b4ca1129",
"name": "VirusTotal view-source on https://www.virustotal.com/en/file/undefined/analysis/",
"description": "someone really needs to figure out wtf this is all doing it has to be part of the net.sh",
"modified": "2022-07-28T02:05:04.183000",
"created": "2022-07-27T23:28:22.504000",
"tags": [
"array",
"object",
"typeof t",
"layer1",
"error",
"path",
"function",
"typeerror",
"date",
"svg export",
"span",
"null",
"unknown",
"click",
"february",
"april",
"june",
"august",
"this",
"void",
"bounce",
"string",
"regexp",
"number",
"sxa0",
"amptoken",
"optout",
"notfound",
"contenttype",
"form",
"copyright",
"element",
"polymer project",
"authors",
"bsd style",
"code",
"google",
"software",
"window",
"generator",
"comment",
"trident",
"typeof e",
"typeof symbol",
"typeof btoa",
"btoa",
"typeof reflect",
"boolean",
"customevent",
"plugin",
"build",
"home",
"intelligence",
"graph",
"report",
"urls",
"please",
"javascript",
"https://www.virustotal.com/en/file/undefined/analysis/",
"net.sh"
],
"references": [
"entity%3Aip%20whois%3Ainfo%40anodicnetwork.com.html",
"14.main.bundle.91f9f7ff635e0b797de3.js",
"5.main.bundle.e92e5e24e074f9c2a52b.js",
"0.main.bundle.a9d68f5204cd3ac257b6.js",
"webcomponent-polyfill.js",
"analytics.js",
"12.main.bundle.50be73a11d1d3745a5ee.js",
"\" Page not found Page not found