{ "type": "URL", "indicator": "https://join.applenews.apple/altcustomera/phpfiles", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://join.applenews.apple/altcustomera/phpfiles", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2834599243, "indicator": "https://join.applenews.apple/altcustomera/phpfiles", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "65709662f923e4766f55eb43", "name": "aka.ms bullshit $M signing Apple malware this is such crap whats up with peeps ICMP google DNS also NOT false positives you jerks", "description": "", "modified": "2023-12-06T15:42:26.949000", "created": "2023-12-06T15:42:26.949000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 319, "hostname": 125, "domain": 53, "URL": 318, "FileHash-SHA1": 17, "FileHash-MD5": 16 }, "indicator_count": 848, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63f171a71657c53b68a4d151", "name": "http://www.itunes.codes", "description": "The Falcon Sandbox malware analysis service is available to download, use and view all the data on the Falcon website, including the full list of features. \u00c2\u00a31.5m.", "modified": "2023-03-21T00:02:57.765000", "created": "2023-02-19T00:47:35.996000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "hash seen", "size", "runtime process", "sha256", "sha1", "temp", "entropy", "win64", "date", "accept", "hybrid", "close", "click", "hosts", "code", "ransomware", "february", "general", "strings", "format", "suspicious", "http://www.itunes.codes", "www.itunes.codes" ], "references": [ "https://hybrid-analysis.com/sample/2faedf856461cfde822d1df8ee565a98772475ddeac87e1ef117d06172a93b0c/63f0c9668d06c2130e052cc2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 181, "hostname": 54, "domain": 62, "FileHash-SHA256": 58, "email": 4, "FileHash-MD5": 55, "FileHash-SHA1": 53 }, "indicator_count": 467, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1167 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63dbc92dd6dd6d29e1a637a7", "name": "192.99.158.243:80 (appie.com)", "description": "[object Object", "modified": "2023-03-04T14:02:04.452000", "created": "2023-02-02T14:31:09.039000", "tags": [ "malware", "trojan", "apt", "runtime data", "ansi", "unicode", "localappdata", "hash seen", "runtime process", "temp", "sha256", "sha1", "win64", "entropy", "suspicious", "ransomware", "general", "date", "mozilla", "accept", "strings", "malicious", "windows nt", "khtml", "gecko", "request url", "format details", "request get", "host", "raw hex", "c4 e7", "c0 a8", "f3 c2", "get favic" ], "references": [ "I first found this like 3 or 4 years ago cant belive its still a thing - appie.com/favicon.ico - change the i to a capital I", "Here is the full text of the request for the image of Favicon, which was sent to the appie.com website by the US government in 2008.. and the subject:.", "https://hybrid-analysis.com/sample/29e0152b350f004f7dfe6f2188d014aab87a723b9c4b613c579f6add610242b8/63bcd2c7dc34a339c406a344" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 156, "hostname": 44, "domain": 29, "FileHash-SHA256": 65, "FileHash-MD5": 52, "FileHash-SHA1": 51 }, "indicator_count": 397, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63d3dc34e0eb41b05f27cdc7", "name": "aka.ms bullshit $M signing Apple malware this is such crap whats up with peeps ICMP google DNS also NOT false positives you jerks", "description": "", "modified": "2023-02-26T14:01:12.597000", "created": "2023-01-27T14:14:12.143000", "tags": [ "https://aka.ms/vs/17/release/vc_redist.x64.exe", "ICMP" ], "references": [ "g60f0f458e32745ffae98173760f0a7530a51e1b2e79a47cb9dbc3411347099be.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 318, "hostname": 125, "FileHash-SHA256": 319, "domain": 53, "FileHash-SHA1": 17, "FileHash-MD5": 16 }, "indicator_count": 848, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1190 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/29e0152b350f004f7dfe6f2188d014aab87a723b9c4b613c579f6add610242b8/63bcd2c7dc34a339c406a344", "g60f0f458e32745ffae98173760f0a7530a51e1b2e79a47cb9dbc3411347099be.json", "I first found this like 3 or 4 years ago cant belive its still a thing - appie.com/favicon.ico - change the i to a capital I", "Here is the full text of the request for the image of Favicon, which