{ "type": "URL", "indicator": "https://imap.alpenjodel.de", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://imap.alpenjodel.de", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4126285811, "indicator": "https://imap.alpenjodel.de", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6a1fc3671bc3d0f5ce8b06e6", "name": "Grok \u2022 X \u2022 Twitter Vflooder | SystemBC | QNAPCrypt", "description": "I continue to research issues affecting iOS and other smart devices, browsers, search engines and targeted individuals.\nI will limit my comments as further evaluation is required. Twitter appears to be used as a weapon to abuse of several targeted persons and their schools or businesses. Research is required to determine how. Is Twitter / X a weapon or is it abused by threat actors. Ongoing attacks dating back at least 5 years. || \n*DESCRIPTION: Detects systembc RAT REFERENCE: https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior\n\n#malicious #spyware #twitter #x #ai_ agents #seen_before #systembc #vtflooder #qnapcrypt #cve #checkin #scripiting #injection #extraction #gobinary #operation", "modified": "2026-06-03T06:02:15.229000", "created": "2026-06-03T06:02:15.229000", "tags": [ "sysv", "buildid", "united", "windows nt", "msie", "germany as8560", "yara detections", "contacted", "z74457024643q1", "systembc", "trojan", "elf executable", "exec amd6464", "linux", "elf64 operation", "unix", "compiler", "debugging", "go binary", "injection", "header elf64", "v exec", "executable file", "advanced micro", "note", "strtab", "gmbh", "gandi sas", "group india", "private limited", "qnapcrypt", "hacktool", "chrome", "yandex", "stripchat", "amazonaws", "mal_elf_systembc", "apple ios", "ios", "apple", "telhash", "data upload", "cursor", "se data", "extraction", "n https", "data", "failed", "cve cve20246387", "log id", "gmtn", "path", "secure", "self", "samesitenone", "encrypt", "d8n timestamp", "timestamp", "organization", "false", "certificate", "search", "emails", "twitter", "twitter spyware", "twitter vtflooder", "x", "unknown aaaa", "present jun", "ip address", "belize unknown", "unknown ns", "grok x", "cursor agents", "ai", "url url", "url hostnams", "hostn url", "url data", "belize", "a domains", "moved", "alone email", "gmt server", "url analysis", "accept", "namecheap", "namecheap inc", "namesilo", "expim", "url https", "dynamicloader", "host", "ff d5", "yara rule", "ee fc", "generic http", "exe upload", "f0 ff", "eb e1", "write", "vflooder", "malware", "upload inbound", "av detections", "ids detections", "alerts", "analysis date", "checkin generic", "http exe", "upload inbound", "outbound yara", "nrv2x", "upxoepplace", "google", "adversaries", "adversarial attacks", "techniques", "create", "modify system", "process t1064", "t1543 systemd", "technir create", "full reports", "v tcp", "help", "ja3 digests", "hashes o", "et http", "get http", "post http", "dns resolutions", "cams", "adult content", "ff bb", "ff ff", "f7 b9", "c1 e8", "copy", "markus", "august", "title", "gamehack", "alberta.ca", "songculture", "lizardsquad" ], "references": [ "FileHash-SHA256 756f0b598741a6fdff640a158b6b490472e546d411da2850836b9a8ca76afdc1", "TelfHash t135324a7149bc74b5b6a6d910b3a3b4b8a6772d6566f434f51023ad84ffc1e801ce283b", "Names: testpaging \u2022 upof6w.exe \u2022 2026-04-07_259af8b0d0bc540384a06bb730cee9cd_qnapcrypt", "Yara Detections: is__elf IP\u2019s", "IP\u2019s Contacted: 104.17.118.12 57.144.248.1 176.114.120.24 80.12.24.14 95.163.61.73 142.251.98.113", "IP\u2019s Contacted: 212.227.17.162 77.88.44.55 142.93.142.17 104.18.14.206", "Domains Contacted: checkip.amazonaws.com vk.com arena.ai www.yandex.ru stripchat.com", "ELF - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked,", "Go BuildID=qBC61D7N3q3H7j2Pq55o/WsPsx2ArOJ0T24axAUMZ/K6isHEI8QMyAMkIM3HH8/QQevOAoeyrO7eZGdBARa,", "BuildID[sha1]=068f07f6460b85817e4be47c18c10d1a1fbef817, stripped", "motherlesslive.com", "blackbox21.shop", "passwordreset.gscs.ca \u2022 https://passwordreset.gscs.ca/", "alberta.ca impacts an OTX user", "https://stripchat.org/ \u2022 27bsmextreme.tech \u2022 35bsmextreme.tech \u2022 46bsmextreme.tech \u2022", "FileHash-SHA256 9da8632065cc24646086ff5fb769c452f777aa6c2470a02a16d209baabd1e4b5", "storage/analyses/1000549/network 9da8632065cc24646086f f5 fb769c45\"", "? Con*-cted jp-\u0661\u0660\u0661\u0660\u0660\u0660.