{ "type": "URL", "indicator": "https://info.volcanobet.rs/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://info.volcanobet.rs/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3905880383, "indicator": "https://info.volcanobet.rs/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 11, "pulses": [ { "id": "665c44f012d938d1c7dd591e", "name": "PIT Projekt.exe (www.pitprojekt.pl , pitprojekt.pl) oraz Ceidg.gov.pl - Dane publiczne wpisu", "description": "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=f3ee4c4e-e009-4d69-82da-eef3bad1ecc4 NIP:6161230754\nhttps://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778 NIP;6112323510\nhttp://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778\n2.16.6.145146f05-9aac-4942-a42d-f2550a19c0c4 NIP:6131434311\nipv4: 2.16.6.14, 2.16.6.6, 2.16.6.1,", "modified": "2025-10-06T11:12:39.639000", "created": "2024-06-02T10:09:52.601000", "tags": [ "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik", "wojcieszyce", "urls competing", "ceidg centralna", "gospodarczej", "wyszukiwanie", "przejd", "centrum pomocy", "informacja o", "mapa", "strona gwna", "przegldanie", "ceidg szybki", "uwagi prawne", "deklaracja", "serwer", "returnurl", "idf3ee4c4ee00", "id7a025cc6516", "wctxrm0", "idf3ee4c4", "id35146f059aa", "ideb8f4cf26ef", "id7a025cc", "id35146f0", "publicznywsz3", "id97c275c", "url wiek", "ssdeep", "sha1", "pehasz", "typlibid", "pit projekt", "chcesz", "pity online", "program", "interesuje ci", "pity zapisane", "jeli", "oddajemy w", "twoje rce", "dziki jego" ], "references": [ "http://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=f3ee4c4e-e009-4d69-82da-eef3bad1ecc4", "https://aplikacja.ceidg.gov.pl/CEIDG/GroupMenu.aspx?key=_group_search", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=35146f05-9aac-4942-a42d-f2550a19c0c4", "http://www.pitprojekt.pl", "http://pitprojekt.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wojcieszyce", "display_name": "Wojcieszyce", "target": null }, { "id": "Serwer", "display_name": "Serwer", "target": null }, { "id": "Serwer A Przed\u0142u\u017cenie sesji #{text}", "display_name": "Serwer A Przed\u0142u\u017cenie sesji #{text}", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8271, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1259, "URL": 6009, "hostname": 3030, "FileHash-SHA256": 10233, "FileHash-MD5": 2742, "FileHash-SHA1": 2348, "email": 75, "SSLCertFingerprint": 11, "YARA": 2, "CVE": 13, "FileHash-PEHASH": 1, "IPv4": 34, "IPv6": 6 }, "indicator_count": 25763, "is_author": false, "is_subscribing": null, "subscriber_count": 135, "modified_text": "237 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "682d3e7bc36b012af0258aad", "name": "Mars Coin Investigations", "description": "", "modified": "2025-09-11T00:52:33.361000", "created": "2025-05-21T02:46:19.281000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "gameprofits.io", "id": "170823", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_170823/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 380, "hostname": 127, "domain": 227, "FileHash-SHA256": 69 }, "indicator_count": 803, "is_author": false, "is_subscribing": null, "subscriber_count": 51, "modified_text": "262 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "687b5499d48de6e54f3bff11", "name": "213.174.130.70 - Spyware Install | Emotet via Malware sites", "description": "Malicious IP address for multiple malware domains. Very malicious spyware, will hijack network and devices. \n\u2022 Best Targeted sites \nSpyware Install\n\u2022 Garveep POST CnC\nBeacon\n\u2022 Worm.Mydoom\nCheckin\n\n#endgame #emotet #mydoom #malware_domains #install_spyware #monitered_targets", "modified": "2025-08-18T08:00:43.712000", "created": "2025-07-19T08:17:29.443000", "tags": [ "handle", "ripe ncc", "ripe network", "address range", "cidr", "allocation type", "assigned pa", "status", "whois server", "entity ah36ripe", "algorithm", "key identifier", "x509v3 subject", "data", "v3 serial", "number", "cgb stgreater", "cnsectigo rsa", "secure server", "ca validity", "date", "abuse contact", "orgid", "orgtechhandle", "address", "orgabuseref", "postalcode", "ripe", "seen", "update date", "tech email", "admin country", "expiration date", "dnssec", "admin id", "mi11255597wp", "msie", "chrome", "passive dns", "united", "ipv4 add", "pulse submit", "url analysis", "urls", "files", "hosting", "open", "body", "extraction", "data upload", "failed", "include review", "anorexx", "video", "father sex", "ebony riding", "ebony", "roberta", "type win32", "exe size", "mb first", "file name", "sentinelone", "present jul", "present