{ "type": "URL", "indicator": "https://link.seat.ch", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://link.seat.ch", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3399417434, "indicator": "https://link.seat.ch", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 11, "pulses": [ { "id": "65a0194269f81650babf9b6c", "name": "Raspberry Robin | Hijacker | link: voyour-cams.xww.de | Monitoring", "description": "Raspberry Robin aka Worm.RaspberyRobin started out as an annoying, yet relatively low-profile threat that was often installed via USB drive.\nTo be able to act as a backdoor, malware needs to be active or you need to be able to trigger it remotely. Raspberry Robin gains persistence by adding itself to the RunOnce key in the CurrentUser registry hive of the user who executed the initial malware.\n\nBy using command-and-control (C2) servers hosted on Tor nodes the Raspberry Robin implant can be used to distribute other malware.", "modified": "2024-02-10T15:03:45.065000", "created": "2024-01-11T16:37:22.751000", "tags": [ "ssl certificate", "whois record", "contacted", "threat roundup", "historical ssl", "december", "october", "august", "referrer", "execution", "raspberry robin", "ghost rat", "service", "dtrack", "download", "malware", "hijacker", "monitoring", "installer", "masquerading", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "nginx", "parked domain", "parking crew", "malware hosting", "dga parking", "msie", "cmd", "worm", "dga malvertizing" ], "references": [ "voyour-cams.xww.de", "https://otx.alienvault.com/malware/Worm:Win32%2FBenjamin/samples", "https://www.malwarebytes.com/blog/news/2022/10/raspberry-robin-worm-used-as-ransomware-prelude" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "LokiBot", "display_name": "LokiBot", "target": null }, { "id": "Ghost RAT", "display_name": "Ghost RAT", "target": null }, { "id": "Worm:Win32/Benjamin", "display_name": "Worm:Win32/Benjamin", "target": "/malware/Worm:Win32/Benjamin" }, { "id": "Raspberry Robin", "display_name": "Raspberry Robin", "target": null }, { "id": "Roshtyak", "display_name": "Roshtyak", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1052.001", "name": "Exfiltration over USB", "display_name": "T1052.001 - Exfiltration over USB" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1415", "name": "URL Scheme Hijacking", "display_name": "T1415 - URL Scheme Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 81, "FileHash-SHA1": 83, "FileHash-SHA256": 3484, "URL": 7778, "domain": 2468, "hostname": 2348, "email": 2, "CVE": 1 }, "indicator_count": 16245, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "799 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62c231f263ca042121a81827", "name": "oracle is shocking", "description": "", "modified": "2022-08-03T00:05:10.569000", "created": "2022-07-04T00:18:58.267000", "tags": [ "span", "section", "button", "tbody", "script", "path", "java", "archive", "download", "cc02v0", "meta", "installer", "date", "iframe", "contact", "form", "service", "critical", "close", "alpha", "false", "click", "main", "energy", "life", "media", "write", "back", "widget", "tools", "protect", "april", "python", "ukraine", "indonesia", "middle", "facebook", "twitter" ], "references": [ "oracle com downl # java.pdf", "www.oracle.com - urlscan.io.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 956, "FileHash-SHA256": 237, "hostname": 197, "domain": 59, "FileHash-MD5": 2 }, "indicator_count": 1451, "is_author": false, "is_subscribing": null, "subscriber_count": 391, "modified_text": "1355 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62951232023c3cdc0a0f7a1c", "name": "support.apple.com:de-de:HT204247%22", "description": "", "modified": "2022-06-29T00:00:46.963000", "created": "2022-05-30T18:51:30.784000", "tags": [], "references": [ "support.apple.com:de-de:HT204247%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 423, "hostname": 188, "domain": 33, "FileHash-SHA256": 278, "CIDR": 3, "FileHash-MD5": 4 }, "indicator_count": 929, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1390 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6261cdbea0bb54792ef9ac53", "name": "1and1.com - malware hosting and creation", "description": "Promise.com, or Promise.js, is a new type of word, and here is the full text of its first-ever translation:-a-word, a-d.