{ "type": "URL", "indicator": "https://go.microsoft.com/fwlink", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://go.microsoft.com/fwlink", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #19", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #4", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain microsoft.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain microsoft.com", "name": "Whitelisted domain" }, { "source": "newssite", "message": "Whitelisted news domain microsoft.com", "name": "Whitelisted newssite network domain" } ], "base_indicator": { "id": 3890087594, "indicator": "https://go.microsoft.com/fwlink", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 31, "pulses": [ { "id": "6608aaf7ca0e965e593ed1d4", "name": "MUI programu Microsoft Office Access (w j\u0119zyku angielskim) zosta\u0142o u\u017cyte do wys\u0142ania z\u0142o\u015bliwego oprogramowania na serwer w Czechach jest to pierwszy tego typu atak na komputer. e", "description": "A look back at some of the key words and phrases used to describe the situation in Italy, as \"probacja\" (or \"democrata), as they were translated into English.", "modified": "2025-10-17T11:03:07.034000", "created": "2024-03-31T00:14:47.183000", "tags": [ "sha256", "ssdeep", "reputacja", "tworzy pliki", "informacje", "bardzo duga", "tworzy", "adresy url", "tworzy katalog", "win64", "ameryki", "typ pliku", "serwer nazw", "san jose", "adres", "digital", "data wyganicia", "csc corporate", "domains", "ca data", "data utworzenia", "dnssec" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6432, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2140, "hostname": 5874, "FileHash-SHA256": 12539, "FileHash-MD5": 3686, "FileHash-SHA1": 2751, "IPv4": 503, "URL": 10770, "email": 26, "CVE": 88, "YARA": 6, "JA3": 2, "IPv6": 28, "SSLCertFingerprint": 5, "BitcoinAddress": 3, "CIDR": 1 }, "indicator_count": 38422, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "665c44f012d938d1c7dd591e", "name": "PIT Projekt.exe (www.pitprojekt.pl , pitprojekt.pl) oraz Ceidg.gov.pl - Dane publiczne wpisu", "description": "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=f3ee4c4e-e009-4d69-82da-eef3bad1ecc4 NIP:6161230754\nhttps://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778 NIP;6112323510\nhttp://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778\n2.16.6.145146f05-9aac-4942-a42d-f2550a19c0c4 NIP:6131434311\nipv4: 2.16.6.14, 2.16.6.6, 2.16.6.1,", "modified": "2025-10-06T11:12:39.639000", "created": "2024-06-02T10:09:52.601000", "tags": [ "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik", "wojcieszyce", "urls competing", "ceidg centralna", "gospodarczej", "wyszukiwanie", "przejd", "centrum pomocy", "informacja o", "mapa", "strona gwna", "przegldanie", "ceidg szybki", "uwagi prawne", "deklaracja", "serwer", "returnurl", "idf3ee4c4ee00", "id7a025cc6516", "wctxrm0", "idf3ee4c4", "id35146f059aa", "ideb8f4cf26ef", "id7a025cc", "id35146f0", "publicznywsz3", "id97c275c", "url wiek", "ssdeep", "sha1", "pehasz", "typlibid", "pit projekt", "chcesz", "pity online", "program", "interesuje ci", "pity zapisane", "jeli", "oddajemy w", "twoje rce", "dziki jego" ], "references": [ "http://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=f3ee4c4e-e009-4d69-82da-eef3bad1ecc4", "https://aplikacja.ceidg.gov.pl/CEIDG/GroupMenu.aspx?key=_group_search", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=35146f05-9aac-4942-a42d-f2550a19c0c4", "http://www.pitprojekt.pl", "http://pitprojekt.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wojcieszyce", "display_name": "Wojcieszyce", "target": null }, { "id": "Serwer", "display_name": "Serwer", "target": null }, { "id": "Serwer A Przed\u0142u\u017cenie sesji #{text}", "display_name": "Serwer A Przed\u0142u\u017cenie sesji #{text}", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8271, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1259, "URL": 6009, "hostname": 3030, "FileHash-SHA256": 10233, "FileHash-MD5": 2742, "FileHash-SHA1": 2348, "email": 75, "SSLCertFingerprint": 11, "YARA": 2, "CVE": 13, "FileHash-PEHASH": 1, "IPv4": 34, "IPv6": 6 }, "indicator_count": 25763, "is_author": false, "is_subscribing": null, "subscriber_count": 134, "modified_text": "195 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66ce8795f74ccdc8a4ad972f", "name": "Home | Sanselo | Realizare site web \u0219i aplica\u021bii de mobil", "description": "Aplica\u021bii mobile, \u00c2\u00a31bn, \u00e2\u201a\u00ac1.5bn \u00e2\u20ac\u00b5\u00a6 \u00c3\u20ac\u201c \u00f4l iau i'r iddo.", "modified": "2025-05-14T21:14:50.899000", "created": "2024-08-28T02:12:37.280000", "tags": [ "sanselo", "i aplicaii", "home", "realizare site", "servicii web", "mobile app", "contact blog", "selecteaz", "pagin", "future", "adres url", "ipv4", "ccro asnas39668", "intersat srl", "rola", "url http", "odcisk palca" ], "references": [ "https://sanselo.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 11, "URL": 1533, "domain": 150, "email": 2, "hostname": 471, "FileHash-MD5": 236, "FileHash-SHA1": 141, "FileHash-SHA256": 979, "SSLCertFingerprint": 4 }, "indicator_count": 3527, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66ae21418ee5c4ef2c847a09", "name": "server.wojcieszyce.pl Email: info@wojcieszyce.pl", "description": "aaf8324ca0b6fb26f66dcf30f3d95491 SHA-1 f88f78f2b158c1e9df115b477509f140a1fb67d6 SHA-256 eb050903bbc118520a8889bd2fb0176262af63b6b34b9762cbfdec11bcf48f80 Vhash 1fb0238141c442bee60860692e8228f8 SSDEEP 393216:SXUROas78y5sf0Xin76QKRu8vxoX0PllhjKNeNOZYASi6:KiMhjiOka TLSH T127B76A56F211ACB0CFA2453940AB5505A23C76434FC2F9E4B72D808E6FAD58F66326FD File type Google Chrome Extension crx chrome extension browser Magic Zip archive data, at least v1.0 to extract", "modified": "2025-05-01T08:50:16.800000", "created": "2024-08-03T12:23:29.055000", "tags": [ "sha256", "office open", "xml document", "ms word", "document", "google chrome", "extension", "strong", "korzystania z", "ciasteczka", "godziny", "jeleniogrska", "wojcieszyce", "naszej strony", "korzystanie z", "en de", "menu imprezy", "flash", "vhash", "ssdeep", "file type", "ini text", "magic generic", "magika txt", "file size", "text c", "javascript c", "peexe c", "doscom c", "tekst c", "javascript", "rgba", "unicode", "z bom", "dane obrazu", "tekst utf8", "crlf", "skrt", "v2 dokument", "dane", "jpeg", "kimhjioka tlsh", "magic zip", "magic elf", "sysv", "adres url", "strona", "zaloguj", "date thu", "connection", "server nginx", "gmt etag", "expires sat", "expires fri", "contentlength", "server", "gmt contenttype", "cachecontrol", "png image", "crlf line", "document file", "v2 document", "type md5", "process name", "cr line", "ikona rt", "neutralny", "entropia chi2", "typ pliku", "typ jzyk", "png ikona", "rt neutralny", "rticon neutral", "ico rtgroupicon", "neutral", "whasz", "oszczdno", "logowanie", "zagroenia", "dane publiczne", "zoliwy dane", "historia wpisu", "reagowania", "sha1", "virustotal", "html internet", "magic html", "unicode text", "please", "pehash" ], "references": [ "http://www.wojcieszyce.pl/", "https://www.wojcieszyce.pl/", "https://wojcieszyce.pl/", "http://wojcieszyce.pl/", "https://www.virustotal.com/gui/search/entity%253Afile%2520tag%253Apdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wojcieszyce", "display_name": "Wojcieszyce", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 908, "FileHash-SHA256": 2450, "FileHash-MD5": 968, "URL": 373, "hostname": 144, "IPv4": 8, "domain": 15, "email": 7, "CVE": 16 }, "indicator_count": 4889, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "353 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6665c84b687c5e16b95e8f8e", "name": "94.152.152.223 v65023.niebieski.net Cyber_Folks S.A. (vgt.pl)", "description": "SHA1 32223ade25c4a1d39cb8ac13042e8e6dfe3ca78f , SHA1 \n 99987c1ee1ddb7fd113abd65c836fbb71c3da4da\n Role: UPX , Ransomware , Trojan , Mirai , Buschido Mirai antywirusowe\nWin.Trojan.VBGeneric-6735875-0 , Robak:Win32/Mofksys.RND!MTB", "modified": "2024-12-31T01:53:43.222000", "created": "2024-06-09T15:20:43.178000", "tags": [ "expiration", "no expiration", "url http", "url https", "hostname", "domain", "ipv4", "filehashsha256", "fh no", "filehashmd5", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "pl o", "unizeto", "sa ou", "urzd", "certum cn" ], "references": [ "https://viz.greynoise.io/analysis/f3d70a4f-14b1-4d26-8617-98d591", "https://viz.greynoise.io/analysis/a40cf3ce-d048-47c1-94b7-730b71", "https://viz.greynoise.io/analysis/4627bc3a-0238-4f2f-ad5c-c50527" ], "public": 1, "adversary": "TrojanDownloader:Win32/Nemucod", "targeted_countries": [ "Poland", "United States of