{ "type": "URL", "indicator": "https://i1.storagedc.info/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://i1.storagedc.info/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4109879116, "indicator": "https://i1.storagedc.info/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69aa003c63c19b7be7671c65", "name": "re post by Q.Vashti cloned", "description": "", "modified": "2026-03-06T05:11:14.366000", "created": "2026-03-05T22:14:20.388000", "tags": [ "filehashmd5", "filehashsha256", "ipv4", "filehashsha1", "domain", "types", "indicators show", "search", "type indicator", "role title", "added active", "scan", "iocs", "learn more", "related pulses", "url https", "url http", "countrycn", "countrycn sep", "indicator role", "title added", "active related", "pulses url", "xtblogblockid1", "pulses", "zdata0", "browserie", "browserver8", "defaultie", "ver1360122", "defaultch", "browserver11", "filesize", "browserid1", "qmark", "methodpost" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "68ffa35cd4eefffa0ffbeae1", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 381, "FileHash-SHA1": 367, "FileHash-SHA256": 767, "domain": 179, "URL": 1615, "hostname": 946, "CVE": 1 }, "indicator_count": 4256, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68ffa35cd4eefffa0ffbeae1", "name": "Liar Liar! If this were your attorney; you\u2019d pay $$$ to get hacked and they\u2019d gain full CnC of your devices and disappear\u2026", "description": "Sample of FAKE attorneys Liar Liar! If this were your attorney; you\u2019d pay $$$ to get hacked, they\u2019d gain full CnC of devices & disappear into the background , stealing from cloud, spying, etc..Mafia & Government ties. https://magento.hirecar.net/\n*Unix.Dropper.Mirai-7338044\n*Virus:Win32/Virut.BO\n*Trojan:Win32/Delf.EM\n*DDoS.XOR\n*Backdoor.Win32.Shiz.ivr, *Backdoor.Win32/Simda.gen!A\n*Alf:HeraklezEval:DoS:Linux/Xorddos!rfn\n*nUFS_html\n*Trojanspy:Win32/Nivdort.CB\n*Win32/Nystprac.A *Ramnit\n*Win32:Sality *Upatre\n*Possible_QuasarRAT_Payload\nxor_0x15_xord_javascript\ninvalid_trailer_structure\n#fp539598-VBS/LoveLetter.BT\n*Trojanspy:Win32/Nivdort.CB\n*Alf:HeraklezEval:DoS:Linux/Xorddos!rfn\n*Trojan:Win64/Gapro\n\u201cMethodology_RareEquities_Tencent_Proxy\u201d\nvad_contains_network_strings\n*Trojan:Win32/Sisproc!gmb\n*TrojanDownloader:Win32/Upatre\n*PWS:MSIL/Grmasi.YA!MTB\n*Trojan:Win32/Danabot.G\n *Virus:Win32/Virut.EPO\n* Ramnit\nConventionEngine_Term_NewFolder", "modified": "2025-11-26T13:01:56.367000", "created": "2025-10-27T16:52:44.619000", "tags": [ "filehashmd5", "filehashsha256", "ipv4", "filehashsha1", "domain", "types", "indicators show", "search", "type indicator", "role title", "added active", "scan", "iocs", "learn more", "related pulses", "url https", "url http", "countrycn", "countrycn sep", "indicator role", "title added", "active related", "pulses url", "xtblogblockid1", "pulses", "zdata0", "browserie", "browserver8", "defaultie", "ver1360122", "defaultch", "browserver11", "filesize", "browserid1", "qmark", "methodpost" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 381, "FileHash-SHA1": 367, "FileHash-SHA256": 767, "domain": 178, "URL": 1615, "hostname": 944 }, "indicator_count": 4252, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "144 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "688d75bdc4bc5ba5cb6df7fb", "name": "2nd X - https://ldl.myqnascloud.com/ - DT_VMP_32", "description": "*Malware: DT_VMP_32 -associated with non specific trojan or ransomware activity, widely-known malware family with (custom) unique names.