oct", "entries http", "memcommit", "t1055", "read c", "search", "entries", "show", "medium", "showing", "high process", "injection t1055", "copy", "write", "win32", "malware", "tsara brashears", "tsara", "pornhub", "porn videos", "watch tsara", "most relevant", "open threat", "exchange", "public", "https", "green", "daily", "brashears", "porn", "watch", "busty xxx", "filter tsara", "brashears porn", "url add", "pulse pulses", "http", "related pulses", "none related", "tags none", "file type", "md5 sha256", "google safe", "browsing", "dynamicloader", "dynamic", "read", "delete", "mtb apr", "trojan", "lowfi", "virtool", "icloader apr", "otx telemetry", "australia", "exploit", "cobalt strike", "hostile", "trojanspy", "msil", "win64", "pulse", "alerts", "yara rule", "named pipe", "xe7xf3xf2x14x9d", "high", "delphi", "local", "next", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "defense evasion", "adversaries", "spawns", "found", "process details", "flag", "contacted", "meta", "location united", "copy md5", "copy sha1", "copy sha256", "sha256", "sha1", "size", "beginstring", "null", "type data", "error", "span", "hybrid", "general", "click", "strings", "refresh", "tools", "pattern match", "show technique", "mitre att", "ck matrix", "ascii text", "show process", "utf8", "crlf line", "network traffic", "path", "included", "review", "excludea", "sugges data", "typ url", "url url", "url hos", "hos hos", "extraction f", "enter so", "u extractio", "extra data", "included review", "ic excluded", "suggeste", "pulses", "md5 google", "safe browsing", "virustotal api", "comments", "ally s", "extraction data", "enter soudcfidi", "ad temdac", "cddad ad", "praw type", "extr", "include u", "creation date", "record value", "gmt content", "x adblock", "certificate", "domain", "encrypt", "sec ch", "ch ua", "unknown aaaa", "ua full", "ua platform", "present jun", "moved", "ip address", "doctype html", "lander script", "head", "method", "allowed date", "arizona", "scottsdale", "go daddy", "authority", "next associated", "extraction fail", "enter soupce", "udi ad", "trydda dada", "panca type", "ur extraction", "s data", "pr extract", "servers", "hostname", "files ip", "denmark unknown" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 7528, "domain": 1822, "hostname": 2015, "email": 5, "FileHash-MD5": 373, "FileHash-SHA1": 363, "FileHash-SHA256": 1939 }, "indicator_count": 14049, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "286 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67323bc177c9f51524d9234b", "name": "samalo.info", "description": "", "modified": "2024-12-11T17:03:08.846000", "created": "2024-11-11T17:15:45.966000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 50, "hostname": 154, "domain": 65, "URL": 271 }, "indicator_count": 542, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "536 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d0a996b288ca46ab7e63ae", "name": "CEIDG (www.pitprojekt.pl , pitprojekt.pl) jak otworzy\u0107 firm\u0119, jak rozpocz\u0105\u0107 biznes, dzia\u0142alno\u015b\u0107 gospodarcza zak\u0142adanie, jak rozpocz\u0105\u0107 dzia\u0142alno\u015b\u0107 gospodarcz\u0105", "description": "Zawarte zasoby wed\u0142ug j\u0119zyka \u00c2\u00a31.1bn, a total of 7.4bn euros ($9.6bn; \u00a36.3bn)", "modified": "2024-12-05T21:16:06.820000", "created": "2024-08-29T17:02:13.392000", "tags": [ "admin", "asset", "dufur", "jnswj", "3px center", "saxla", "zjloj", "whasz htm", "oszczdno", "png ikona", "rt angielski", "angielski usa", "wersja rt", "narzuta chi2", "plik", "whasz", "bogaty hash", "sha256", "ssdeep", "schema", "strings", "guid", "blob", "sha256 file", "type type", "vhash", "imphash", "bvgquf", "cblrxf", "coqbmf", "efq78c", "gkrikb", "hdvrde", "hlo3ef", "izt63", "jnoxi", "kg2exe", "pejzasz", "rticon english", "english us", "chi2", "png rticon", "ico rtgroupicon", "code signing", "algorithm", "serial number", "sectigo public", "thumbprint", "rsa time", "valid from", "name sectigo", "valid", "valid usage", "ascii text", "neutral", "data rtcursor", "data rtdialog", "default", "rticon maori", "ceidg", "informacja o", "usugi", "z wniosek", "sprawd", "zarejestruj spk", "centralna", "ewidencja", "strona gwna", "formularze i", "sha1", "pehash", "richhash", "authentihash", "skrt", "system", "podaj", "windows z", "kreator", "dostawca", "wifi", "nazwa typ", "md5 nazwa", "imphasz", "kropelka", "smyczki", "zasb manifestu", "neutralny", "ikona rt", "zawarte zasoby", "md5 chi2", "ikonagrupyrt", "rtmanifest", "zawarte", "sha256 typ" ], "references": [ "https://aplikacja.ceidg.gov.pl/ceidg.cms.engine/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 