{ "type": "URL", "indicator": "https://googlienet.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://googlienet.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3753525216, "indicator": "https://googlienet.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "693b7dc3cf1996347652ef92", "name": "Google Site Redirector - Tesla Hackers", "description": "Silencing. By Tesla hackers. Awful example of how any victim of a crime; can become a target of the government..\nThis is especially true when the actual perpetrators work for the government are government affiliated, very wealthy, a celebrity or someone who is deemed important. In this instance the Quasi government sought to keep target seeking and obtaining life saving medical treatment, financial settlement that she was entitled to from assault, injuries from assault, false imprisonment, punitive damgages, pain and suffering, humiliation, premise liability, permanent (whole body disability @MMI ), many other crimes. The victims suffered from a great sadness and betrayal. \n\nObviously racist Elon Musk and crew have access to all government tools. Musk, All things cyber are at his disposal as \ncontinues to abuse privilege.\n They keep playing a God they don\u2019t believe in. God is the Ultimate Avenger.", "modified": "2026-01-11T00:03:08.581000", "created": "2025-12-12T02:28:19.107000", "tags": [ "compromised_site_redirector_fromcharcode", "site_redirector", "string", "regexp", "error", "number", "sxa0", "amptoken", "optout", "retrieving", "notfound", "write", "form", "flash", "vd", "tesla hackers", "nxdomain", "passive dns", "ip address", "domain", "a nxdomain", "urls", "files", "ip related", "pulses otx", "google", "unknown", "oracle", "dynamicloader", "medium", "high", "windows", "rndhex", "write c", "rndchar", "displayname", "tofsee", "yara rule", "stream", "strings", "push", "lte all", "search otx", "ource url", "or text", "paste", "data upload", "extraction", "elon musk", "indicator role", "active related", "ipv4", "exploitsource", "url https", "url http", "desktopinternet", "title added", "pulses ipv4", "less see", "ids detections", "vuze bt", "udp connection", "contacted", "filehash", "av detections", "yara detections", "alerts", "0x8aa42", "0xe3107", "upnp", "http request", "bittorrent", "file", "module load", "t1129", "post http", "install", "execution", "malware", "hostile", "crawl", "windows nt", "wow64", "get zona", "get httpget", "hash", "entries", "read c", "suspicious", "next", "united" ], "references": [ "Tesla Hackers | https://www.teslarati.com/spacex", "Yara Detections :compromised_site_redirector_fromcharcode Alerts network_icmp js_eval recon_fingerprint", "142.250.74.142.250.74.138 _exploit_source | 142.250.74.138 _exploit_source | 142.250.74.142_exploit_source", "IDS Detections Win32/ZonaInstaller Install Beacon", "https://www.google \u2022 https://ampcid.google.com/v1/publisher \u2022\u2019https://ampcid.google.com/v1/publisher:getClientId\\", "https://tagassistant.google.com/ \u2022 https://www.google-analytics.com/debug/bootstrap?id=", "https://www.google-analytics.com/debug/bootstrap?id=\\", "https://stats.g.doubleclick.net/j/collect\\ \u2022 https://tagassistant.google.com/ \u2022 https://www.google.com/ads/ga", "https://www.google-analytics.com/gtm/js?id=\\ \u2022 https://www.googletagmanager.com/gtag/js?id= \u2022", "https://www.googletagmanager.com/gtag/js?id=\\ \u2022 https://www.google-analytics.com/gtm/js?id=", "This is why our team tells a back story. It can and does happen to anyone.", "We apologize for so may typos and errors. We strive to do better at that." ], "public": 1, "adversary": "Tesla Hackers", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "Backdoor:Win32/Tofsee.T", "display_name": "Backdoor:Win32/Tofsee.T", "target": "/malware/Backdoor:Win32/Tofsee.T" }, { "id": "Win.Trojan.12382640-1", "display_name": "Win.Trojan.12382640-1", "target": null } ], "attack_ids": [ { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1023", "name": "Shortcut Modification", "display_name": "T1023 - Shortcut Modification" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 65, "FileHash-SHA1": 34, "FileHash-SHA256": 2032, "URL": 4921, "domain": 567, "hostname": 1586, "SSLCertFingerprint": 4 }, "indicator_count": 9209, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "99 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "693adba47b2cce69440c726a", "name": "TESLA HACKERS | Login Google", "description": "Attackers target victims Google account, Google browser, Google homepage.