America", "Germany", "Netherlands" ], "malware_families": [ { "id": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "display_name": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1027.004", "name": "Compile After Delivery", "display_name": "T1027.004 - Compile After Delivery" }, { "id": "T1027.003", "name": "Steganography", "display_name": "T1027.003 - Steganography" }, { "id": "T1027.002", "name": "Software Packing", "display_name": "T1027.002 - Software Packing" }, { "id": "T1027.001", "name": "Binary Padding", "display_name": "T1027.001 - Binary Padding" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1553.006", "name": "Code Signing Policy Modification", "display_name": "T1553.006 - Code Signing Policy Modification" }, { "id": "T1553.004", "name": "Install Root Certificate", "display_name": "T1553.004 - Install Root Certificate" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1055.011", "name": "Extra Window Memory Injection", "display_name": "T1055.011 - Extra Window Memory Injection" }, { "id": "T1055.008", "name": "Ptrace System Calls", "display_name": "T1055.008 - Ptrace System Calls" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036.001", "name": "Invalid Code Signature", "display_name": "T1036.001 - Invalid Code Signature" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3205, "FileHash-SHA1": 2671, "FileHash-SHA256": 11469, "SSLCertFingerprint": 6, "URL": 5435, "domain": 1356, "email": 55, "hostname": 2205, "CVE": 13, "YARA": 4, "CIDR": 1, "IPv4": 25, "FileHash-IMPHASH": 1, "BitcoinAddress": 2, "IPv6": 13 }, "indicator_count": 26461, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66c9103736c51f12e3bcfac8", "name": "VGT INTERNET - pozycjonowanie, serwery, domeny, strony www, poligrafia", "description": "Willi Echo wedi dweud wrthod wybodaeth iawno i'wodraeth o oryginalnej architekturze, a ddydd Sadwrn.", "modified": "2024-12-27T01:07:36.247000", "created": "2024-08-23T22:41:59.321000", "tags": [ "adres url", "profesjonalne", "projektowanie", "tworzenie", "stron", "internetowych", "strony", "internetowe", "pozycjonowanie", "poligrafia", "web design", "hosting", "internet", "cms", "reklama", "vgt internet", "skuteczna", "przegldaj", "skontaktuj", "z nami", "info", "ssl domeny", "copyright", "authority key", "identifier id", "win32", "whasz", "oszczdno", "win32 exe", "magia plik", "pe32 dla", "ms windows", "intel", "oglny plik", "windos", "generic", "typ pliku", "typ jzyk", "ikona rt", "neutralny", "tekst ascii", "wersja rt", "angielski usa", "plik", "file name", "type win32", "exe size", "mb first", "seen", "size", "first seen", "avg win32", "bkav undetected", "malicious", "drweb", "sha1", "sha256", "pehash", "richhash", "meble na wymiar", "meble na zam\u00f3wienie", "szafy", "meble \u0142azienkowe", "meble kuchenne", "meble biurowe", "zabudowy wn\u0119k", "blaty kamienne", "sprawd", "strong", "wirtualne", "kreatywne meble", "produkcja", "kuchnie", "zabudowa", "zwizualizuj", "kliknij", "speedtest", "files proofs", "vin syd", "sgp sbg", "rbx hil", "gra eri", "bom bhs", "ssl certificate", "noclegi szklarska por\u0119ba", "nocleg w szklarskiej por\u0119bie", "szklarska por\u0119ba pensjonat", "szklarska por\u0119ba", "pokoje", "pensjonat", "spa", "wakacje", "relaks", "wypoczynek", "willa echo", "willi echo", "szrenic", "tobie", "pastwu", "znajduje si", "azienka", "wifi", "z naczyniami", "bajeczne", "e1 f7", "c5 e0", "algorithm", "key identifier", "x509v3 subject", "number", "cus olet", "encrypt cnr10", "validity", "subject public", "key info", "key algorithm", "vhash", "ssdeep", "file type", "ini text" ], "references": [ "http://sanselo.pl", "http://www.sanselo.pl", "http://vgt.pl", "http://www.vgt.pl", "http://franas.pl", "http://www.franas.pl", "https://kreatywne-meble.pl", "http://ovh.net/common/font/lato/light/webfont.svg", "https://ws.nperf.com/partner/js?l=05d1f5db-f38f-42ed-924b-87e3b0f2d5b6", "http://willaecho.pl/", "http://www.willaecho.pl/", "http://www.tomasz.franas.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 438, "domain": 128, "hostname": 524, "URL": 943, "IPv4": 23, "FileHash-SHA256": 3021, "FileHash-SHA1": 397, "email": 4, "CVE": 1 }, "indicator_count": 5479, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "478 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d45dab14a189645153e8a6", "name": "Reverse WHOIS results for vgt.pl ( GANG VGT)", "description": "", "modified": "2024-12-17T14:47:57", "created": "2024-09-01T12:27:23.777000", "tags": [ "ipv4 domain", "ipv4 url", "domain", "sha1", "sha256", "pehash", "vhash", "ssdeep" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1286, "FileHash-SHA1": 1286, "FileHash-SHA256": 2722, "URL": 4729, "domain": 1909, "hostname": 2082, "IPv4": 97, "CVE": 4, "YARA": 1 }, "indicator_count": 14116, "is_author": false, "is_subscribing": null, "subscriber_count": 126, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d79804e3a10e4e77e76246", "name": "ADORNO - us\u0142ugi introligatorskie, poligrafia, reklama, piecz\u0105tki, tekstylia, trofea", "description": "The following details of the latest version of Google's Earth app have been published on the site's website, following a request from the company's parent company, the Alphabet, to update the service.", "modified": "2024-12-17T14:47:51.572000", "created": "2024-09-03T23:13:08.830000", "tags": [ "ip address", "us\u0142ugi introligatorskie", "poligrafia", "reklama", "piecz\u0105tki", "tekstylia", "trofea", "krapkowice reklama", "krapkowice poligrafia", "krapkowice", "opole poligrafia", "opole reklama", "opole koszulki", "opolskie", "adorno", "zobacz katalog", "strona gwna", "o nas", "oferta kontakt", "od projektu", "do realizacji", "jestemy", "krapkowic z", "zajmujemy si", "sha1", "sha256", "rok szkolny", "wychowawcy", "klas", "przydzia", "stowka", "kalendarz roku", "podrczniki", "viii", "rada", "rodzicw", "zobacztake", "buforowane", "ogrodnictwo", "baza firm", "edmaedrbfqeaaaa", "qapsakpl", "nccat104", "ncsid4cb600", "nccat108", "ncsid6738e8" ], "references": [ "http://www.adorno.com.pl", "http://adorno.com.pl/", "http://www.adorno.com.pl/", "http://adorno.com.pl", "https://radzsp2.pl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 207, "hostname": 401, "FileHash-MD5": 5, "FileHash-SHA1": 11, "FileHash-SHA256": 179, "URL": 879, "CIDR": 1, "email": 2, "CVE": 2 }, "indicator_count": 1687, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66e4acfa7a85af9572e4a892", "name": "Adobe on", "description": "The following is the full text of the text-messages-journal, which was published by Adobe on 1 January 2016.. and, if you want to know what it is, the following", "modified": "2024-12-17T14:35:40.216000", "created": "2024-09-13T21:22:02.146000", "tags": [ "user", "doscom c", "text c", "bmp c" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 13, "URL": 15, "CVE": 1 }, "indicator_count": 33, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66dc8df6138140378bc0bbc4", "name": "Wy\u017csza kultura. Bank nowo\u015bci - kredyt, po\u017cyczka, konto, lokata - Alior Bank", "description": "Mfa.aliorbank.com is the world's largest bank, with a combined turnover of more than $2bn (\u00c2\u00a31.3bn) in its current financial year.", "modified": "2024-12-17T14:35:32.104000", "created": "2024-09-07T17:31:34.610000", "tags": [ "vhash htm", "ssdeep", "script tags", "trackers google", "tag manager", "anchor hrefs", "bank", "konto osobiste", "kredyty", "po\u017cyczki", "rachunek", "firmy", "klienci indywidualni", "finanse", "lokaty", "oszcz\u0119dno\u015bci", "po\u017cyczka got\u00f3wkowa", "kredyt mieszkaniowy", "karta kredytowa", "inwestycje", "oferta dla os\u00f3b prowadz\u0105cych w\u0142asn\u0105 dzia\u0142alno\u015b\u0107 gospodarcz\u0105", "oferta dla przedsi\u0119biorstw", "kredyty dla ma\u0142ych i \u015brednich firm", "rachunek brokerski", "bankowo\u015b\u0107 elektroniczna", "bankowo\u015b\u0107 mobilna", "ubezpieczenia", "alior", "alior bank", "wy\u017csza kultura. bank nowo\u015bci", "sprawd", "alior mobile", "alior banku", "konto w", "konto jake", "alior online", "informacje", "bezpieczestwo", "jest", "ciebie" ], "references": [ "http://aliorbank.pl", "http://www.aliorbank.pl" ], "public": 1, "adversary": "", "targeted_countries": [ "Poland" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 63, "FileHash-SHA256": 200, "domain": 24, "hostname": 219, "URL": 100, "FileHash-MD5": 12, "FileHash-SHA1": 9, "CVE": 1 }, "indicator_count": 628, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66e49429307fb3a39295c3a9", "name": "https://bitcoin.com 75.2.84.139 , 99.83.188.88", "description": "Bitcoin.com\u2019s V-Card allows you to spend cryptocurrency anywhere