{ "type": "URL", "indicator": "https://golang.org/wiki/LinuxKernelSignalVectorBug", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://golang.org/wiki/LinuxKernelSignalVectorBug", "type": "url", "type_title": "URL", "validation": [ { "source": "majestic", "message": "Whitelisted domain golang.org", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3675980785, "indicator": "https://golang.org/wiki/LinuxKernelSignalVectorBug", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6952f958f5dee394ed5ee9f1", "name": "Agent-AQB -Secretary of State Colorado", "description": "There are several compromised certificate on Secretary of State Colorado. I focused on one.\nMalicious - Writes to STDOUT", "modified": "2026-01-28T21:05:58.898000", "created": "2025-12-29T21:57:44.075000", "tags": [ "subscribe", "unsubscribe", "s paris", "englewood", "united", "state", "skip", "espaol", "summary", "filing history", "present jul", "a domains", "present jun", "present oct", "present dec", "script urls", "present aug", "moved", "link", "meta", "msie", "chrome", "passive dns", "gmt content", "ipv4", "urls", "files", "title", "ipv4 add", "america flag", "america asn", "related pulses", "united states", "cloudflare a", "div div", "span span", "domain", "cloudflare", "content type", "click", "dynamicloader", "get opera", "host", "tlsv1", "install", "external ip", "lookup", "intel", "ms windows", "ogoogle trust", "write", "malware", "ip address", "search", "present nov", "backdoor", "bq dec", "win32small dec", "next associated", "virtool", "reverse dns", "australia asn", "twitter", "status", "name servers", "expiration date", "hostname add", "unknown soa", "domain add", "form", "entries", "url analysis", "error", "body", "date", "high", "ssh scan", "tcp syn", "resolverror", "show", "outbound", "yara detections", "potential ssh", "contacted", "copy", "icmp traffic", "dns query", "therahand certificat", "sos", "secretary of state", "writes_to_stdout" ], "references": [ "https://www.coloradosos.gov/biz/BusinessEntityDetail.do?quitButtonDestination=BusinessEntityResults&nameTyp=ENT&masterFileId=20221473927&entityId2=20221473927&fileId=20251525819&srchTyp=ENTITY", "ELF:Agent-AQB\\ [Trj] IDS Detections: Potential SSH Scan Potential SSH Scan OUTBOUND", "Yara Detections: is__elf", "Alerts: dead_host known_hosts_conn network_icmp tcp_syn_scan osquery_detection", "Alerts: nolookup_communication writes_to_stdout", "IP\u2019s Contacted 2530 IP\u2019s Contacted 1.0.0.1 1.0.0.10 1.0.0.100 1.0.0.101 1.0.0.102 | Domains Contacted: 9654s.com", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a", "ELF:Agent-AQB\\ [Trj]", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Trojan.Agent-31853", "display_name": "Win.Trojan.Agent-31853", "target": null }, { "id": "Backdoor:Win32/Small.IR", "display_name": "Backdoor:Win32/Small.IR", "target": "/malware/Backdoor:Win32/Small.IR" }, { "id": "Win.Downloader.92-4", "display_name": "Win.Downloader.92-4", "target": null }, { "id": "Win.Trojan.Fugrafa-9733007-0", "display_name": "Win.Trojan.Fugrafa-9733007-0", "target": null }, { "id": "ELF:Agent-AQB\\ [Trj]", "display_name": "ELF:Agent-AQB\\ [Trj]", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1561, "domain": 158, "hostname": 637, "FileHash-MD5": 121, "FileHash-SHA1": 97, "email": 8, "FileHash-SHA256": 561, "SSLCertFingerprint": 1 }, "indicator_count": 