was sent to the appie.com website by the US government in 2008.. and the subject:.", "https://hybrid-analysis.com/sample/2faedf856461cfde822d1df8ee565a98772475ddeac87e1ef117d06172a93b0c/63f0c9668d06c2130e052cc2" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 1641 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/applenews.apple", "whois": "http://whois.domaintools.com/applenews.apple", "domain": "applenews.apple", "hostname": "join.applenews.apple" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "65709662f923e4766f55eb43", "name": "aka.ms bullshit $M signing Apple malware this is such crap whats up with peeps ICMP google DNS also NOT false positives you jerks", "description": "", "modified": "2023-12-06T15:42:26.949000", "created": "2023-12-06T15:42:26.949000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 319, "hostname": 125, "domain": 53, "URL": 318, "FileHash-SHA1": 17, "FileHash-MD5": 16 }, "indicator_count": 848, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63f171a71657c53b68a4d151", "name": "http://www.itunes.codes", "description": "The Falcon Sandbox malware analysis service is available to download, use and view all the data on the Falcon website, including the full list of features. \u00c2\u00a31.5m.", "modified": "2023-03-21T00:02:57.765000", "created": "2023-02-19T00:47:35.996000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "hash seen", "size", "runtime process", "sha256", "sha1", "temp", "entropy", "win64", "date", "accept", "hybrid", "close", "click", "hosts", "code", "ransomware", "february", "general", "strings", "format", "suspicious", "http://www.itunes.codes", "www.itunes.codes" ], "references": [ "https://hybrid-analysis.com/sample/2faedf856461cfde822d1df8ee565a98772475ddeac87e1ef117d06172a93b0c/63f0c9668d06c2130e052cc2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 181, "hostname": 54, "domain": 62, "FileHash-SHA256": 58, "email": 4, "FileHash-MD5": 55, "FileHash-SHA1": 53 }, "indicator_count": 467, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1167 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63dbc92dd6dd6d29e1a637a7", "name": "192.99.158.243:80 (appie.com)", "description": "[object Object", "modified": "2023-03-04T14:02:04.452000", "created": "2023-02-02T14:31:09.039000", "tags": [ "malware", "trojan", "apt", "runtime data", "ansi", "unicode", "localappdata", "hash seen", "runtime process", "temp", "sha256", "sha1", "win64", "entropy", "suspicious", "ransomware", "general", "date", "mozilla", "accept", "strings", "malicious", "windows nt", "khtml", "gecko", "request url", "format details", "request get", "host", "raw hex", "c4 e7", "c0 a8", "f3 c2", "get favic" ], "references": [ "I first found this like 3 or 4 years ago cant belive its still a thing - appie.com/favicon.ico - change the i to a capital I", "Here is the full text of the request for the image of Favicon, which was sent to the appie.com website by the US government in 2008.. and the subject:.", "https://hybrid-analysis.com/sample/29e0152b350f004f7dfe6f2188d014aab87a723b9c4b613c579f6add610242b8/63bcd2c7dc34a339c406a344" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 156, "hostname": 44, "domain": 29, "FileHash-SHA256": 65, "FileHash-MD5": 52, "FileHash-SHA1": 51 }, "indicator_count": 397, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63d3dc34e0eb41b05f27cdc7", "name": "aka.ms bullshit $M signing Apple malware this is such crap whats up with peeps ICMP google DNS also NOT false positives you jerks", "description": "", "modified": "2023-02-26T14:01:12.597000", "created": "2023-01-27T14:14:12.143000", "tags": [ "https://aka.ms/vs/17/release/vc_redist.x64.exe", "ICMP" ], "references": [ "g60f0f458e32745ffae98173760f0a7530a51e1b2e79a47cb9dbc3411347099be.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 318, "hostname": 125, "FileHash-SHA256": 319, "domain": 53, "FileHash-SHA1": 17, "FileHash-MD5": 16 }, "indicator_count": 848, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1190 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://join.applenews.apple/altcustomera/phpfiles", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://join.applenews.apple/altcustomera/phpfiles", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780268367.9690545 }