--- \u0644\u062d\u0645\u0627", "https://arena.ai/apple-touch-icon-dark.png", "https://www.forbes.com/consent/ketch/?toURL=https://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html", "nr-data.net \u2022 push.apple.com", "https://twitter.com/PORNO_SEXYBABES \u2022 twitter.com", "Vtflooder-9783271-0 -> 7476476bdc93726f46f75f5bdd5ce6c619d73f7ee82b7d93ad835c993ff14661", "Win.Malware.Vtflooder-9783271-0 -> Domains Contacted twitter.com www.virustotal.com", "IP\u2019s Contacted 162.159.140.229 34.54.88.138", "IDS Detections: Win32/Vflooder.B Checkin \u2022 Generic HTTP EXE Upload Inbound \u2022 Generic HTTP EXE Upload Outbound", "Yara Detections: SUSP_Imphash_Mar23_2 , UPX , Nrv2x , UPX_OEP_place , , UPXv20MarkusLaszloReiser", "Yara Detections: UPX20030XMarkusOberhumerLaszloMolnarJohnReiser", "Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser", "Alerts: procmem_yara suricata_alert dynamic_function_loading network_cnc_https_generic reads_self", "Alerts: network_cnc_http network_http packer_unknown_pe_section_name injection_rwx dead_connect exec_crash", "Sigma: Matches rule Suspicious Outbound SMTP Connections by frack113", "Suspicious DNS Query for IP Lookup Service APls by Brandon George (blog post) Thomas Patzke", "Crowdsourced IDS: ET DROP Spamhaus Listed Traffic Inbound group 60", "Matches rule ET INFO External IP Lookup Domain in DNS Lookup (checkip amazonaws .com)", "Matches rule ET INFO External IP Check (checkip.amazonaws.com)", "ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "(Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "Matches rule SURICATA Applayer Detect protocol only one direction virustotal.com", "DESCRIPTION: Detects systembc RAT REFERENCE: https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "https://docs.cursor.com/en/cli/reference/slash-commands", "https://api.cursor.com/v0/agents/", "https://grok.com/imagine/agent/d5e99582-a7e7-4138-b129-780e171ba9ac", "beacons.bcp.gvt.com \u2022 http://vtboss.yolox.net/md5.php \u2022 finanse.mf.gov.pl", "cdn10.mypornvid.fun impacted a targeted individual", "https://click.italiansexclub.fun/click/HpdeyDt6", "https://sexfortokens.com/hotmilfbitch", "Win.Malware.Gamehack-6822792-0 IDS Detections Riskware/Cheathappens Checkin (songculture attack)" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Trojan.Systembc/yxgdgz", "display_name": "Trojan.Systembc/yxgdgz", "target": null }, { "id": "CVE-2023-22518", "display_name": "CVE-2023-22518", "target": null }, { "id": "CVE-2024-6387", "display_name": "CVE-2024-6387", "target": null }, { "id": "CVE-2025-20393", "display_name": "CVE-2025-20393", "target": null }, { "id": "Win.Malware.Vtflooder-6722904-1", "display_name": "Win.Malware.Vtflooder-6722904-1", "target": null }, { "id": "Trojan:Win32/Vflooder", "display_name": "Trojan:Win32/Vflooder", "target": "/malware/Trojan:Win32/Vflooder" }, { "id": "QNAPCrypt", "display_name": "QNAPCrypt", "target": null }, { "id": "Win.Malware.Gamehack-6822792-0", "display_name": "Win.Malware.Gamehack-6822792-0", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "TA0028", "name": "Persistence", "display_name": "TA0028 - Persistence" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1543.002", "name": "Systemd Service", "display_name": "T1543.002 - Systemd Service" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1468", "name": "Remotely Track Device Without Authorization", "display_name": "T1468 - Remotely Track Device Without Authorization" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1262, "FileHash-MD5": 164, "FileHash-SHA1": 207, "IPv4": 180, "URL": 1780, "domain": 370, "hostname": 708, "CVE": 3, "email": 4, "SSLCertFingerprint": 4 }, "indicator_count": 4682, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "18 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6967bc8b26b69d4dc2604a13", "name": "Telegram@V2ray_Alpha/ | Mirai | ExhoBot CNC | EtT", "description": "Inbound Outbound connections. Tel et error. Hacking activity affecting various forms of connectivity via telecom. Possibly a controls\n computer vehicle connects