\n\nTesla Hackers in the job. Tesla hackers are very young , angry, kids who chased target around mercilessly in their vehicles, photographed target, drive threateningly. Nothing sophisticated about the stalker crewl. This is intentional. Finding troubled individuals who are desperate for power is pretty easy. \n\nThe hit men range from gang members, white , black , Hispanic to the highly educated, Hit man who attempted to take target out was a spoiled, angry , aggressive, sneering POC. He walked in Denver. The next morning , the area target was driven if roadway was closed off and filled with a rather large road crew, work continues to work on this area. (Charlie Kirk like). Alleged traffic officer claims cameras pointed in different directions that night. He was identified as a computer science major by a PI. This feels so dangerous.", "modified": "2026-01-10T13:01:53.320000", "created": "2025-12-11T14:56:36.874000", "tags": [ "tlsv1", "united", "oamazon", "cnamazon rsa", "jfif", "ogoogle trust", "cngts ca", "exif standard", "tiff image", "xresolution74", "execution", "dock", "write", "persistence", "malware", "encrypt", "ca https", "no expiration", "iocs", "url https", "enter source", "url or", "text drag", "drop or", "browse to", "select file", "ipv4", "url http", "type indicator", "sec ch", "ch ua", "unknown", "ua full", "ua platform", "as44273 host", "ua bitness", "msie", "chrome", "backdoor", "trojandropper", "passive dns", "forbidden", "body", "twitter", "trojan", "cookie", "title", "windows nt", "wow64", "slcc2", "media center", "read c", "port", "destination", "local", "moved", "integration all", "urls", "files", "reverse dns", "location united", "america flag", "name servers", "hostname", "unique", "expires wed", "gmt date", "server", "date wed", "connection", "use linux", "cybersecurity", "http", "ip address", "files location", "flag united", "win32", "urls show", "date checked", "url hostname", "server response", "virtool", "date hash", "avast avg", "heur", "lowfi", "k sep", "contacted", "related tags", "none file", "type", "present dec", "present nov", "mtb mar", "aaaa", "hacktool", "indicator role", "domain", "url add", "as20940", "as16625 akamai", "present mar", "present may", "as54113", "present apr", "ipv4 add", "url analysis", "servers", "emails", "hostname add", "present aug", "present sep", "present oct", "status", "present jul", "data upload", "extraction", "as208722 yandex", "russia unknown", "a domains", "expirestue", "path", "certificate", "medium", "alerts show", "ck technique", "technique id", "installs", "pe32", "intel", "ms windows", "high", "icmp traffic", "dns query", "packing t1045", "t1045", "screenshots", "file type", "date february", "pm size", "imphash pehash", "guard", "syst", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "initial access", "spawns", "t1590 gather", "flag", "united kingdom", "command decode", "belgium belgium", "federation", "france france", "ireland ireland", "canada canada", "suricata ipv4", "click", "tesla hackers", "elon musk", "show", "richhash", "external", "virustotal api", "comments", "vendor finding", "notes clamav", "ms defender", "files matching", "copy", "found", "ssl certificate", "windir", "openurl c", "prefetch2", "analysis", "tor analysis", "dns requests", "domain address", "yara rule", "reads", "number", "sample analysis", "hide samples", "entries", "samples show", "next yara", "detections name", "devcv5 ujrb", "ujrb", "uja1t", "show technique", "mitre att", "ck matrix", "ascii text", "pattern match", "sha1", "network traffic", "show process", "general" ], "references": [ "https://www.teslarati.com/spacex", "https://omodeling.wpenginepowered.com/wp-content/uploads/2020/07/modelhub-pornhub-sell-nudes-1024x57", "https://cdn.teslarati.com \u2022 https://forums.teslarati.com/", "https://forums.teslarati.com/data/avatars/m/5/5998.jpg?1504431665 \u2022 https://forums.teslarati.com/forums/model-3.4/", "https://forums.teslarati.com/threads/humanlike-ai-robot-sophia-calls-out-elon-musk-during-live-interview.4970/", "https://www.teslarati.com/tesla-model-s-hitch-torklift-ecohitch-3-year-update/", "https://www.teslarati.com/tesla-tsla-monster-investment-rise-alaska-dept-of-revenue/", "https://www.teslarati.com/wp-content/themes/teslarati-mag/map/", "https://www.teslarati.com/tesla-model-3-crash-insight-60mph-collision/", "https://www.teslarati.com/", "https://www.teslarati.com/spacex", "https://www.teslarati.com/tesla-lands-87-million-megapack-belgium/", "https://www.teslarati.com/tesla-giga-shanghai-builds-5-millionth-battery-pack/", "https://www.teslarati.com/TESLA-DEBUTS-GROK-AI-UPDATE-2025-26-WHAT-YOU-NEED-TO-KNOW/", "https://www.teslarati.com/tesla-robotaxi-vs-new-york-taxi-why-the-yellow-cab-a-lot-to-lose/", "pornlynx.com \u2022 https://pornlynx.com \u2022 https://www.pornlynx", "http://www.aiupnow.com/2023/04/pakistani-hackers-use-linux-malware.html\\", "http://pickyhot.disqus.com/ \u2022 https://www.teslarati.com/tesla-hackers \u2022 https://pickyhot.disqus.com/tsara-brashears", "http://dev.browserweb.yandex.kg/ \u2022 https://api.messenger.yandex.az/ \u2022 https://yandex.uz/maps/-/CLWNeAKm", "HTML contains suspicious external redirect patterns details Suspicious redirect patterns detected: Redirect Types: Delayed Redirect Redirects to: /doodles/ Suspicious", "Redirect (Delayed Redirect): setTimeout(function(){location.href= source Binary File relevance 10/10 ATT&CK ID T1189", "External resources linked to high-risk commonly abused domains detected: mc.yandex.ru | script | src snd.click | src |", "Source : Binary File ATT&CK ID T1566.002", "Domain match: \"media-mbst-pub-ue1.s3.amazonaws.com\" possible high risk indicator. Commonly abused for malicious purposes. .", "Domain: \"snd.click\" possible high risk indicator. Domain uses TLD that is commonly abused for malicious purposes", "Detected Non-Google domain serving Google homepage details", "Detected Google homepage HTML served from suspicious domain Matched required Google homepage markers", "Source: Binary File relevance 10/10 ATT&CK ID T1204.001 | Target contacted CBI re: Suspicious looking Google Homepage.", "CBI (Colorado) - target believes she was redirected to malicious actors. Staffers not found in directory.", "Female states title as \u2018intern\u2019 dropped false information at front desk of CBI. Claims target ID theft victim. True", "Alleged CBI staffer refuses to provide evidence of identity theft resolution. Target unaware of. what\u2019s true", "CBI - asked target to enter Gmail in a resource. Targets Gmail account disappeared" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Japan" ], "malware_families": [ { "id": "Worm:Win32/Mofksys.RND!MTB", "display_name": "Worm:Win32/Mofksys.RND!MTB", "target": "/malware/Worm:Win32/Mofksys.RND!MTB" }, { "id": "Ms Defender\tTrojan:Win32/Qbot.KVD!MTB", "display_name": "Ms Defender\tTrojan:Win32/Qbot.KVD!MTB", "target": "/malware/Ms Defender\tTrojan:Win32/Qbot.KVD!MTB" }, { "id": "Trojan:Win32/Zombie.A", "display_name": "Trojan:Win32/Zombie.A", "target": "/malware/Trojan:Win32/Zombie.A" }, { "id": "Win.Malware.Jaik-9940406-0", "display_name": "Win.Malware.Jaik-9940406-0", "target": null }, { "id": "ALF:JASYP:Trojan:Win32/Genmaldown!atmn", "display_name": "ALF:JASYP:Trojan:Win32/Genmaldown!atmn", "target": null }, { "id": "Win.Malware.Snojan-6775202-0", "display_name": "Win.Malware.Snojan-6775202-0", "target": null } ], "attack_ids": [ { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1207", "name": "Rogue Domain Controller", "display_name": "T1207 - Rogue Domain Controller" }, { "id": "T1136.002", "name": "Domain Account", "display_name": "T1136.002 - Domain Account" }, { "id": "T1003.005", "name": "Cached Domain Credentials", "display_name": "T1003.005 - Cached Domain Credentials" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1568.002", "name": "Domain Generation Algorithms", "display_name": "T1568.002 - Domain Generation Algorithms" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5894, "FileHash-MD5": 458, "FileHash-SHA1": 305, "FileHash-SHA256": 