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T21:33:50.899000", "tags": [ "noclickid", "error", "aborted", "xmlhttprequest", "typeof e", "cx bus", "genesys telecom", "labs", "promise", "lnull", "typeof t", "date", "typeof", "typeof define", "installtrigger", "weakset", "sfunction", "uk tv", "regexp", "custom code", "typeerror", "sufeffxa0", "typeof symbol", "azaz09", "library loaded", "page top", "path", "query string", "customevent", "afunction", "string", "pfunction", "mfunction", "dfunction", "march", "typeof o", "null", "stackframe", "object", "function", "array", "definition", "rhino", "factory", "isnumber", "plugin", "chrome pdf", "rejected", "target", "event", "started", "engaged", "trident", "internal", "parseint", "growheight", "cdata", "this", "system", "named", "invalid hex3", "invalid hex6", "uinguserid", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "copyright", "closure library", "window", "value", "image", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "please", "april", "august", "close", "february", "june", "form", "klik", "click", "next", "blank", "este", "rserver", "mais", "void", "number", "uint8array", "fnumber", "xhfunction", "yhfunction", "aw10804098076", "code", "qe", "aw428360528", "aw10816288188", "aw10814683072" ], "references": [ "xfe-URL-Ionos.de-stix2-2.1-export.json", "xfe-URL-1and1.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-10814683072&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-10816288188&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-476125975&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-428360528&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-10804098076&l=dataLayer&cx=c", "https://js-na1.hs-scripts.com/8230984.js", "https://js.hsleadflows.net/leadflows.js", "https://cdn.taboola.com/libtrc/unip/1123688/tfa.js", "https://pagead2.googlesyndication.com/pagead/js/r20220419/r20110914/elements/html/omrhp.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://amplify.outbrain.com/cp/obtp.js", "https://uir.uimserv.net/sid/", "https://apps.mypurecloud.de/journey/sdk/js/web/v1/ac.js", "https://www.ionos.com/modules/frontend-applications-common/script/components/stacktrace.js", "https://www.ionos.com/modules/hosting-common/script/privacy/bundle.js", "https://cdn.ionos.com/nk/9c2134ba72b4/6c2bd2fdffdc/launch-67fb473cc73f.min.js", "https://cdn.ionos.de/nk/9c2134ba72b4/6c2bd2fdffdc/0ced1406e60f/RC5068cb5aadbc4ec1a9aa72b8a74193e0-source.min.js", "https://unpkg.com/web-vitals@1.0.1/dist/web-vitals.umd.js", "https://apps.mypurecloud.de/widgets/9.0/cxbus.min.js", "https://tr.outbrain.com/cachedClickId?marketerId=001649abe8bf7b4d6841e1cae4cb770f72" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "UK TV", "display_name": "UK TV", "target": null }, { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null }, { "id": "Qe", "display_name": "Qe", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3592, "FileHash-SHA256": 402, "hostname": 1610, "domain": 553, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 6159, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "1429 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62520e6c1b128fdbcaa87e4e", "name": "http://15.237.136.106/b/ss/vodafonegroupitglobalprod/10/js-2.20.0", "description": "", "modified": "2022-05-09T00:00:19.127000", "created": "2022-04-09T22:53:32.810000", "tags": [ "malware", "decrypted ssl", "windows nt", "kaht", "ukraine", "april", "malicious", "february", "france unknown", "15.237.136.106", "review-fix-upload-dqpyzu.galia.development.atoptima.com", "http://15.237.136.106/b/ss/vodafonegroupitglobalprod/10/js-2.20." ], "references": [ "atoptima.fr\t2022-04-09 02:22 AS16509 AMAZON-02\t