{ "type": "URL", "indicator": "https://github.com/PowerShellEmpire/Empire", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://github.com/PowerShellEmpire/Empire", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #87", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #560", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain github.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain github.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3904760232, "indicator": "https://github.com/PowerShellEmpire/Empire", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "68d3caa9524bb6b5460615f3", "name": "Legacy.Trojan affects threat researchers networks & portals and/or platforms", "description": "Legacy.Trojan affects threat researchers networks & portals and/or platforms or via platforms as a medium.\n[otx auto populated: Adversaries may be able to gain access to a victim's network through a range of techniques, as well as using a variety of other techniques to evade detection and detection.]\n#honeypot #capture #advesaries #fireeye #github", "modified": "2025-10-24T10:01:25.310000", "created": "2025-09-24T10:40:40.987000", "tags": [ "text drag", "browse to", "select file", "or drop", "yara detections", "runlevel", "av detections", "ids detections", "alerts", "analysis date", "inject", "stncphpphp more", "virustotal api", "comments", "related tags", "passive dns", "republic", "ipv4 add", "location korea", "korea", "asn as9318", "dns resolutions", "pulses otx", "close", "dynamicloader", "backdoor", "tgt session", "reads", "dynamic", "write", "chopper", "pho exploit", "backdoor", "fireeye", "low risk", "drop", "create snapshot", "hangover_appinbot", "kns dropper", "self", "md5 sha256", "google safe", "browsing", "server response", "response code", "vary", "mimikatz", "silence malware", "trojanagent", "legacy", "password", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "initial access", "defense evasion", "spawns", "copy md5", "copy sha1", "copy sha256", "selection", "ascii text", "crlf line", "windir", "openurl c", "appearance code", "password", "urlhttps", "username", "flag", "united", "markmonitor", "github", "server", "date", "click", "apt 1", "high", "read c", "search", "medium", "show", "windows", "cmd c", "ms windows", "next", "copy", "ver", "businesseconomy" ], "references": [ "Files", "Yara : KINS_dropper , apt_win_mutex_apt1 , Hangover_Fuddol , Hangover_Tymtin_Degrab", "Yara: Hangover_Smackdown_various , Hangover_Foler , Hangover_UpdateEx ,", "Yara: Hangover_Smackdown_Downloader , Hangover_Vacrhan_Downloader", "Yara: HKTL_NATBypass_Dec22_1 , power_pe_injection , Mimikatz_Logfile", "Yara: Mimikatz_Strings , Silence_malware_2 , EquationGroup_elgingamble , EquationGroup_cmsd", "Yara: EquationGroup_ebbshave , EquationGroup_eggbasket , EquationGroup_sambal", "Yara: Mimikatz_Logfile SID : * NTLM : Authentication Id : wdigest : Mimikatz_Strings sekurlsa::logonpasswords" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Ireland" ], "malware_families": [ { "id": "Php.Exploit.C99-27", "display_name": "Php.Exploit.C99-27", "target": null }, { "id": "Backdoor:ASP/Chopper.F!dha", "display_name": "Backdoor:ASP/Chopper.F!dha", "target": "/malware/Backdoor:ASP/Chopper.F!dha" }, { "id": "Legacy.Trojan.Agent-37025", "display_name": "Legacy.Trojan.Agent-37025", "target": null }, { "id": "Ver", "display_name": "Ver", "target": null } ], "attack_ids": [ { "id": "T1110.001", "name": "Password Guessing", "display_name": "T1110.001 - Password Guessing" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1459", "name": "Device Unlock Code Guessing or Brute Force", "display_name": "T1459 - Device Unlock Code Guessing or Brute Force" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 87, "FileHash-SHA1": 84, "FileHash-SHA256": 1049, "URL": 1688, "hostname": 544, "email": 5, "domain": 292, "CVE": 2 }, "indicator_count": 3751, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "177 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666ac558d08da6cfb3ba135b", "name": "Thor Lite Scanner - Cigabuntu (Parrot Version) vs. The Book of Shadows", "description": "A little unclear on 'just exactly what all of this is' - Other than Huntress Catching things and Thor & Bitdefender Gravutyzone ****ing the bed\n\nScan ID: S-6vsmMgE47Gk\nScan Id: S-H9GdDtmU2vU\n\n06.13.24: https://www.virustotal.com/graph/embed/g14ccc2b5794648cc838da283a8fbfcda4d95dde6ddc44798be19c2832778787f?theme=dark", "modified": "2024-07-13T09:05:44.647000", "created": "2024-06-13T10:09:28.617000", "tags": [ "entity", "please", "javascript", "valhalla", "php", "filename