2481, "SSLCertFingerprint": 26, "hostname": 2406, "domain": 966, "email": 16, "CVE": 1 }, "indicator_count": 12553, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "99 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68923ea4efbf58b7ba48acec", "name": "Hosted App", "description": "", "modified": "2025-09-04T16:03:17.037000", "created": "2025-08-05T17:25:56.454000", "tags": [ "issuer wr3", "log id", "gmtn", "abn timestamp", "ad180b80", "full name", "extensionsstr", "web server", "ca issuers", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "spawns", "mitre att", "sha1", "copy md5", "copy sha1", "copy sha256", "sha256", "ascii text", "pattern match", "show technique", "date", "format", "august", "hybrid", "local", "path", "click", "strings", "flag", "usa windows", "hwp support", "march", "december", "united", "markmonitor", "overview dns", "requests domain", "country", "contacted hosts", "ip address", "process details", "t1179 hooking", "access windows", "installs", "control att", "found", "development att", "name server", "show process", "programfiles", "command decode", "suricata ipv4", "ck matrix", "comspec", "model", "general", "dynamicloader", "unknown", "as16509", "whitelisted", "medium", "write c", "as15169", "search", "high", "write", "android", "malware", "copy", "next", "formbook cnc", "checkin", "entries", "passive dns", "next associated", "site", "neue", "ipv4", "pulse pulses", "exploit", "trojan", "virtool", "body", "refer", "present dec", "epub", "present jan", "present nov", "present oct", "showing", "urls show", "win32", "win64", "date checked", "url hostname", "server response", "google safe", "prefetch8", "localappdata", "prefetch1" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3409, "hostname": 4127, "URL": 8408, "SSLCertFingerprint": 9, "FileHash-SHA256": 1175, "FileHash-MD5": 144, "FileHash-SHA1": 134, "CVE": 2 }, "indicator_count": 17408, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://forums.teslarati.com/data/avatars/m/5/5998.jpg?1504431665 \u2022 https://forums.teslarati.com/forums/model-3.4/", "pornlynx.com \u2022 https://pornlynx.com \u2022 https://www.pornlynx", "https://www.google-analytics.com/debug/bootstrap?id=\\", "External resources linked to high-risk commonly abused domains detected: mc.yandex.ru | script | src snd.click | src |", "http://dev.browserweb.yandex.kg/ \u2022 https://api.messenger.yandex.az/ \u2022 https://yandex.uz/maps/-/CLWNeAKm", "Detected Google homepage HTML served from suspicious domain Matched required Google homepage markers", "https://www.teslarati.com/tesla-model-s-hitch-torklift-ecohitch-3-year-update/", "HTML contains suspicious external redirect patterns details Suspicious redirect patterns detected: Redirect Types: Delayed Redirect Redirects to: /doodles/ Suspicious", "http://pickyhot.disqus.com/ \u2022 https://www.teslarati.com/tesla-hackers \u2022 https://pickyhot.disqus.com/tsara-brashears", "Female states title as \u2018intern\u2019 dropped false information at front desk of CBI. Claims target ID theft victim. True", "Tesla Hackers | https://www.teslarati.com/spacex", "Yara Detections :compromised_site_redirector_fromcharcode Alerts network_icmp js_eval recon_fingerprint", "https://omodeling.wpenginepowered.com/wp-content/uploads/2020/07/modelhub-pornhub-sell-nudes-1024x57", "https://www.teslarati.com/tesla-tsla-monster-investment-rise-alaska-dept-of-revenue/", "https://www.teslarati.com/TESLA-DEBUTS-GROK-AI-UPDATE-2025-26-WHAT-YOU-NEED-TO-KNOW/", "https://www.google-analytics.com/gtm/js?id=\\ \u2022 https://www.googletagmanager.com/gtag/js?id= \u2022", "https://www.googletagmanager.com/gtag/js?id=\\ \u2022 https://www.google-analytics.com/gtm/js?id=", "CBI (Colorado) - target believes she was redirected to malicious actors. Staffers not found in directory.", "http://www.aiupnow.com/2023/04/pakistani-hackers-use-linux-malware.html\\", "CBI - asked target to enter Gmail in a resource. Targets Gmail account disappeared", "https://forums.teslarati.com/threads/humanlike-ai-robot-sophia-calls-out-elon-musk-during-live-interview.4970/", "Domain match: \"media-mbst-pub-ue1.s3.amazonaws.com\" possible high risk indicator. Commonly abused for malicious