{ "type": "URL", "indicator": "https://moranzine.dnslive.net", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://moranzine.dnslive.net", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3397464693, "indicator": "https://moranzine.dnslive.net", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "622e45a60eb0aade25830515", "name": "habhub tracker (high altitude balloons) nasty little f.ckers live here", "description": "habhub.org/zeusbot/logs/highalritude.log.20191220", "modified": "2022-04-12T00:02:34.248000", "created": "2022-03-13T19:27:34.906000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "qaexxz", "qbenxz", "avqstring", "qaeaav0", "qmetaobject", "qbehxz", "hpapax", "abv0", "locale", "delphi", "path", "qscreen", "suspicious", "sini", "hybrid", "general", "close", "click", "strings", "write", "windows10", "compiler", "malicious", "asyncrat", "redline stealer", "emotet agent", "nanocore", "netwire y", "async nanocore", "netwire", "netwire and", "asyncrat via", "public cloud", "embed tracker", "hab project", "habhub.org/zeusbot/logs/highalritude.log.20191220" ], "references": [ "https://tracker.habhub.org/#!qm=All&q=NT6T-12", "https://tracker.habhub.org/#!qm=All&q=SQ9GOL-6", "https://tracker.habhub.org/#!qm=All&q=XX", "https://tracker.habhub.org/#!qm=All&q=K6RPT", "https://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc9c1646349961fa43bcb4049a0aaddcc3d9", "https://tracker.habhub.org/js/mobile.js = TarCA5.tmp", "https://hybrid-analysis.com/sample/2fb8f4a260441e56294bf292553427cce9baef418c021d1eb70e77f6babf813b/622e22b2de16da7c6e7fb05b" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 273, "CVE": 1, "domain": 50, "FileHash-SHA256": 743, "hostname": 104, "FileHash-MD5": 494, "FileHash-SHA1": 185, "email": 1 }, "indicator_count": 1851, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1463 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://tracker.habhub.org/#!qm=All&q=K6RPT", "https://tracker.habhub.org/#!qm=All&q=SQ9GOL-6", "https://tracker.habhub.org/#!qm=All&q=NT6T-12", "https://hybrid-analysis.com/sample/2fb8f4a260441e56294bf292553427cce9baef418c021d1eb70e77f6babf813b/622e22b2de16da7c6e7fb05b", "https://tracker.habhub.org/#!qm=All&q=XX", "https://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc9c1646349961fa43bcb4049a0aaddcc3d9", "https://tracker.habhub.org/js/mobile.js = TarCA5.tmp" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 1868 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/dnslive.net", "whois": "http://whois.domaintools.com/dnslive.net", "domain": "dnslive.net", "hostname": "moranzine.dnslive.net" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "622e45a60eb0aade25830515", "name": "habhub tracker (high altitude balloons) nasty little f.ckers live here", "description": "habhub.org/zeusbot/logs/highalritude.log.20191220", "modified": "2022-04-12T00:02:34.248000", "created": "2022-03-13T19:27:34.906000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "qaexxz", "qbenxz", "avqstring", "qaeaav0", "qmetaobject", "qbehxz", "hpapax", "abv0", "locale", "delphi", "path", "qscreen", "suspicious", "sini", "hybrid", "general", "close", "click", "strings", "write", "windows10", "compiler", "malicious", "asyncrat", "redline stealer", "emotet agent", "nanocore", "netwire y", "async nanocore", "netwire", "netwire and", "asyncrat via", "public cloud", "embed tracker", "hab project", "habhub.org/zeusbot/logs/highalritude.log.20191220" ], "references": [ "https://tracker.habhub.org/#!qm=All&q=NT6T-12", "https://tracker.habhub.org/#!qm=All&q=SQ9GOL-6", "https://tracker.habhub.org/#!qm=All&q=XX", "https://tracker.habhub.org/#!qm=All&q=K6RPT", "https://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc9c1646349961fa43bcb4049a0aaddcc3d9", "https://tracker.habhub.org/js/mobile.js = TarCA5.tmp", "https://hybrid-analysis.com/sample/2fb8f4a260441e56294bf292553427cce9baef418c021d1eb70e77f6babf813b/622e22b2de16da7c6e7fb05b" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 273, "CVE": 1, "domain": 50, "FileHash-SHA256": 743, "hostname": 104, "FileHash-MD5": 494, "FileHash-SHA1": 185, "email": 1 }, "indicator_count": 1851, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1463 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "type": "URL", "indicator": "https://moranzine.dnslive.net", "stats": { "malicious": 7, "suspicious": 0, "harmless": 58, "undetected": 29, "total": 94, "verdict": "malicious", "ratio": "7/94" }, "verdict": "malicious", "ratio": "7/94", "final_url": "https://moranzine.dnslive.net/", "title": "", "reputation": 0, "tags": [], "top_detections": [ { "vendor": "BitDefender", "result": "malware", "category": "malicious" }, { "vendor": "Fortinet", "result": "phishing", "category": "malicious" }, { "vendor": "G-Data", "result": "malware", "category": "malicious" }, { "vendor": "Lionic", "result": "malicious", "category": "malicious" }, { "vendor": "Seclookup", "result": "malicious", "category": "malicious" }, { "vendor": "Sophos", "result": "phishing", "category": "malicious" }, { "vendor": "Webroot", "result": "malicious", "category": "malicious" } ], "last_analysis": 1770365691, "error": null }, "abuseipdb": null, "urlhaus": { "indicator": "https://moranzine.dnslive.net", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776133211.4956026 }