\n\u2022 pid-bodis-gcontrol151 |\u2022 googledownloads.cn\nServer or central repository used to target Tsara Brashears , \n into a malicious w/botnet world. Parked domains used w/malicious intent though appearing benign or \u2018for sale\u2019. \n\nDetections: \nSuspicious User-Agent - Possible Trojan Downloader (https)\nHTTP Request to a *.tw domain\n#bodis #targeting #parkingcrews #active #content_delivery #malvertizing #content_scraping #malware #attacks #dumping #framing #webcache #colbaltstrike #trojan_downloader #disabler #distributor #music_piracy #domainfraud #ransom", "modified": "2025-09-01T01:01:18.030000", "created": "2025-08-02T02:19:41.646000", "tags": [ "cisco", "umbrella rank", "domain", "general full", "united", "reverse dns", "software", "kb script", "url https", "asn15169", "google", "resource", "hash", "value", "variables", "domainpath name", "name value", "august", "servaas klute", "americachicago", "verified", "ecdsa", "linux x8664", "khtml", "gecko", "aes128gcm", "maxradlinklen50", "encrypt", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "javascript", "spawns", "mitre att", "copy md5", "copy sha1", "copy sha256", "sha1", "sha256", "ascii text", "pattern match", "show technique", "body", "date", "hybrid", "general", "path", "click", "strings", "meta", "present jul", "search", "entries", "ip address", "registrar", "creation date", "record value", "name servers", "servers", "found a", "location united", "asn as15169", "less whois", "mtb apr", "trojan", "trojandropper", "backdoor", "win32qqpass apr", "next associated", "files show", "date hash", "avast avg", "ipv4", "pulse pulses", "passive dns", "urls", "files", "hacktool", "ipv4 add", "virtool", "present aug", "present feb", "present jan", "gmt location", "gmt max", "certificate", "showing", "cowboy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2209, "domain": 801, "URL": 6114, "FileHash-SHA256": 2162, "FileHash-MD5": 184, "FileHash-SHA1": 187, "CIDR": 3, "SSLCertFingerprint": 2, "email": 1, "CVE": 2 }, "indicator_count": 11665, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "230 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "688d5b9a901f21d7148c4f08", "name": "Data Server - |Win.Trojan.Shiz, \u2022PWS:Win32/Simda.D", "description": "- dl.fdlserver.com appears to be or have been used as a software and / or data delivery service. Requires further investigation. It sure is malicious. Found in multiple attacks.\n*Win.Trojan.Shiz-664 , *PWS:Win32/Simda.D\nIDS Detections:\n\u2022 Unsupported/Fake Internet Explorer Version MSIE 2.\n\u2022 Unsupported/Fake Windows NT Version 5.0\nYara Detections: \n\u2022 generic_shellcode_downloader\nAlerts\n\u2022 polymorphic\n\u2022 procmem_yara\n\u2022 static_pe_anomaly\n\u2022 antiav_detectfile\n\u2022 deletes_self\n\u2022 dynamic_function_loading\n\u2022 network_http\n\u2022 packer_unknown_pe_section_name\n\u2022 packer_entropy\n\u2022 injection_rwx\n\u2022 stealth_network\n\u2022 queries_user_name\n\u2022 stealth_timeout\n\u2022 language_check", "modified": "2025-09-01T00:04:55.557000", "created": "2025-08-02T00:28:10.007000", "tags": [ "united", "entries", "passive dns", "virtool", "next associated", "ipv4 add", "pulse pulses", "urls", "files", "hosting", "body", "present jun", "present may", "present oct", "present apr", "present nov", "present jan", "present dec", "present jul", "netherlands", "present aug", "present feb", "creation date", "status", "ip address", "search", "name", "name servers", "expiration date", "date", "dynamicloader", "unknown", "msie", "windows nt", "slcc2", "media center", "show", "write", "copy", "simda", "malware", "push", "extraction", "failed", "data upload", "include", "extraction data", "enter soudae", "lidi ad", "tewdaccarad ad", "ddawce type", "extri", "include review", "extra", "include data", "location united", "medium", "record value", "cowboy", "encrypt", "high" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 402, "FileHash-SHA1": 400, "FileHash-SHA256": 1798, "URL": 7586, "domain": 937, "hostname": 2470, "email": 1, "SSLCertFingerprint": 1, "CVE": 1 }, "indicator_count": 13596, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "230 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 22988 