France", "15.237.136.106", "review-fix-upload-dqpyzu.galia.development.atoptima.com", "http://15.237.136.106/b/ss/vodafonegroupitglobalprod/10/js-2.20.0", "https://hybrid-analysis.com/sample/72aa25a6ea57d8ba7d41308adc5d3df7a487ae6c31171349d17c27f6732fb065/625202f6c0b9240c5f6a7b92" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 334, "hostname": 177, "domain": 71, "FileHash-SHA256": 110, "CVE": 1, "FileHash-MD5": 55, "FileHash-SHA1": 44 }, "indicator_count": 792, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1441 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6244eeaf12029c07fd9618ba", "name": "pan.baido.com btblockpage DNS Cert Invalid", "description": "", "modified": "2022-04-30T00:00:33.024000", "created": "2022-03-30T23:58:39.232000", "tags": [ "bt parental", "controls", "http", "custom", "strict", "moderate", "want", "allow access", "blockpage.bt.com" ], "references": [ "http://blockpage.bt.com/pcstaticpage/blocked.html?list=BT-file_sharing&policy=Z2xvYmFsLWN1c3RvbS00N2Y0NzlkYy1kNmVlLTQ3MjMtOTljMy1jODhmODk4YTJjNDQ=;&view=NDdmNDc5ZGMtZDZlZS00NzIzLTk5YzMtYzg4Zjg5OGEyYzQ0;&originalUrl=aHR0cDovL3Bhbi5iYWlkdS5jb20v", "https://iot.guaqb.cn/", "13.36.218.177 178.79.242.150 141f14d466061a3a5a21bfa9b79d83d0a77a07ce18d15e6275e8a18d4fee287c 34e43cf83226e180c1d48b3e37b6c7bdc53b7cb434f2101f259305e68a3cc3cf 3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23 380cfb1393b0df08ebab21875fed42025084f6146bf83e0c98e8739166b9c26c 3b08992554ee957c4fa7e6f2a2a743bf222c14e3b641dbd36cb7a8998741a55d 5513ad2a2b49757b8ab68fab74b22ce5f471316cbd2719022f646824dc233d72 58babe7cbada1fd8f743f1957f950f39421f08ed3c85faa3dfa96352677860ba 6eb48f0616ed8b477f838372f1cc", "blockpage.bt.com", "btcomdev.112.2o7.net", "https://urlscan.io/dom/5bac3241-6199-483a-a4db-9275971dfa81/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 70, "hostname": 80, "URL": 224, "domain": 11 }, "indicator_count": 385, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1450 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "623b76906394e513998559be", "name": "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378", "description": "", "modified": "2022-04-22T00:03:50.614000", "created": "2022-03-23T19:35:44.755000", "tags": [], "references": [ "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378- 483986&cp=em-P0021378-483986&sr=em%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 33, "URL": 490, "hostname": 185, "FileHash-SHA256": 272, "CIDR": 4, "FileHash-MD5": 5 }, "indicator_count": 989, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1458 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6231bba93e094ab9c9858a1a", "name": "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378- 483986&cp=em-P0021378-483986&sr=em%22,.pdf", "description": "", "modified": "2022-04-15T00:03:47.669000", "created": "2022-03-16T10:27:53.224000", "tags": [], "references": [ "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378- 483986&cp=em-P0021378-483986&sr=em%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 460, "hostname": 173, "domain": 32, "FileHash-SHA256": 272, "CIDR": 4, "FileHash-MD5": 5 }, "indicator_count": 946, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6230ebb26359ef4f35fedd97", "name": "apple.com:filenotfound.", "description": "", "modified": "2022-04-14T00:01:40.805000", "created": "2022-03-15T19:40:34.162000", "tags": [], "references": [ "apple.com:filenotfound.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 456, "hostname": 135, "domain": 39, "FileHash-SHA256": 243, "CIDR": 3, "FileHash-MD5": 4 }, "indicator_count": 880, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1466 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6230ec9610f6a041174a9c9b", "name": "apple.com:legal:internet-services:itunes:%22", "description": "", "modified": "2022-04-14T00:01:40.805000", "created": "2022-03-15T19:44:22.754000", "tags": [], "references": [ "apple.com:legal:internet-services:itunes:%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 353, "hostname": 121, "domain": 25, "FileHash-SHA256": 205, "CIDR": 1, "FileHash-MD5": 3 }, "indicator_count": 708, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1466 