4501, "URL": 4559, "hostname": 1957, "domain": 729, "FileHash-MD5": 903, "FileHash-SHA1": 849, "IPv4": 180, "email": 3, "IPv6": 2, "CVE": 1 }, "indicator_count": 13684, "is_author": false, "is_subscribing": null, "subscriber_count": 125, "modified_text": "541 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d941bcba8150e535df3fa0", "name": "Phishing Collection: August 2024", "description": "Summary of collected indicators associated with recent phishing pulses, for implementation with other tools such as SIEM, etc.", "modified": "2024-11-29T14:14:28.911000", "created": "2024-09-05T05:29:32.766000", "tags": [ "cdn", "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "weekndr_sec", "id": "288004", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_288004/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 193, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 44, "domain": 98, "hostname": 149 }, "indicator_count": 516, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "548 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67126705211468d007e6bfef", "name": "ttkkv.bloso.top > calltogetprize (enriched)", "description": "", "modified": "2024-11-17T13:00:13.078000", "created": "2024-10-18T13:47:49.772000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 82, "hostname": 476, "URL": 606, "FileHash-SHA256": 33 }, "indicator_count": 1197, "is_author": false, "is_subscribing": null, "subscriber_count": 183, "modified_text": "560 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "670c5ff728e6e5b891e26e45", "name": "IOC", "description": "", "modified": "2024-10-14T00:04:07.913000", "created": "2024-10-14T00:04:07.913000", "tags": [ "admin", "asset", "dufur", "jnswj", "3px center", "saxla", "zjloj", "whasz htm", "oszczdno", "png ikona", "rt angielski", "angielski usa", "wersja rt", "narzuta chi2", "plik", "whasz", "bogaty hash", "sha256", "ssdeep", "schema", "strings", "guid", "blob", "sha256 file", "type type", "vhash", "imphash", "bvgquf", "cblrxf", "coqbmf", "efq78c", "gkrikb", "hdvrde", "hlo3ef", "izt63", "jnoxi", "kg2exe", "pejzasz", "rticon english", "english us", "chi2", "png rticon", "ico rtgroupicon", "code signing", "algorithm", "serial number", "sectigo public", "thumbprint", "rsa time", "valid from", "name sectigo", "valid", "valid usage", "ascii text", "neutral", "data rtcursor", "data rtdialog", "default", "rticon maori", "ceidg", "informacja o", "usugi", "z wniosek", "sprawd", "zarejestruj spk", "centralna", "ewidencja", "strona gwna", "formularze i", "sha1", "pehash", "richhash", "authentihash", "skrt", "system", "podaj", "windows z", "kreator", "dostawca", "wifi", "nazwa typ", "md5 nazwa", "imphasz", "kropelka", "smyczki", "zasb manifestu", "neutralny", "ikona rt", "zawarte zasoby", "md5 chi2", "ikonagrupyrt", "rtmanifest", "zawarte", "sha256 typ" ], "references": [ "https://aplikacja.ceidg.gov.pl/ceidg.cms.engine/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "66d0a996b288ca46ab7e63ae", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "WayneState", "id": "296756", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 4243, "URL": 4550, "hostname": 1957, "domain": 729, "FileHash-MD5": 801, "FileHash-SHA1": 747, "IPv4": 180, "email": 3, "IPv6": 2 }, "indicator_count": 13212, "is_author": false, "is_subscribing": null, "subscriber_count": 4, "modified_text": "594 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666cc0893636f98479e34f6e", "name": "Telus Communications ASN 852 - part 1.5", "description": "https://asnlookup.com/asn/AS852/\n\nhttps://www.virustotal.com/graph/embed/gf794b7e0cba442578197356822e0457b8d920ff9ea32461e85ddb716b3c771cf?theme=dark\n\nhttps://www.filescan.io/search-result?query=dGVsdXMuY29t", "modified": "2024-09-22T18:06:53.325000", "created": "2024-06-14T22:13:29.917000", "tags": [ "entity", "please", "javascript", "mirai", "mozi", "hajime" ], "references": [ "https://www.virustotal.com/graph/embed/gf794b7e0cba442578197356822e0457b8d920ff9ea32461e85ddb716b3c771cf?theme=dark", "https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/iocs", "https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/graph", "https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/summary", "https://asnlookup.com/asn/AS852/", "https://viz.greynoise.io/analysis/7a369df9-bcbf-4540-ad0f-6d52c0c55cdb", "https://www.virustotal.com/graph/embed/gbe89575feac440f0b831e98562c12d0534475b1006e54221acffc624919deef7?theme=dark", "https://urlscan.io/search/#page.asn%3AAS852", "https://viz.greynoise.io/analysis/8be38b3f-73d9-4f4c-bb64-508ee329596e", "https://dnschecker.org/asn-whois-lookup.php?query=AS852", "https://mxtoolbox.com/SuperTool.aspx?action=asn%3aAS852&run=toolpage", "https://viz.greynoise.io/query/AS852", "https://viz.greynoise.io/query/AS852%20classification:%22malicious%22", "https://ipinfo.io", "https://viz.greynoise.io/analysis/1ba1e524-0d96-4cc6-9426-d01abbe75443", "https://bgp.tools/as/852", "https://www.ipvoid.com/whois/", "https://urlscan.io/search/#asn%3A%22AS852%22", "https://dnschecker.org/asn-whois-lookup.php?query=852", "https://leakix.net/search?scope=leak&q=telus.com", "http://ci-www.threatcrowd.org/domain.php?domain=telus.com", "https://intelx.io/?s=telus.com", "https://whiteintel.io/", "https://inteltechniques.com/tools/Domain.html", "https://informationlaundromat.com/content-search", "https://urlhaus.abuse.ch/asn/852", "https://bgp.he.net/AS852#_prefixes", "https://dnstwist.it/#9966d7b4-2d66-4349-9129-21d2adc26c89", "https://urlscan.io/search/#asn:%22AS852%22", "08.05.24 - https://viz.greynoise.io/query/AS852", "https://urlscan.io/asn/AS852", "https://www.telus.com/en/ab/outages?INTCMP=contactus_outage_AB_V2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/66b3cdc9971b263122bd14db" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Telecommunications", "Technology", "Healthcare", "Government", "Media", "Finance", "Retail", "Education", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 55, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 12, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4696, "FileHash-MD5": 69, "FileHash-SHA256": 1211, "URL": 3453, "domain": 2060, "hostname": 1853, "FileHash-SHA1": 68, "email": 5, "CVE": 11 }, "indicator_count": 13426, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "615 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "660b176a98b0c92ba5a962bc", "name": "\"No Problems\" - UAlberta TLD (Confirmed TLD - 08.04.24) & Subdomain compromise", "description": "Basically the above\n\n\"No Problems\", \"We are Unhackable\", etc. etc. causing problems.", "modified": "2024-09-04T05:01:56.993000", "created": "2024-04-01T20:22:02.851000", "tags": [ "BEC" ], "references": [ "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/summary", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/iocs", "https://www.virustotal.com/graph/embed/gead337f35cdd4241b225b68ff0528a3834be5d60876745fa99254ff7f8a0df22?theme=dark", "https://www.virustotal.com/graph/embed/g1e31eca6803a433a9a33437d593a2bbdf979ff77c91340d1ab624d10dc8732b3?theme=dark", "https://dnstwist.it/#ea665d15-6507-4057-b2c9-18a2e546ee95", "https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore", "https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/", "https://malpedia.caad.fkie.fraunhofer.de/details/win.mydoom", "https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 233, "FileHash-SHA1": 230, "FileHash-SHA256": 6703, "URL": 4450, "CIDR": 3, "domain": 6223, "hostname": 2863, "email": 7, "CVE": 53 }, "indicator_count": 20765, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://malpedia.caad.fkie.fraunhofer.de/details/win.mydoom", "https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/summary", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://dnstwist.it/#ea665d15-6507-4057-b2c9-18a2e546ee95", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/summary", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://aplikacja.ceidg.gov.pl/ceidg.cms.engine/", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://urlscan.io/asn/AS852", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://viz.greynoise.io/analysis/8be38b3f-73d9-4f4c-bb64-508ee329596e", "Thor Scan: S-I9VvMTB6cZU", "https://www.virustotal.com/graph/embed/gbe89575feac440f0b831e98562c12d0534475b1006e54221acffc624919deef7?theme=dark", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=35146f05-9aac-4942-a42d-f2550a19c0c4", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "https://viz.greynoise.io/analysis/1ba1e524-0d96-4cc6-9426-d01abbe75443", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "http://www.pitprojekt.pl", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://whiteintel.io/", "https://leakix.net/search?scope=leak&q=telus.com", "http://ci-www.threatcrowd.org/domain.php?domain=telus.com", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.virustotal.com/graph/embed/g1e31eca6803a433a9a33437d593a2bbdf979ff77c91340d1ab624d10dc8732b3?theme=dark", "https://urlscan.io/search/#asn:%22AS852%22", "https://intelx.io/?s=telus.com", "All - EnterpriseAppsList.csv", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://www.virustotal.com/graph/embed/gf794b7e0cba442578197356822e0457b8d920ff9ea32461e85ddb716b3c771cf?theme=dark", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://bgp.he.net/AS852#_prefixes", "https://aplikacja.ceidg.gov.pl/CEIDG/GroupMenu.aspx?key=_group_search", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://viz.greynoise.io/query/AS852", "https://urlscan.io/search/#asn%3A%22AS852%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "http://pitprojekt.pl", "https://www.ipvoid.com/whois/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/iocs", "https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://informationlaundromat.com/content-search", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=f3ee4c4e-e009-4d69-82da-eef3bad1ecc4", "https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://urlscan.io/search/#ualberta.ca", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://dnstwist.it/#9966d7b4-2d66-4349-9129-21d2adc26c89", "https://mxtoolbox.com/SuperTool.aspx?action=asn%3aAS852&run=toolpage", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://www.virustotal.com/graph/embed/gead337f35cdd4241b225b68ff0528a3834be5d60876745fa99254ff7f8a0df22?theme=dark", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List", "https://tria.ge/240517-t9pc2ahb2t", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "http://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778", "https://www.telus.com/en/ab/outages?INTCMP=contactus_outage_AB_V2", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://ipinfo.io", "https://inteltechniques.com/tools/Domain.html", "08.05.24 - https://viz.greynoise.io/query/AS852", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/iocs", "https://viz.greynoise.io/query/AS852%20classification:%22malicious%22", "https://dnschecker.org/asn-whois-lookup.php?query=852", "https://urlhaus.abuse.ch/asn/852", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://viz.greynoise.io/analysis/7a369df9-bcbf-4540-ad0f-6d52c0c55cdb", "https://tria.ge/240521-q4s79agb25/static1", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://asnlookup.com/asn/AS852/", "https://dnschecker.org/asn-whois-lookup.php?query=AS852", "https://bgp.tools/as/852", "AppRegistrationList.csv", "https://urlscan.io/search/#page.asn%3AAS852", "https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/66b3cdc9971b263122bd14db", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Serwer", "Wojcieszyce", "Serwer a przed\u0142u\u017cenie sesji #{text}" ], "industries": [ "Retail", "Healthcare", "Technology", "Energy", "Education", "Government", "Media", "Finance", "Telecommunications" ], "unique_indicators": 108912 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/volcanobet.rs", "whois": "http://whois.domaintools.com/volcanobet.rs", "domain": "volcanobet.rs", "hostname": "info.volcanobet.rs" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 11, "pulses": [ { "id": "665c44f012d938d1c7dd591e", "name": "PIT Projekt.exe (www.pitprojekt.pl , pitprojekt.pl) oraz Ceidg.gov.pl - Dane publiczne wpisu", "description": "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=f3ee4c4e-e009-4d69-82da-eef3bad1ecc4 NIP:6161230754\nhttps://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778 NIP;6112323510\nhttp://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778\n2.16.6.145146f05-9aac-4942-a42d-f2550a19c0c4 NIP:6131434311\nipv4: 2.16.6.14, 2.16.6.6, 2.16.6.1,", "modified": "2025-10-06T11:12:39.639000", "created": "2024-06-02T10:09:52.601000", "tags": [ "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik", "wojcieszyce", "urls competing", "ceidg centralna", "gospodarczej", "wyszukiwanie", "przejd", "centrum pomocy", "informacja o", "mapa", "strona gwna", "przegldanie", "ceidg szybki", "uwagi prawne", "deklaracja", "serwer", "returnurl", "idf3ee4c4ee00", "id7a025cc6516", "wctxrm0", "idf3ee4c4", "id35146f059aa", "ideb8f4cf26ef", "id7a025cc", "id35146f0", "publicznywsz3", "id97c275c", "url wiek", "ssdeep", "sha1", "pehasz", "typlibid", "pit projekt", "chcesz", "pity online", "program", "interesuje ci", "pity zapisane", "jeli", "oddajemy w", "twoje rce", "dziki jego" ], "references": [ "http://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=7a025cc6-5167-43cf-947f-387a3b830778", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=f3ee4c4e-e009-4d69-82da-eef3bad1ecc4", "https://aplikacja.ceidg.gov.pl/CEIDG/GroupMenu.aspx?key=_group_search", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/SearchDetails.aspx?Id=35146f05-9aac-4942-a42d-f2550a19c0c4", "http://www.pitprojekt.pl", "http://pitprojekt.