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/storagedc.info", "whois": "http://whois.domaintools.com/storagedc.info", "domain": "storagedc.info", "hostname": "i1.storagedc.info" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69aa003c63c19b7be7671c65", "name": "re post by Q.Vashti cloned", "description": "", "modified": "2026-03-06T05:11:14.366000", "created": "2026-03-05T22:14:20.388000", "tags": [ "filehashmd5", "filehashsha256", "ipv4", "filehashsha1", "domain", "types", "indicators show", "search", "type indicator", "role title", "added active", "scan", "iocs", "learn more", "related pulses", "url https", "url http", "countrycn", "countrycn sep", "indicator role", "title added", "active related", "pulses url", "xtblogblockid1", "pulses", "zdata0", "browserie", "browserver8", "defaultie", "ver1360122", "defaultch", "browserver11", "filesize", "browserid1", "qmark", "methodpost" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "68ffa35cd4eefffa0ffbeae1", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 381, "FileHash-SHA1": 367, "FileHash-SHA256": 767, "domain": 179, "URL": 1615, "hostname": 946, "CVE": 1 }, "indicator_count": 4256, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68ffa35cd4eefffa0ffbeae1", "name": "Liar Liar! If this were your attorney; you\u2019d pay $$$ to get hacked and they\u2019d gain full CnC of your devices and disappear\u2026", "description": "Sample of FAKE attorneys Liar Liar! If this were your attorney; you\u2019d pay $$$ to get hacked, they\u2019d gain full CnC of devices & disappear into the background , stealing from cloud, spying, etc..Mafia & Government ties. https://magento.hirecar.net/\n*Unix.Dropper.Mirai-7338044\n*Virus:Win32/Virut.BO\n*Trojan:Win32/Delf.EM\n*DDoS.XOR\n*Backdoor.Win32.Shiz.ivr, *Backdoor.Win32/Simda.gen!A\n*Alf:HeraklezEval:DoS:Linux/Xorddos!rfn\n*nUFS_html\n*Trojanspy:Win32/Nivdort.CB\n*Win32/Nystprac.A *Ramnit\n*Win32:Sality *Upatre\n*Possible_QuasarRAT_Payload\nxor_0x15_xord_javascript\ninvalid_trailer_structure\n#fp539598-VBS/LoveLetter.BT\n*Trojanspy:Win32/Nivdort.CB\n*Alf:HeraklezEval:DoS:Linux/Xorddos!rfn\n*Trojan:Win64/Gapro\n\u201cMethodology_RareEquities_Tencent_Proxy\u201d\nvad_contains_network_strings\n*Trojan:Win32/Sisproc!gmb\n*TrojanDownloader:Win32/Upatre\n*PWS:MSIL/Grmasi.YA!MTB\n*Trojan:Win32/Danabot.G\n *Virus:Win32/Virut.EPO\n* Ramnit\nConventionEngine_Term_NewFolder", "modified": "2025-11-26T13:01:56.367000", "created": "2025-10-27T16:52:44.619000", "tags": [ "filehashmd5", "filehashsha256", "ipv4", "filehashsha1", "domain", "types", "indicators show", "search", "type indicator", "role title", "added active", "scan", "iocs", "learn more", "related pulses", "url https", "url http", "countrycn", "countrycn sep", "indicator role", "title added", "active related", "pulses url", "xtblogblockid1", "pulses", "zdata0", "browserie", "browserver8", "defaultie", "ver1360122", "defaultch", "browserver11", "filesize", "browserid1", "qmark", "methodpost" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 381, "FileHash-SHA1": 367, "FileHash-SHA256": 767, "domain": 178, "URL": 1615, "hostname": 944 }, "indicator_count": 4252, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "144 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "688d75bdc4bc5ba5cb6df7fb", "name": "2nd X - https://ldl.myqnascloud.com/ - DT_VMP_32", "description": "*Malware: DT_VMP_32 -associated with non specific trojan or ransomware activity, widely-known malware family with (custom) unique names.