purposes. .", "https://www.teslarati.com/spacex", "Alleged CBI staffer refuses to provide evidence of identity theft resolution. Target unaware of. what\u2019s true", "We apologize for so may typos and errors. We strive to do better at that.", "https://www.teslarati.com/tesla-lands-87-million-megapack-belgium/", "https://www.teslarati.com/tesla-robotaxi-vs-new-york-taxi-why-the-yellow-cab-a-lot-to-lose/", "Redirect (Delayed Redirect): setTimeout(function(){location.href= source Binary File relevance 10/10 ATT&CK ID T1189", "This is why our team tells a back story. It can and does happen to anyone.", "https://cdn.teslarati.com \u2022 https://forums.teslarati.com/", "https://www.teslarati.com/tesla-giga-shanghai-builds-5-millionth-battery-pack/", "https://stats.g.doubleclick.net/j/collect\\ \u2022 https://tagassistant.google.com/ \u2022 https://www.google.com/ads/ga", "https://www.teslarati.com/tesla-model-3-crash-insight-60mph-collision/", "Source: Binary File relevance 10/10 ATT&CK ID T1204.001 | Target contacted CBI re: Suspicious looking Google Homepage.", "Source : Binary File ATT&CK ID T1566.002", "https://www.google \u2022 https://ampcid.google.com/v1/publisher \u2022\u2019https://ampcid.google.com/v1/publisher:getClientId\\", "https://tagassistant.google.com/ \u2022 https://www.google-analytics.com/debug/bootstrap?id=", "142.250.74.142.250.74.138 _exploit_source | 142.250.74.138 _exploit_source | 142.250.74.142_exploit_source", "https://www.teslarati.com/wp-content/themes/teslarati-mag/map/", "IDS Detections Win32/ZonaInstaller Install Beacon", "https://www.teslarati.com/", "Domain: \"snd.click\" possible high risk indicator. Domain uses TLD that is commonly abused for malicious purposes", "Detected Non-Google domain serving Google homepage details" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "Tesla Hackers" ], "malware_families": [ "Vd", "Win.trojan.12382640-1", "Backdoor:win32/tofsee.t", "Win.malware.snojan-6775202-0", "Alf:jasyp:trojan:win32/genmaldown!atmn", "Win.malware.jaik-9940406-0", "Trojan:win32/zombie.a", "Worm:win32/mofksys.rnd!mtb", "Ms defender\ttrojan:win32/qbot.kvd!mtb" ], "industries": [], "unique_indicators": 37949 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/googlienet.com", "whois": "http://whois.domaintools.com/googlienet.com", "domain": "googlienet.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "693b7dc3cf1996347652ef92", "name": "Google Site Redirector - Tesla Hackers", "description": "Silencing. By Tesla hackers. Awful example of how any victim of a crime; can become a target of the government..\nThis is especially true when the actual perpetrators work for the government are government affiliated, very wealthy, a celebrity or someone who is deemed important. In this instance the Quasi government sought to keep target seeking and obtaining life saving medical treatment, financial settlement that she was entitled to from assault, injuries from assault, false imprisonment, punitive damgages, pain and suffering, humiliation, premise liability, permanent (whole body disability @MMI ), many other crimes. The victims suffered from a great sadness and betrayal. \n\nObviously racist Elon Musk and crew have access to all government tools. Musk, All things cyber are at his disposal as \ncontinues to abuse privilege.\n They keep playing a God they don\u2019t believe in. God is the Ultimate Avenger.", "modified": "2026-01-11T00:03:08.581000", "created": "2025-12-12T02:28:19.107000", "tags": [ "compromised_site_redirector_fromcharcode", "site_redirector", "string", "regexp", "error", "number", "sxa0", "amptoken", "optout", "retrieving", "notfound", "write", "form", "flash", "vd", "tesla hackers", "nxdomain", "passive dns", "ip address", "domain", "a nxdomain", "urls", "files", "ip related", "pulses otx", "google", "unknown", "oracle", "dynamicloader", "medium", "high", "windows", "rndhex", "write c", "rndchar", "displayname", "tofsee", "yara rule", "stream", "strings", "push", "lte all", "search otx", "ource url", "or text", "paste", "data upload", "extraction", "elon musk", "indicator role", "active related", "ipv4", "exploitsource", "url https", "url http", "desktopinternet", "title added", "pulses ipv4", "less