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wojcieszyce", "display_name": "Wojcieszyce", "target": null }, { "id": "Serwer", "display_name": "Serwer", "target": null }, { "id": "Serwer A Przed\u0142u\u017cenie sesji #{text}", "display_name": "Serwer A Przed\u0142u\u017cenie sesji #{text}", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8271, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1259, "URL": 6009, "hostname": 3030, "FileHash-SHA256": 10233, "FileHash-MD5": 2742, "FileHash-SHA1": 2348, "email": 75, "SSLCertFingerprint": 11, "YARA": 2, "CVE": 13, "FileHash-PEHASH": 1, "IPv4": 34, "IPv6": 6 }, "indicator_count": 25763, "is_author": false, "is_subscribing": null, "subscriber_count": 135, "modified_text": "237 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "682d3e7bc36b012af0258aad", "name": "Mars Coin Investigations", "description": "", "modified": "2025-09-11T00:52:33.361000", "created": "2025-05-21T02:46:19.281000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "gameprofits.io", "id": "170823", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_170823/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 380, "hostname": 127, "domain": 227, "FileHash-SHA256": 69 }, "indicator_count": 803, "is_author": false, "is_subscribing": null, "subscriber_count": 51, "modified_text": "262 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "687b5499d48de6e54f3bff11", "name": "213.174.130.70 - Spyware Install | Emotet via Malware sites", "description": "Malicious IP address for multiple malware domains. Very malicious spyware, will hijack network and devices. \n\u2022 Best Targeted sites \nSpyware Install\n\u2022 Garveep POST CnC\nBeacon\n\u2022 Worm.Mydoom\nCheckin\n\n#endgame #emotet #mydoom #malware_domains #install_spyware #monitered_targets", "modified": "2025-08-18T08:00:43.712000", "created": "2025-07-19T08:17:29.443000", "tags": [ "handle", "ripe ncc", "ripe network", "address range", "cidr", "allocation type", "assigned pa", "status", "whois server", "entity ah36ripe", "algorithm", "key identifier", "x509v3 subject", "data", "v3 serial", "number", "cgb stgreater", "cnsectigo rsa", "secure server", "ca validity", "date", "abuse contact", "orgid", "orgtechhandle", "address", "orgabuseref", "postalcode", "ripe", "seen", "update date", "tech email", "admin country", "expiration date", "dnssec", "admin id", "mi11255597wp", "msie", "chrome", "passive dns", "united", "ipv4 add", "pulse submit", "url analysis", "urls", "files", "hosting", "open", "body", "extraction", "data upload", "failed", "include review", "anorexx", "video", "father sex", "ebony riding", "ebony", "roberta", "type win32", "exe size", "mb first", "file name", "sentinelone", "present jul", "present oct", "entries http", "memcommit", "t1055", "read c", "search", "entries", "show", "medium", "showing", "high process", "injection t1055", "copy", "write", "win32", "malware", "tsara brashears", "tsara", "pornhub", "porn videos", "watch tsara", "most relevant", "open threat", "exchange", "public", "https", "green", "daily", "brashears", "porn", "watch", "busty xxx", "filter tsara", "brashears porn", "url add", "pulse pulses", "http", "related pulses", "none related", "tags none", "file type", "md5 sha256", "google safe", "browsing", "dynamicloader", "dynamic", "read", "delete", "mtb apr", "trojan", "lowfi", "virtool", "icloader apr", "otx telemetry", "australia", "exploit", "cobalt strike", "hostile", "trojanspy", "msil", "win64", "pulse", "alerts", "yara rule", "named pipe", "xe7xf3xf2x14x9d", "high", "delphi", "local", "next", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "defense evasion", "adversaries", "spawns", "found", "process details", "flag", "contacted", "meta", "location united", "copy md5", "copy sha1", "copy sha256", "sha256", "sha1", "size", "beginstring", "null", "type data", "error", "span", "hybrid", "general", "click", "strings", "refresh", "tools", "pattern match", "show technique", "mitre att", "ck matrix", "ascii text", "show process", "utf8", "crlf line", "network traffic", "path", "included", "review", "excludea", "sugges data", "typ url", "url url", "url hos", "hos hos", "extraction f", "enter so", "u extractio", "extra data", "included review", "ic excluded", "suggeste", "pulses", "md5 google", "safe browsing", "virustotal api", "comments", "ally s", "extraction data", "enter soudcfidi", "ad temdac", "cddad ad", "praw type", "extr", "include u", "creation date", "record value", "gmt content", "x adblock", "certificate", "domain", "encrypt", "sec ch", "ch ua", "unknown aaaa", "ua full", "ua platform", "present jun", "moved", "ip address", "doctype html", "lander script", "head", "method", "allowed