\n\u2022 pid-bodis-gcontrol151 |\u2022 googledownloads.cn\nServer or central repository used to target Tsara Brashears , \n into a malicious w/botnet world. Parked domains used w/malicious intent though appearing benign or \u2018for sale\u2019. \n\nDetections: \nSuspicious User-Agent - Possible Trojan Downloader (https)\nHTTP Request to a *.tw domain\n#bodis #targeting #parkingcrews #active #content_delivery #malvertizing #content_scraping #malware #attacks #dumping #framing #webcache #colbaltstrike #trojan_downloader #disabler #distributor #music_piracy #domainfraud #ransom", "modified": "2025-09-01T01:01:18.030000", "created": "2025-08-02T02:19:41.646000", "tags": [ "cisco", "umbrella rank", "domain", "general full", "united", "reverse dns", "software", "kb script", "url https", "asn15169", "google", "resource", "hash", "value", "variables", "domainpath name", "name value", "august", "servaas klute", "americachicago", "verified", "ecdsa", "linux x8664", "khtml", "gecko", "aes128gcm", "maxradlinklen50", "encrypt", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "javascript", "spawns", "mitre att", "copy md5", "copy sha1", "copy sha256", "sha1", "sha256", "ascii text", "pattern match", "show technique", "body", "date", "hybrid", "general", "path", "click", "strings", "meta", "present jul", "search", "entries", "ip address", "registrar", "creation date", "record value", "name servers", "servers", "found a", "location united", "asn as15169", "less whois", "mtb apr", "trojan", "trojandropper", "backdoor", "win32qqpass apr", "next associated", "files show", "date hash", "avast avg", "ipv4", "pulse pulses", "passive dns", "urls", "files", "hacktool", "ipv4 add", "virtool", "present aug", "present feb", "present jan", "gmt location", "gmt max", "certificate", "showing", "cowboy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2209, "domain": 801, "URL": 6114, "FileHash-SHA256": 2162, "FileHash-MD5": 184, "FileHash-SHA1": 187, "CIDR": 3, "SSLCertFingerprint": 2, "email": 1, "CVE": 2 }, "indicator_count": 11665, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "230 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "688d5b9a901f21d7148c4f08", "name": "Data Server - |Win.Trojan.Shiz, \u2022PWS:Win32/Simda.D", "description": "- dl.fdlserver.com appears to be or have been used as a software and / or data delivery service. Requires further investigation. It sure is malicious. Found in multiple attacks.\n*Win.Trojan.Shiz-664 , *PWS:Win32/Simda.D\nIDS Detections:\n\u2022 Unsupported/Fake Internet Explorer Version MSIE 2.\n\u2022 Unsupported/Fake Windows NT Version 5.0\nYara Detections: \n\u2022 generic_shellcode_downloader\nAlerts\n\u2022 polymorphic\n\u2022 procmem_yara\n\u2022 static_pe_anomaly\n\u2022 antiav_detectfile\n\u2022 deletes_self\n\u2022 dynamic_function_loading\n\u2022 network_http\n\u2022 packer_unknown_pe_section_name\n\u2022 packer_entropy\n\u2022 injection_rwx\n\u2022 stealth_network\n\u2022 queries_user_name\n\u2022 stealth_timeout\n\u2022 language_check", "modified": "2025-09-01T00:04:55.557000", "created": "2025-08-02T00:28:10.007000", "tags": [ "united", "entries", "passive dns", "virtool", "next associated", "ipv4 add", "pulse pulses", "urls", "files", "hosting", "body", "present jun", "present may", "present oct", "present apr", "present nov", "present jan", "present dec", "present jul", "netherlands", "present aug", "present feb", "creation date", "status", "ip address", "search", "name", "name servers", "expiration date", "date", "dynamicloader", "unknown", "msie", "windows nt", "slcc2", "media center", "show", "write", "copy", "simda", "malware", "push", "extraction", "failed", "data upload", "include", "extraction data", "enter soudae", "lidi ad", "tewdaccarad ad", "ddawce type", "extri", "include review", "extra", "include data", "location united", "medium", "record value", "cowboy", "encrypt", "high" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 402, "FileHash-SHA1": 400, "FileHash-SHA256": 1798, "URL": 7586, "domain": 937, "hostname": 2470, "email": 1, "SSLCertFingerprint": 1, "CVE": 1 }, "indicator_count": 13596, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "230 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://i1.storagedc.info/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://i1.storagedc.info/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776622572.4834545 }