{ "type": "URL", "indicator": "https://infra-telemetry.com/api/checkina", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://infra-telemetry.com/api/checkina", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4357166958, "indicator": "https://infra-telemetry.com/api/checkina", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "6a03fda1f49694a8a727a708", "name": "REvil, Sodinokibi & Prophet Chakras", "description": "REvil / Sodinokibi and CVE-2018-8543 which affects remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. [NIST] Sodinokibi, also known as REvil, is a sophisticated ransomware-as-a-service (RaaS) variant known for its devastating impact on targeted systems and widespread distribution. It poses a significant threat to cybersecurity, encrypting files on infected systems and demanding ransom payments from victims in exchange for decryption keys. [Cybersight]. MGM- Reference guest stays Jan1,25.", "modified": "2026-05-14T02:18:30.475000", "created": "2026-05-13T04:27:13.098000", "tags": [ "file info", "score", "botnet", "file report", "tags", "win32 exe", "pe32", "intel", "ms windows", "win32 dynamic", "link library", "win16 ne", "icons library", "os2 executable", "pe32 compiler", "resolved ips", "unix", "blowfish", "sha1", "django", "pbkdf2sha256", "joomla", "wordpress", "ciscoios", "sha512", "ntlm", "win32", "expl", "antiyavl trojan", "ransom", "arctic wolf", "unsafe avast", "avira", "microsoft edge", "engine memory", "chakracore", "cve id", "cve20188541", "cve20188542", "cve20188551", "cve20188555", "cve20188556", "cve20188557", "share", "script md5", "share share" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 72, "FileHash-SHA256": 142, "URL": 217, "domain": 283, "hostname": 468, "FileHash-SHA1": 38, "Mutex": 1, "IPv4": 310, "CVE": 8, "IPv6": 4, "email": 2 }, "indicator_count": 1545, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a03fda242b90bf795becbec", "name": "REvil, Sodinokibi & Prophet Chakras", "description": "REvil / Sodinokibi and CVE-2018-8543 which affects remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. [NIST] Sodinokibi, also known as REvil, is a sophisticated ransomware-as-a-service (RaaS) variant known for its devastating impact on targeted systems and widespread distribution. It poses a significant threat to cybersecurity, encrypting files on infected systems and demanding ransom payments from victims in exchange for decryption keys. [Cybersight]. MGM- Reference guest stays Jan1,25.", "modified": "2026-05-14T02:18:02.327000", "created": "2026-05-13T04:27:14.063000", "tags": [ "file info", "score", "botnet", "file report", "tags", "win32 exe", "pe32", "intel", "ms windows", "win32 dynamic", "link library", "win16 ne", "icons library", "os2 executable", "pe32 compiler", "resolved ips", "unix", "blowfish", "sha1", "django", "pbkdf2sha256", "joomla", "wordpress", "ciscoios", "sha512", "ntlm", "win32", "expl", "antiyavl trojan", "ransom", "arctic wolf", "unsafe avast", "avira", "microsoft edge", "engine memory", "chakracore", "cve id", "cve20188541", "cve20188542", "cve20188551", "cve20188555", "cve20188556", "cve20188557", "share", "script md5", "share share" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA256": 125, "URL": 137, "domain": 434, "hostname": 200, "FileHash-SHA1": 23, "Mutex": 1, "IPv4": 235, "CVE": 9, "email": 4, "IPv6": 3 }, "indicator_count": 1187, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a03fda0034d0da956e10d35", "name": "REvil, Sodinokibi & Prophet Chakras", "description": "REvil / Sodinokibi and CVE-2018-8543 which affects remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. [NIST] Sodinokibi, also known as REvil, is a sophisticated ransomware-as-a-service (RaaS) variant known for its devastating impact on targeted systems and widespread distribution. It poses a significant threat to cybersecurity, encrypting files on infected systems and demanding ransom payments from victims in exchange for decryption keys. [Cybersight]. MGM- Reference guest stays Jan1,25.", "modified": "2026-05-13T07:11:11.647000", "created": "2026-05-13T04:27:12.240000", "tags": [ "file info", "score", "botnet", "file report", "tags", "win32 exe", "pe32", "intel", "ms windows", "win32 dynamic", "link library", "win16 ne", "icons library", "os2 executable", "pe32 compiler", "resolved ips", "unix", "blowfish", "sha1", "django", "pbkdf2sha256", "joomla", "wordpress", "ciscoios", "sha512", "ntlm", "win32", "expl", "antiyavl trojan", "ransom", "arctic wolf", "unsafe avast", "avira", "microsoft edge", "engine memory", "chakracore", "cve id", "cve20188541", "cve20188542", "cve20188551", "cve20188555", "cve20188556", "cve20188557", "share", "script md5", "share share" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 14, "FileHash-SHA256": 7, "URL": 31, "domain": 224, "hostname": 13, "FileHash-SHA1": 7, "Mutex": 1, "IPv4": 207, "CVE": 8 }, "indicator_count": 512, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a03f318b2e654e26402adaa", "name": "\" New Sample of REvil Ransomware - REvil Returned?\" by SteamMiningEx", "description": "", "modified": "2026-05-13T05:26:35.084000", "created": "2026-05-13T03:42:16.083000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65708d5530ef54f76f70777b", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 802, "FileHash-MD5": 209, "FileHash-SHA1": 198, "domain": 517, "hostname": 8, "URL": 2 }, "indicator_count": 1736, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 3181 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/infra-telemetry.com", "whois": "http://whois.domaintools.com/infra-telemetry.com", "domain": "infra-telemetry.