date", "arizona", "scottsdale", "go daddy", "authority", "next associated", "extraction fail", "enter soupce", "udi ad", "trydda dada", "panca type", "ur extraction", "s data", "pr extract", "servers", "hostname", "files ip", "denmark unknown" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 7528, "domain": 1822, "hostname": 2015, "email": 5, "FileHash-MD5": 373, "FileHash-SHA1": 363, "FileHash-SHA256": 1939 }, "indicator_count": 14049, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "286 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67323bc177c9f51524d9234b", "name": "samalo.info", "description": "", "modified": "2024-12-11T17:03:08.846000", "created": "2024-11-11T17:15:45.966000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 50, "hostname": 154, "domain": 65, "URL": 271 }, "indicator_count": 542, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "536 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d0a996b288ca46ab7e63ae", "name": "CEIDG (www.pitprojekt.pl , pitprojekt.pl) jak otworzy\u0107 firm\u0119, jak rozpocz\u0105\u0107 biznes, dzia\u0142alno\u015b\u0107 gospodarcza zak\u0142adanie, jak rozpocz\u0105\u0107 dzia\u0142alno\u015b\u0107 gospodarcz\u0105", "description": "Zawarte zasoby wed\u0142ug j\u0119zyka \u00c2\u00a31.1bn, a total of 7.4bn euros ($9.6bn; \u00a36.3bn)", "modified": "2024-12-05T21:16:06.820000", "created": "2024-08-29T17:02:13.392000", "tags": [ "admin", "asset", "dufur", "jnswj", "3px center", "saxla", "zjloj", "whasz htm", "oszczdno", "png ikona", "rt angielski", "angielski usa", "wersja rt", "narzuta chi2", "plik", "whasz", "bogaty hash", "sha256", "ssdeep", "schema", "strings", "guid", "blob", "sha256 file", "type type", "vhash", "imphash", "bvgquf", "cblrxf", "coqbmf", "efq78c", "gkrikb", "hdvrde", "hlo3ef", "izt63", "jnoxi", "kg2exe", "pejzasz", "rticon english", "english us", "chi2", "png rticon", "ico rtgroupicon", "code signing", "algorithm", "serial number", "sectigo public", "thumbprint", "rsa time", "valid from", "name sectigo", "valid", "valid usage", "ascii text", "neutral", "data rtcursor", "data rtdialog", "default", "rticon maori", "ceidg", "informacja o", "usugi", "z wniosek", "sprawd", "zarejestruj spk", "centralna", "ewidencja", "strona gwna", "formularze i", "sha1", "pehash", "richhash", "authentihash", "skrt", "system", "podaj", "windows z", "kreator", "dostawca", "wifi", "nazwa typ", "md5 nazwa", "imphasz", "kropelka", "smyczki", "zasb manifestu", "neutralny", "ikona rt", "zawarte zasoby", "md5 chi2", "ikonagrupyrt", "rtmanifest", "zawarte", "sha256 typ" ], "references": [ "https://aplikacja.ceidg.gov.pl/ceidg.cms.engine/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 4501, "URL": 4559, "hostname": 1957, "domain": 729, "FileHash-MD5": 903, "FileHash-SHA1": 849, "IPv4": 180, "email": 3, "IPv6": 2, "CVE": 1 }, "indicator_count": 13684, "is_author": false, "is_subscribing": null, "subscriber_count": 125, "modified_text": "541 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d941bcba8150e535df3fa0", "name": "Phishing Collection: August 2024", "description": "Summary of collected indicators associated with recent phishing pulses, for implementation with other tools such as SIEM, etc.", "modified": "2024-11-29T14:14:28.911000", "created": "2024-09-05T05:29:32.766000", "tags": [ "cdn", "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "weekndr_sec", "id": "288004", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_288004/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 193, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 44, "domain": 98, "hostname": 149 }, "indicator_count": 516, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "548 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67126705211468d007e6bfef", "name": "ttkkv.bloso.top > calltogetprize (enriched)", "description": "", "modified": "2024-11-17T13:00:13.078000", "created": "2024-10-18T13:47:49.772000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 82, "hostname": 476, "URL": 606, "FileHash-SHA256": 33 }, "indicator_count": 1197, "is_author": false, "is_subscribing": null, "subscriber_count": 183, "modified_text": "560 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "670c5ff728e6e5b891e26e45", "name": "IOC", "description": "", "modified": "2024-10-14T00:04:07.913000", "created": "2024-10-14T00:04:07.913000", "tags": [ "admin", "asset", "dufur", "jnswj", "3px center", "saxla", "zjloj", "whasz htm", "oszczdno", "png ikona", "rt angielski", "angielski usa", "wersja rt", "narzuta chi2", "plik", "whasz", "bogaty hash", "sha256", "ssdeep", "schema", "strings", "guid", "blob", "sha256 