3144, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "124 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64577ae0e5b68babb6083162", "name": "v2 - includes strings from otx link referenced - based on lsaw.csstoredump iOS 16.5 beta 4", "description": "", "modified": "2023-05-07T10:18:08.914000", "created": "2023-05-07T10:18:08.914000", "tags": [], "references": [ "http://wrong https://golang.org/wiki/LinuxKernelSignalVectorBug 1.2.3.1 0.0.0.019 1.1.2.1 1.4.12.1 1.2.9.1 1.2.7.1 5.4.52.5 1.4.13.1 1.4.14.2 1.4.1.1 72.5.4.82 1.1.3.1 4.62.5.4 1.4.11.1 1.4.9.1 1.4.10.1 5.4.112.5 258.8.8.8 1.4.3.1 1.4.8.1 1.4.6.1 127.0.0.1 127.0.0.120 1.4.7.1 1.2.2.1 2.5.4.102 1.4.4.1 1.4.14.1 1.1.1.1 1.2.5.1 1.2.1.1 252.5.4.32", "https://otx.alienvault.com/indicator/file/3efcb5e3a506cd073d2df5f6e4b9f89055f527458ff87c65c4e7317f337ed5da" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 314, "hostname": 158, "domain": 104, "FileHash-SHA256": 56, "IPv4": 46 }, "indicator_count": 678, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1122 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.coloradosos.gov/biz/BusinessEntityDetail.do?quitButtonDestination=BusinessEntityResults&nameTyp=ENT&masterFileId=20221473927&entityId2=20221473927&fileId=20251525819&srchTyp=ENTITY", "Yara Detections: is__elf", "Alerts: dead_host known_hosts_conn network_icmp tcp_syn_scan osquery_detection", "IP\u2019s Contacted 2530 IP\u2019s Contacted 1.0.0.1 1.0.0.10 1.0.0.100 1.0.0.101 1.0.0.102 | Domains Contacted: 9654s.com", "Alerts: nolookup_communication writes_to_stdout", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a", "ELF:Agent-AQB\\ [Trj] IDS Detections: Potential SSH Scan Potential SSH Scan OUTBOUND", "https://otx.alienvault.com/indicator/file/3efcb5e3a506cd073d2df5f6e4b9f89055f527458ff87c65c4e7317f337ed5da", "http://wrong https://golang.org/wiki/LinuxKernelSignalVectorBug 1.2.3.1 0.0.0.019 1.1.2.1 1.4.12.1 1.2.9.1 1.2.7.1 5.4.52.5 1.4.13.1 1.4.14.2 1.4.1.1 72.5.4.82 1.1.3.1 4.62.5.4 1.4.11.1 1.4.9.1 1.4.10.1 5.4.112.5 258.8.8.8 1.4.3.1 1.4.8.1 1.4.6.1 127.0.0.1 127.0.0.120 1.4.7.1 1.2.2.1 2.5.4.102 1.4.4.1 1.4.14.1 1.1.1.1 1.2.5.1 1.2.1.1 252.5.4.32", "ELF:Agent-AQB\\ [Trj]" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Elf:agent-aqb\\ [trj]", "Win.downloader.92-4", "Backdoor:win32/small.ir", "Win.trojan.fugrafa-9733007-0", "Win.trojan.agent-31853" ], "industries": [], "unique_indicators": 3966 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/golang.org", "whois": "http://whois.domaintools.com/golang.org", "domain": "golang.org", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6952f958f5dee394ed5ee9f1", "name": "Agent-AQB -Secretary of State Colorado", "description": "There are several compromised certificate on Secretary of State Colorado. I focused on one.\nMalicious - Writes to STDOUT", "modified": "2026-01-28T21:05:58.898000", "created": "2025-12-29T21:57:44.075000", "tags": [ "subscribe", "unsubscribe", "s paris", "englewood", "united", "state", "skip", "espaol", "summary", "filing history", "present jul", "a domains", "present jun", "present oct", "present dec", "script urls", "present aug", "moved", "link", "meta", "msie", "chrome", "passive dns", "gmt content", "ipv4", "urls", "files", "title", "ipv4 add", "america flag", "america asn", "related pulses", "united states", "cloudflare a", "div div", "span span", "domain", "cloudflare", "content