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6230eddd25692f0fc9d5dad8", "name": "support.apple.com:en-us:HT211204%22", "description": "", "modified": "2022-04-14T00:01:40.805000", "created": "2022-03-15T19:49:49.667000", "tags": [], "references": [ "support.apple.com:en-us:HT211204%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 401, "hostname": 134, "domain": 32, "FileHash-SHA256": 235, "CIDR": 4, "FileHash-MD5": 3 }, "indicator_count": 809, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1466 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://amplify.outbrain.com/cp/obtp.js", "btcomdev.112.2o7.net", "https://www.googletagmanager.com/gtag/js?id=AW-476125975&l=dataLayer&cx=c", "https://cdn.ionos.com/nk/9c2134ba72b4/6c2bd2fdffdc/launch-67fb473cc73f.min.js", "http://blockpage.bt.com/pcstaticpage/blocked.html?list=BT-file_sharing&policy=Z2xvYmFsLWN1c3RvbS00N2Y0NzlkYy1kNmVlLTQ3MjMtOTljMy1jODhmODk4YTJjNDQ=;&view=NDdmNDc5ZGMtZDZlZS00NzIzLTk5YzMtYzg4Zjg5OGEyYzQ0;&originalUrl=aHR0cDovL3Bhbi5iYWlkdS5jb20v", "15.237.136.106", "https://www.googletagmanager.com/gtag/js?id=AW-10804098076&l=dataLayer&cx=c", "https://tr.outbrain.com/cachedClickId?marketerId=001649abe8bf7b4d6841e1cae4cb770f72", "review-fix-upload-dqpyzu.galia.development.atoptima.com", "blockpage.bt.com", "support.apple.com:en-us:HT211204%22,.pdf", "13.36.218.177 178.79.242.150 141f14d466061a3a5a21bfa9b79d83d0a77a07ce18d15e6275e8a18d4fee287c 34e43cf83226e180c1d48b3e37b6c7bdc53b7cb434f2101f259305e68a3cc3cf 3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23 380cfb1393b0df08ebab21875fed42025084f6146bf83e0c98e8739166b9c26c 3b08992554ee957c4fa7e6f2a2a743bf222c14e3b641dbd36cb7a8998741a55d 5513ad2a2b49757b8ab68fab74b22ce5f471316cbd2719022f646824dc233d72 58babe7cbada1fd8f743f1957f950f39421f08ed3c85faa3dfa96352677860ba 6eb48f0616ed8b477f838372f1cc", "https://uir.uimserv.net/sid/", "http://15.237.136.106/b/ss/vodafonegroupitglobalprod/10/js-2.20.0", "www.oracle.com - urlscan.io.pdf", "https://www.googletagmanager.com/gtag/js?id=AW-428360528&l=dataLayer&cx=c", "https://urlscan.io/dom/5bac3241-6199-483a-a4db-9275971dfa81/", "apple.com:legal:internet-services:itunes:%22,.pdf", "https://iot.guaqb.cn/", "voyour-cams.xww.de", "https://js-na1.hs-scripts.com/8230984.js", "https://www.malwarebytes.com/blog/news/2022/10/raspberry-robin-worm-used-as-ransomware-prelude", "https://unpkg.com/web-vitals@1.0.1/dist/web-vitals.umd.js", "oracle com downl # java.pdf", "https://pagead2.googlesyndication.com/pagead/js/r20220419/r20110914/elements/html/omrhp.js", "xfe-URL-1and1.com-stix2-2.1-export.json", "apple.com:filenotfound.pdf", "https://www.ionos.com/modules/hosting-common/script/privacy/bundle.js", "support.apple.com:de-de:HT204247%22,.pdf", "https://js.hsleadflows.net/leadflows.js", "https://hybrid-analysis.com/sample/72aa25a6ea57d8ba7d41308adc5d3df7a487ae6c31171349d17c27f6732fb065/625202f6c0b9240c5f6a7b92", "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378- 483986&cp=em-P0021378-483986&sr=em%22,.pdf", "atoptima.fr\t2022-04-09 02:22 AS16509 AMAZON-02\t France", "https://www.ionos.com/modules/frontend-applications-common/script/components/stacktrace.js", "https://apps.mypurecloud.de/widgets/9.0/cxbus.min.js", "https://cdn.taboola.com/libtrc/unip/1123688/tfa.js", "https://apps.mypurecloud.de/journey/sdk/js/web/v1/ac.js", "xfe-URL-Ionos.de-stix2-2.1-export.json", "https://cdn.ionos.de/nk/9c2134ba72b4/6c2bd2fdffdc/0ced1406e60f/RC5068cb5aadbc4ec1a9aa72b8a74193e0-source.min.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.googletagmanager.com/gtag/js?id=AW-10816288188&l=dataLayer&cx=c", "https://otx.alienvault.com/malware/Worm:Win32%2FBenjamin/samples", "https://www.googletagmanager.com/gtag/js?id=AW-10814683072&l=dataLayer&cx=c" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Anda", "Lokibot", "Vasaris", "Rabu", "Vui", "Srpanj", "Ghost rat", "Raspberry robin", "Qe", "Outubro", "Roshtyak", "Worm:win32/benjamin", "Uk tv", "Trackingclient", "Tente" ], "industries": [ "Technology" ], "unique_indicators": 26633 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/seat.ch", "whois": "http://whois.domaintools.com/seat.ch", "domain": "seat.ch", "hostname": "link.seat.ch" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 11, "pulses": [ { "id": "65a0194269f81650babf9b6c", "name": "Raspberry Robin | Hijacker | link: voyour-cams.xww.de | Monitoring", "description": "Raspberry Robin aka Worm.RaspberyRobin started out as an annoying, yet relatively low-profile threat that was often installed via USB drive.