to. Related? I was researching increased malicious activity aimed against a target. An associate close to target reported (mid research) Vehicle reported \u2018no longer being able to communicate. Module 5 has an error. Please contact customer service). Targets car was powered oof. No Bluetooth connection. No reports. Audio off. No phone message, connection or dial. This is targets experience not mowing what I was researching.", "modified": "2026-02-13T15:04:30.631000", "created": "2026-01-14T15:55:55.693000", "tags": [ "v2rayalpha", "united", "unknown ns", "unknown aaaa", "domain add", "urls", "files", "domain", "github", "file format", "jkvpn", "jointelegram", "farahvpn vless", "post", "universal", "scribd", "typews", "telegram", "rdap", "handle", "iana registrar", "roles", "dnssec", "aaaa", "ttl value", "rdap database", "links", "backdoor", "antigua", "virgin islands", "status", "org domains", "proxy", "ip address", "barbuda unknown", "passive dns", "ipv4 add", "twitter", "dynamicloader", "port", "delete c", "destination", "high", "windows", "medium", "displayname", "write", "tofsee", "stream", "malware", "push", "next", "url add", "http", "hostname", "files domain", "files related", "related tags", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ck techniques", "evasion att", "sha256", "sha1", "pattern match", "ascii text", "href", "hybrid", "general", "local", "path", "click", "strings", "search", "moved", "record value", "servers", "title", "encrypt", "canada unknown", "gmt content", "reverse dns", "location canada", "canada asn", "accept", "cookie", "dll read", "function read", "wscriptshell", "shortcut", "guard", "error", "present jan", "name servers", "registrar url", "hong kong", "invalid url", "url analysis", "location hong", "kong flag", "msie", "chrome", "type", "media type", "certificate", "hostname add", "present nov", "present sep", "present oct", "expiration date", "present dec", "script urls", "a domains", "present mar", "present feb", "meta", "show", "read c", "entries", "read", "intel", "ms windows", "delete", "please", "artemis", "virustotal", "trojan", "mcafee", "drweb", "vipre", "panda", "write c", "total", "next associated", "thursday", "gmt cache", "ipv4", "form", "date", "mirai", "telnet login", "south korea", "bad login", "as4766 korea", "taiwan as3462", "china as45090", "telnet root", "cve201717215", "execution", "copy", "contacted", "mtb ids", "dns query", "variant cnc", "domain huawei", "remote command", "huawei remote", "echobot", "linux mirai", "monitoring", "cnc" ], "references": [ "https://pamchall.com/Telegram@V2ray_Alpha/", "Domain: t.me \u2022 Email: 1047f946-a6da-45dd-fa53-e00edb48e367@www.speedtest.net", "https://t.me/", "Win32/Tofsee.AX google.com connectivity check", "IDS Detections: Win32/Tofsee.AX google.com connectivity check Observed Telegram Domain (t .me in TLS SNI)", "Yara Detections: Cabinet_Archive , SFX_CAB", "ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile", "Antivirus Detections: ELF:Mirai-AAL\\ [Trj] , Unix.Trojan.Mirai-1 , Backdoor:Linux/Mirai.N!MTB", "IDS Detections: Observed DNS Query to ELF/Various Mirai Variant CnC Domain Huawei Remote Command Execution (CVE-2017-17215)", "Huawei Remote Command Execution - Outbound (CVE-2017-17215)", "Huawei HG532 RCE Vulnerability (CVE-2017-17215)", "DYNAMIC_DNS Query to *.duckdns. Domain", "SUSPICIOUS Path to BusyBox HiSilicon DVR - Default", "Telnet Root Password Inbound TELNET login failed root login Bad Login Less", "Yara Detections Mirai_Botnet_Malware , Mirai_2 , is__elf , Linux_Mirai , ECHOBOT", "dead_host network_icmp tcp_syn_scan nolookup_communication networkdyndns_checkip writes_to_stdout", "IP\u2019s Contacted: 1.0.21.231 1.0.42.181 1.1.116.28 1.10.203.28 1.10.54.62 1.101.0.202", "IP\u2019s Contacted: 1.101.184.254 1.103.104.9 1.103.141.89 1.104.104.227", "Contacted: newmethcnc.duckdns.org", "https://otx.alienvault.com/indicator/file/3215b2d1c44c7114c7f94af1bbcb858707b636baeae2c6752219fdf184c7b00e", "https://eurotarget.com/it/auto/toyota/c-hr/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Backdoor:Win32/Tofsee.T", "display_name": "Backdoor:Win32/Tofsee.T", "target": "/malware/Backdoor:Win32/Tofsee.T" }, { "id": "Win.Malware.Reline-9887776-0", "display_name": "Win.Malware.Reline-9887776-0", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null }, { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Backdoor:Linux/Mirai.N!MTB", "display_name": "Backdoor:Linux/Mirai.N!MTB", "target": "/malware/Backdoor:Linux/Mirai.N!MTB" } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1584.005", "name": "Botnet", "display_name": "T1584.005 - Botnet" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1222.002", "name": "Linux and Mac File and Directory Permissions Modification", "display_name": "T1222.002 - Linux and Mac File and Directory Permissions Modification" }, { "id": "T1399", "name": "Modify Trusted Execution Environment", "display_name": "T1399 - Modify Trusted Execution Environment" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1011.001", "name": "Exfiltration Over Bluetooth", "display_name": "T1011.001 - Exfiltration Over Bluetooth" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" } ], "industries": [ "Telecom" ], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6227, "domain": 1437, "hostname": 2331, "email": 8, "FileHash-SHA256": 3252, "FileHash-MD5": 465, "FileHash-SHA1": 457, "CIDR": 1, "CVE": 3 }, "indicator_count": 14181, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "110 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://t.me/", "IP\u2019s Contacted: 1.0.21.231 1.0.42.181 1.1.116.28 1.10.203.28 1.10.54.62 1.101.0.202", "FileHash-SHA256 756f0b598741a6fdff640a158b6b490472e546d411da2850836b9a8ca76afdc1", "storage/analyses/1000549/network 9da8632065cc24646086f f5 fb769c45\"", "ELF - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked,", "Yara Detections: SUSP_Imphash_Mar23_2 , UPX , Nrv2x , UPX_OEP_place , , UPXv20MarkusLaszloReiser", "DYNAMIC_DNS Query to *.duckdns. Domain", "Names: testpaging \u2022 upof6w.exe \u2022 2026-04-07_259af8b0d0bc540384a06bb730cee9cd_qnapcrypt", "Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser", "https://docs.cursor.com/en/cli/reference/slash-commands", "Sigma: Matches rule Suspicious Outbound SMTP Connections by frack113", "Huawei Remote Command Execution - Outbound (CVE-2017-17215)", "Matches rule ET INFO External IP Lookup Domain in DNS Lookup (checkip amazonaws .com)", "(Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "IP\u2019s Contacted: 104.17.118.12 57.144.248.1 176.114.120.24 80.12.24.14 95.163.61.73 142.251.98.113", "https://api.cursor.com/v0/agents/", "cdn10.mypornvid.fun impacted a targeted individual", "nr-data.net \u2022 push.apple.com", "Yara Detections: is__elf IP\u2019s", "https://otx.alienvault.com/indicator/file/3215b2d1c44c7114c7f94af1bbcb858707b636baeae2c6752219fdf184c7b00e", "https://pamchall.com/Telegram@V2ray_Alpha/", "dead_host network_icmp tcp_syn_scan nolookup_communication networkdyndns_checkip writes_to_stdout", "FileHash-SHA256 9da8632065cc24646086ff5fb769c452f777aa6c2470a02a16d209baabd1e4b5", "TelfHash t135324a7149bc74b5b6a6d910b3a3b4b8a6772d6566f434f51023ad84ffc1e801ce283b", "Alerts: procmem_yara suricata_alert dynamic_function_loading network_cnc_https_generic reads_self", "Win32/Tofsee.AX google.com connectivity check", "IDS Detections: Win32/Tofsee.AX google.com connectivity check Observed Telegram Domain (t .me in TLS SNI)", "IDS Detections: Observed DNS Query to ELF/Various Mirai Variant CnC Domain Huawei Remote Command Execution (CVE-2017-17215)", "Go BuildID=qBC61D7N3q3H7j2Pq55o/WsPsx2ArOJ0T24axAUMZ/K6isHEI8QMyAMkIM3HH8/QQevOAoeyrO7eZGdBARa,", "https://arena.ai/apple-touch-icon-dark.png", "Domains Contacted: checkip.amazonaws.com vk.com arena.ai www.yandex.ru stripchat.com", "https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "Vtflooder-9783271-0 -> 7476476bdc93726f46f75f5bdd5ce6c619d73f7ee82b7d93ad835c993ff14661", "IP\u2019s Contacted 162.159.140.229 34.54.88.138", "https://eurotarget.com/it/auto/toyota/c-hr/", "passwordreset.gscs.ca \u2022 https://passwordreset.gscs.ca/", "https://www.forbes.com/consent/ketch/?toURL=https://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html", "ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "https://grok.com/imagine/agent/d5e99582-a7e7-4138-b129-780e171ba9ac", "Yara Detections Mirai_Botnet_Malware , Mirai_2 , is__elf , Linux_Mirai , ECHOBOT", "IDS Detections: Win32/Vflooder.B Checkin \u2022 Generic HTTP EXE Upload Inbound \u2022 Generic HTTP EXE Upload Outbound", "IP\u2019s Contacted: 212.227.17.162 77.88.44.55 142.93.142.17 104.18.14.206", "Yara Detections: UPX20030XMarkusOberhumerLaszloMolnarJohnReiser", "Matches rule SURICATA Applayer Detect protocol only one direction virustotal.com", "Alerts: network_cnc_http network_http packer_unknown_pe_section_name injection_rwx dead_connect exec_crash", "Win.Malware.Gamehack-6822792-0 IDS Detections Riskware/Cheathappens Checkin (songculture attack)", "https://stripchat.org/ \u2022 27bsmextreme.tech \u2022 35bsmextreme.tech \u2022 46bsmextreme.tech \u2022", "Win.Malware.Vtflooder-9783271-0 -> Domains Contacted twitter.com www.virustotal.com", "Domain: t.me \u2022 Email: 1047f946-a6da-45dd-fa53-e00edb48e367@www.speedtest.net", "https://twitter.com/PORNO_SEXYBABES \u2022 twitter.com", "BuildID[sha1]=068f07f6460b85817e4be47c18c10d1a1fbef817, stripped", "https://click.italiansexclub.fun/click/HpdeyDt6", "Telnet Root Password Inbound TELNET login failed root login Bad Login Less", "Yara Detections: Cabinet_Archive , SFX_CAB", "blackbox21.shop", "SUSPICIOUS Path to BusyBox HiSilicon DVR - Default", "motherlesslive.com", "beacons.bcp.gvt.com \u2022 http://vtboss.yolox.net/md5.php \u2022 finanse.mf.gov.pl", "? Con*-cted jp-\u0661\u0660\u0661\u0660\u0660\u0660.--- \u0644\u062d\u0645\u0627", "alberta.ca impacts an OTX user", "Crowdsourced IDS: ET DROP Spamhaus Listed Traffic Inbound group 60", "ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile", "Huawei HG532 RCE Vulnerability (CVE-2017-17215)", "IP\u2019s Contacted: 1.101.184.254 1.103.104.9 1.103.141.89 1.104.104.227", "Matches rule ET INFO External IP Check (checkip.amazonaws.com)", "Antivirus Detections: ELF:Mirai-AAL\\ [Trj] , Unix.Trojan.Mirai-1 , Backdoor:Linux/Mirai.N!MTB", "Suspicious DNS Query for IP Lookup Service APls by Brandon George (blog post) Thomas Patzke", "DESCRIPTION: Detects systembc RAT REFERENCE: https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "https://sexfortokens.com/hotmilfbitch", "Contacted: newmethcnc.duckdns.org" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Trojan:win32/vflooder", "Cve-2024-6387", "Win.malware.reline-9887776-0", "Trojan.systembc/yxgdgz", "Cve-2023-22518", "Win.malware.vtflooder-6722904-1", "Backdoor:win32/tofsee.t", "Mirai", "Cve-2025-20393", "Backdoor:linux/mirai.n!mtb", "Qnapcrypt", "Win.malware.gamehack-6822792-0", "Mirai (elf)" ], "industries": [ "Telecom" ], "unique_indicators": 19126 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/alpenjodel.de", "whois": "http://whois.domaintools.com/alpenjodel.de", "domain": "alpenjodel.de", "hostname": "imap.alpenjodel.de" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6a1fc3671bc3d0f5ce8b06e6", "name": "Grok \u2022 X \u2022 Twitter Vflooder | SystemBC | QNAPCrypt", "description": "I continue to research issues affecting iOS and other smart devices, browsers, search engines and targeted individuals.\nI will limit my comments as further evaluation is required. Twitter appears to be used as a weapon to abuse of several targeted persons and their schools or businesses. Research is required to determine how. Is Twitter / X a weapon or is it abused by threat actors. Ongoing attacks dating back at least 5 years. || \n*DESCRIPTION: Detects systembc RAT REFERENCE: https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior\n\n#malicious #spyware #twitter #x #ai_ agents #seen_before #systembc #vtflooder #qnapcrypt #cve #checkin #scripiting #injection #extraction #gobinary #operation", "modified": "2026-06-03T06:02:15.229000", "created": "2026-06-03T06:02:15.229000", "tags": [ "sysv", "buildid", "united", "windows nt", "msie", "germany as8560", "yara detections", "contacted", "z74457024643q1", "systembc", "trojan", "elf executable", "exec amd6464", "linux", "elf64 operation", "unix", "compiler", "debugging", "go binary", "injection", "header elf64", "v exec", "executable file", "advanced micro", "note", "strtab", "gmbh", "gandi sas", "group india", "private limited", "qnapcrypt", "hacktool", "chrome", "yandex", "stripchat", "amazonaws", "mal_elf_systembc", "apple