{ "type": "URL", "indicator": "https://idpdecathlon.oxylane.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://idpdecathlon.oxylane.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2855631404, "indicator": "https://idpdecathlon.oxylane.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "6891bf5f58c1ae303f6d313e", "name": "Jeeng | Powerbox | Tracking | Mirai \u2022 Palantir plugin", "description": "#ELF:Mirai-ALC\\ [Trj]\n* [https://d1-myadmin.dpdlocal.co.uk/login]\n\u2022 [cf20ed53-cb6d-4dfd-a4e8-794fbe163efc.pcap]\nAlfper:BrowserModifier:Win32/DeepSync.C\n#prometheus #trojan #malware #elf #mirai dpd #palantir # plugin #tracking #monitoring #call #tracker #spyware #worm #virus #election_ news", "modified": "2025-09-04T08:05:56.240000", "created": "2025-08-05T08:22:55.113000", "tags": [ "url https", "indicator role", "title added", "active related", "pulses url", "entries", "url http", "type indicator", "role title", "added active", "related pulses", "showing", "iocs", "learn more", "filehashsha256", "types", "indicators show", "search", "present jul", "present jun", "present may", "present aug", "present apr", "present mar", "present feb", "united", "unknown aaaa", "all ipv4", "pulse pulses", "passive dns", "urls", "files", "reverse dns", "location united", "america flag", "america asn", "open", "registrar", "limited ta", "com laude", "nomiq", "creation date", "ip address", "date", "domain", "hostname", "files ip", "address", "asn as21342", "scan", "ipv4", "pulses", "servers", "hostname add", "pulse submit", "url analysis", "verdict", "france unknown", "name servers", "present", "whois show", "record value", "domain name", "expiration date", "status", "domain add", "filehashmd5", "idhttp", "tidcustomhttp", "classes", "medium", "crlf line", "show", "registry", "service", "copy", "patch", "write", "next", "markus", "delphi", "win32", "persistence", "execution", "http", "files domain", "files related", "pulses none", "related tags", "none google", "refresh57959", "windows xp", "pack", "shows", "cc08", "f06a6b", "pulses hostname", "germany unknown", "aaaa", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "spawns", "development att", "sha1", "copy md5", "copy sha1", "copy sha256", "sha256", "ascii text", "pattern match", "mitre att", "show technique", "format", "august", "hybrid", "local", "path", "click", "strings", "filehashsha1", "palantir feb", "difference feb" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1096", "name": "NTFS File Attributes", "display_name": "T1096 - NTFS File Attributes" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3809, "hostname": 1197, "domain": 456, "FileHash-MD5": 170, "FileHash-SHA256": 579, "FileHash-SHA1": 161, "CVE": 1, "email": 1, "SSLCertFingerprint": 6 }, "indicator_count": 6380, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "228 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65e1bcdc0a1e68182c252028", "name": "Activity Kotlin Extensions | Cryptor | Zombie Device | Network CnC", "description": "Remotely modified android device. Hidden users with full command and control. Network CnC Enables, microphone, camera, photos, screen recorder, login privileges, blocks and records calls, texts, forces updates, all services modified, Device is a zombie. \nAndroid phone behavior: Linux + Android over Chrome with Safari browser. Operated by a Lenovo K Tablet. Excessive Tracking . Pegasus relationships found. M. Brian Sabey related. Hidden users/user has all privileges of device owner. Threat actor possesses far more knowledge, uses device for malicious purposes, downloads porn in background. USA registrant. US target. DGA domains found. Evades detection.", "modified": "2024-03-31T11:04:36.813000", "created": "2024-03-01T11:32:44.504000", "tags": [ "communicating", "contacted", "android", "execution", "plugx", "threat", "iocs", "analyze", "urls http", "google llc", "server", "registrar abuse", "registrar iana", "us registrant", "date", "passive dns", "all octoseek", "http", "ip address", "related nids", "files location", "nsis", "network icmp", "read c", "entries", "search", "create c", "ddlr ltd", "write c", "sat may", "pe32", "intel", "write", "status", "urls", "creation date", "type", "hostname", "kotlin", "precreate read", "infotip read", "js user", "trojan", "ununtu", "linux", "module load", "t1129", "show", "copy", "win32", "malware", "as15169 google", "united", "unknown", "aaaa", "name servers", "showing", "error", "query", "default", "large dns", "malware dns", "msie", "windows nt", "february", "yara detections", "vbmod", "endpoints all", "pulse pulses", "av detections", "ids detections", "alerts", "analysis date", "file score", "recon_fingerprint", "dead_host", "nolookup_communication", "antidbg_windows", "antivm_generic_bios", "browser_security", "modifies_certificates", "network_cnc_http", "network_http", "allocates_rwx", "antisandbox_sleep", "creates_exe", "exe_appdata", "dropper", "protection_rx", "antivm_network_adapters", "antivm_memory_available", "pe_features", "checks_debugger", "address", "domains ii", "servers", "set cookie", "next", "chrome", "record value", "body", "meta", "taiwan", "as3462", "as17421", "files", "dcbg", "direct search network", "spyware", "brian sabey", "norad tracking", "zombie", "scanning host", "apple", "ios", "lenovo", "cyber crime", "framing", "process32nextw", "regsetvalueexa", "tlsv1", "regopenkeyexw", "regdword", "loader", "suspicious", "persistence" ], "references": [ "xxx.developer.android.com", "Activity Kotlin Extensions (1.1.0) Tracking \u2022 Modification Privileges \u2022 Remote Install \u2022 Enable Camera \u2022 Enable Microphone \u2022 User w/Login Privileges \u2022 Picasa", "Package Manager: Maven Project URL: https://developer.android.com/jetpack/androidx/releases/activity#1.6.0-alpha01", "Win.Malware.Agent-6386296-0 FileHash-MD5: c7f6ed56312c8fbb58ae6ed445c38df4 | Win32:Adware-gen\\ [Adw]", "Win.Malware.Agent-6386296-0 FileHash-MD5: e02dbf5d1576e6c9d7d773a588b9b9ee", "Win.Malware.Agent-6386296-0 FileHash-SHA1: 466bbfcf0444b6406431f672aaa5ecfcca759379", "Win.Malware.Agent-6386296-0 FileHash-SHA1: e2dba94ef052db774478b9f7198c1a2298b334e5", "Win.Malware.Agent-6386296-0 FileHash-SHA256: 0000ada3e6821c011fd53a94e5a5d9a777a02b1c4cd087f1c51de9e0ad9023e3", "Win.Malware.Agent-6386296-0 FileHash-SHA256: fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24 | Win32:Adware-gen\\ [Adw] ,", "https://otx.alienvault.com/indicator/file/73d0f23d79d145dbf612290930ce092a01fe0acf73255628967abff7b5a8c9b5", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/73d0f23d79d145dbf612290930ce092a01fe0acf73255628967abff7b5a8c9b5", "Large DNS Query possible covert channel\t192.168.56.101", "Yara Detections: MS_Visual_Basic_6_0 , vad_contains_network_strings , EXECryptor2223compressedcodewwwstrongbitcom , EXECryptor2223protectedIAT , EXECryptor224StrongbitSoftCompleteDevelopmenth3 , EXECryptor2xxmaxcompressedresources ,", "Yara Detections Nullsoft_NSIS | Yara Detections: EXECryptorV22Xsoftcompletecom", "114-45-52-152.dynamic-ip.hinet.net\u2192.hinet.net | Domain has its own nameserver", "track.adminresourceupdate.com \u2022 postracking100.online", "2.746.1.iphone.com.unicostudio.braintest.adsenseformobileapps.com", "http://ecm.mobileboost.me/wapnt.php?id=368&publisher=headway&trackingId=1812131619a57bf1c1da8138&canal=offportal&source=001640_155:::cf1a3fda0", "http://mobileboost.me/APIS/WAPNT/wapnt.php?pageId=174&sec=334779&carrier=11&publisher=headway&aff_sub=18040118a49dafc70f463df8&source=000325_339", "mobile.detectivesoliver.com \u2022 callback.mobileboost.me", "IDS Detections: Playtech Installer PUP/Adware Playtech Downloader Online Gaming Checkin Suspicious User-Agent containing Loader Observed C: \\\\ filepath observed in HTTP header", "Yara Detections: stack_string , ConventionEngine_Keyword_Install , research_pe_signed_outside_timestamp , xor_0x20_xord_javascript" ], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Agent-6386296-0", "display_name": "Win.Malware.Agent-6386296-0", "target": null }, { "id": "#Lowfi:Trojan:JS/Auto59", "display_name": "#Lowfi:Trojan:JS/Auto59", "target": null }, { "id": "Win32:VBMod\\ [Trj]", "display_name": "Win32:VBMod\\ [Trj]", "target": null }, { "id": "!EXECryptor_2.x.x", "display_name": "!EXECryptor_2.x.x", "target": null }, { "id": "Win32:VBMod\\ [Trj]", "display_name": "Win32:VBMod\\ [Trj]", "target": null }, { "id": "Win.Trojan.5229994-1", "display_name": "Win.Trojan.5229994-1", "target": null }, { "id": "Taiwan", "display_name": "Taiwan", "target": null }, { "id": "Sabey", "display_name": "Sabey", "target": null } ], "attack_ids": [ { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1399", "name": "Modify Trusted Execution Environment", "display_name": "T1399 - Modify Trusted Execution Environment" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1554", "name": "Compromise Client Software Binary", "display_name": "T1554 - Compromise Client Software Binary" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1110.002", "name": "Password Cracking", "display_name": "T1110.002 - Password Cracking" } ], "industries": [ "Civil Society", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 37, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 636, "FileHash-SHA1": 402, "FileHash-SHA256": 1126, "URL": 3482, "domain": 1192, "hostname": 1324, "email": 7, "SSLCertFingerprint": 2 }, "indicator_count": 8171, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "750 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fb1a608aff2be5543a1", "name": "twibble.io", "description": "", "modified": "2023-12-06T14:05:37.418000", "created": "2023-12-06T14:05:37.418000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 208, "hostname": 238, "URL": 747, "domain": 161, "FileHash-MD5": 1, "FileHash-SHA1": 13, "email": 1 }, "indicator_count": 1369, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fa9e514ca975b6db5ca", "name": "NYTIMES.COM", "description": "", "modified": "2023-12-06T14:05:29.348000", "created": "2023-12-06T14:05:29.348000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 936, "hostname": 1927, "URL": 4576, "domain": 989, "email": 2, "FileHash-MD5": 2, "FileHash-SHA1": 4 }, "indicator_count": 8437, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707e5b7df6f60133e8fb50", "name": "Jeeng / Powerbox", "description": "", "modified": "2023-12-06T13:59:55.129000", "created": "2023-12-06T13:59:55.129000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-SHA256": 9072, "domain": 2500, "hostname": 3584, "URL": 13548, "FileHash-MD5": 197, "FileHash-SHA1": 162, "email": 19, "CIDR": 20, "SSLCertFingerprint": 2, "BitcoinAddress": 1 }, "indicator_count": 29108, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "620c3b1f8af7ea0dcf2c1218", "name": "Jeeng / Powerbox", "description": "", "modified": "2022-06-12T22:01:23.105000", "created": "2022-02-15T23:45:35.234000", "tags": [ "Jeeng", "tim pool", "timcast" ], "references": [ "cf20ed53-cb6d-4dfd-a4e8-794fbe163efc.pcap" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scnrscnr", "id": "126475", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_126475/resized/80/avatar_67ca5b7bae.