see", "ids detections", "vuze bt", "udp connection", "contacted", "filehash", "av detections", "yara detections", "alerts", "0x8aa42", "0xe3107", "upnp", "http request", "bittorrent", "file", "module load", "t1129", "post http", "install", "execution", "malware", "hostile", "crawl", "windows nt", "wow64", "get zona", "get httpget", "hash", "entries", "read c", "suspicious", "next", "united" ], "references": [ "Tesla Hackers | https://www.teslarati.com/spacex", "Yara Detections :compromised_site_redirector_fromcharcode Alerts network_icmp js_eval recon_fingerprint", "142.250.74.142.250.74.138 _exploit_source | 142.250.74.138 _exploit_source | 142.250.74.142_exploit_source", "IDS Detections Win32/ZonaInstaller Install Beacon", "https://www.google \u2022 https://ampcid.google.com/v1/publisher \u2022\u2019https://ampcid.google.com/v1/publisher:getClientId\\", "https://tagassistant.google.com/ \u2022 https://www.google-analytics.com/debug/bootstrap?id=", "https://www.google-analytics.com/debug/bootstrap?id=\\", "https://stats.g.doubleclick.net/j/collect\\ \u2022 https://tagassistant.google.com/ \u2022 https://www.google.com/ads/ga", "https://www.google-analytics.com/gtm/js?id=\\ \u2022 https://www.googletagmanager.com/gtag/js?id= \u2022", "https://www.googletagmanager.com/gtag/js?id=\\ \u2022 https://www.google-analytics.com/gtm/js?id=", "This is why our team tells a back story. It can and does happen to anyone.", "We apologize for so may typos and errors. We strive to do better at that." ], "public": 1, "adversary": "Tesla Hackers", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "Backdoor:Win32/Tofsee.T", "display_name": "Backdoor:Win32/Tofsee.T", "target": "/malware/Backdoor:Win32/Tofsee.T" }, { "id": "Win.Trojan.12382640-1", "display_name": "Win.Trojan.12382640-1", "target": null } ], "attack_ids": [ { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1023", "name": "Shortcut Modification", "display_name": "T1023 - Shortcut Modification" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 65, "FileHash-SHA1": 34, "FileHash-SHA256": 2032, "URL": 4921, "domain": 567, "hostname": 1586, "SSLCertFingerprint": 4 }, "indicator_count": 9209, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "99 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "693adba47b2cce69440c726a", "name": "TESLA HACKERS | Login Google", "description": "Attackers target victims Google account, Google browser, Google homepage.\n\nTesla Hackers in the job. Tesla hackers are very young , angry, kids who chased target around mercilessly in their vehicles, photographed target, drive threateningly. Nothing sophisticated about the stalker crewl. This is intentional. Finding troubled individuals who are desperate for power is pretty easy. \n\nThe hit men range from gang members, white , black , Hispanic to the highly educated, Hit man who attempted to take target out was a spoiled, angry , aggressive, sneering POC. He walked in Denver. The next morning , the area target was driven if roadway was closed off and filled with a rather large road crew, work continues to work on this area. (Charlie Kirk like). Alleged traffic officer claims cameras pointed in different directions that night. He was identified as a computer science major by a PI. This feels so dangerous.", "modified": "2026-01-10T13:01:53.320000", "created": "2025-12-11T14:56:36.874000", "tags": [ "tlsv1", "united", "oamazon", "cnamazon rsa", "jfif", "ogoogle trust", "cngts ca", "exif standard", "tiff image", "xresolution74", "execution", "dock", "write", "persistence", "malware", "encrypt", "ca https", "no expiration", "iocs", "url https", "enter source", "url or", "text drag", "drop or", "browse to", "select file", "ipv4", "url http", "type indicator", "sec ch", "ch ua", "unknown", "ua full", "ua platform", "as44273 host", "ua bitness", "msie", "chrome", "backdoor", "trojandropper", "passive dns", "forbidden", "body", "twitter", "trojan", "cookie", "title", "windows nt", "wow64", "slcc2", "media center", "read c", "port", "destination", "local", "moved", "integration all", "urls", "files", "reverse dns", "location united", "america flag", "name servers", "hostname", "unique", "expires wed", "gmt date", "server", "date