{ "type": "URL", "indicator": "https://events.goingapp.pl/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://events.goingapp.pl/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3765708563, "indicator": "https://events.goingapp.pl/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "655dafbe9ac9ac786fde45ad", "name": "http://malwaredomainlist.com/ \u2022 CNC \u2022 Spyware \u2022 Tracking", "description": "Network capture, dga domain, ecc domain, data collection, voicemail access, mail spammer, registrar abuse\n\n[Auto populated. I can't cannot confirm or deny the accuracy of the following information: A summary of key facts and information about a malicious web domain, hosted by the US government, has been released by Google.com and its parent company, Alphabet, for use on its website.]", "modified": "2023-12-22T06:03:01.993000", "created": "2023-11-22T07:37:34.595000", "tags": [ "united", "as22612", "as2637", "creation date", "search", "moved", "expiration date", "date", "showing", "as397240", "next", "entries", "scan endpoints", "all octoseek", "dns replication", "win32 exe", "network capture", "android", "android adaway", "html", "files", "detections type", "name", "office open", "xml document", "namecheap", "namecheap inc", "whois lookups", "win32 dll", "text", "wextract", "text htaccess", "powershell", "detection list", "blacklist", "first", "ssl certificate", "whois record", "contacted", "december", "whois whois", "threat roundup", "historical ssl", "problems", "referrer", "pe resource", "startpage", "cyber threat", "redline stealer", "mail spammer", "hostname", "phishing site", "malicious site", "installcore", "http spammer", "malware site", "malware", "generic malware", "heur", "generic", "alexa top", "million", "site", "cisco umbrella", "alexa", "ip address", "algorithm", "data", "v3 serial", "number", "cat cnzerossl", "ecc domain", "secure site", "ca ozerossl", "validity", "subject public", "server", "email", "code", "registrar abuse", "country", "privacy service", "withheld", "privacy", "domain name", "pattern match", "ascii text", "appdata", "file", "windows nt", "svg scalable", "vector graphics", "indicator", "gif image", "accept", "hybrid", "general", "local", "pixel", "click", "twitter", "strings", "class", "generator", "critical", "command_and_control", "spyware", "tracking", "voicemail access", "dga", "apple" ], "references": [ "https://www.hybrid-analysis.com/sample/c0c84df54b890bb408fc2289f1e75a29991127bbe207aa30042616b5ea150342/655d9af5679c7afcc409895e", "\u2193Interesting\u2193", "IPv4 198.54.117.211 command_and_control", "IPv4 198.54.117.210 command_and_control", "IPv4 198.54.117.212 command_and_control", "IPv4 198.54.117.215 command_and_control", "IPv4 198.54.117.217 command_and_control", "IPv4 198.54.117.218 command_and_control", "apple-securityiphone-icloud.com", "tx-p2p-pull.video-voip.com.dorm.com", "http://updates.voicemailaccess.net/b0f6a00b15311023", "tvapp-server.de", "zeustracker.abuse.ch", "ransomwaretracker.abuse.ch", "http://t.trkitok.com/track/rep?oid=2001&st=1&id=DP2441--w1VJE427J8SGGRTP02MD7UEG___93737493-c08b-4dc7-ad30-b17a2c09e771___$mid", "louisianarooflawyers.com [phishing]", "hasownproperty.call" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "InstallCore", "display_name": "InstallCore", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 51, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 105, "FileHash-SHA1": 100, "FileHash-SHA256": 3072, "domain": 1188, "email": 5, "URL": 7940, "hostname": 1925, "CVE": 1 }, "indicator_count": 14336, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "849 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a7fc464f9f56ac33a389", "name": "Hidden Users |Injection| Milum Botnet | Tulach Malware | Emotet", "description": "", "modified": "2023-12-06T16:57:32.030000", "created": "2023-12-06T16:57:32.030000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 3487, "domain": 3202, "CVE": 5, "FileHash-SHA256": 1943, "URL": 14072, "FileHash-MD5": 70, "FileHash-SHA1": 56 }, "indicator_count": 22835, "is_author": false, "is_subscribing": null, "subscriber_count": 114, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a7e7daf278491d9f9eb4", "name": "Hidden Users |Injection| Milum Botnet | Tulach Malware | Emotet", "description": "", "modified": "2023-12-06T16:57:11.228000", "created": "2023-12-06T16:57:11.228000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 3487, "domain": 3202, "CVE": 5, "FileHash-SHA256": 1943, "URL": 14072, "FileHash-MD5": 70, "FileHash-SHA1": 56 }, "indicator_count": 22835, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "652044fb2f28d46e91d29160", "name": "Hidden Users |Injection| Milum Botnet | Tulach Malware | Emotet", "description": "Packed. Miscellaneous Attacks. Hidden Users \nTarget: tsara brashears", "modified": "2023-11-05T14:05:48.545000", "created": "2023-10-06T17:33:47.403000", "tags": [ "ssl certificate", "whois whois", "iocs", "milum botnet", "army", "isp stuff", "whois record", "travel stuff", "misp", "threat roundup", "july", "apple", "password", "apple ios", "whois", "emotet", "powershell", "hacktool", "crypto", "pornhub", "tulach", "tsara", "camera", "connect", "tsara brashears", "brashears", "scanning_host", "trojan", "phishing", "afro", "june", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "http traffic", "suricata alerts", "event category", "description sid", "websma", "webabo", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware", "alexa", "heur", "malicious site", "malicious url", "unsafe", "agent", "phishing", "riskware", "bank", "iframe", "downldr", "presenoker", "artemis", "genkryptik", "fuery", "wacatac", "azorult", "service", "runescape", "facebook", "download", "union", "team", "opencandy", "exploit", "mimikatz", "blacklist https", "a1mara" ], "references": [ "https://qvdcz.farmersdaughtersvirginia.com/sharecamera-search/19857150", "Research and Data Analysis", "https://www.hybrid-analysis.com/sample/9b6b166a36b69e296ba3516cfe2d1feb7945289b1583f71329f34d9a649c94d8" ], "public": 1, "adversary": "Tulach", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14072, "FileHash-MD5": 70, "FileHash-SHA1": 56, "FileHash-SHA256": 1943, "domain": 3202, "hostname": 3487, "CVE": 5 }, "indicator_count": 22835, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65204565ac1e8bce4de26df3", "name": "Hidden Users |Injection| Milum Botnet | Tulach Malware | Emotet", "description": "Packed. Miscellaneous Attacks. Hidden Users \nTarget: tsara brashears", "modified": "2023-11-05T14:05:48.545000", "created": "2023-10-06T17:35:33.618000", "tags": [ "ssl certificate", "whois whois", "iocs", "milum botnet", "army", "isp stuff", "whois record", "travel stuff", "misp", "threat roundup", "july", "apple", "password", "apple ios", "whois", "emotet", "powershell", "hacktool", "crypto", "pornhub", "tulach", "tsara", "camera", "connect", "tsara brashears", "brashears", "scanning_host", "trojan", "phishing", "afro", "june", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "http traffic", "suricata alerts", "event category", "description sid", "websma", "webabo", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware", "alexa", "heur", "malicious site", "malicious url", "unsafe", "agent", "phishing", "riskware", "bank", "iframe", "downldr", "presenoker", "artemis", "genkryptik", "fuery", "wacatac", "azorult", "service", "runescape", "facebook", "download", "union", "team", "opencandy", "exploit", "mimikatz", "blacklist https", "a1mara" ], "references": [ "https://qvdcz.farmersdaughtersvirginia.com/sharecamera-search/19857150", "Research and Data Analysis", "https://www.hybrid-analysis.com/sample/9b6b166a36b69e296ba3516cfe2d1feb7945289b1583f71329f34d9a649c94d8" ], "public": 1, "adversary": "Tulach", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14072, "FileHash-MD5": 70, "FileHash-SHA1": 56, "FileHash-SHA256": 1943, "domain": 3202, "hostname": 3487, "CVE": 5 }, "indicator_count": 22835, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f1df9a7da086561b9897f", "name": "Hidden Users |Injection| Milum Botnet | Tulach Malware | Emotet", "description": "", "modified": "2023-11-05T14:05:48.545000", "created": "2023-10-30T03:07:37.963000", "tags": [ "ssl certificate", "whois whois", "iocs", "milum botnet", "army", "isp stuff", "whois record", "travel