Mastercard\u00ae is accepted.. and the most popular cryptocurrencies are the Bitcoin.org virtual currency, which is also known as the Ethereum.", "modified": "2024-12-17T14:35:31.636000", "created": "2024-09-13T19:36:09.216000", "tags": [ "bitcoin", "vcard", "safe", "download app", "mastercard", "verse token", "take control", "learn", "trending", "news", "play", "thumbprint", "ssdeep", "sha1", "sha256", "whasz", "vhash", "number", "stay hasz", "numer seryjny", "odcisk palca", "dane obrazu", "unicode", "z bom", "rgba", "tekst utf8", "crlf", "v2 dokument", "jpeg", "jfif", "ms windows", "lazarus group", "hacking scheme", "security", "bitcoin news", "javascript" ], "references": [ "http://bitcoin.com", "https://bitcoin.com", "https://news.bitcoin.com/north-korean-lazarus-group-linked-to-new-cryptocurrency-hacking-scheme" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1664, "FileHash-SHA1": 387, "FileHash-MD5": 449, "IPv4": 11, "hostname": 47, "URL": 71, "domain": 6, "CVE": 1 }, "indicator_count": 2636, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d65ec934e804ff93de6737", "name": "adorno.eu is for sale!", "description": "GoDaddy.eu is the world's most popular domain provider for people who want to sign up for a domain\u00a0transfering service. \u00c2\u00a31.5m (1m euros)", "modified": "2024-12-17T14:35:30.480000", "created": "2024-09-03T00:56:41.819000", "tags": [ "key id", "sha256", "ssdeep", "godaddy brand", "sedo", "eur excl", "vat buy", "dan buy", "evolution media" ], "references": [ "http://adorno.eu" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 540, "domain": 207, "FileHash-SHA256": 637, "hostname": 425, "FileHash-MD5": 178, "FileHash-SHA1": 106, "IPv4": 12, "email": 1, "CVE": 1 }, "indicator_count": 2107, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d44926ed517bfd841682d8", "name": "http://virusshare.com/ efa9780d188576155d1594ca9f6bf06217427be0fb8ccddb6165a675f247fce8 KAV_py2.exe ip 71.105.224.116", "description": "http://virusshare.com/hashes/VirusShare_00010.md5\nhttp://virusshare.com/hashes/VirusShare_00002.md5\nhttp://virusshare.com/hashes/VirusShare_00003.md5\nhttp://virusshare.com/hashes/VirusShare_00008.md5\nhttp://virusshare.com/\nhttp://virusshare.com/hashes/VirusShare_00001.md5\nhttp://virusshare.com/hashes/VirusShare_00009.md5\nhttp://virusshare.com/hashes/VirusShare_00006.md5\nhttp://virusshare.com/hashes/VirusShare_00005.md5\nhttp://virusshare.com/hashes/VirusShare_00007.md5\nhttp://virusshare.com/hashes/VirusShare_00004.md5", "modified": "2024-12-17T14:35:28.860000", "created": "2024-09-01T10:59:50.034000", "tags": [ "foundrndate", "klucz publiczny", "intel", "ms windows", "pe32", "ascii text", "crlf line", "type md5", "process name", "ascii", "pe32 executable", "sha1", "richhash", "expiration", "url https", "url http", "no expiration", "hostname", "filehashsha1", "filehashsha256", "sha256", "imphash", "segoe ui", "emoji", "arial", "roboto", "helvetica neue", "noto", "apple color", "symbol", "noto color", "liberation sans", "firefox", "london", "ttl3600" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 875, "hostname": 213, "domain": 82, "IPv4": 15, "FileHash-MD5": 127, "FileHash-SHA1": 123, "FileHash-SHA256": 308, "IPv6": 2, "CVE": 2 }, "indicator_count": 1747, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d3e0652560b9b323d0e5a0", "name": "validator/site/nu-script.js at main \u00b7 validator/validator \u00b7 GitHub 128.30.52.73", "description": "GitHub is the world's most advanced open source platform, powered by artificial intelligence (AI), and you can now access all your code, repositories, users, issues and other data at any time.", "modified": "2024-12-17T14:35:28.041000", "created": "2024-09-01T03:32:53.350000", "tags": [ "sign", "github", "github copilot", "search", "validator", "code issues", "pull", "wiki security", "skip", "navigation", "write", "star", "footer", "valid", "algorithm", "thumbprint", "serial number", "from", "valid from", "pca issuer", "microsoft root", "signing ca", "microsoft code", "class" ], "references": [ "https://github.com/validator/validator/blob/main/site/nu-script.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 29, "URL": 140, "FileHash-MD5": 21, "email": 1, "FileHash-SHA256": 74, "domain": 17, "hostname": 42, "IPv4": 8, "CVE": 1 }, "indicator_count": 333, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d147ac5afafb76f652ccfb", "name": "cyberfolks.pl / Hosting/ 185.208.164.121 / VPS / 94.152.11.60 / 193.218.154.51", "description": "The full text of the text-free version of Microsoft's Chrome browser can be viewed here:. \u00c2\u00a31.5m.. (\u20ac2.4m) \u20ac", "modified": "2024-12-16T22:19:24.841000", "created": "2024-08-30T04:16:44.939000", "tags": [ "vhash", "ssdeep", "digicert", "g2 firmy", "digicert g3", "entrust gwny", "gwny", "microsoft ecc", "microsoft azure", "ecc tls", "rsa tls", "microsoft rsa", "aoc ca", "digicert tls", "azure rsa", "eoc ca", "digicert cloud", "azure tls", "azure ecc", "xargs", "jeli", "azure", "authority", "java", "ms windows", "dziennik zdarze", "vista", "pe32", "intel", "defender", "systemy", "plik", "tekst ascii", "dane archiwalne", "ptime", "danie", "msie", "windows nt", "okrndata", "jzyk", "cieka", "sha1", "sha256", "imphasz", "pejzasz", "windows", "eurostile", "disk1", "augustin", "butterfield", "cook", "drummer", "erickson", "fjsv", "flynn", "gorman", "easy", "rada", "xanadu", "config", "reboot", "screen", "trash", "wersja pliku", "v2 dokument", "aaaa", "cname", "aaaaa", "whasz", "dostawa", "cache entry", "wav chrome", "gzip chrome", "text chrome", "woff chrome", "cab c", "lnk c", "doc c", "doc chrome", "ttf chrome" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6307, "hostname": 7851, "domain": 1282, "FileHash-MD5": 221, "FileHash-SHA256": 1346, "IPv4": 1437, "IPv6": 8, "FileHash-SHA1": 192, "email": 3, "CIDR": 8, "CVE": 2 }, "indicator_count": 18657, "is_author": false, "is_subscribing": null, "subscriber_count": 125, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d0a996b288ca46ab7e63ae", "name": "CEIDG (www.pitprojekt.pl , pitprojekt.pl) jak otworzy\u0107 firm\u0119, jak rozpocz\u0105\u0107 biznes, dzia\u0142alno\u015b\u0107 gospodarcza zak\u0142adanie, jak rozpocz\u0105\u0107 dzia\u0142alno\u015b\u0107 gospodarcz\u0105", "description": "Zawarte zasoby wed\u0142ug j\u0119zyka \u00c2\u00a31.1bn, a total of 7.4bn euros ($9.6bn; \u00a36.3bn)", "modified": "2024-12-05T21:16:06.820000", "created": "2024-08-29T17:02:13.392000", "tags": [ "admin", "asset", "dufur", "jnswj", "3px center", "saxla", "zjloj", "whasz htm", "oszczdno", "png ikona", "rt angielski", "angielski usa", "wersja rt", "narzuta chi2", "plik", "whasz", "bogaty hash", "sha256", "ssdeep", "schema", "strings", "guid", "blob", "sha256 file", "type type", "vhash", "imphash", "bvgquf", "cblrxf", "coqbmf", "efq78c", "gkrikb", "hdvrde", "hlo3ef", "izt63", "jnoxi", "kg2exe", "pejzasz", "rticon english", "english us", "chi2", "png rticon", "ico rtgroupicon", "code signing", "algorithm", "serial number", "sectigo public", "thumbprint", "rsa time", "valid from", "name sectigo", "valid", "valid usage", "ascii text", "neutral", "data rtcursor", "data rtdialog", "default", "rticon maori", "ceidg", "informacja o", "usugi", "z wniosek", "sprawd", "zarejestruj spk", "centralna", "ewidencja", "strona gwna", "formularze i", "sha1", "pehash", "richhash", "authentihash", "skrt", "system", "podaj", "windows z", "kreator", "dostawca", "wifi", "nazwa typ", "md5 nazwa", "imphasz", "kropelka", "smyczki", "zasb manifestu", "neutralny", "ikona rt", "zawarte zasoby", "md5 chi2", "ikonagrupyrt", "rtmanifest", "zawarte", "sha256 typ" ], "references": [ "https://aplikacja.ceidg.gov.pl/ceidg.cms.engine/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 4501, "URL": 4559, "hostname": 1957, "domain": 729, "FileHash-MD5": 903, "FileHash-SHA1": 849, "IPv4": 180, "email": 3, "IPv6": 2, "CVE": 1 }, "indicator_count": 13684, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "499 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66caffd62b03fba176499249", "name": "192.168.122.26 RFC 1918 - Address Allocation for Private Internets", "description": "https://static.ietf.org/dt/12.22.0/ietf/js/select2.js\nhttps://static.ietf.org/dt/12.22.0/ietf/js/document_timeline.js\nhttps://static.ietf.org/dt/12.22.0/ietf/js/d3.js\n27d3ed3ed0003ed00042d43d00041df04c41293ba84f6efe3a613b22f983e6\nhttps://static.ietf.org/dt/12.22.0/ietf/js/ietf.js\nhttps://static.ietf.org/dt/12.22.0/assets/embedded-8b6f56ff.js\nhttps://static.ietf.org/dt/12.22.0/ietf/js/theme.js", "modified": "2024-11-29T19:44:18.974000", "created": "2024-08-25T09:56:38.383000", "tags": [ "internet", "practice", "rekhter", "february", "best current", "page", "ip connectivity", "ip address", "allocation", "tcpip", "formats", "regexp", "string", "function", "boolean", "null", "notification", "number", "object", "dtbt", "chatlog", "status", "vhash", "ssdeep", "sha256", "authentihash", "imphash", "rich pe", "coolnovo", "olet", "encrypt", "cnr3", "oszyfrujmy", "cne1", "cnr11", "cnr10", "cne5", "cloudflare", "cne6", "bn english", "rticon english", "vs2010 sp1", "vs2010", "contained", "english us", "compiler", "utc first", "submission", "symantec time", "date", "class" ], "references": [ "https://datatracker.ietf.org/doc/rfc1918/", "http://datatracker.ietf.org/doc/rfc1918/", "https://static.ietf.org/dt/12.22.0/ietf/js/theme.js", "https://static.ietf.org/dt/12.22.0/assets/embedded-8b6f56ff.