wed", "connection", "use linux", "cybersecurity", "http", "ip address", "files location", "flag united", "win32", "urls show", "date checked", "url hostname", "server response", "virtool", "date hash", "avast avg", "heur", "lowfi", "k sep", "contacted", "related tags", "none file", "type", "present dec", "present nov", "mtb mar", "aaaa", "hacktool", "indicator role", "domain", "url add", "as20940", "as16625 akamai", "present mar", "present may", "as54113", "present apr", "ipv4 add", "url analysis", "servers", "emails", "hostname add", "present aug", "present sep", "present oct", "status", "present jul", "data upload", "extraction", "as208722 yandex", "russia unknown", "a domains", "expirestue", "path", "certificate", "medium", "alerts show", "ck technique", "technique id", "installs", "pe32", "intel", "ms windows", "high", "icmp traffic", "dns query", "packing t1045", "t1045", "screenshots", "file type", "date february", "pm size", "imphash pehash", "guard", "syst", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "initial access", "spawns", "t1590 gather", "flag", "united kingdom", "command decode", "belgium belgium", "federation", "france france", "ireland ireland", "canada canada", "suricata ipv4", "click", "tesla hackers", "elon musk", "show", "richhash", "external", "virustotal api", "comments", "vendor finding", "notes clamav", "ms defender", "files matching", "copy", "found", "ssl certificate", "windir", "openurl c", "prefetch2", "analysis", "tor analysis", "dns requests", "domain address", "yara rule", "reads", "number", "sample analysis", "hide samples", "entries", "samples show", "next yara", "detections name", "devcv5 ujrb", "ujrb", "uja1t", "show technique", "mitre att", "ck matrix", "ascii text", "pattern match", "sha1", "network traffic", "show process", "general" ], "references": [ "https://www.teslarati.com/spacex", "https://omodeling.wpenginepowered.com/wp-content/uploads/2020/07/modelhub-pornhub-sell-nudes-1024x57", "https://cdn.teslarati.com \u2022 https://forums.teslarati.com/", "https://forums.teslarati.com/data/avatars/m/5/5998.jpg?1504431665 \u2022 https://forums.teslarati.com/forums/model-3.4/", "https://forums.teslarati.com/threads/humanlike-ai-robot-sophia-calls-out-elon-musk-during-live-interview.4970/", "https://www.teslarati.com/tesla-model-s-hitch-torklift-ecohitch-3-year-update/", "https://www.teslarati.com/tesla-tsla-monster-investment-rise-alaska-dept-of-revenue/", "https://www.teslarati.com/wp-content/themes/teslarati-mag/map/", "https://www.teslarati.com/tesla-model-3-crash-insight-60mph-collision/", "https://www.teslarati.com/", "https://www.teslarati.com/spacex", "https://www.teslarati.com/tesla-lands-87-million-megapack-belgium/", "https://www.teslarati.com/tesla-giga-shanghai-builds-5-millionth-battery-pack/", "https://www.teslarati.com/TESLA-DEBUTS-GROK-AI-UPDATE-2025-26-WHAT-YOU-NEED-TO-KNOW/", "https://www.teslarati.com/tesla-robotaxi-vs-new-york-taxi-why-the-yellow-cab-a-lot-to-lose/", "pornlynx.com \u2022 https://pornlynx.com \u2022 https://www.pornlynx", "http://www.aiupnow.com/2023/04/pakistani-hackers-use-linux-malware.html\\", "http://pickyhot.disqus.com/ \u2022 https://www.teslarati.com/tesla-hackers \u2022 https://pickyhot.disqus.com/tsara-brashears", "http://dev.browserweb.yandex.kg/ \u2022 https://api.messenger.yandex.az/ \u2022 https://yandex.uz/maps/-/CLWNeAKm", "HTML contains suspicious external redirect patterns details Suspicious redirect patterns detected: Redirect Types: Delayed Redirect Redirects to: /doodles/ Suspicious", "Redirect (Delayed Redirect): setTimeout(function(){location.href= source Binary File relevance 10/10 ATT&CK ID T1189", "External resources linked to high-risk commonly abused domains detected: mc.yandex.ru | script | src snd.click | src |", "Source : Binary File ATT&CK ID T1566.002", "Domain match: \"media-mbst-pub-ue1.s3.amazonaws.com\" possible high risk indicator. Commonly abused for malicious purposes. .", "Domain: \"snd.click\" possible high risk indicator. Domain uses TLD that is commonly abused for malicious purposes", "Detected Non-Google domain serving Google homepage details", "Detected Google homepage HTML served from suspicious domain