stuff", "misp", "threat roundup", "july", "apple", "password", "apple ios", "whois", "emotet", "powershell", "hacktool", "crypto", "pornhub", "tulach", "tsara", "camera", "connect", "tsara brashears", "brashears", "scanning_host", "trojan", "phishing", "afro", "june", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "http traffic", "suricata alerts", "event category", "description sid", "websma", "webabo", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware", "alexa", "heur", "malicious site", "malicious url", "unsafe", "agent", "phishing", "riskware", "bank", "iframe", "downldr", "presenoker", "artemis", "genkryptik", "fuery", "wacatac", "azorult", "service", "runescape", "facebook", "download", "union", "team", "opencandy", "exploit", "mimikatz", "blacklist https", "a1mara" ], "references": [ "https://qvdcz.farmersdaughtersvirginia.com/sharecamera-search/19857150", "Research and Data Analysis", "https://www.hybrid-analysis.com/sample/9b6b166a36b69e296ba3516cfe2d1feb7945289b1583f71329f34d9a649c94d8" ], "public": 1, "adversary": "Tulach", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" } ], "industries": [], "TLP": "white", "cloned_from": "65204565ac1e8bce4de26df3", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14072, "FileHash-MD5": 70, "FileHash-SHA1": 56, "FileHash-SHA256": 1943, "domain": 3202, "hostname": 3487, "CVE": 5 }, "indicator_count": 22835, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "tx-p2p-pull.video-voip.com.dorm.com", "IPv4 198.54.117.217 command_and_control", "ransomwaretracker.abuse.ch", "IPv4 198.54.117.215 command_and_control", "https://www.hybrid-analysis.com/sample/c0c84df54b890bb408fc2289f1e75a29991127bbe207aa30042616b5ea150342/655d9af5679c7afcc409895e", "IPv4 198.54.117.211 command_and_control", "http://updates.voicemailaccess.net/b0f6a00b15311023", "louisianarooflawyers.com [phishing]", "IPv4 198.54.117.212 command_and_control", "IPv4 198.54.117.218 command_and_control", "tvapp-server.de", "https://www.hybrid-analysis.com/sample/9b6b166a36b69e296ba3516cfe2d1feb7945289b1583f71329f34d9a649c94d8", "https://qvdcz.farmersdaughtersvirginia.com/sharecamera-search/19857150", "Research and Data Analysis", "hasownproperty.call", "\u2193Interesting\u2193", "http://t.trkitok.com/track/rep?oid=2001&st=1&id=DP2441--w1VJE427J8SGGRTP02MD7UEG___93737493-c08b-4dc7-ad30-b17a2c09e771___$mid", "apple-securityiphone-icloud.com", "zeustracker.abuse.ch", "IPv4 198.54.117.210 command_and_control" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "Tulach" ], "malware_families": [ "Blacknet", "Installcore", "Generic" ], "industries": [], "unique_indicators": 37282 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/goingapp.pl", "whois": "http://whois.domaintools.com/goingapp.pl", "domain": "goingapp.pl", "hostname": "events.goingapp.pl" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "655dafbe9ac9ac786fde45ad", "name": "http://malwaredomainlist.com/ \u2022 CNC \u2022 Spyware \u2022 Tracking", "description": "Network capture, dga domain, ecc domain, data collection, voicemail access, mail spammer, registrar abuse\n\n[Auto populated. I can't cannot confirm or deny the accuracy of the following information: A summary of key facts and information about a malicious web domain, hosted by the US government, has been released by Google.com and its parent company, Alphabet, for use on its website.]", "modified": "2023-12-22T06:03:01.993000", "created": "2023-11-22T07:37:34.595000", "tags": [ "united", "as22612", "as2637", "creation date", "search", "moved", "expiration date", "date", "showing", "as397240", "next", "entries", "scan endpoints", "all octoseek", "dns replication", "win32 exe", "network capture", "android", "android adaway", "html", "files", "detections type", "name", "office open", "xml document", "namecheap", "namecheap inc", "whois lookups", "win32 dll", "text", "wextract", "text htaccess", "powershell", "detection list", "blacklist", "first", "ssl certificate", "whois record", "contacted", "december", "whois whois", "threat roundup", "historical ssl", "problems", "referrer", "pe resource", "startpage", "cyber threat", "redline stealer", "mail spammer", "hostname", "phishing