\nTo be able to act as a backdoor, malware needs to be active or you need to be able to trigger it remotely. Raspberry Robin gains persistence by adding itself to the RunOnce key in the CurrentUser registry hive of the user who executed the initial malware.\n\nBy using command-and-control (C2) servers hosted on Tor nodes the Raspberry Robin implant can be used to distribute other malware.", "modified": "2024-02-10T15:03:45.065000", "created": "2024-01-11T16:37:22.751000", "tags": [ "ssl certificate", "whois record", "contacted", "threat roundup", "historical ssl", "december", "october", "august", "referrer", "execution", "raspberry robin", "ghost rat", "service", "dtrack", "download", "malware", "hijacker", "monitoring", "installer", "masquerading", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "nginx", "parked domain", "parking crew", "malware hosting", "dga parking", "msie", "cmd", "worm", "dga malvertizing" ], "references": [ "voyour-cams.xww.de", "https://otx.alienvault.com/malware/Worm:Win32%2FBenjamin/samples", "https://www.malwarebytes.com/blog/news/2022/10/raspberry-robin-worm-used-as-ransomware-prelude" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "LokiBot", "display_name": "LokiBot", "target": null }, { "id": "Ghost RAT", "display_name": "Ghost RAT", "target": null }, { "id": "Worm:Win32/Benjamin", "display_name": "Worm:Win32/Benjamin", "target": "/malware/Worm:Win32/Benjamin" }, { "id": "Raspberry Robin", "display_name": "Raspberry Robin", "target": null }, { "id": "Roshtyak", "display_name": "Roshtyak", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1052.001", "name": "Exfiltration over USB", "display_name": "T1052.001 - Exfiltration over USB" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1415", "name": "URL Scheme Hijacking", "display_name": "T1415 - URL Scheme Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 81, "FileHash-SHA1": 83, "FileHash-SHA256": 3484, "URL": 7778, "domain": 2468, "hostname": 2348, "email": 2, "CVE": 1 }, "indicator_count": 16245, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "799 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62c231f263ca042121a81827", "name": "oracle is shocking", "description": "", "modified": "2022-08-03T00:05:10.569000", "created": "2022-07-04T00:18:58.267000", "tags": [ "span", "section", "button", "tbody", "script", "path", "java", "archive", "download", "cc02v0", "meta", "installer", "date", "iframe", "contact", "form", "service", "critical", "close", "alpha", "false", "click", "main", "energy", "life", "media", "write", "back", "widget", "tools", "protect", "april", "python", "ukraine", "indonesia", "middle", "facebook", "twitter" ], "references": [ "oracle com downl # java.pdf", "www.oracle.com - urlscan.io.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 956, "FileHash-SHA256": 237, "hostname": 197, "domain": 59, "FileHash-MD5": 2 }, "indicator_count": 1451, "is_author": false, "is_subscribing": null, "subscriber_count": 391, "modified_text": "1355 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62951232023c3cdc0a0f7a1c", "name": "support.apple.com:de-de:HT204247%22", "description": "", "modified": "2022-06-29T00:00:46.963000", "created": "2022-05-30T18:51:30.784000", "tags": [], "references": [ "support.apple.com:de-de:HT204247%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 423, "hostname": 188, "domain": 33, "FileHash-SHA256": 278, "CIDR": 3, "FileHash-MD5": 4 }, "indicator_count": 929, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1390 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6261cdbea0bb54792ef9ac53", "name": "1and1.com - malware hosting and creation", "description": "Promise.com, or Promise.js, is a new type of word, and here is the full text of its first-ever translation:-a-word, a-d.