ios", "ios", "apple", "telhash", "data upload", "cursor", "se data", "extraction", "n https", "data", "failed", "cve cve20246387", "log id", "gmtn", "path", "secure", "self", "samesitenone", "encrypt", "d8n timestamp", "timestamp", "organization", "false", "certificate", "search", "emails", "twitter", "twitter spyware", "twitter vtflooder", "x", "unknown aaaa", "present jun", "ip address", "belize unknown", "unknown ns", "grok x", "cursor agents", "ai", "url url", "url hostnams", "hostn url", "url data", "belize", "a domains", "moved", "alone email", "gmt server", "url analysis", "accept", "namecheap", "namecheap inc", "namesilo", "expim", "url https", "dynamicloader", "host", "ff d5", "yara rule", "ee fc", "generic http", "exe upload", "f0 ff", "eb e1", "write", "vflooder", "malware", "upload inbound", "av detections", "ids detections", "alerts", "analysis date", "checkin generic", "http exe", "upload inbound", "outbound yara", "nrv2x", "upxoepplace", "google", "adversaries", "adversarial attacks", "techniques", "create", "modify system", "process t1064", "t1543 systemd", "technir create", "full reports", "v tcp", "help", "ja3 digests", "hashes o", "et http", "get http", "post http", "dns resolutions", "cams", "adult content", "ff bb", "ff ff", "f7 b9", "c1 e8", "copy", "markus", "august", "title", "gamehack", "alberta.ca", "songculture", "lizardsquad" ], "references": [ "FileHash-SHA256 756f0b598741a6fdff640a158b6b490472e546d411da2850836b9a8ca76afdc1", "TelfHash t135324a7149bc74b5b6a6d910b3a3b4b8a6772d6566f434f51023ad84ffc1e801ce283b", "Names: testpaging \u2022 upof6w.exe \u2022 2026-04-07_259af8b0d0bc540384a06bb730cee9cd_qnapcrypt", "Yara Detections: is__elf IP\u2019s", "IP\u2019s Contacted: 104.17.118.12 57.144.248.1 176.114.120.24 80.12.24.14 95.163.61.73 142.251.98.113", "IP\u2019s Contacted: 212.227.17.162 77.88.44.55 142.93.142.17 104.18.14.206", "Domains Contacted: checkip.amazonaws.com vk.com arena.ai www.yandex.ru stripchat.com", "ELF - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked,", "Go BuildID=qBC61D7N3q3H7j2Pq55o/WsPsx2ArOJ0T24axAUMZ/K6isHEI8QMyAMkIM3HH8/QQevOAoeyrO7eZGdBARa,", "BuildID[sha1]=068f07f6460b85817e4be47c18c10d1a1fbef817, stripped", "motherlesslive.com", "blackbox21.shop", "passwordreset.gscs.ca \u2022 https://passwordreset.gscs.ca/", "alberta.ca impacts an OTX user", "https://stripchat.org/ \u2022 27bsmextreme.tech \u2022 35bsmextreme.tech \u2022 46bsmextreme.tech \u2022", "FileHash-SHA256 9da8632065cc24646086ff5fb769c452f777aa6c2470a02a16d209baabd1e4b5", "storage/analyses/1000549/network 9da8632065cc24646086f f5 fb769c45\"", "? Con*-cted jp-\u0661\u0660\u0661\u0660\u0660\u0660.--- \u0644\u062d\u0645\u0627", "https://arena.ai/apple-touch-icon-dark.png", "https://www.forbes.com/consent/ketch/?toURL=https://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html", "nr-data.net \u2022 push.apple.com", "https://twitter.com/PORNO_SEXYBABES \u2022 twitter.com", "Vtflooder-9783271-0 -> 7476476bdc93726f46f75f5bdd5ce6c619d73f7ee82b7d93ad835c993ff14661", "Win.Malware.Vtflooder-9783271-0 -> Domains Contacted twitter.com www.virustotal.com", "IP\u2019s Contacted 162.159.140.229 34.54.88.138", "IDS Detections: Win32/Vflooder.B Checkin \u2022 Generic HTTP EXE Upload Inbound \u2022 Generic HTTP EXE Upload Outbound", "Yara Detections: SUSP_Imphash_Mar23_2 , UPX , Nrv2x , UPX_OEP_place , , UPXv20MarkusLaszloReiser", "Yara Detections: UPX20030XMarkusOberhumerLaszloMolnarJohnReiser", "Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser", "Alerts: procmem_yara suricata_alert dynamic_function_loading network_cnc_https_generic reads_self", "Alerts: network_cnc_http network_http packer_unknown_pe_section_name injection_rwx dead_connect exec_crash", "Sigma: Matches rule Suspicious Outbound SMTP Connections by frack113", "Suspicious DNS Query for IP Lookup Service APls by Brandon George (blog post) Thomas Patzke", "Crowdsourced IDS: ET DROP Spamhaus Listed Traffic Inbound group 60", "Matches rule ET INFO External IP Lookup Domain in DNS Lookup (checkip amazonaws .com)", "Matches rule ET INFO External IP Check (checkip.amazonaws.com)", "ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "(Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)", "Matches