site", "malicious site", "installcore", "http spammer", "malware site", "malware", "generic malware", "heur", "generic", "alexa top", "million", "site", "cisco umbrella", "alexa", "ip address", "algorithm", "data", "v3 serial", "number", "cat cnzerossl", "ecc domain", "secure site", "ca ozerossl", "validity", "subject public", "server", "email", "code", "registrar abuse", "country", "privacy service", "withheld", "privacy", "domain name", "pattern match", "ascii text", "appdata", "file", "windows nt", "svg scalable", "vector graphics", "indicator", "gif image", "accept", "hybrid", "general", "local", "pixel", "click", "twitter", "strings", "class", "generator", "critical", "command_and_control", "spyware", "tracking", "voicemail access", "dga", "apple" ], "references": [ "https://www.hybrid-analysis.com/sample/c0c84df54b890bb408fc2289f1e75a29991127bbe207aa30042616b5ea150342/655d9af5679c7afcc409895e", "\u2193Interesting\u2193", "IPv4 198.54.117.211 command_and_control", "IPv4 198.54.117.210 command_and_control", "IPv4 198.54.117.212 command_and_control", "IPv4 198.54.117.215 command_and_control", "IPv4 198.54.117.217 command_and_control", "IPv4 198.54.117.218 command_and_control", "apple-securityiphone-icloud.com", "tx-p2p-pull.video-voip.com.dorm.com", "http://updates.voicemailaccess.net/b0f6a00b15311023", "tvapp-server.de", "zeustracker.abuse.ch", "ransomwaretracker.abuse.ch", "http://t.trkitok.com/track/rep?oid=2001&st=1&id=DP2441--w1VJE427J8SGGRTP02MD7UEG___93737493-c08b-4dc7-ad30-b17a2c09e771___$mid", "louisianarooflawyers.com [phishing]", "hasownproperty.call" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "InstallCore", "display_name": "InstallCore", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 51, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 105, "FileHash-SHA1": 100, "FileHash-SHA256": 3072, "domain": 1188, "email": 5, "URL": 7940, "hostname": 1925, "CVE": 1 }, "indicator_count": 14336, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "849 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a7fc464f9f56ac33a389", "name": "Hidden Users |Injection| Milum Botnet | Tulach Malware | Emotet", "description": "", "modified": "2023-12-06T16:57:32.030000", "created": "2023-12-06T16:57:32.030000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 3487, "domain": 3202, "CVE": 5, "FileHash-SHA256": 1943, "URL": 14072, "FileHash-MD5": 70, "FileHash-SHA1": 56 }, "indicator_count": 22835, "is_author": false, "is_subscribing": null, "subscriber_count": 114, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a7e7daf278491d9f9eb4", "name": "Hidden Users |Injection| Milum Botnet | Tulach Malware | Emotet", "description": "", "modified": "2023-12-06T16:57:11.228000", "created": "2023-12-06T16:57:11.228000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 3487, "domain": 3202, "CVE": 5, "FileHash-SHA256": 1943, "URL": 14072, "FileHash-MD5": 70, "FileHash-SHA1": 56 }, "indicator_count": 22835, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "652044fb2f28d46e91d29160", "name": "Hidden Users |Injection| Milum Botnet | Tulach Malware | Emotet", "description": "Packed. Miscellaneous Attacks. Hidden Users \nTarget: tsara brashears", "modified": "2023-11-05T14:05:48.545000", "created": "2023-10-06T17:33:47.403000", "tags": [ "ssl certificate", "whois whois", "iocs", "milum botnet", "army", "isp stuff", "whois record", "travel stuff", "misp", "threat roundup", "july", "apple", "password", "apple ios", "whois", "emotet", "powershell", "hacktool", "crypto", "pornhub", "tulach", "tsara", "camera", "connect", "tsara brashears", "brashears", "scanning_host", "trojan", "phishing", "afro", "june", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "http traffic", "suricata alerts", "event category", "description sid", "websma", "webabo", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware", "alexa", "heur", "malicious site", "malicious url", "unsafe", "agent", "phishing", "riskware", "bank", "iframe", "downldr", "presenoker", "artemis", "genkryptik", "fuery", "wacatac", "azorult", "service", "runescape", "facebook", "download", "union", "team", "opencandy", "exploit", "mimikatz", "blacklist