ioc", "mon jun", "module", "sigtype1", "reasonscount", "tue jun", "exploit code", "file names", "matched1", "score", "shellcode", "form", "mimikatz", "powershell", "cobaltstrike", "null", "trace", "shell", "import", "empire", "hermanos", "cobalt strike", "void", "body", "exploit", "webshell", "antak", "anomaly", "error", "generic", "target", "obfus", "skeletonkey", "virustotal", "dllimport", "false", "flash", "info", "click", "macos", "test", "powersploit", "powercat", "tools", "metasploit", "twitter", "open", "path", "xploit" ], "references": [ "https://www.virustotal.com/graph/embed/g14ccc2b5794648cc838da283a8fbfcda4d95dde6ddc44798be19c2832778787f?theme=dark", "https://www.virustotal.com/gui/collection/a5d9ceedc1dd9b912db6270e583ef306f5d3130912ffe4c519496cb53b2179f9/summary", "https://www.virustotal.com/gui/collection/a5d9ceedc1dd9b912db6270e583ef306f5d3130912ffe4c519496cb53b2179f9/iocs", "https://www.virustotal.com/gui/collection/a5d9ceedc1dd9b912db6270e583ef306f5d3130912ffe4c519496cb53b2179f9/graph" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "VALHALLA", "display_name": "VALHALLA", "target": null }, { "id": "PHP", "display_name": "PHP", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1098", "name": "Account Manipulation", "display_name": "T1098 - Account Manipulation" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1558", "name": "Steal or Forge Kerberos Tickets", "display_name": "T1558 - Steal or Forge Kerberos Tickets" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 74, "CVE": 156, "FileHash-MD5": 828, "FileHash-SHA1": 1126, "FileHash-SHA256": 746, "domain": 130, "email": 4, "hostname": 21 }, "indicator_count": 3085, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "645 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/gui/collection/a5d9ceedc1dd9b912db6270e583ef306f5d3130912ffe4c519496cb53b2179f9/iocs", "Yara: EquationGroup_ebbshave , EquationGroup_eggbasket , EquationGroup_sambal", "Yara : KINS_dropper , apt_win_mutex_apt1 , Hangover_Fuddol , Hangover_Tymtin_Degrab", "Yara: Mimikatz_Strings , Silence_malware_2 , EquationGroup_elgingamble , EquationGroup_cmsd", "Yara: Hangover_Smackdown_various , Hangover_Foler , Hangover_UpdateEx ,", "https://www.virustotal.com/graph/embed/g14ccc2b5794648cc838da283a8fbfcda4d95dde6ddc44798be19c2832778787f?theme=dark", "https://www.virustotal.com/gui/collection/a5d9ceedc1dd9b912db6270e583ef306f5d3130912ffe4c519496cb53b2179f9/graph", "Yara: HKTL_NATBypass_Dec22_1 , power_pe_injection , Mimikatz_Logfile", "Yara: Mimikatz_Logfile SID : * NTLM : Authentication Id : wdigest : Mimikatz_Strings sekurlsa::logonpasswords", "https://www.virustotal.com/gui/collection/a5d9ceedc1dd9b912db6270e583ef306f5d3130912ffe4c519496cb53b2179f9/summary", "Yara: Hangover_Smackdown_Downloader , Hangover_Vacrhan_Downloader", "Files" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Backdoor:asp/chopper.f!dha", "Ver", "Php.exploit.c99-27", "Valhalla", "Legacy.trojan.agent-37025", "Php" ], "industries": [], "unique_indicators": 6855 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/github.com", "whois": "http://whois.domaintools.com/github.com", "domain": "github.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "68d3caa9524bb6b5460615f3", "name": "Legacy.Trojan affects threat researchers networks & portals and/or platforms", "description": "Legacy.Trojan affects threat researchers networks & portals and/or platforms or via platforms as a medium.\n[otx auto populated: Adversaries may be able to gain access to a victim's network through a range of techniques, as well as using a variety of other techniques to evade detection and detection.]\n#honeypot #capture #advesaries #fireeye #github", "modified": "2025-10-24T10:01:25.310000", "created": "2025-09-24T10:40:40.987000", "tags": [ "text drag", "browse to", "select file", "or drop", "yara detections", "runlevel", "av detections", "ids detections", "alerts", "analysis date", "inject", "stncphpphp more", "virustotal api", "comments", "related tags", "passive dns", "republic", "ipv4 add", "location korea", "korea", "asn as9318", "dns resolutions", "pulses otx", "close", "dynamicloader", "backdoor", "tgt session", "reads", "dynamic", "write", "chopper", "pho exploit", "backdoor", "fireeye", "low risk", "drop", "create snapshot", "hangover_appinbot", "kns dropper", "self", "md5 sha256", "google safe", "browsing", "server response", "response code", "vary", "mimikatz", "silence malware", "trojanagent", "legacy", "password", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "initial access", "defense evasion", "spawns", "copy md5", "copy