rule SURICATA Applayer Detect protocol only one direction virustotal.com", "DESCRIPTION: Detects systembc RAT REFERENCE: https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "https://www.linkedin.com/posts/any-run_systembc-rat-explorewithanyrun-activity-7289971333671645184-Sefp/?utm_source=share&utm_medium=member_ios RULE_AUTHOR: X__Junior", "https://docs.cursor.com/en/cli/reference/slash-commands", "https://api.cursor.com/v0/agents/", "https://grok.com/imagine/agent/d5e99582-a7e7-4138-b129-780e171ba9ac", "beacons.bcp.gvt.com \u2022 http://vtboss.yolox.net/md5.php \u2022 finanse.mf.gov.pl", "cdn10.mypornvid.fun impacted a targeted individual", "https://click.italiansexclub.fun/click/HpdeyDt6", "https://sexfortokens.com/hotmilfbitch", "Win.Malware.Gamehack-6822792-0 IDS Detections Riskware/Cheathappens Checkin (songculture attack)" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Trojan.Systembc/yxgdgz", "display_name": "Trojan.Systembc/yxgdgz", "target": null }, { "id": "CVE-2023-22518", "display_name": "CVE-2023-22518", "target": null }, { "id": "CVE-2024-6387", "display_name": "CVE-2024-6387", "target": null }, { "id": "CVE-2025-20393", "display_name": "CVE-2025-20393", "target": null }, { "id": "Win.Malware.Vtflooder-6722904-1", "display_name": "Win.Malware.Vtflooder-6722904-1", "target": null }, { "id": "Trojan:Win32/Vflooder", "display_name": "Trojan:Win32/Vflooder", "target": "/malware/Trojan:Win32/Vflooder" }, { "id": "QNAPCrypt", "display_name": "QNAPCrypt", "target": null }, { "id": "Win.Malware.Gamehack-6822792-0", "display_name": "Win.Malware.Gamehack-6822792-0", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "TA0028", "name": "Persistence", "display_name": "TA0028 - Persistence" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1543.002", "name": "Systemd Service", "display_name": "T1543.002 - Systemd Service" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1468", "name": "Remotely Track Device Without Authorization", "display_name": "T1468 - Remotely Track Device Without Authorization" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1262, "FileHash-MD5": 164, "FileHash-SHA1": 207, "IPv4": 180, "URL": 1780, "domain": 370, "hostname": 708, "CVE": 3, "email": 4, "SSLCertFingerprint": 4 }, "indicator_count": 4682, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "18 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6967bc8b26b69d4dc2604a13", "name": "Telegram@V2ray_Alpha/ | Mirai | ExhoBot CNC | EtT", "description": "Inbound Outbound connections. Tel et error. Hacking activity affecting various forms of connectivity via telecom. Possibly a controls\n computer vehicle connects to. Related? I was researching increased malicious activity aimed against a target. An associate close to target reported (mid research) Vehicle reported \u2018no longer being able to communicate. Module 5 has an error. Please contact customer service). Targets car was powered oof. No Bluetooth connection. No reports. Audio off. No phone message, connection or dial. This is targets experience not mowing what I was researching.", "modified": "2026-02-13T15:04:30.631000", "created": "2026-01-14T15:55:55.693000", "tags": [ "v2rayalpha", "united", "unknown ns", "unknown aaaa", "domain add", "urls", "files", "domain", "github", "file format", "jkvpn", "jointelegram", "farahvpn vless", "post", "universal", "scribd", "typews", "telegram", "rdap", "handle", "iana registrar", "roles", "dnssec", "aaaa", "ttl value", "rdap database", "links", "backdoor", "antigua", "virgin islands", "status", "org domains", "proxy", "ip address", "barbuda unknown", "passive dns", "ipv4 add", "twitter", "dynamicloader", "port", "delete c", "destination", "high", "windows", "medium", "displayname", "write", "tofsee", "stream", "malware", "push", "next", "url add", "http", "hostname", "files domain", "files related", "related tags", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ck techniques", "evasion att", "sha256", "sha1", "pattern match", "ascii text", "href", "hybrid", "general", "local", "path", "click", "strings", "search", "moved", "record value", "servers", "title", "encrypt", "canada unknown", "gmt content", "reverse