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 45, "email": 18, "hostname": 1714, "URL": 261, "FileHash-MD5": 113, "FileHash-SHA1": 103, "FileHash-SHA256": 565 }, "indicator_count": 2819, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "505 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cb1a82b938d97fca42577b", "name": "http://sni.cloudflaressl.com/ SSL dla sni.com and Cloudflaressl.cloudflAressL.org", "description": "urz\u0105dzenie5695310-7a1dc9c7-local.wd2go.com\nurz\u0105dzenie4491421-0ffc7b50-local.wd2go.com", "modified": "2024-11-29T19:44:16.599000", "created": "2024-08-25T11:50:26.438000", "tags": [ "cloudflare", "read", "report", "zero trust", "contact", "sign", "view", "discover", "gartner magic", "quadrant", "protect", "enterprise", "fortune", "ssl certificate" ], "references": [ "http://sni.cloudflaressl.com/" ], "public": 1, "adversary": "TrojanDownloader:Win32/Nemucod", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8863, "hostname": 2526, "domain": 3054, "FileHash-SHA256": 703, "FileHash-SHA1": 16, "IPv4": 227, "FileHash-MD5": 10, "IPv6": 8, "CVE": 2 }, "indicator_count": 15409, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "505 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cb5560913a9cb8d451a1cd", "name": "Log In | Criminal IP", "description": "https://www.criminalip.io/intelligence/maps?query=cve_id%3Acve-1999-0016&lat=57.996911700633525&lng=20.307597029382432&latmax=85&latmin=-85&lngmax=180&lngmin=-180\nIf you want to know what is going on in your browser, spare a thought for the three-year-old, who has been caught up in the latest version of the \"rum\" search engine.", "modified": "2024-11-29T19:44:16.076000", "created": "2024-08-25T16:01:36.377000", "tags": [ "typeof require", "typeof module", "typeof define", "error", "modulenotfound", "string", "date", "function", "doublequote", "null", "regexp", "iframe", "script", "style", "embed", "keygen", "meta", "typeof t", "typeerror", "typeof window", "uint8array", "ithis", "typeof", "invalid uuid", "othis", "typeof symbol", "generator", "array", "pfunction", "rfunction", "ttfb", "typeof crypto", "typeof mscrypto", "typeof e", "typeof r", "whasz", "ip lookup", "port check", "vulnerability scanner", "attack surface", "cyber threat intelligence", "cti", "asm", "domain", "exploit", "phishing", "criminal ip", "apis", "criminal", "search engine", "strong", "login", "ai spera", "ip search", "engine products", "about contact", "twitter", "contact", "sha1" ], "references": [ "https://cdnjs.cloudflare.com/ajax/libs/parallax/3.1.0/parallax.min.js", "https://apis.google.com/js/platform.js", "https://static.ads-twitter.com/uwt.js", "https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015/", "https://www.criminalip.io/intelligence/maps?query=cve_id%3Acve-1999-0016&lat=57.996911700633525&lng=20.307597029382432&latmax=85&latmin=-85&lngmax=180&lngmin=-180" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 118, "URL": 242, "FileHash-MD5": 773, "FileHash-SHA1": 752, "FileHash-SHA256": 3277, "domain": 24, "email": 11 }, "indicator_count": 5197, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "505 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66c515f2f84211938e2fbeb5", "name": "www.domek-karkonosze.pl , www.domwkrate.pl , www.dom-w-karkonoszach.com", "description": "A.T.J. Sp. z o.o.\n' Domek-Karkonosze.pl '\nul. \u015awierczewskiego 70 58-531 \u0141omnica Polska Tel .075 \u2013 644 07 16 kom 605 115 258\n' DomwKrate.pl '\nul. Karkonoska 70 ( ko\u0142o Ko\u015bcio\u0142a) 58-531 \u0141omnica Polska Tel. kom. 605 115 258\n 'Dom w Karkonoszach '\nul. Prusa 17 58-540 Karpacz, Polska tel. Polska: +48 605 11 52 58 \ntel. Niemcy: +49 30 212 34 190", "modified": "2024-11-02T18:45:48.928000", "created": "2024-08-20T22:17:22.809000", "tags": [ "karkonoszach", "karkonoszy", "euro za", "pastwo", "krat", "polska", "polskie", "okolica domu", "pastwo spdzi", "dajemy wam", "domeny", "wersja", "www tls", "encrypt", "wystawcy ca", "b59bn znak", "ad26", "kod odpowiedzi", "gmt typ", "treci", "vary", "false", "dom w karkonoszach", "apartamenty karkonosze", "apartamenty karpacz", "strong", "karkonoszach z", "karpacz", "home", "o domu", "galeria cennik", "wolne terminy", "kontakt", "relaks", "sha256", "oszczdno", "authority key", "identifier id", "vhash", "ssdeep", "historical ssl", "ssl certificate", "pe resource", "whois", "referrer", "malware", "ta569" ], "references": [ "http://domek-karkonosze.pl", "https://www.dom-w-karkonoszach.com/", "http://www.dom-w-karkonoszach.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 35, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 197, "SSLCertFingerprint": 2, "domain": 49, "hostname": 118, "URL": 393, "FileHash-SHA256": 575, "FileHash-SHA1": 182, "IPv4": 3, "CVE": 22, "email": 1 }, "indicator_count": 1542, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "532 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66c043ccdf906b54eb6daeeb", "name": "EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN", "description": "If you are trying to register a new domain name, or want to do so, you need to know that your name is in a \"status code\" or \"registration status\" that may not be working.", "modified": "2024-11-02T18:45:46.177000", "created": "2024-08-17T06:31:40.333000", "tags": [ "status", "epp status", "registry lock", "service", "whois lookup", "server status", "your domain", "protocol", "finding", "registry grace", "period", "icann lookup" ], "references": [ "https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en", "https://lookup.icann.org/en" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 109, "domain": 2, "hostname": 5, "FileHash-SHA256": 30, "FileHash-SHA1": 4, "FileHash-MD5": 10 }, "indicator_count": 160, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "532 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66b3e7ebf9bc34b5ea10f701", "name": "http://www.dekoramia.eu/ SP\u00d3\u0141KA CYWILNA mx4.dekoramia.eu", "description": "Here is a full list of updates on the Biblioteka DLL, as well as the other parts of the code:-1-2-3-4-6..com", "modified": "2024-11-02T18:45:45.464000", "created": "2024-08-07T21:32:27.566000", "tags": [ "nxdomena", "nieznany", "nieznany strona", "a nxdomena", "rn kategorileri", "metal avizeler", "dekora metal", "tl zeri", "cretsiz kargo", "sipari takip", "trke", "sepetim", "tl sepetim", "sepetinizde rn", "metal", "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik", "dekoramia", "wyroby z", "jelenia gra", "bezterminowo", "nazwa hosta", "ccnl asnas3333", "sieci ip", "ripe ncc", "nazwa", "nxdomain", "aaaa", "cname", "zobacz te", "buforowane", "zasb", "ffffff", "error", "string", "copyright", "closure library", "typeof c", "jnew k", "knew k", "bnew k", "lnew k", "date", "sha1", "https", "biblioteka dll", "win32 certca", "win32", "win32 exe", "win32 dll", "certenroll", "tekst", "dos exe", "pdf introduo", "wprowadzenie", "whasz" ], "references": [ "Podgl?d wpisu po zmianie _ Ceidg.gov.pl - Centralna Ewidencja i Informacja o Dzia?alno?ci Gospodarczej.html", "Wydruk.pdf", "https://cse.google.com/cse.js?cx=003414466004237966221:dgg7iftvryo" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 219, "domain": 26, "FileHash-SHA1": 257, "URL": 194, "IPv4": 5, "FileHash-MD5": 320, "FileHash-SHA256": 361, "email": 9, "IPv6": 21, "CVE": 10 }, "indicator_count": 1422, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "532 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66abb26614baf2276d4892cf", "name": "kir.pl KIR: Hub technologiczny. Dostawca cyfrowych rozwiaza\u0144 dla firm, bank\u00f3w oraz klient\u00f3w indywidualnych.Kluczowy podmiot infrastruktury polskiego systemu p\u0142atniczego.", "description": "934f391c263fe1fb3bca071898f45579c905280f 2022-09-14 *.kir.pl 00e172c1ce91876722ae2faa48df5b17a32c3be9 