{ "type": "URL", "indicator": "https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz\\", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz\\", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #87", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #560", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain github.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain github.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4335502714, "indicator": "https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz\\", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69f2e59976dac9af19efaf62", "name": "Thor Lite Scan - 2026-04-28", "description": "Thor Lite Scan - 2026-04-28\nSCANID: S-YEFfQ7C4AkQ\n\nhttps://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark", "modified": "2026-05-30T05:18:49.034000", "created": "2026-04-30T05:16:07.518000", "tags": [ "custom", "scanid", "filename ioc", "sigtype1", "reasonscount", "subscore1", "log entry", "rule matched1", "subscore2", "misc", "error", "bypass", "lazarus", "cobaltstrike", "score", "code", "anomaly", "sliver", "fall", "procdump", "school", "obfus", "mimikatz", "pipes", "rootkit", "timestomp", "doublepulsar", "logger", "teamviewer", "virustotal", "hive", "confuserex", "danderspritz", "peddlecheap", "model", "arch", "hosts", "exploit", "invoketater", "powersploit" ], "references": [ "https://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [ "Technology", "Healthcare", "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 12, "FileHash-MD5": 68, "FileHash-SHA1": 111, "FileHash-SHA256": 63, "URL": 128, "domain": 39, "email": 1, "hostname": 75 }, "indicator_count": 497, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f2e59c41ddb660aa540cea", "name": "Thor Lite Scan - 2026-04-28", "description": "Thor Lite Scan - 2026-04-28\nSCANID: S-YEFfQ7C4AkQ\n\nhttps://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark", "modified": "2026-05-30T05:18:49.034000", "created": "2026-04-30T05:16:08.005000", "tags": [ "custom", "scanid", "filename ioc", "sigtype1", "reasonscount", "subscore1", "log entry", "rule matched1", "subscore2", "misc", "error", "bypass", "lazarus", "cobaltstrike", "score", "code", "anomaly", "sliver", "fall", "procdump", "school", "obfus", "mimikatz", "pipes", "rootkit", "timestomp", "doublepulsar", "logger", "teamviewer", "virustotal", "hive", "confuserex", "danderspritz", "peddlecheap", "model", "arch", "hosts", "exploit", "invoketater", "powersploit" ], "references": [ "https://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [ "Technology", "Healthcare", "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 12, "FileHash-MD5": 68, "FileHash-SHA1": 111, "FileHash-SHA256": 63, "URL": 128, "domain": 39, "email": 1, "hostname": 75 }, "indicator_count": 497, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f3193742ffaa1e19a10d8d", "name": "Clone UCP_GOA23 \"Thor Lite Scan\"", "description": "", "modified": "2026-05-30T05:18:49.034000", "created": "2026-04-30T08:56:23.800000", "tags": [ "custom", "scanid", "filename ioc", "sigtype1", "reasonscount", "subscore1", "log entry", "rule matched1", "subscore2", "misc", "error", "bypass", "lazarus", "cobaltstrike", "score", "code", "anomaly", "sliver", "fall", "procdump", "school", "obfus", "mimikatz", "pipes", "rootkit", "timestomp", "doublepulsar", "logger", "teamviewer", "virustotal", "hive", "confuserex", "danderspritz", "peddlecheap", "model", "arch", "hosts", "exploit", "invoketater", "powersploit" ], "references": [ "https://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [ "Technology", "Healthcare", "Education", "Government" ], "TLP": "white", "cloned_from": "69f2e59976dac9af19efaf62", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 12, "FileHash-MD5": 68, "FileHash-SHA1": 111, "FileHash-SHA256": 63, "URL": 128, "domain": 39, "email": 1, "hostname": 75 }, "indicator_count": 497, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84", "https://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84/iocs" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Technology", "Education", "Government", "Healthcare" ], "unique_indicators": 505 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/github.com", "whois": "http://whois.domaintools.com/github.com", "domain": "github.