dns", "location canada", "canada asn", "accept", "cookie", "dll read", "function read", "wscriptshell", "shortcut", "guard", "error", "present jan", "name servers", "registrar url", "hong kong", "invalid url", "url analysis", "location hong", "kong flag", "msie", "chrome", "type", "media type", "certificate", "hostname add", "present nov", "present sep", "present oct", "expiration date", "present dec", "script urls", "a domains", "present mar", "present feb", "meta", "show", "read c", "entries", "read", "intel", "ms windows", "delete", "please", "artemis", "virustotal", "trojan", "mcafee", "drweb", "vipre", "panda", "write c", "total", "next associated", "thursday", "gmt cache", "ipv4", "form", "date", "mirai", "telnet login", "south korea", "bad login", "as4766 korea", "taiwan as3462", "china as45090", "telnet root", "cve201717215", "execution", "copy", "contacted", "mtb ids", "dns query", "variant cnc", "domain huawei", "remote command", "huawei remote", "echobot", "linux mirai", "monitoring", "cnc" ], "references": [ "https://pamchall.com/Telegram@V2ray_Alpha/", "Domain: t.me \u2022 Email: 1047f946-a6da-45dd-fa53-e00edb48e367@www.speedtest.net", "https://t.me/", "Win32/Tofsee.AX google.com connectivity check", "IDS Detections: Win32/Tofsee.AX google.com connectivity check Observed Telegram Domain (t .me in TLS SNI)", "Yara Detections: Cabinet_Archive , SFX_CAB", "ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile", "Antivirus Detections: ELF:Mirai-AAL\\ [Trj] , Unix.Trojan.Mirai-1 , Backdoor:Linux/Mirai.N!MTB", "IDS Detections: Observed DNS Query to ELF/Various Mirai Variant CnC Domain Huawei Remote Command Execution (CVE-2017-17215)", "Huawei Remote Command Execution - Outbound (CVE-2017-17215)", "Huawei HG532 RCE Vulnerability (CVE-2017-17215)", "DYNAMIC_DNS Query to *.duckdns. Domain", "SUSPICIOUS Path to BusyBox HiSilicon DVR - Default", "Telnet Root Password Inbound TELNET login failed root login Bad Login Less", "Yara Detections Mirai_Botnet_Malware , Mirai_2 , is__elf , Linux_Mirai , ECHOBOT", "dead_host network_icmp tcp_syn_scan nolookup_communication networkdyndns_checkip writes_to_stdout", "IP\u2019s Contacted: 1.0.21.231 1.0.42.181 1.1.116.28 1.10.203.28 1.10.54.62 1.101.0.202", "IP\u2019s Contacted: 1.101.184.254 1.103.104.9 1.103.141.89 1.104.104.227", "Contacted: newmethcnc.duckdns.org", "https://otx.alienvault.com/indicator/file/3215b2d1c44c7114c7f94af1bbcb858707b636baeae2c6752219fdf184c7b00e", "https://eurotarget.com/it/auto/toyota/c-hr/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Backdoor:Win32/Tofsee.T", "display_name": "Backdoor:Win32/Tofsee.T", "target": "/malware/Backdoor:Win32/Tofsee.T" }, { "id": "Win.Malware.Reline-9887776-0", "display_name": "Win.Malware.Reline-9887776-0", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null }, { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Backdoor:Linux/Mirai.N!MTB", "display_name": "Backdoor:Linux/Mirai.N!MTB", "target": "/malware/Backdoor:Linux/Mirai.N!MTB" } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1584.005", "name": "Botnet", "display_name": "T1584.005 - Botnet" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1222.002", "name": "Linux and Mac File and Directory Permissions Modification", "display_name": "T1222.002 - Linux and Mac File and Directory Permissions Modification" }, { "id": "T1399", "name": "Modify Trusted Execution Environment", "display_name": "T1399 - Modify Trusted Execution Environment" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1011.001", "name": "Exfiltration Over Bluetooth", "display_name": "T1011.001 - Exfiltration Over Bluetooth" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" } ], "industries": [ "Telecom" ], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6227, "domain": 1437, "hostname": 2331, "email": 8, "FileHash-SHA256": 3252, "FileHash-MD5": 465, "FileHash-SHA1": 457, "CIDR": 1, "CVE": 3 }, "indicator_count": 14181, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "110 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://imap.alpenjodel.de", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://imap.alpenjodel.de", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780533285.301933 }