file", "type type", "vhash", "imphash", "bvgquf", "cblrxf", "coqbmf", "efq78c", "gkrikb", "hdvrde", "hlo3ef", "izt63", "jnoxi", "kg2exe", "pejzasz", "rticon english", "english us", "chi2", "png rticon", "ico rtgroupicon", "code signing", "algorithm", "serial number", "sectigo public", "thumbprint", "rsa time", "valid from", "name sectigo", "valid", "valid usage", "ascii text", "neutral", "data rtcursor", "data rtdialog", "default", "rticon maori", "ceidg", "informacja o", "usugi", "z wniosek", "sprawd", "zarejestruj spk", "centralna", "ewidencja", "strona gwna", "formularze i", "sha1", "pehash", "richhash", "authentihash", "skrt", "system", "podaj", "windows z", "kreator", "dostawca", "wifi", "nazwa typ", "md5 nazwa", "imphasz", "kropelka", "smyczki", "zasb manifestu", "neutralny", "ikona rt", "zawarte zasoby", "md5 chi2", "ikonagrupyrt", "rtmanifest", "zawarte", "sha256 typ" ], "references": [ "https://aplikacja.ceidg.gov.pl/ceidg.cms.engine/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "66d0a996b288ca46ab7e63ae", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "WayneState", "id": "296756", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 4243, "URL": 4550, "hostname": 1957, "domain": 729, "FileHash-MD5": 801, "FileHash-SHA1": 747, "IPv4": 180, "email": 3, "IPv6": 2 }, "indicator_count": 13212, "is_author": false, "is_subscribing": null, "subscriber_count": 4, "modified_text": "594 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666cc0893636f98479e34f6e", "name": "Telus Communications ASN 852 - part 1.5", "description": "https://asnlookup.com/asn/AS852/\n\nhttps://www.virustotal.com/graph/embed/gf794b7e0cba442578197356822e0457b8d920ff9ea32461e85ddb716b3c771cf?theme=dark\n\nhttps://www.filescan.io/search-result?query=dGVsdXMuY29t", "modified": "2024-09-22T18:06:53.325000", "created": "2024-06-14T22:13:29.917000", "tags": [ "entity", "please", "javascript", "mirai", "mozi", "hajime" ], "references": [ "https://www.virustotal.com/graph/embed/gf794b7e0cba442578197356822e0457b8d920ff9ea32461e85ddb716b3c771cf?theme=dark", "https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/iocs", "https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/graph", "https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/summary", "https://asnlookup.com/asn/AS852/", "https://viz.greynoise.io/analysis/7a369df9-bcbf-4540-ad0f-6d52c0c55cdb", "https://www.virustotal.com/graph/embed/gbe89575feac440f0b831e98562c12d0534475b1006e54221acffc624919deef7?theme=dark", "https://urlscan.io/search/#page.asn%3AAS852", "https://viz.greynoise.io/analysis/8be38b3f-73d9-4f4c-bb64-508ee329596e", "https://dnschecker.org/asn-whois-lookup.php?query=AS852", "https://mxtoolbox.com/SuperTool.aspx?action=asn%3aAS852&run=toolpage", "https://viz.greynoise.io/query/AS852", "https://viz.greynoise.io/query/AS852%20classification:%22malicious%22", "https://ipinfo.io", "https://viz.greynoise.io/analysis/1ba1e524-0d96-4cc6-9426-d01abbe75443", "https://bgp.tools/as/852", "https://www.ipvoid.com/whois/", "https://urlscan.io/search/#asn%3A%22AS852%22", "https://dnschecker.org/asn-whois-lookup.php?query=852", "https://leakix.net/search?scope=leak&q=telus.com", "http://ci-www.threatcrowd.org/domain.php?domain=telus.com", "https://intelx.io/?s=telus.com", "https://whiteintel.io/", "https://inteltechniques.com/tools/Domain.html", "https://informationlaundromat.com/content-search", "https://urlhaus.abuse.ch/asn/852", "https://bgp.he.net/AS852#_prefixes", "https://dnstwist.it/#9966d7b4-2d66-4349-9129-21d2adc26c89", "https://urlscan.io/search/#asn:%22AS852%22", "08.05.24 - https://viz.greynoise.io/query/AS852", "https://urlscan.io/asn/AS852", "https://www.telus.com/en/ab/outages?INTCMP=contactus_outage_AB_V2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/66b3cdc9971b263122bd14db" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Telecommunications", "Technology", "Healthcare", "Government", "Media", "Finance", "Retail", "Education", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 55, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 12, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4696, "FileHash-MD5": 69, "FileHash-SHA256": 1211, "URL": 3453, "domain": 2060, "hostname": 1853, "FileHash-SHA1": 68, "email": 5, "CVE": 11 }, "indicator_count": 13426, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "615 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://info.volcanobet.rs/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://info.volcanobet.rs/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780249694.016008 }