type", "click", "dynamicloader", "get opera", "host", "tlsv1", "install", "external ip", "lookup", "intel", "ms windows", "ogoogle trust", "write", "malware", "ip address", "search", "present nov", "backdoor", "bq dec", "win32small dec", "next associated", "virtool", "reverse dns", "australia asn", "twitter", "status", "name servers", "expiration date", "hostname add", "unknown soa", "domain add", "form", "entries", "url analysis", "error", "body", "date", "high", "ssh scan", "tcp syn", "resolverror", "show", "outbound", "yara detections", "potential ssh", "contacted", "copy", "icmp traffic", "dns query", "therahand certificat", "sos", "secretary of state", "writes_to_stdout" ], "references": [ "https://www.coloradosos.gov/biz/BusinessEntityDetail.do?quitButtonDestination=BusinessEntityResults&nameTyp=ENT&masterFileId=20221473927&entityId2=20221473927&fileId=20251525819&srchTyp=ENTITY", "ELF:Agent-AQB\\ [Trj] IDS Detections: Potential SSH Scan Potential SSH Scan OUTBOUND", "Yara Detections: is__elf", "Alerts: dead_host known_hosts_conn network_icmp tcp_syn_scan osquery_detection", "Alerts: nolookup_communication writes_to_stdout", "IP\u2019s Contacted 2530 IP\u2019s Contacted 1.0.0.1 1.0.0.10 1.0.0.100 1.0.0.101 1.0.0.102 | Domains Contacted: 9654s.com", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a", "ELF:Agent-AQB\\ [Trj]", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Trojan.Agent-31853", "display_name": "Win.Trojan.Agent-31853", "target": null }, { "id": "Backdoor:Win32/Small.IR", "display_name": "Backdoor:Win32/Small.IR", "target": "/malware/Backdoor:Win32/Small.IR" }, { "id": "Win.Downloader.92-4", "display_name": "Win.Downloader.92-4", "target": null }, { "id": "Win.Trojan.Fugrafa-9733007-0", "display_name": "Win.Trojan.Fugrafa-9733007-0", "target": null }, { "id": "ELF:Agent-AQB\\ [Trj]", "display_name": "ELF:Agent-AQB\\ [Trj]", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1561, "domain": 158, "hostname": 637, "FileHash-MD5": 121, "FileHash-SHA1": 97, "email": 8, "FileHash-SHA256": 561, "SSLCertFingerprint": 1 }, "indicator_count": 3144, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "124 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64577ae0e5b68babb6083162", "name": "v2 - includes strings from otx link referenced - based on lsaw.csstoredump iOS 16.5 beta 4", "description": "", "modified": "2023-05-07T10:18:08.914000", "created": "2023-05-07T10:18:08.914000", "tags": [], "references": [ "http://wrong https://golang.org/wiki/LinuxKernelSignalVectorBug 1.2.3.1 0.0.0.019 1.1.2.1 1.4.12.1 1.2.9.1 1.2.7.1 5.4.52.5 1.4.13.1 1.4.14.2 1.4.1.1 72.5.4.82 1.1.3.1 4.62.5.4 1.4.11.1 1.4.9.1 1.4.10.1 5.4.112.5 258.8.8.8 1.4.3.1 1.4.8.1 1.4.6.1 127.0.0.1 127.0.0.120 1.4.7.1 1.2.2.1 2.5.4.102 1.4.4.1 1.4.14.1 1.1.1.1 1.2.5.1 1.2.1.1 252.5.4.32", "https://otx.alienvault.com/indicator/file/3efcb5e3a506cd073d2df5f6e4b9f89055f527458ff87c65c4e7317f337ed5da" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 314, "hostname": 158, "domain": 104, "FileHash-SHA256": 56, "IPv4": 46 }, "indicator_count": 678, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1122 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://golang.org/wiki/LinuxKernelSignalVectorBug", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://golang.org/wiki/LinuxKernelSignalVectorBug", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780433025.9595988 }