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 9072, "domain": 2500, "URL": 13548, "hostname": 3584, "FileHash-MD5": 197, "FileHash-SHA1": 162, "CVE": 3, "CIDR": 20, "SSLCertFingerprint": 2, "email": 19, "BitcoinAddress": 1 }, "indicator_count": 29108, "is_author": false, "is_subscribing": null, "subscriber_count": 97, "modified_text": "1407 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621e371e2a74a1182e30386b", "name": "NYTIMES.COM", "description": "", "modified": "2022-03-31T00:02:44.795000", "created": "2022-03-01T15:09:18.236000", "tags": [ "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "issuer", "cncomodo rsa", "secure server", "ca cgb", "ca limited", "subject public", "key info", "key algorithm", "x509v3 key", "first", "server", "markmonitor", "date", "registrar abuse", "contact phone", "domain status", "registrar url", "registrar whois", "email", "registry domain", "code", "moves", "microsoft", "qianxin reddrip", "subdomains", "sophos news", "comodo valkyrie", "verdict mobile", "news popularity", "ranks rank", "value ingestion", "umbrella" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Media" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4576, "FileHash-SHA256": 936, "hostname": 1927, "domain": 989, "CVE": 1, "email": 2, "FileHash-MD5": 2, "FileHash-SHA1": 4 }, "indicator_count": 8437, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1481 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621e43be2d2c2f173ed3c770", "name": "twibble.io", "description": "", "modified": "2022-03-31T00:02:44.795000", "created": "2022-03-01T16:03:10.583000", "tags": [ "ssl certificate", "whois", "whois record", "server", "date", "namecheap inc", "namecheap", "code", "domain name", "registrar abuse", "registrar url", "registrar", "full name" ], "references": [ "https://www.virustotal.com/graph/gd4bb3a73b38d480c9b23076ecd95e913af9731430f824384a0336b1c5fdc2adc" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 238, "URL": 747, "domain": 161, "FileHash-SHA256": 208, "FileHash-MD5": 1, "FileHash-SHA1": 13, "email": 1 }, "indicator_count": 1369, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1481 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "track.adminresourceupdate.com \u2022 postracking100.online", "Large DNS Query possible covert channel\t192.168.56.101", "2.746.1.iphone.com.unicostudio.braintest.adsenseformobileapps.com", "IDS Detections: Playtech Installer PUP/Adware Playtech Downloader Online Gaming Checkin Suspicious User-Agent containing Loader Observed C: \\\\ filepath observed in HTTP header", "http://ecm.mobileboost.me/wapnt.php?id=368&publisher=headway&trackingId=1812131619a57bf1c1da8138&canal=offportal&source=001640_155:::cf1a3fda0", "Yara Detections: MS_Visual_Basic_6_0 , vad_contains_network_strings , EXECryptor2223compressedcodewwwstrongbitcom , EXECryptor2223protectedIAT , EXECryptor224StrongbitSoftCompleteDevelopmenth3 , EXECryptor2xxmaxcompressedresources ,", "mobile.detectivesoliver.com \u2022 callback.mobileboost.me", "114-45-52-152.dynamic-ip.hinet.net\u2192.hinet.net | Domain has its own nameserver", "http://mobileboost.me/APIS/WAPNT/wapnt.php?pageId=174&sec=334779&carrier=11&publisher=headway&aff_sub=18040118a49dafc70f463df8&source=000325_339", "Win.Malware.Agent-6386296-0 FileHash-SHA1: 466bbfcf0444b6406431f672aaa5ecfcca759379", "Win.Malware.Agent-6386296-0 FileHash-SHA256: fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24 | Win32:Adware-gen\\ [Adw] ,", "cf20ed53-cb6d-4dfd-a4e8-794fbe163efc.pcap", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/73d0f23d79d145dbf612290930ce092a01fe0acf73255628967abff7b5a8c9b5", "Yara Detections: stack_string , ConventionEngine_Keyword_Install , research_pe_signed_outside_timestamp , xor_0x20_xord_javascript", "Package Manager: Maven Project URL: https://developer.android.com/jetpack/androidx/releases/activity#1.6.0-alpha01", "Win.Malware.Agent-6386296-0 FileHash-MD5: c7f6ed56312c8fbb58ae6ed445c38df4 | Win32:Adware-gen\\ [Adw]", "Activity Kotlin Extensions (1.1.0) Tracking \u2022 Modification Privileges \u2022 Remote Install \u2022 Enable Camera \u2022 Enable Microphone \u2022 User w/Login Privileges \u2022 Picasa", "Win.Malware.Agent-6386296-0 FileHash-MD5: e02dbf5d1576e6c9d7d773a588b9b9ee", "Win.Malware.Agent-6386296-0 FileHash-SHA256: 0000ada3e6821c011fd53a94e5a5d9a777a02b1c4cd087f1c51de9e0ad9023e3", "Yara Detections Nullsoft_NSIS | Yara Detections: EXECryptorV22Xsoftcompletecom", "https://otx.alienvault.com/indicator/file/73d0f23d79d145dbf612290930ce092a01fe0acf73255628967abff7b5a8c9b5", "https://www.virustotal.com/graph/gd4bb3a73b38d480c9b23076ecd95e913af9731430f824384a0336b1c5fdc2adc", "Win.Malware.Agent-6386296-0 FileHash-SHA1: e2dba94ef052db774478b9f7198c1a2298b334e5", "xxx.developer.android.com" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "[Unnamed group]" ], "malware_families": [ "Taiwan", "Win32:vbmod\\ [trj]", "!execryptor_2.x.x", "#lowfi:trojan:js/auto59", "Win.malware.agent-6386296-0", "Win.trojan.5229994-1", "Sabey" ], "industries": [ "Media", "Civil society", "Telecommunications" ], "unique_indicators": 52071 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/oxylane.com", "whois": "http://whois.domaintools.com/oxylane.com", "domain": "oxylane.com", "hostname": "idpdecathlon.oxylane.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "6891bf5f58c1ae303f6d313e", "name": "Jeeng | Powerbox | Tracking | Mirai \u2022 Palantir plugin", "description": "#ELF:Mirai-ALC\\ [Trj]\n* [https://d1-myadmin.dpdlocal.co.uk/login]\n\u2022 [cf20ed53-cb6d-4dfd-a4e8-794fbe163efc.pcap]\nAlfper:BrowserModifier:Win32/DeepSync.C\n#prometheus #trojan #malware #elf #mirai dpd #palantir # plugin #tracking #monitoring #call #tracker #spyware #worm #virus #election_ news", "modified": "2025-09-04T08:05:56.240000", "created": "2025-08-05T08:22:55.113000", "tags": [ "url https", "indicator role", "title added", "active related", "pulses url", "entries", "url http", "type indicator", "role title", "added active", "related pulses", "showing", "iocs", "learn more", "filehashsha256", "types", "indicators show", "search", "present jul", "present jun", "present may", "present aug", "present apr", "present mar", "present feb", "united", "unknown aaaa", "all ipv4", "pulse pulses", "passive dns", "urls", "files", "reverse dns", "location united", "america flag", "america asn", "open", "registrar", "limited ta", "com laude", "nomiq", "creation date", "ip address", "date", "domain", "hostname", "files ip", "address", "asn as21342", "scan", "ipv4", "pulses", "servers", "hostname add", "pulse submit", "url analysis", "verdict", "france unknown", "name servers", "present", "whois show", "record value", "domain name", "expiration date", "status", "domain add", "filehashmd5", "idhttp", "tidcustomhttp", "classes", "medium", "crlf line", "show", "registry", "service", "copy", "patch", "write", "next", "markus", "delphi", "win32", "persistence", "execution", "http", "files domain", "files related", "pulses none", "related tags", "none google", "refresh57959", "windows xp", "pack", "shows", "cc08", "f06a6b", "pulses hostname", "germany unknown", "aaaa", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "spawns", "development att", "sha1", "copy md5", "copy sha1", "copy sha256", "sha256", "ascii text", "pattern match", "mitre att", "show technique", "format", "august", "hybrid", "local", "path", "click", "strings", "filehashsha1", "palantir