2021-10-01 *.kir.pl 9bebeaa50825eb88fc9e8899955d821620ac6fe6 2020-10-07 *.kir.pl 4b885389c599abdaa45e11481924600738a5ea37 2020-03-18 *.kir.pl 3b969974bc6f07b8a45dd0ee89f9ee64b862571b 2019-08-14 *.kir.pl 6a69a861061c5e768070c68576127237a43de9c2\nZobacz ca\u0142y artyku\u0142 Elixir malware 08.07.2024 Statystyki system\u00f3w rozliczeniowych KIR w czerwcu 2024 r. W czerwcu przetworzyli\u015bmy w systemie szkodliwe oprogramowanie Elixir 177,85 mln transakcji o warto\u015bci 722,96 mld z\u0142. Zamiast tego w Express Elixir rozliczyli\u015bmy 44,95 mln przelew\u00f3w natychmiastowych o warto\u015bci 21,65 mld z\u0142. Zobacz ca\u0142y artyku\u0142 Elixir malware 10.06.2024 Statystyki system\u00f3w rozliczeniowych KIR w maju 2024 r. W maju 2024 r. przetworzyli\u015bmy w systemie szkodliwe oprogramowanie Elixir 185,8 mln transakcji o warto\u015bci 744,83 mld z\u0142.", "modified": "2024-11-02T18:45:44.304000", "created": "2024-08-01T16:05:58.828000", "tags": [ "epodpis z", "express elixir", "dostp", "zobacz", "polityka", "czytaj wicej", "zobacz cay", "elixir", "kir w", "mobilny", "banki", "teraz" ], "references": [ "http://Kir.pl/", "https://kir.pl/", "https://www.kir.pl/", "http://www.kir.pl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Elixir", "display_name": "Elixir", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 45, "URL": 415, "hostname": 187, "FileHash-MD5": 64, "FileHash-SHA1": 36, "FileHash-SHA256": 102, "IPv4": 53, "email": 4, "SSLCertFingerprint": 9, "CVE": 2, "CIDR": 1 }, "indicator_count": 918, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "532 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66a27442c3dd6aa438bd8d67", "name": "http://crd.gov.pl/wzor/", "description": "sha256-b92ea141ea59c122b8425068c06465c8d6ff86571aa02e5a6f55d3dd8096d583\nnaruszony_redirector_witryny_z_kodu_charcode\n, \ncve_2014_6332", "modified": "2024-10-25T19:56:22.489000", "created": "2024-07-25T15:50:26.922000", "tags": [ "bezterminowo", "adres url", "plikhashsha256", "email biuro", "nazwa hosta", "nazwa", "filehashsha1", "sha1", "filehashmd5", "md5 z", "sha1 dla" ], "references": [ "" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 773, "FileHash-SHA256": 802, "email": 14, "hostname": 121, "domain": 65, "FileHash-MD5": 253, "FileHash-SHA1": 256, "IPv4": 9, "YARA": 1, "CVE": 12 }, "indicator_count": 2306, "is_author": false, "is_subscribing": null, "subscriber_count": 126, "modified_text": "540 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "669b8fa0d807682987a33cb7", "name": "https://ssl-proxy.my-addr.org/myaddrproxy.php/https/www.vgt.pl", "description": "Here is the full text of the X509 certificate, signed by Google LLC, which is published on 1 July 2014:. \u00c2\u00a31.4m.. (\u20ac2.3m)", "modified": "2024-10-20T00:48:20.932000", "created": "2024-07-20T10:21:20.075000", "tags": [ "submission", "globalsign root", "ougwny urzd", "oglobalsign", "ssdeep", "magic", "trid der", "file size", "history first", "analysis", "win32 exe", "narzdzie nokia", "best bb5", "aaaaa" ], "references": [ "https://viz.greynoise.io/analysis/399e2039-4568-4e91-95b1-56e4de" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 19, "FileHash-SHA256": 92, "IPv6": 6, "hostname": 111, "domain": 60, "URL": 638, "YARA": 1, "FileHash-IMPHASH": 1, "email": 4, "IPv4": 6, "CVE": 2 }, "indicator_count": 958, "is_author": false, "is_subscribing": null, "subscriber_count": 125, "modified_text": "546 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "668bfcb0b48a387b9d2c8562", "name": "Ministerstwo Finans\u00f3w - Portal Gov.pl", "description": "Pliki cookie zosta\u0142y ju\u017c zapisane i wydrukowane.\n5852be629358e18160c5483bfc8c9f0023b974565f2d59ce7f4497cc734b4ecd 30 pa\u017a 2022 b8a2476b55132fdf0531d6cd48126b759dc08a8f5b019917b62373e536a0b8c9 26 pa\u017a 2022 2700fbe4001e27ba55d72841817b0b9454954b496f21e4259c88919027172694 6 wrze\u015bnia 2022 r. 91da570586b7c04e3012215469ed8b8c5aa036068cc48ba7a7ac0d8cce34290e 5 wrze\u015bnia 2022 r. 1757d8363e28b35b9e29c44d0bc87e2a03d90ca50dadd780924528e0a13d49e1 31 sierpnia 2022 r. fe5744ed48406b90eae1747aab5386645406ad61cdc629ebc7ded97aa099ae28 30 lipca 2022 r. c730bac7a1da3b6263e7672c85cb4deb229c45479bd64bc7194a9a8bb16b8cb6 16 lipca 2022 r. 177b428ac63ad3b6c606ed11b33c9fc4d79f6ff5e6b3ac3ee849f1e2d1f2c903 16 lipca 2022 r. a35121637b79b7d926b63afceae409fdb35c14ad5431ecd199179622e1711ca6", "modified": "2024-10-17T05:28:49.118000", "created": "2024-07-08T14:50:24.496000", "tags": [ "polskiej", "przejd", "usugi dla", "logowanie", "profil zaufany", "skarbowa", "zobacz", "ksef", "zastpca szefa", "stopka", "rada", "inquest labs", "vba project", "vbaproject", "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "sha1", "sha256", "typ tekst", "opis tekst", "ascii md5", "rozmiar", "typ dane", "pdf c", "text c", "ounizeto", "validation ca", "sha2", "odigicert inc", "cusa", "authority", "rsa ca", "cncertum domain", "cngeotrust ev", "oglobalsign", "unicode", "z bom", "crlf", "rgba", "dane obrazu", "tekst utf8", "v2 dokument", "dane", "dokument html", "jpeg", "skrt", "opis", "poczenie", "wifi", "start", "nazwa typ", "md5 nazwa", "procesu plik", "pe32", "intel", "pejzasz", "ms windows", "plik dokumentu", "nie c", "win32 exe", "crt.sh", "ct", "certificate transparency", "certificate search", "ssl certificate", "sectigo", "comodo ca", "comodo", "tls web", "criteria id", "647257375", "timestamp entry", "log operator", "log url", "google https", "ca mechanism", "provider status", "error", "log id", "647257567", "summary leaf", "sectigo https", "expired", "certificate", "lets", "key usage", "identifier", "551852229", "digicert https", "479894151", "479896285", "tylne drzwi", "win32", "imphasz", "wirustotal", "emaile", "emaile pnewell", "emaile khunter", "emaile eooshea", "emaile regadmin", "microsoft excel", "wed jan", "submission", "vhash", "ssdeep", "file type", "ms excel", "xls magic", "file v2", "document", "number", "algorithm", "certum", "unizeto", "warszawa", "31915086", "nitro pro", "nitro sign", "nitro", "nitro pdf", "primopdf", "pdfs", "business nitro", "pdf nitro", "pdf pro", "desktop", "premium", "service", "ja3s", "mnie", "sysv", "lsb executable", "eabi4 version", "msb executable", "mips", "mipsi version", "trojan", "imphash", "pehash", "name type", "md5 process", "fault", "header", "bezterminowo", "adres url", "nazwa hosta", "ipv4", "ccie asnas8075", "nie mona", "trojandropper", "url skryptw", "domeny a", "kliknij", "prbka skrt", "uwzgldnij", "nieobecny", "procesu", "ascii z", "ascii bez", "mirai", "win32virut", "procesu zastpy", "tekst ascii", "z terminatorami" ], "references": [ "http://www.mf.gov.pl/tutaj/a./p/body/html", "https://www.mf.gov.pl/tutaj/a./p/body/html", "https://mdec.nelreports.net/api/report?cat=mdocs", "https://crt.sh/?id=647257375", "https://crt.sh/?id=647257567", "https://crt.sh/?id=551852229", "https://crt.sh/?id=479894151", "https://crt.sh/?id=479896285", "https://crt.sh/?d=49659844", "https://crt.sh/?id=31915086", "http://www.primopdf.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null }, { "id": "e74755ff8b4927e257566302296e17e5d28cef17a6daf287cda9e63ce6c6f575 ELF :Mirai- MALWARE GH\\ [Trj] 23 pa\u017a 2016 bf0f346f4a51732e31d88eb47dcac82c7f7ed973312926819f1e1023b9c51121 23 pa\u017a 2016 5a92b73f354d54b9", "display_name": "e74755ff8b4927e257566302296e17e5d28cef17a6daf287cda9e63ce6c6f575 ELF :Mirai- MALWARE GH\\ [Trj] 23 pa\u017a 2016 bf0f346f4a51732e31d88eb47dcac82c7f7ed973312926819f1e1023b9c51121 23 pa\u017a 2016 5a92b73f354d54b9", "target": null } ], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 127, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 627, "email": 41, "FileHash-SHA1": 1565, "FileHash-SHA256": 5520, "URL": 1821, "FileHash-MD5": 1861, "SSLCertFingerprint": 10, "domain": 167, "IPv4": 31, "YARA": 7, "CVE": 7 }, "indicator_count": 11657, "is_author": false, "is_subscribing": null, "subscriber_count": 127, "modified_text": "549 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66831f04ad169d3b685c9645", "name": "Win.exe , Bootstrapper.exe , pl.microsoft.com , microsoft.com/pki/certs/MicRooCerAut_2010", "description": "rule UPX { meta: author = \"kevoreilly\" description = \"UPX dump on OEP (original entry point)\" cape_options = \"bp0=$upx32+9,bp0=$upx64+11,action0=step2oep\" strings: $upx32 = {6A 00 39 C4 75 FA 83 EC ?? rule Windows_Generic_Threat_5c18a7f9 { meta: author = \"Elastic Security\" id = \"5c18a7f9-01af-468b-9a63-cfecbeb739d7\" fingerprint = \"68c9114ac342d527cf6f0cea96b63dfeb8e5d80060572fad2bbc7d287c752d4a\" creation_date = \"2024-01-21\" last_modified = \"2024-02-08\" threat_name = \"Windows.