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T21:33:50.899000", "tags": [ "noclickid", "error", "aborted", "xmlhttprequest", "typeof e", "cx bus", "genesys telecom", "labs", "promise", "lnull", "typeof t", "date", "typeof", "typeof define", "installtrigger", "weakset", "sfunction", "uk tv", "regexp", "custom code", "typeerror", "sufeffxa0", "typeof symbol", "azaz09", "library loaded", "page top", "path", "query string", "customevent", "afunction", "string", "pfunction", "mfunction", "dfunction", "march", "typeof o", "null", "stackframe", "object", "function", "array", "definition", "rhino", "factory", "isnumber", "plugin", "chrome pdf", "rejected", "target", "event", "started", "engaged", "trident", "internal", "parseint", "growheight", "cdata", "this", "system", "named", "invalid hex3", "invalid hex6", "uinguserid", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "copyright", "closure library", "window", "value", "image", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "please", "april", "august", "close", "february", "june", "form", "klik", "click", "next", "blank", "este", "rserver", "mais", "void", "number", "uint8array", "fnumber", "xhfunction", "yhfunction", "aw10804098076", "code", "qe", "aw428360528", "aw10816288188", "aw10814683072" ], "references": [ "xfe-URL-Ionos.de-stix2-2.1-export.json", "xfe-URL-1and1.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-10814683072&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-10816288188&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-476125975&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-428360528&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-10804098076&l=dataLayer&cx=c", "https://js-na1.hs-scripts.com/8230984.js", "https://js.hsleadflows.net/leadflows.js", "https://cdn.taboola.com/libtrc/unip/1123688/tfa.js", "https://pagead2.googlesyndication.com/pagead/js/r20220419/r20110914/elements/html/omrhp.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://amplify.outbrain.com/cp/obtp.js", "https://uir.uimserv.net/sid/", "https://apps.mypurecloud.de/journey/sdk/js/web/v1/ac.js", "https://www.ionos.com/modules/frontend-applications-common/script/components/stacktrace.js", "https://www.ionos.com/modules/hosting-common/script/privacy/bundle.js", "https://cdn.ionos.com/nk/9c2134ba72b4/6c2bd2fdffdc/launch-67fb473cc73f.min.js", "https://cdn.ionos.de/nk/9c2134ba72b4/6c2bd2fdffdc/0ced1406e60f/RC5068cb5aadbc4ec1a9aa72b8a74193e0-source.min.js", "https://unpkg.com/web-vitals@1.0.1/dist/web-vitals.umd.js", "https://apps.mypurecloud.de/widgets/9.0/cxbus.min.js", "https://tr.outbrain.com/cachedClickId?marketerId=001649abe8bf7b4d6841e1cae4cb770f72" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "UK TV", "display_name": "UK TV", "target": null }, { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null }, { "id": "Qe", "display_name": "Qe", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3592, "FileHash-SHA256": 402, "hostname": 1610, "domain": 553, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 6159, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "1429 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62520e6c1b128fdbcaa87e4e", "name": "http://15.237.136.106/b/ss/vodafonegroupitglobalprod/10/js-2.20.0", "description": "", "modified": "2022-05-09T00:00:19.127000", "created": "2022-04-09T22:53:32.810000", "tags": [ "malware", "decrypted ssl", "windows nt", "kaht", "ukraine", "april", "malicious", "february", "france unknown", "15.237.136.106", "review-fix-upload-dqpyzu.galia.development.atoptima.com", "http://15.237.136.106/b/ss/vodafonegroupitglobalprod/10/js-2.20." ], "references": [ "atoptima.fr\t2022-04-09 02:22 AS16509 AMAZON-02\t France", "15.237.136.106", "review-fix-upload-dqpyzu.galia.development.atoptima.com", "http://15.237.136.106/b/ss/vodafonegroupitglobalprod/10/js-2.20.0", "https://hybrid-analysis.com/sample/72aa25a6ea57d8ba7d41308adc5d3df7a487ae6c31171349d17c27f6732fb065/625202f6c0b9240c5f6a7b92" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 