feb", "difference feb" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1096", "name": "NTFS File Attributes", "display_name": "T1096 - NTFS File Attributes" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3809, "hostname": 1197, "domain": 456, "FileHash-MD5": 170, "FileHash-SHA256": 579, "FileHash-SHA1": 161, "CVE": 1, "email": 1, "SSLCertFingerprint": 6 }, "indicator_count": 6380, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "228 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65e1bcdc0a1e68182c252028", "name": "Activity Kotlin Extensions | Cryptor | Zombie Device | Network CnC", "description": "Remotely modified android device. Hidden users with full command and control. Network CnC Enables, microphone, camera, photos, screen recorder, login privileges, blocks and records calls, texts, forces updates, all services modified, Device is a zombie. \nAndroid phone behavior: Linux + Android over Chrome with Safari browser. Operated by a Lenovo K Tablet. Excessive Tracking . Pegasus relationships found. M. Brian Sabey related. Hidden users/user has all privileges of device owner. Threat actor possesses far more knowledge, uses device for malicious purposes, downloads porn in background. USA registrant. US target. DGA domains found. Evades detection.", "modified": "2024-03-31T11:04:36.813000", "created": "2024-03-01T11:32:44.504000", "tags": [ "communicating", "contacted", "android", "execution", "plugx", "threat", "iocs", "analyze", "urls http", "google llc", "server", "registrar abuse", "registrar iana", "us registrant", "date", "passive dns", "all octoseek", "http", "ip address", "related nids", "files location", "nsis", "network icmp", "read c", "entries", "search", "create c", "ddlr ltd", "write c", "sat may", "pe32", "intel", "write", "status", "urls", "creation date", "type", "hostname", "kotlin", "precreate read", "infotip read", "js user", "trojan", "ununtu", "linux", "module load", "t1129", "show", "copy", "win32", "malware", "as15169 google", "united", "unknown", "aaaa", "name servers", "showing", "error", "query", "default", "large dns", "malware dns", "msie", "windows nt", "february", "yara detections", "vbmod", "endpoints all", "pulse pulses", "av detections", "ids detections", "alerts", "analysis date", "file score", "recon_fingerprint", "dead_host", "nolookup_communication", "antidbg_windows", "antivm_generic_bios", "browser_security", "modifies_certificates", "network_cnc_http", "network_http", "allocates_rwx", "antisandbox_sleep", "creates_exe", "exe_appdata", "dropper", "protection_rx", "antivm_network_adapters", "antivm_memory_available", "pe_features", "checks_debugger", "address", "domains ii", "servers", "set cookie", "next", "chrome", "record value", "body", "meta", "taiwan", "as3462", "as17421", "files", "dcbg", "direct search network", "spyware", "brian sabey", "norad tracking", "zombie", "scanning host", "apple", "ios", "lenovo", "cyber crime", "framing", "process32nextw", "regsetvalueexa", "tlsv1", "regopenkeyexw", "regdword", "loader", "suspicious", "persistence" ], "references": [ "xxx.developer.android.com", "Activity Kotlin Extensions (1.1.0) Tracking \u2022 Modification Privileges \u2022 Remote Install \u2022 Enable Camera \u2022 Enable Microphone \u2022 User w/Login Privileges \u2022 Picasa", "Package Manager: Maven Project URL: https://developer.android.com/jetpack/androidx/releases/activity#1.6.0-alpha01", "Win.Malware.Agent-6386296-0 FileHash-MD5: c7f6ed56312c8fbb58ae6ed445c38df4 | Win32:Adware-gen\\ [Adw]", "Win.Malware.Agent-6386296-0 FileHash-MD5: e02dbf5d1576e6c9d7d773a588b9b9ee", "Win.Malware.Agent-6386296-0 FileHash-SHA1: 466bbfcf0444b6406431f672aaa5ecfcca759379", "Win.Malware.Agent-6386296-0 