\ndca60557a1f47948d7158ba9f56ad8656bd0b343488264e23037fd66174e3cd5\nb4f7ace176d0eeba828e7c03f39befb30355223860d14e6ca4422fdb81778df7\nPr\u00f3bka Cuckoo-843b85c493b8a9048b2ab73a9d1a8.cab - polecenie Microsoft Office.\nResearchers have decoded a new set of data on how to store data in a safe and easy-to-use digital format, as well as the results of a series of tests on the subject.", "modified": "2024-10-14T20:36:07.924000", "created": "2024-07-01T21:26:27.623000", "tags": [ "no expiration", "filehashsha256", "hacktool", "expiration", "win32autokms no", "filehashmd5", "filehashsha1", "virus", "sha1", "win32", "trojan", "ransom", "pejzasz", "vhash", "imphash", "ssdeep", "hash", "skrt", "y pkmsauto", "crlf", "dodaj", "hostsettings", "v wczono", "t regdword", "powershell", "nowy", "pe32", "intel", "ms windows", "nazwa typ", "md5 nazwa", "procesu", "vs2013", "rticon neutral", "compiler", "submission", "file version", "chi2", "contained", "authentihash", "pehash", "uacme akagi", "cobalt strike", "detects", "roth", "sliver stagers", "highvol", "detects imphash", "zero", "virustotal", "detection rule", "license", "arnim rupp", "whasz", "github", "postpuj zgodnie", "przegld", "danie id", "github og", "url https", "error", "toast", "clientrender", "date", "promise", "65536", "client env", "alloy", "rangeerror", "staff", "upx dump", "security", "license v2", "e8 ff", "fc ff", "ff ff", "e8 f7", "c3 e8", "e8 db", "f0 c9", "c8 ff", "c9 c3", "c4 a8", "a7 ff", "f1 e8", "ec c7", "f0 c0", "c1 e9", "ec e8", "ff e8", "a3 a4", "db e2", "b0 e9", "e8 ba", "b9 f3", "e4 f8", "ff e9", "eb ed", "b6 b3", "b6 bb", "c8 f7", "c6 a8", "f6 c1", "b0 d7", "df e0", "c4 f0", "fc e8", "cf e5", "f8 ff", "f7 ff", "cc cc", "c3 b8", "b9 ff", "ff f3", "ab aa", "f7 f9", "b8 c7", "be ad", "ef be", "ad de", "e9 cd", "c4 f4", "fe ff", "d1 fa", "fa fc", "f3 a6", "fb ff", "fc c6", "fc eb", "e8 ed", "fb d1", "b6 f8", "c7 c7", "ec d0", "b6 d2", "ff e1", "c0 ac", "c1 e3", "c3 aa", "c2 c1", "d3 f7", "fc c7", "win32 cabinet", "selfextractor", "pecompact", "yarahub", "yara", "repository", "hub", "repo", "malware_onenote_delivery_jan23", "yara rule", "team", "sifalconteam", "yarahub entry", "rule details", "malpedia family", "rule matching", "content copy", "download rule", "malware", "cc by", "vbscript", "sub autoopen", "getobject", "batch" ], "references": [ "https://github.githubassets.com/assets/ui_packages_react-core_create-browser-history_ts-ui_packages_safe-storage_safe-storage_ts-ui_-682c2c-2c0ad573fa49.js", "https://yaraify.abuse.ch/yarahub/rule/MALWARE_OneNote_Delivery_Jan23" ], "public": 1, "adversary": "rule MALWARE_OneNote_Delivery_Jan23 { meta: author = \"SECUINFRA Falcon Team (@SI_FalconTeam)\" descri", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 361, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 14732, "FileHash-MD5": 4316, "FileHash-SHA1": 3405, "YARA": 181, "URL": 4793, "domain": 1717, "hostname": 4354, "IPv4": 107, "IPv6": 845, "email": 26, "CVE": 13, "FilePath": 1 }, "indicator_count": 34490, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "551 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "664b74b2683dec84891aef96", "name": "PrivateLoader is a malware with a module structure that has the capability is to download and execute one or several payloads", "description": "http://185.172.128.69/batushka/inte.exe \nhttp://185.172.128.69/allnewumm.exe\nhttp://185.172.128.69/brandumma.exe\nhttp://185.172.128.69/files\nhttp://185.172.128.69/files/US.file\nhttp://185.172.128.69/latestumma.exe\nhttp://185.172.128.69/newumma.exe\nhttp://185.172.128.69/sekundumma.exe\nhttp://185.172.128.69/ummanew.exe", "modified": "2024-10-14T20:36:05.361000", "created": "2024-05-20T16:05:06.313000", "tags": [ "stdin via", "nextron", "powershell id", "powershell", "tim rauch", "elastic", "script block", "logging", "pe32", "ms windows", "intel", "nazwa typ", "md5 nazwa", "procesu" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7268, "domain": 1310, "URL": 8101, "FileHash-SHA1": 1615, "hostname": 2590, "FileHash-MD5": 1852, "email": 267, "SSLCertFingerprint": 3, "CIDR": 38, "CVE": 7, "IPv4": 15, "YARA": 4 }, "indicator_count": 23070, "is_author": false, "is_subscribing": null, "subscriber_count": 135, "modified_text": "551 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "670c5ff728e6e5b891e26e45", "name": "IOC", "description": "", "modified": "2024-10-14T00:04:07.913000", "created": "2024-10-14T00:04:07.913000", "tags": [ "admin", "asset", "dufur", "jnswj", "3px center", "saxla", "zjloj", "whasz htm", "oszczdno", "png ikona", "rt angielski", "angielski usa", "wersja rt", "narzuta chi2", "plik", "whasz", "bogaty hash", "sha256", "ssdeep", "schema", "strings", "guid", "blob", "sha256 file", "type type", "vhash", "imphash", "bvgquf", "cblrxf", "coqbmf", "efq78c", "gkrikb", "hdvrde", "hlo3ef", "izt63", "jnoxi", "kg2exe", "pejzasz", "rticon english", "english us", "chi2", "png rticon", "ico rtgroupicon", "code signing", "algorithm", "serial number", "sectigo public", "thumbprint", "rsa time", "valid from", "name sectigo", "valid", "valid usage", "ascii text", "neutral", "data rtcursor", "data rtdialog", "default", "rticon maori", "ceidg", "informacja o", "usugi", "z wniosek", "sprawd", "zarejestruj spk", "centralna", "ewidencja", "strona gwna", "formularze i", "sha1", "pehash", "richhash", "authentihash", "skrt", "system", "podaj", "windows z", "kreator", "dostawca", "wifi", "nazwa typ", "md5 nazwa", "imphasz", "kropelka", "smyczki", "zasb manifestu", "neutralny", "ikona rt", "zawarte zasoby", "md5 chi2", "ikonagrupyrt", "rtmanifest", "zawarte", "sha256 typ" ], "references": [ "https://aplikacja.ceidg.gov.pl/ceidg.cms.engine/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "66d0a996b288ca46ab7e63ae", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "WayneState", "id": "296756", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 4243, "URL": 4550, "hostname": 1957, "domain": 729, "FileHash-MD5": 801, "FileHash-SHA1": 747, "IPv4": 180, "email": 3, "IPv6": 2 }, "indicator_count": 13212, "is_author": false, "is_subscribing": null, "subscriber_count": 4, "modified_text": "552 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "552 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "", "https://bitcoin.com", "http://www.vgt.pl", "https://www.dom-w-karkonoszach.com/", "https://crt.sh/?id=551852229", "http://ovh.net/common/font/lato/light/webfont.svg", "https://www.jelenia-gora.so.gov.pl/", "https://mdec.nelreports.net/api/report?cat=mdocs", "https://wojcieszyce.pl/", "https://www.criminalip.io/intelligence/maps?query=cve_id%3Acve-1999-0016&lat=57.996911700633525&lng=20.307597029382432&latmax=85&latmin=-85&lngmax=180&lngmin=-180", "http://Kir.pl/", "https://kir.pl/", "https://www.wojcieszyce.pl/", "http://www.tomasz.franas.pl", "http://www.adorno.com.pl/", "https://crt.sh/?id=479894151", "http://www.wojcieszyce.pl/", "http://wojcieszyce.pl/", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=f3ee4c4e-e009-4d69-82da-eef3bad1ecc4", "https://viz.greynoise.io/analysis/a40cf3ce-d048-47c1-94b7-730b71", "https://radzsp2.pl/", "http://adorno.com.pl/", "http://www.willaecho.pl/", "https://yaraify.abuse.ch/yarahub/rule/MALWARE_OneNote_Delivery_Jan23", "https://ws.nperf.com/partner/js?l=05d1f5db-f38f-42ed-924b-87e3b0f2d5b6", "http://www.primopdf.com/", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "https://kreatywne-meble.pl", "http://aliorbank.pl", "https://github.githubassets.com/assets/ui_packages_react-core_create-browser-history_ts-ui_packages_safe-storage_safe-storage_ts-ui_-682c2c-2c0ad573fa49.js", "https://apis.google.com/js/platform.js", "http://www.dom-w-karkonoszach.com/", "https://cdnjs.cloudflare.com/ajax/libs/parallax/3.1.0/parallax.min.js", "http://willaecho.pl/", "https://static.ietf.org/dt/12.22.0/ietf/js/theme.js", "https://aplikacja.ceidg.gov.pl/ceidg.cms.engine/", "https://static.ietf.org/dt/12.22.0/assets/embedded-8b6f56ff.js", "http://www.adorno.com.pl", "https://news.bitcoin.com/north-korean-lazarus-group-linked-to-new-cryptocurrency-hacking-scheme", "https://aplikacja.ceidg.gov.pl/CEIDG/GroupMenu.aspx?key=_group_search", "https://github.com/validator/validator/blob/main/site/nu-script.js", "http://domek-karkonosze.pl", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=35146f05-9aac-4942-a42d-f2550a19c0c4", "http://www.sanselo.pl", "https://crt.sh/?d=49659844", "https://www.kir.