https", "a1mara" ], "references": [ "https://qvdcz.farmersdaughtersvirginia.com/sharecamera-search/19857150", "Research and Data Analysis", "https://www.hybrid-analysis.com/sample/9b6b166a36b69e296ba3516cfe2d1feb7945289b1583f71329f34d9a649c94d8" ], "public": 1, "adversary": "Tulach", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14072, "FileHash-MD5": 70, "FileHash-SHA1": 56, "FileHash-SHA256": 1943, "domain": 3202, "hostname": 3487, "CVE": 5 }, "indicator_count": 22835, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65204565ac1e8bce4de26df3", "name": "Hidden Users |Injection| Milum Botnet | Tulach Malware | Emotet", "description": "Packed. Miscellaneous Attacks. Hidden Users \nTarget: tsara brashears", "modified": "2023-11-05T14:05:48.545000", "created": "2023-10-06T17:35:33.618000", "tags": [ "ssl certificate", "whois whois", "iocs", "milum botnet", "army", "isp stuff", "whois record", "travel stuff", "misp", "threat roundup", "july", "apple", "password", "apple ios", "whois", "emotet", "powershell", "hacktool", "crypto", "pornhub", "tulach", "tsara", "camera", "connect", "tsara brashears", "brashears", "scanning_host", "trojan", "phishing", "afro", "june", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "http traffic", "suricata alerts", "event category", "description sid", "websma", "webabo", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware", "alexa", "heur", "malicious site", "malicious url", "unsafe", "agent", "phishing", "riskware", "bank", "iframe", "downldr", "presenoker", "artemis", "genkryptik", "fuery", "wacatac", "azorult", "service", "runescape", "facebook", "download", "union", "team", "opencandy", "exploit", "mimikatz", "blacklist https", "a1mara" ], "references": [ "https://qvdcz.farmersdaughtersvirginia.com/sharecamera-search/19857150", "Research and Data Analysis", "https://www.hybrid-analysis.com/sample/9b6b166a36b69e296ba3516cfe2d1feb7945289b1583f71329f34d9a649c94d8" ], "public": 1, "adversary": "Tulach", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14072, "FileHash-MD5": 70, "FileHash-SHA1": 56, "FileHash-SHA256": 1943, "domain": 3202, "hostname": 3487, "CVE": 5 }, "indicator_count": 22835, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f1df9a7da086561b9897f", "name": "Hidden Users |Injection| Milum Botnet | Tulach Malware | Emotet", "description": "", "modified": "2023-11-05T14:05:48.545000", "created": "2023-10-30T03:07:37.963000", "tags": [ "ssl certificate", "whois whois", "iocs", "milum botnet", "army", "isp stuff", "whois record", "travel stuff", "misp", "threat roundup", "july", "apple", "password", "apple ios", "whois", "emotet", "powershell", "hacktool", "crypto", "pornhub", "tulach", "tsara", "camera", "connect", "tsara brashears", "brashears", "scanning_host", "trojan", "phishing", "afro", "june", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "http traffic", "suricata alerts", "event category", "description sid", "websma", "webabo", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware", "alexa", "heur", "malicious site", "malicious url", "unsafe", "agent", "phishing", "riskware", "bank", "iframe", "downldr", "presenoker", "artemis", "genkryptik", "fuery", "wacatac", "azorult", "service", "runescape", "facebook", "download", "union", "team", "opencandy", "exploit", "mimikatz", "blacklist https", "a1mara" ], "references": [ "https://qvdcz.farmersdaughtersvirginia.com/sharecamera-search/19857150", "Research and Data Analysis", "https://www.hybrid-analysis.com/sample/9b6b166a36b69e296ba3516cfe2d1feb7945289b1583f71329f34d9a649c94d8" ], "public": 1, "adversary": "Tulach", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" } ], "industries": [], "TLP": "white", "cloned_from": "65204565ac1e8bce4de26df3", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14072, "FileHash-MD5": 70, "FileHash-SHA1": 56, "FileHash-SHA256": 1943, "domain": 3202, "hostname": 3487, "CVE": 5 }, "indicator_count": 22835, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://events.goingapp.pl/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://events.goingapp.pl/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776652978.2509508 }