FileHash-SHA1: e2dba94ef052db774478b9f7198c1a2298b334e5", "Win.Malware.Agent-6386296-0 FileHash-SHA256: 0000ada3e6821c011fd53a94e5a5d9a777a02b1c4cd087f1c51de9e0ad9023e3", "Win.Malware.Agent-6386296-0 FileHash-SHA256: fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24 | Win32:Adware-gen\\ [Adw] ,", "https://otx.alienvault.com/indicator/file/73d0f23d79d145dbf612290930ce092a01fe0acf73255628967abff7b5a8c9b5", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/73d0f23d79d145dbf612290930ce092a01fe0acf73255628967abff7b5a8c9b5", "Large DNS Query possible covert channel\t192.168.56.101", "Yara Detections: MS_Visual_Basic_6_0 , vad_contains_network_strings , EXECryptor2223compressedcodewwwstrongbitcom , EXECryptor2223protectedIAT , EXECryptor224StrongbitSoftCompleteDevelopmenth3 , EXECryptor2xxmaxcompressedresources ,", "Yara Detections Nullsoft_NSIS | Yara Detections: EXECryptorV22Xsoftcompletecom", "114-45-52-152.dynamic-ip.hinet.net\u2192.hinet.net | Domain has its own nameserver", "track.adminresourceupdate.com \u2022 postracking100.online", "2.746.1.iphone.com.unicostudio.braintest.adsenseformobileapps.com", "http://ecm.mobileboost.me/wapnt.php?id=368&publisher=headway&trackingId=1812131619a57bf1c1da8138&canal=offportal&source=001640_155:::cf1a3fda0", "http://mobileboost.me/APIS/WAPNT/wapnt.php?pageId=174&sec=334779&carrier=11&publisher=headway&aff_sub=18040118a49dafc70f463df8&source=000325_339", "mobile.detectivesoliver.com \u2022 callback.mobileboost.me", "IDS Detections: Playtech Installer PUP/Adware Playtech Downloader Online Gaming Checkin Suspicious User-Agent containing Loader Observed C: \\\\ filepath observed in HTTP header", "Yara Detections: stack_string , ConventionEngine_Keyword_Install , research_pe_signed_outside_timestamp , xor_0x20_xord_javascript" ], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Agent-6386296-0", "display_name": "Win.Malware.Agent-6386296-0", "target": null }, { "id": "#Lowfi:Trojan:JS/Auto59", "display_name": "#Lowfi:Trojan:JS/Auto59", "target": null }, { "id": "Win32:VBMod\\ [Trj]", "display_name": "Win32:VBMod\\ [Trj]", "target": null }, { "id": "!EXECryptor_2.x.x", "display_name": "!EXECryptor_2.x.x", "target": null }, { "id": "Win32:VBMod\\ [Trj]", "display_name": "Win32:VBMod\\ [Trj]", "target": null }, { "id": "Win.Trojan.5229994-1", "display_name": "Win.Trojan.5229994-1", "target": null }, { "id": "Taiwan", "display_name": "Taiwan", "target": null }, { "id": "Sabey", "display_name": "Sabey", "target": null } ], "attack_ids": [ { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1399", "name": "Modify Trusted Execution Environment", "display_name": "T1399 - Modify Trusted Execution Environment" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1554", "name": "Compromise Client Software Binary", "display_name": "T1554 - Compromise Client Software Binary" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1110.002", "name": "Password Cracking", "display_name": "T1110.002 - Password Cracking" } ], "industries": [ "Civil Society", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 37, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 636, "FileHash-SHA1": 402, "FileHash-SHA256": 1126, "URL": 3482, "domain": 1192, "hostname": 1324, "email": 7, "SSLCertFingerprint": 2 }, "indicator_count": 8171, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "750 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fb1a608aff2be5543a1", "name": "twibble.io", "description": "", "modified": "2023-12-06T14:05:37.418000", "created": "2023-12-06T14:05:37.418000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 208, "hostname": 238, "URL": 747, "domain": 161, "FileHash-MD5": 1, "FileHash-SHA1": 13, "email": 1 }, "indicator_count": 1369, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fa9e514ca975b6db5ca", "name": "NYTIMES.COM", "description": "", "modified": "2023-12-06T14:05:29.348000", "created": "2023-12-06T14:05:29.348000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 936, "hostname": 1927, "URL": 4576, "domain": 989, "email": 2, "FileHash-MD5": 2, "FileHash-SHA1": 4 }, "indicator_count": 8437, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707e5b7df6f60133e8fb50", "name": "Jeeng / Powerbox", "description": "", "modified": "2023-12-06T13:59:55.129000", "created": "2023-12-06T13:59:55.129000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-SHA256": 9072, "domain": 2500, "hostname": 3584, "URL": 13548, "FileHash-MD5": 197, "FileHash-SHA1": 162, "email": 19, "CIDR": 20, "SSLCertFingerprint": 2, "BitcoinAddress": 1 }, "indicator_count": 29108, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "620c3b1f8af7ea0dcf2c1218", "name": "Jeeng / Powerbox", "description": "", "modified": "2022-06-12T22:01:23.105000", "created": "2022-02-15T23:45:35.234000", "tags": [ "Jeeng", "tim pool", "timcast" ], "references": [ "cf20ed53-cb6d-4dfd-a4e8-794fbe163efc.pcap" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scnrscnr", "id": "126475", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_126475/resized/80/avatar_67ca5b7bae.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 9072, "domain": 2500, "URL": 13548, "hostname": 3584, "FileHash-MD5": 197, "FileHash-SHA1": 162, "CVE": 3, "CIDR": 20, "SSLCertFingerprint": 2, "email": 19, "BitcoinAddress": 1 }, "indicator_count": 29108, "is_author": false, "is_subscribing": null, "subscriber_count": 97, "modified_text": "1407 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621e371e2a74a1182e30386b", "name": "NYTIMES.COM", "description": "", "modified": "2022-03-31T00:02:44.795000", "created": "2022-03-01T15:09:18.236000", "tags": [ "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "issuer", "cncomodo rsa", "secure server", "ca cgb", "ca limited", "subject public", "key info", "key algorithm", "x509v3 key", "first", "server", "markmonitor", "date", "registrar abuse", "contact phone", "domain status", "registrar url", "registrar whois", "email", "registry domain", "code", "moves", "microsoft", "qianxin reddrip", "subdomains", "sophos news", "comodo valkyrie", "verdict mobile", "news popularity", "ranks rank", "value ingestion", "umbrella" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Media" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4576, "FileHash-SHA256": 936, "hostname": 1927, "domain": 989, "CVE": 1, "email": 2, "FileHash-MD5": 2, "FileHash-SHA1": 4 }, "indicator_count": 8437, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1481 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621e43be2d2c2f173ed3c770", "name": "twibble.io", "description": "", "modified": "2022-03-31T00:02:44.795000", "created": "2022-03-01T16:03:10.583000", "tags": [ "ssl certificate", "whois", "whois record", "server", "date", "namecheap inc", "namecheap", "code", "domain name", "registrar abuse", "registrar url", "registrar", "full name" ], "references": [ "https://www.virustotal.com/graph/gd4bb3a73b38d480c9b23076ecd95e913af9731430f824384a0336b1c5fdc2adc" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 238, "URL": 747, "domain": 161, "FileHash-SHA256": 208, "FileHash-MD5": 1, "FileHash-SHA1": 13, "email": 1 }, "indicator_count": 1369, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1481 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://idpdecathlon.oxylane.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://idpdecathlon.oxylane.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776718301.687498 }