334, "hostname": 177, "domain": 71, "FileHash-SHA256": 110, "CVE": 1, "FileHash-MD5": 55, "FileHash-SHA1": 44 }, "indicator_count": 792, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1441 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6244eeaf12029c07fd9618ba", "name": "pan.baido.com btblockpage DNS Cert Invalid", "description": "", "modified": "2022-04-30T00:00:33.024000", "created": "2022-03-30T23:58:39.232000", "tags": [ "bt parental", "controls", "http", "custom", "strict", "moderate", "want", "allow access", "blockpage.bt.com" ], "references": [ "http://blockpage.bt.com/pcstaticpage/blocked.html?list=BT-file_sharing&policy=Z2xvYmFsLWN1c3RvbS00N2Y0NzlkYy1kNmVlLTQ3MjMtOTljMy1jODhmODk4YTJjNDQ=;&view=NDdmNDc5ZGMtZDZlZS00NzIzLTk5YzMtYzg4Zjg5OGEyYzQ0;&originalUrl=aHR0cDovL3Bhbi5iYWlkdS5jb20v", "https://iot.guaqb.cn/", "13.36.218.177 178.79.242.150 141f14d466061a3a5a21bfa9b79d83d0a77a07ce18d15e6275e8a18d4fee287c 34e43cf83226e180c1d48b3e37b6c7bdc53b7cb434f2101f259305e68a3cc3cf 3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23 380cfb1393b0df08ebab21875fed42025084f6146bf83e0c98e8739166b9c26c 3b08992554ee957c4fa7e6f2a2a743bf222c14e3b641dbd36cb7a8998741a55d 5513ad2a2b49757b8ab68fab74b22ce5f471316cbd2719022f646824dc233d72 58babe7cbada1fd8f743f1957f950f39421f08ed3c85faa3dfa96352677860ba 6eb48f0616ed8b477f838372f1cc", "blockpage.bt.com", "btcomdev.112.2o7.net", "https://urlscan.io/dom/5bac3241-6199-483a-a4db-9275971dfa81/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 70, "hostname": 80, "URL": 224, "domain": 11 }, "indicator_count": 385, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1450 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "623b76906394e513998559be", "name": "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378", "description": "", "modified": "2022-04-22T00:03:50.614000", "created": "2022-03-23T19:35:44.755000", "tags": [], "references": [ "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378- 483986&cp=em-P0021378-483986&sr=em%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 33, "URL": 490, "hostname": 185, "FileHash-SHA256": 272, "CIDR": 4, "FileHash-MD5": 5 }, "indicator_count": 989, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1458 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6231bba93e094ab9c9858a1a", "name": "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378- 483986&cp=em-P0021378-483986&sr=em%22,.pdf", "description": "", "modified": "2022-04-15T00:03:47.669000", "created": "2022-03-16T10:27:53.224000", "tags": [], "references": [ "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378- 483986&cp=em-P0021378-483986&sr=em%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 460, "hostname": 173, "domain": 32, "FileHash-SHA256": 272, "CIDR": 4, "FileHash-MD5": 5 }, "indicator_count": 946, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6230ebb26359ef4f35fedd97", "name": "apple.com:filenotfound.", "description": "", "modified": "2022-04-14T00:01:40.805000", "created": "2022-03-15T19:40:34.162000", "tags": [], "references": [ "apple.com:filenotfound.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 456, "hostname": 135, "domain": 39, "FileHash-SHA256": 243, "CIDR": 3, "FileHash-MD5": 4 }, "indicator_count": 880, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1466 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6230ec9610f6a041174a9c9b", "name": "apple.com:legal:internet-services:itunes:%22", "description": "", "modified": "2022-04-14T00:01:40.805000", "created": "2022-03-15T19:44:22.754000", "tags": [], "references": [ "apple.com:legal:internet-services:itunes:%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 353, "hostname": 121, "domain": 25, "FileHash-SHA256": 205, "CIDR": 1, "FileHash-MD5": 3 }, "indicator_count": 708, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1466 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://link.seat.ch", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://link.seat.ch", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776642287.6091604 }