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "http://www.mf.gov.pl/tutaj/a./p/body/html", "http://www.aliorbank.pl", "https://waf.intelix.pl/957476/Chat/Script/Compatibility", "http://www.pitprojekt.pl", "Wydruk.pdf", "http://www.jelenia-gora.so.gov.pl/", "http://datatracker.ietf.org/doc/rfc1918/", "http://sanselo.pl", "http://www.kir.pl/", "https://viz.greynoise.io/analysis/399e2039-4568-4e91-95b1-56e4de", "https://viz.greynoise.io/analysis/f3d70a4f-14b1-4d26-8617-98d591", "https://lookup.icann.org/en", "http://sni.cloudflaressl.com/", "https://www.mf.gov.pl/tutaj/a./p/body/html", "https://crt.sh/?id=647257567", "https://crt.sh/?id=31915086", "https://www.virustotal.com/gui/search/entity%253Afile%2520tag%253Apdf", "http://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778", "https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015/", "Podgl?d wpisu po zmianie _ Ceidg.gov.pl - Centralna Ewidencja i Informacja o Dzia?alno?ci Gospodarczej.html", "https://static.ads-twitter.com/uwt.js", "http://adorno.com.pl", "http://bitcoin.com", "https://sanselo.com/", "https://datatracker.ietf.org/doc/rfc1918/", "https://viz.greynoise.io/analysis/4627bc3a-0238-4f2f-ad5c-c50527", "http://vgt.pl", "http://franas.pl", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "http://www.franas.pl", "https://crt.sh/?id=479896285", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en", "https://crt.sh/?id=647257375", "http://adorno.eu", "http://pitprojekt.pl", "https://cse.google.com/cse.js?cx=003414466004237966221:dgg7iftvryo", "S?d Rejonowy w Jeleniej G\u00f3rze.htm" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "rule MALWARE_OneNote_Delivery_Jan23 { meta: author = \"SECUINFRA Falcon Team (@SI_FalconTeam)\" descri", "TrojanDownloader:Win32/Nemucod" ], "malware_families": [ "", "Serwer a przed\u0142u\u017cenie sesji #{text}", "Serwer", "Wojcieszyce", "Serwer a przed\u0142u\u017cenie sesji #{text} wojcieszyce pl", "Elixir", "E74755ff8b4927e257566302296e17e5d28cef17a6daf287cda9e63ce6c6f575 elf :mirai- malware gh\\ [trj] 23 pa\u017a 2016 bf0f346f4a51732e31d88eb47dcac82c7f7ed973312926819f1e1023b9c51121 23 pa\u017a 2016 5a92b73f354d54b9", "Mirai" ], "industries": [], "unique_indicators": 265481 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/microsoft.com", "whois": "http://whois.domaintools.com/microsoft.com", "domain": "microsoft.com", "hostname": "go.microsoft.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 31, "pulses": [ { "id": "6608aaf7ca0e965e593ed1d4", "name": "MUI programu Microsoft Office Access (w j\u0119zyku angielskim) zosta\u0142o u\u017cyte do wys\u0142ania z\u0142o\u015bliwego oprogramowania na serwer w Czechach jest to pierwszy tego typu atak na komputer. e", "description": "A look back at some of the key words and phrases used to describe the situation in Italy, as \"probacja\" (or \"democrata), as they were translated into English.", "modified": "2025-10-17T11:03:07.034000", "created": "2024-03-31T00:14:47.183000", "tags": [ "sha256", "ssdeep", "reputacja", "tworzy pliki", "informacje", "bardzo duga", "tworzy", "adresy url", "tworzy katalog", "win64", "ameryki", "typ pliku", "serwer nazw", "san jose", "adres", "digital", "data wyganicia", "csc corporate", "domains", "ca data", "data utworzenia", "dnssec" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6432, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2140, "hostname": 5874, "FileHash-SHA256": 12539, "FileHash-MD5": 3686, "FileHash-SHA1": 2751, "IPv4": 503, "URL": 10770, "email": 26, "CVE": 88, "YARA": 6, "JA3": 2, "IPv6": 28, "SSLCertFingerprint": 5, "BitcoinAddress": 3, "CIDR": 1 }, "indicator_count": 38422, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "665c44f012d938d1c7dd591e", "name": "PIT Projekt.exe (www.pitprojekt.pl , pitprojekt.pl) oraz Ceidg.gov.pl - Dane publiczne wpisu", "description": "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=f3ee4c4e-e009-4d69-82da-eef3bad1ecc4 NIP:6161230754\nhttps://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778 NIP;6112323510\nhttp://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778\n2.16.6.145146f05-9aac-4942-a42d-f2550a19c0c4 NIP:6131434311\nipv4: 2.16.6.14, 2.16.6.6, 2.16.6.1,", "modified": "2025-10-06T11:12:39.639000", "created": "2024-06-02T10:09:52.601000", "tags": [ "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik", "wojcieszyce", "urls competing", "ceidg centralna", "gospodarczej", "wyszukiwanie", "przejd", "centrum pomocy", "informacja o", "mapa", "strona gwna", "przegldanie", "ceidg szybki", "uwagi prawne", "deklaracja", "serwer", "returnurl", "idf3ee4c4ee00", "id7a025cc6516", "wctxrm0", "idf3ee4c4", "id35146f059aa", "ideb8f4cf26ef", "id7a025cc", "id35146f0", "publicznywsz3", "id97c275c", "url wiek", "ssdeep", "sha1", "pehasz", "typlibid", "pit projekt", "chcesz", "pity online", "program", "interesuje ci", "pity zapisane", "jeli", "oddajemy w", "twoje rce", "dziki jego" ], "references": [ "http://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=f3ee4c4e-e009-4d69-82da-eef3bad1ecc4", "https://aplikacja.ceidg.gov.pl/CEIDG/GroupMenu.aspx?key=_group_search", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=35146f05-9aac-4942-a42d-f2550a19c0c4", "http://www.pitprojekt.pl", "http://pitprojekt.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wojcieszyce", "display_name": "Wojcieszyce", "target": null }, { "id": "Serwer", "display_name": "Serwer", "target": null }, { "id": "Serwer A Przed\u0142u\u017cenie sesji #{text}", "display_name": "Serwer A Przed\u0142u\u017cenie sesji #{text}", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8271, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1259, "URL": 6009, "hostname": 3030, "FileHash-SHA256": 10233, "FileHash-MD5": 2742, "FileHash-SHA1": 2348, "email": 75, "SSLCertFingerprint": 11, "YARA": 2, "CVE": 13, "FileHash-PEHASH": 1, "IPv4": 34, "IPv6": 6 }, "indicator_count": 25763, "is_author": false, "is_subscribing": null, "subscriber_count": 134, "modified_text": "195 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66ce8795f74ccdc8a4ad972f", "name": "Home | Sanselo | Realizare site web \u0219i aplica\u021bii de mobil", "description": "Aplica\u021bii mobile, \u00c2\u00a31bn, \u00e2\u201a\u00ac1.5bn \u00e2\u20ac\u00b5\u00a6 \u00c3\u20ac\u201c \u00f4l iau i'r iddo.", "modified": "2025-05-14T21:14:50.899000", "created": "2024-08-28T02:12:37.280000", "tags": [ "sanselo", "i aplicaii", "home", "realizare site", "servicii web", "mobile app", "contact blog", "selecteaz", "pagin", "future", "adres url", "ipv4", "ccro asnas39668", "intersat srl", "rola", "url http", "odcisk palca" ], "references": [ "https://sanselo.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 11, "URL": 1533, "domain": 150, "email": 2, "hostname": 471, "FileHash-MD5": 236, "FileHash-SHA1": 141, "FileHash-SHA256": 979, "SSLCertFingerprint": 4 }, "indicator_count": 3527, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66ae21418ee5c4ef2c847a09", "name": "server.wojcieszyce.pl Email: info@wojcieszyce.pl", "description": "aaf8324ca0b6fb26f66dcf30f3d95491 SHA-1 f88f78f2b158c1e9df115b477509f140a1fb67d6 SHA-256 eb050903bbc118520a8889bd2fb0176262af63b6b34b9762cbfdec11bcf48f80 Vhash 1fb0238141c442bee60860692e8228f8 SSDEEP 393216:SXUROas78y5sf0Xin76QKRu8vxoX0PllhjKNeNOZYASi6:KiMhjiOka TLSH T127B76A56F211ACB0CFA2453940AB5505A23C76434FC2F9E4B72D808E6FAD58F66326FD File type Google Chrome Extension crx chrome extension browser Magic Zip archive data, at least v1.0 to extract", "modified": "2025-05-01T08:50:16.800000", "created": "2024-08-03T12:23:29.055000", "tags": [ "sha256", "office open", "xml document", "ms word", "document", "google chrome", "extension", "strong", "korzystania z", "ciasteczka", "godziny", "jeleniogrska", "wojcieszyce", "naszej strony", "korzystanie z", "en de", "menu imprezy", "flash", "vhash", "ssdeep", "file type", "ini text", "magic generic", "magika txt", "file size", "text c", "javascript c", "peexe c", "doscom c", "tekst c", "javascript", "rgba", "unicode", "z bom", "dane obrazu", "tekst utf8", "crlf", "skrt", "v2 dokument", "dane", "jpeg", "kimhjioka tlsh", "magic zip", "magic elf", "sysv", "adres url", "strona", "zaloguj", "date thu", "connection", "server nginx", "gmt etag", "expires sat", "expires fri", "contentlength", "server", "gmt contenttype", "cachecontrol", "png image", "crlf line", "document file", "v2 document", "type md5", "process name", "cr line", "ikona rt", "neutralny", "entropia chi2", "typ pliku", "typ jzyk", "png ikona", "rt neutralny", "rticon neutral", "ico rtgroupicon", "neutral", "whasz", "oszczdno", "logowanie", "zagroenia", "dane publiczne", "zoliwy dane", "historia wpisu", "reagowania", "sha1", "virustotal", "html internet", "magic html", "unicode text", "please", "pehash" ], "references": [ "http://www.wojcieszyce.pl/", "https://www.wojcieszyce.pl/", "https://wojcieszyce.pl/", "http://wojcieszyce.pl/", "https://www.virustotal.com/gui/search/entity%253Afile%2520tag%253Apdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wojcieszyce", "display_name": "Wojcieszyce", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 908, "FileHash-SHA256": 2450, "FileHash-MD5": 968, "URL": 373, "hostname": 144, "IPv4": 8, "domain": 15, "email": 7, "CVE": 16 }, "indicator_count": 4889, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "353 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6665c84b687c5e16b95e8f8e", "name": "94.152.152.223 v65023.niebieski.net Cyber_Folks S.A. (vgt.pl)", "description": "SHA1 32223ade25c4a1d39cb8ac13042e8e6dfe3ca78f , SHA1 \n 99987c1ee1ddb7fd113abd65c836fbb71c3da4da\n Role: UPX , Ransomware , Trojan , Mirai , Buschido Mirai antywirusowe\nWin.Trojan.VBGeneric-6735875-0 , Robak:Win32/Mofksys.RND!MTB", "modified": "2024-12-31T01:53:43.222000", "created": "2024-06-09T15:20:43.178000", "tags": [ "expiration", "no expiration", "url http", "url https", "hostname", "domain", "ipv4", "filehashsha256", "fh no", "filehashmd5", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "pl o", "unizeto", "sa ou", "urzd", "certum cn" ], "references": [ "https://viz.greynoise.io/analysis/f3d70a4f-14b1-4d26-8617-98d591", "https://viz.greynoise.io/analysis/a40cf3ce-d048-47c1-94b7-730b71", "https://viz.greynoise.io/analysis/4627bc3a-0238-4f2f-ad5c-c50527" ], "public": 1, "adversary": "TrojanDownloader:Win32/Nemucod", "targeted_countries": [ "Poland", "United States of America", "Germany", "Netherlands" ], "malware_families": [ { "id": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "display_name": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1027.004", "name": "Compile After Delivery", "display_name": "T1027.004 - Compile After Delivery" }, { "id": "T1027.003", "name": "Steganography", "display_name": "T1027.003 - Steganography" }, { "id": "T1027.002", "name": "Software Packing", "display_name": "T1027.002 - Software Packing" }, { "id": "T1027.001", "name": "Binary Padding", "display_name": "T1027.001 - Binary Padding" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1553.006", "name": "Code Signing Policy Modification", "display_name": "T1553.006 - Code Signing Policy Modification" }, { "id": "T1553.004", "name": "Install Root Certificate", "display_name": "T1553.004 - Install Root Certificate" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1055.011", "name": "Extra Window Memory Injection", "display_name": "T1055.011 - Extra Window Memory Injection" }, { "id": "T1055.008", "name": "Ptrace System Calls", "display_name": "T1055.008 - Ptrace System Calls" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036.001", "name": "Invalid Code Signature", "display_name": "T1036.001 - Invalid Code Signature" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3205, "FileHash-SHA1": 2671, "FileHash-SHA256": 11469, "SSLCertFingerprint": 6, "URL": 5435, "domain": 1356, "email": 55, "hostname": 2205, "CVE": 13, "YARA": 4, "CIDR": 1, "IPv4": 25, "FileHash-IMPHASH": 1, "BitcoinAddress": 2, "IPv6": 13 }, "indicator_count": 26461, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66c9103736c51f12e3bcfac8", "name": "VGT INTERNET - pozycjonowanie, serwery, domeny, strony www, poligrafia", "description": "Willi Echo wedi dweud wrthod wybodaeth iawno i'wodraeth o oryginalnej architekturze, a ddydd Sadwrn.", "modified": "2024-12-27T01:07:36.247000", "created": "2024-08-23T22:41:59.321000", "tags": [ "adres url", "profesjonalne", "projektowanie", "tworzenie", "stron", "internetowych", "strony", "internetowe", "pozycjonowanie", "poligrafia", "web design", "hosting", "internet", "cms", "reklama", "vgt internet", "skuteczna", "przegldaj", "skontaktuj", "z nami", "info", "ssl domeny", "copyright", "authority key", "identifier id", "win32", "whasz", "oszczdno", "win32 exe", "magia plik", "pe32 dla", "ms windows", "intel", "oglny plik", "windos", "generic", "typ pliku", "typ jzyk", "ikona rt", "neutralny", "tekst ascii", "wersja rt", "angielski usa", "plik", "file name", "type win32", "exe size", "mb first", "seen", "size", "first seen", "avg win32", "bkav undetected", "malicious", "drweb", "sha1", "sha256", "pehash", "richhash", "meble na wymiar", "meble na zam\u00f3wienie", "szafy", "meble \u0142azienkowe", "meble kuchenne", "meble biurowe", "zabudowy wn\u0119k", "blaty kamienne", "sprawd", "strong", "wirtualne", "kreatywne meble", "produkcja", "kuchnie", "zabudowa", "zwizualizuj", "kliknij", "speedtest", "files proofs", "vin syd", "sgp sbg", "rbx hil", "gra eri", "bom bhs", "ssl certificate", "noclegi szklarska por\u0119ba", "nocleg w szklarskiej por\u0119bie", "szklarska por\u0119ba pensjonat", "szklarska por\u0119ba", "pokoje", "pensjonat", "spa", "wakacje", "relaks", "wypoczynek", "willa echo", "willi echo", "szrenic", "tobie", "pastwu", "znajduje si", "azienka", "wifi", "z naczyniami", "bajeczne", "e1 f7", "c5 e0", "algorithm", "key identifier", "x509v3 subject", "number", "cus olet", "encrypt cnr10", "validity", "subject public", "key info", "key algorithm", "vhash", "ssdeep", "file type", "ini text" ], "references": [ "http://sanselo.pl", "http://www.sanselo.pl", "http://vgt.pl", "http://www.vgt.pl", "http://franas.pl", "http://www.franas.pl", "https://kreatywne-meble.pl", "http://ovh.net/common/font/lato/light/webfont.svg", "https://ws.nperf.com/partner/js?l=05d1f5db-f38f-42ed-924b-87e3b0f2d5b6", "http://willaecho.pl/", "http://www.willaecho.pl/", "http://www.tomasz.franas.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 438, "domain": 128, "hostname": 524, "URL": 943, "IPv4": 23, "FileHash-SHA256": 3021, "FileHash-SHA1": 397, "email": 4, "CVE": 1 }, "indicator_count": 5479, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "478 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d45dab14a189645153e8a6", "name": "Reverse WHOIS results for vgt.pl ( GANG VGT)", "description": "", "modified": "2024-12-17T14:47:57", "created": "2024-09-01T12:27:23.777000", "tags": [ "ipv4 domain", "ipv4 url", "domain", "sha1", "sha256", "pehash", "vhash", "ssdeep" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1286, "FileHash-SHA1": 1286, "FileHash-SHA256": 2722, "URL": 4729, "domain": 1909, "hostname": 2082, "IPv4": 97, "CVE": 4, "YARA": 1 }, "indicator_count": 14116, "is_author": false, "is_subscribing": null, "subscriber_count": 126, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d79804e3a10e4e77e76246", "name": "ADORNO - us\u0142ugi introligatorskie, poligrafia, reklama, piecz\u0105tki, tekstylia, trofea", "description": "The following details of the latest version of Google's Earth app have been published on the site's website, following a request from the company's parent company, the Alphabet, to update the service.", "modified": "2024-12-17T14:47:51.572000", "created": "2024-09-03T23:13:08.830000", "tags": [ "ip address", "us\u0142ugi introligatorskie", "poligrafia", "reklama", "piecz\u0105tki", "tekstylia", "trofea", "krapkowice reklama", "krapkowice poligrafia", "krapkowice", "opole poligrafia", "opole reklama", "opole koszulki", "opolskie", "adorno", "zobacz katalog", "strona gwna", "o nas", "oferta kontakt", "od projektu", "do realizacji", "jestemy", "krapkowic z", "zajmujemy si", "sha1", "sha256", "rok szkolny", "wychowawcy", "klas", "przydzia", "stowka", "kalendarz roku", "podrczniki", "viii", "rada", "rodzicw", "zobacztake", "buforowane", "ogrodnictwo", "baza firm", "edmaedrbfqeaaaa", "qapsakpl", "nccat104", "ncsid4cb600", "nccat108", "ncsid6738e8" ], "references": [ "http://www.adorno.com.pl", "http://adorno.com.pl/", "http://www.adorno.com.pl/", "http://adorno.com.pl", "https://radzsp2.pl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 207, "hostname": 401, "FileHash-MD5": 5, "FileHash-SHA1": 11, "FileHash-SHA256": 179, "URL": 879, "CIDR": 1, "email": 2, "CVE": 2 }, "indicator_count": 1687, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66e4acfa7a85af9572e4a892", "name": "Adobe on", "description": "The following is the full text of the text-messages-journal, which was published by Adobe on 1 January 2016.. and, if you want to know what it is, the following", "modified": "2024-12-17T14:35:40.216000", "created": "2024-09-13T21:22:02.146000", "tags": [ "user", "doscom c", "text c", "bmp c" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 13, "URL": 15, "CVE": 1 }, "indicator_count": 33, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "488 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://go.microsoft.com/fwlink", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://go.microsoft.com/fwlink", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776616823.0272353 }