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "6a03fda1f49694a8a727a708", "name": "REvil, Sodinokibi & Prophet Chakras", "description": "REvil / Sodinokibi and CVE-2018-8543 which affects remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. [NIST] Sodinokibi, also known as REvil, is a sophisticated ransomware-as-a-service (RaaS) variant known for its devastating impact on targeted systems and widespread distribution. It poses a significant threat to cybersecurity, encrypting files on infected systems and demanding ransom payments from victims in exchange for decryption keys. [Cybersight]. MGM- Reference guest stays Jan1,25.", "modified": "2026-05-14T02:18:30.475000", "created": "2026-05-13T04:27:13.098000", "tags": [ "file info", "score", "botnet", "file report", "tags", "win32 exe", "pe32", "intel", "ms windows", "win32 dynamic", "link library", "win16 ne", "icons library", "os2 executable", "pe32 compiler", "resolved ips", "unix", "blowfish", "sha1", "django", "pbkdf2sha256", "joomla", "wordpress", "ciscoios", "sha512", "ntlm", "win32", "expl", "antiyavl trojan", "ransom", "arctic wolf", "unsafe avast", "avira", "microsoft edge", "engine memory", "chakracore", "cve id", "cve20188541", "cve20188542", "cve20188551", "cve20188555", "cve20188556", "cve20188557", "share", "script md5", "share share" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 72, "FileHash-SHA256": 142, "URL": 217, "domain": 283, "hostname": 468, "FileHash-SHA1": 38, "Mutex": 1, "IPv4": 310, "CVE": 8, "IPv6": 4, "email": 2 }, "indicator_count": 1545, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a03fda242b90bf795becbec", "name": "REvil, Sodinokibi & Prophet Chakras", "description": "REvil / Sodinokibi and CVE-2018-8543 which affects remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. [NIST] Sodinokibi, also known as REvil, is a sophisticated ransomware-as-a-service (RaaS) variant known for its devastating impact on targeted systems and widespread distribution. It poses a significant threat to cybersecurity, encrypting files on infected systems and demanding ransom payments from victims in exchange for decryption keys. [Cybersight]. MGM- Reference guest stays Jan1,25.", "modified": "2026-05-14T02:18:02.327000", "created": "2026-05-13T04:27:14.063000", "tags": [ "file info", "score", "botnet", "file report", "tags", "win32 exe", "pe32", "intel", "ms windows", "win32 dynamic", "link library", "win16 ne", "icons library", "os2 executable", "pe32 compiler", "resolved ips", "unix", "blowfish", "sha1", "django", "pbkdf2sha256", "joomla", "wordpress", "ciscoios", "sha512", "ntlm", "win32", "expl", "antiyavl trojan", "ransom", "arctic wolf", "unsafe avast", "avira", "microsoft edge", "engine memory", "chakracore", "cve id", "cve20188541", "cve20188542", "cve20188551", "cve20188555", "cve20188556", "cve20188557", "share", "script md5", "share share" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA256": 125, "URL": 137, "domain": 434, "hostname": 200, "FileHash-SHA1": 23, "Mutex": 1, "IPv4": 235, "CVE": 9, "email": 4, "IPv6": 3 }, "indicator_count": 1187, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a03fda0034d0da956e10d35", "name": "REvil, Sodinokibi & Prophet Chakras", "description": "REvil / Sodinokibi and CVE-2018-8543 which affects remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. [NIST] Sodinokibi, also known as REvil, is a sophisticated ransomware-as-a-service (RaaS) variant known for its devastating impact on targeted systems and widespread distribution. It poses a significant threat to cybersecurity, encrypting files on infected systems and demanding ransom payments from victims in exchange for decryption keys. [Cybersight]. MGM- Reference guest stays Jan1,25.", "modified": "2026-05-13T07:11:11.647000", "created": "2026-05-13T04:27:12.240000", "tags": [ "file info", "score", "botnet", "file report", "tags", "win32 exe", "pe32", "intel", "ms windows", "win32 dynamic", "link library", "win16 ne", "icons library", "os2 executable", "pe32 compiler", "resolved ips", "unix", "blowfish", "sha1", "django", "pbkdf2sha256", "joomla", "wordpress", "ciscoios", "sha512", "ntlm", "win32", "expl", "antiyavl trojan", "ransom", "arctic wolf", "unsafe avast", "avira", "microsoft edge", "engine memory", "chakracore", "cve id", "cve20188541", "cve20188542", "cve20188551", "cve20188555", "cve20188556", "cve20188557", "share", "script md5", "share share" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 14, "FileHash-SHA256": 7, "URL": 31, "domain": 224, "hostname": 13, "FileHash-SHA1": 7, "Mutex": 1, "IPv4": 207, "CVE": 8 }, "indicator_count": 512, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a03f318b2e654e26402adaa", "name": "\" New Sample of REvil Ransomware - REvil Returned?\" by SteamMiningEx", "description": "", "modified": "2026-05-13T05:26:35.084000", "created": "2026-05-13T03:42:16.083000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65708d5530ef54f76f70777b", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 802, "FileHash-MD5": 209, "FileHash-SHA1": 198, "domain": 517, "hostname": 8, "URL": 2 }, "indicator_count": 1736, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://infra-telemetry.com/api/checkina", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://infra-telemetry.com/api/checkina", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780233980.9556649 }