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69f2e59976dac9af19efaf62", "name": "Thor Lite Scan - 2026-04-28", "description": "Thor Lite Scan - 2026-04-28\nSCANID: S-YEFfQ7C4AkQ\n\nhttps://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark", "modified": "2026-05-30T05:18:49.034000", "created": "2026-04-30T05:16:07.518000", "tags": [ "custom", "scanid", "filename ioc", "sigtype1", "reasonscount", "subscore1", "log entry", "rule matched1", "subscore2", "misc", "error", "bypass", "lazarus", "cobaltstrike", "score", "code", "anomaly", "sliver", "fall", "procdump", "school", "obfus", "mimikatz", "pipes", "rootkit", "timestomp", "doublepulsar", "logger", "teamviewer", "virustotal", "hive", "confuserex", "danderspritz", "peddlecheap", "model", "arch", "hosts", "exploit", "invoketater", "powersploit" ], "references": [ "https://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [ "Technology", "Healthcare", "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 12, "FileHash-MD5": 68, "FileHash-SHA1": 111, "FileHash-SHA256": 63, "URL": 128, "domain": 39, "email": 1, "hostname": 75 }, "indicator_count": 497, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f2e59c41ddb660aa540cea", "name": "Thor Lite Scan - 2026-04-28", "description": "Thor Lite Scan - 2026-04-28\nSCANID: S-YEFfQ7C4AkQ\n\nhttps://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark", "modified": "2026-05-30T05:18:49.034000", "created": "2026-04-30T05:16:08.005000", "tags": [ "custom", "scanid", "filename ioc", "sigtype1", "reasonscount", "subscore1", "log entry", "rule matched1", "subscore2", "misc", "error", "bypass", "lazarus", "cobaltstrike", "score", "code", "anomaly", "sliver", "fall", "procdump", "school", "obfus", "mimikatz", "pipes", "rootkit", "timestomp", "doublepulsar", "logger", "teamviewer", "virustotal", "hive", "confuserex", "danderspritz", "peddlecheap", "model", "arch", "hosts", "exploit", "invoketater", "powersploit" ], "references": [ "https://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [ "Technology", "Healthcare", "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 12, "FileHash-MD5": 68, "FileHash-SHA1": 111, "FileHash-SHA256": 63, "URL": 128, "domain": 39, "email": 1, "hostname": 75 }, "indicator_count": 497, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f3193742ffaa1e19a10d8d", "name": "Clone UCP_GOA23 \"Thor Lite Scan\"", "description": "", "modified": "2026-05-30T05:18:49.034000", "created": "2026-04-30T08:56:23.800000", "tags": [ "custom", "scanid", "filename ioc", "sigtype1", "reasonscount", "subscore1", "log entry", "rule matched1", "subscore2", "misc", "error", "bypass", "lazarus", "cobaltstrike", "score", "code", "anomaly", "sliver", "fall", "procdump", "school", "obfus", "mimikatz", "pipes", "rootkit", "timestomp", "doublepulsar", "logger", "teamviewer", "virustotal", "hive", "confuserex", "danderspritz", "peddlecheap", "model", "arch", "hosts", "exploit", "invoketater", "powersploit" ], "references": [ "https://www.virustotal.com/graph/embed/g88c761645ba94ab89e2c7519f789d32264aa4d80eb1a47f597c7e3deb4979e5f?theme=dark", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84", "https://www.virustotal.com/gui/collection/ad2f8edb56307f54dfdb3c9ef2406d97b7287b243c8915bc2847447735d0de84/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [ "Technology", "Healthcare", "Education", "Government" ], "TLP": "white", "cloned_from": "69f2e59976dac9af19efaf62", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 12, "FileHash-MD5": 68, "FileHash-SHA1": 111, "FileHash-SHA256": 63, "URL": 128, "domain": 39, "email": 1, "hostname": 75 }, "indicator_count": 497, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz\\", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz\\", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780406824.645392 }