sha1", "copy sha256", "selection", "ascii text", "crlf line", "windir", "openurl c", "appearance code", "password", "urlhttps", "username", "flag", "united", "markmonitor", "github", "server", "date", "click", "apt 1", "high", "read c", "search", "medium", "show", "windows", "cmd c", "ms windows", "next", "copy", "ver", "businesseconomy" ], "references": [ "Files", "Yara : KINS_dropper , apt_win_mutex_apt1 , Hangover_Fuddol , Hangover_Tymtin_Degrab", "Yara: Hangover_Smackdown_various , Hangover_Foler , Hangover_UpdateEx ,", "Yara: Hangover_Smackdown_Downloader , Hangover_Vacrhan_Downloader", "Yara: HKTL_NATBypass_Dec22_1 , power_pe_injection , Mimikatz_Logfile", "Yara: Mimikatz_Strings , Silence_malware_2 , EquationGroup_elgingamble , EquationGroup_cmsd", "Yara: EquationGroup_ebbshave , EquationGroup_eggbasket , EquationGroup_sambal", "Yara: Mimikatz_Logfile SID : * NTLM : Authentication Id : wdigest : Mimikatz_Strings sekurlsa::logonpasswords" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Ireland" ], "malware_families": [ { "id": "Php.Exploit.C99-27", "display_name": "Php.Exploit.C99-27", "target": null }, { "id": "Backdoor:ASP/Chopper.F!dha", "display_name": "Backdoor:ASP/Chopper.F!dha", "target": "/malware/Backdoor:ASP/Chopper.F!dha" }, { "id": "Legacy.Trojan.Agent-37025", "display_name": "Legacy.Trojan.Agent-37025", "target": null }, { "id": "Ver", "display_name": "Ver", "target": null } ], "attack_ids": [ { "id": "T1110.001", "name": "Password Guessing", "display_name": "T1110.001 - Password Guessing" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1459", "name": "Device Unlock Code Guessing or Brute Force", "display_name": "T1459 - Device Unlock Code Guessing or Brute Force" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 87, "FileHash-SHA1": 84, "FileHash-SHA256": 1049, "URL": 1688, "hostname": 544, "email": 5, "domain": 292, "CVE": 2 }, "indicator_count": 3751, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "177 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666ac558d08da6cfb3ba135b", "name": "Thor Lite Scanner - Cigabuntu (Parrot Version) vs. The Book of Shadows", "description": "A little unclear on 'just exactly what all of this is' - Other than Huntress Catching things and Thor & Bitdefender Gravutyzone ****ing the bed\n\nScan ID: S-6vsmMgE47Gk\nScan Id: S-H9GdDtmU2vU\n\n06.13.24: https://www.virustotal.com/graph/embed/g14ccc2b5794648cc838da283a8fbfcda4d95dde6ddc44798be19c2832778787f?theme=dark", "modified": "2024-07-13T09:05:44.647000", "created": "2024-06-13T10:09:28.617000", "tags": [ "entity", "please", "javascript", "valhalla", "php", "filename ioc", "mon jun", "module", "sigtype1", "reasonscount", "tue jun", "exploit code", "file names", "matched1", "score", "shellcode", "form", "mimikatz", "powershell", "cobaltstrike", "null", "trace", "shell", "import", "empire", "hermanos", "cobalt strike", "void", "body", "exploit", "webshell", "antak", "anomaly", "error", "generic", "target", "obfus", "skeletonkey", "virustotal", "dllimport", "false", "flash", "info", "click", "macos", "test", "powersploit", "powercat", "tools", "metasploit", "twitter", "open", "path", "xploit" ], "references": [ "https://www.virustotal.com/graph/embed/g14ccc2b5794648cc838da283a8fbfcda4d95dde6ddc44798be19c2832778787f?theme=dark", "https://www.virustotal.com/gui/collection/a5d9ceedc1dd9b912db6270e583ef306f5d3130912ffe4c519496cb53b2179f9/summary", "https://www.virustotal.com/gui/collection/a5d9ceedc1dd9b912db6270e583ef306f5d3130912ffe4c519496cb53b2179f9/iocs", "https://www.virustotal.com/gui/collection/a5d9ceedc1dd9b912db6270e583ef306f5d3130912ffe4c519496cb53b2179f9/graph" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "VALHALLA", "display_name": "VALHALLA", "target": null }, { "id": "PHP", "display_name": "PHP", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1098", "name": "Account Manipulation", "display_name": "T1098 - Account Manipulation" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1558", "name": "Steal or Forge Kerberos Tickets", "display_name": "T1558 - Steal or Forge Kerberos Tickets" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 74, "CVE": 156, "FileHash-MD5": 828, "FileHash-SHA1": 1126, "FileHash-SHA256": 746, "domain": 130, "email": 4, "hostname": 21 }, "indicator_count": 3085, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "645 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://github.com/PowerShellEmpire/Empire", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://github.com/PowerShellEmpire/Empire", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776638513.979757 }