Matched required Google homepage markers", "Source: Binary File relevance 10/10 ATT&CK ID T1204.001 | Target contacted CBI re: Suspicious looking Google Homepage.", "CBI (Colorado) - target believes she was redirected to malicious actors. Staffers not found in directory.", "Female states title as \u2018intern\u2019 dropped false information at front desk of CBI. Claims target ID theft victim. True", "Alleged CBI staffer refuses to provide evidence of identity theft resolution. Target unaware of. what\u2019s true", "CBI - asked target to enter Gmail in a resource. Targets Gmail account disappeared" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Japan" ], "malware_families": [ { "id": "Worm:Win32/Mofksys.RND!MTB", "display_name": "Worm:Win32/Mofksys.RND!MTB", "target": "/malware/Worm:Win32/Mofksys.RND!MTB" }, { "id": "Ms Defender\tTrojan:Win32/Qbot.KVD!MTB", "display_name": "Ms Defender\tTrojan:Win32/Qbot.KVD!MTB", "target": "/malware/Ms Defender\tTrojan:Win32/Qbot.KVD!MTB" }, { "id": "Trojan:Win32/Zombie.A", "display_name": "Trojan:Win32/Zombie.A", "target": "/malware/Trojan:Win32/Zombie.A" }, { "id": "Win.Malware.Jaik-9940406-0", "display_name": "Win.Malware.Jaik-9940406-0", "target": null }, { "id": "ALF:JASYP:Trojan:Win32/Genmaldown!atmn", "display_name": "ALF:JASYP:Trojan:Win32/Genmaldown!atmn", "target": null }, { "id": "Win.Malware.Snojan-6775202-0", "display_name": "Win.Malware.Snojan-6775202-0", "target": null } ], "attack_ids": [ { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1207", "name": "Rogue Domain Controller", "display_name": "T1207 - Rogue Domain Controller" }, { "id": "T1136.002", "name": "Domain Account", "display_name": "T1136.002 - Domain Account" }, { "id": "T1003.005", "name": "Cached Domain Credentials", "display_name": "T1003.005 - Cached Domain Credentials" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1568.002", "name": "Domain Generation Algorithms", "display_name": "T1568.002 - Domain Generation Algorithms" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5894, "FileHash-MD5": 458, "FileHash-SHA1": 305, "FileHash-SHA256": 2481, "SSLCertFingerprint": 26, "hostname": 2406, "domain": 966, "email": 16, "CVE": 1 }, "indicator_count": 12553, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "99 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68923ea4efbf58b7ba48acec", "name": "Hosted App", "description": "", "modified": "2025-09-04T16:03:17.037000", "created": "2025-08-05T17:25:56.454000", "tags": [ "issuer wr3", "log id", "gmtn", "abn timestamp", "ad180b80", "full name", "extensionsstr", "web server", "ca issuers", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "spawns", "mitre att", "sha1", "copy md5", "copy sha1", "copy sha256", "sha256", "ascii text", "pattern match", "show technique", "date", "format", "august", "hybrid", "local", "path", "click", "strings", "flag", "usa windows", "hwp support", "march", "december", "united", "markmonitor", "overview dns", "requests domain", "country", "contacted hosts", "ip address", "process details", "t1179 hooking", "access windows", "installs", "control att", "found", "development att", "name server", "show process", "programfiles", "command decode", "suricata ipv4", "ck matrix", "comspec", "model", "general", "dynamicloader", "unknown", "as16509", "whitelisted", "medium", "write c", "as15169", "search", "high", "write", "android", "malware", "copy", "next", "formbook cnc", "checkin", "entries", "passive dns", "next associated", "site", "neue", "ipv4", "pulse pulses", "exploit", "trojan", "virtool", "body", "refer", "present dec", "epub", "present jan", "present nov", "present oct", "showing", "urls show", "win32", "win64", "date checked", "url hostname", "server response", "google safe", "prefetch8", "localappdata", "prefetch1" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3409, "hostname": 4127, "URL": 8408, "SSLCertFingerprint": 9, "FileHash-SHA256": 1175, "FileHash-MD5": 144, "FileHash-SHA1": 134, "CVE": 2 }, "indicator_count": 17408, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://googlienet.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://googlienet.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776684945.2397044 }