{ "type": "URL", "indicator": "https://ns1.deabwqlm.ru", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://ns1.deabwqlm.ru", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3383296076, "indicator": "https://ns1.deabwqlm.ru", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "69d4db11500ea6dcbc2afd10", "name": "ZETALYTICS.COM PT2 CREATED 2 YEARS AGO by StreamMiningEx Public TLP: Green clone", "description": "", "modified": "2026-04-07T10:23:13.255000", "created": "2026-04-07T10:23:13.255000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65707f425121331bce0945cd", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 547, "FileHash-SHA256": 932, "URL": 1267, "domain": 140 }, "indicator_count": 2886, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "54 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65576cfc8a3c48947d76db0e", "name": "Apple Private Data Collection Data.net\u2192Asp.net", "description": "APDC became apparent to me when it showed up in plain text on a discarded iOS belonging to target. Fraud services puts target in jeopardy, tracking, location hunting, listening, camera , access, photo access, message, threats via digital communication, emails archived, hidden users, social engineering, drive by app chooser, no click attacks.", "modified": "2023-12-17T12:01:00.032000", "created": "2023-11-17T13:39:08.903000", "tags": [ "url http", "entries", "apple private data collection", "whois record", "contacted", "ssl certificate", "execution", "communicating", "referrer", "historical ssl", "tsara brashears", "collections dns", "rwi dtools", "relic", "monitoring", "vidar", "remcos", "august", "nanocore rat", "malware", "name verdict", "pattern match", "script", "beginstring", "mitre att", "misc attack", "ascii text", "null", "ck id", "show technique", "ck matrix", "date", "unknown", "error", "refresh", "span", "tools", "body", "class", "generator", "critical", "look", "verify", "restart", "meta", "hybrid", "general", "local", "click", "strings", "http://114.114.114.114:90/login", "brian sabey", "hallrender", "malvertizing", "dumping", "framing", "fraud services", "trojan", "command_and_control", "silencing", "retaliation", "cyber threat", "confusing", "impersonation", "network rat", "privilege abuse", "hijacker" ], "references": [ "https://hybrid-analysis.com/sample/da72172e40686435fedc33045fd7e605531edd4b11617b6e605b459f047ce913", "https://hybrid-analysis.com/sample/2cfbf379c005c2c33276d56def17858aeded1996d0c5de0c9d607c88cda8897d", "gov-bam.nr-data.net", "bam.nr-data.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "http://45.159.189.105/bot/regex", "http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/", "https://www.anyxxxtube.net/media/favicon/apple" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Matrix", "display_name": "Matrix", "target": null }, { "id": "Trojan", "display_name": "Trojan", "target": null }, { "id": "Tulach Malware", "display_name": "Tulach Malware", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1608.005", "name": "Link Target", "display_name": "T1608.005 - Link Target" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1548.002", "name": "Bypass User Account Control", "display_name": "T1548.002 - Bypass User Account Control" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1384, "domain": 176, "hostname": 502, "FileHash-SHA256": 1609, "FileHash-MD5": 96, "FileHash-SHA1": 93, "CVE": 1 }, "indicator_count": 3861, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580d2e6c8373c7290d9ad8", "name": "Apple Private Data Collection Data.net\u2192Asp.net", "description": "", "modified": "2023-12-17T12:01:00.032000", "created": "2023-11-18T01:02:38.770000", "tags": [ "url http", "entries", "apple private data collection", "whois record", "contacted", "ssl certificate", "execution", "communicating", "referrer", "historical ssl", "tsara brashears", "collections dns", "rwi dtools", "relic", "monitoring", "vidar", "remcos", "august", "nanocore rat", "malware", "name verdict", "pattern match", "script", "beginstring", "mitre att", "misc attack", "ascii text", "null", "ck id", "show technique", "ck matrix", "date", "unknown", "error", "refresh", "span", "tools", "body", "class", "generator", "critical", "look", "verify", "restart", "meta", "hybrid", "general", "local", "click", "strings", "http://114.114.114.114:90/login", "brian sabey", "hallrender", "malvertizing", "dumping", "framing", "fraud services", "trojan", "command_and_control", "silencing", "retaliation", "cyber threat", "confusing", "impersonation", "network rat", "privilege abuse", "hijacker" ], "references": [ "https://hybrid-analysis.com/sample/da72172e40686435fedc33045fd7e605531edd4b11617b6e605b459f047ce913", "https://hybrid-analysis.com/sample/2cfbf379c005c2c33276d56def17858aeded1996d0c5de0c9d607c88cda8897d", "gov-bam.nr-data.net", "bam.nr-data.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "http://45.159.189.105/bot/regex", "http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/", "https://www.anyxxxtube.net/media/favicon/apple" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Matrix", "display_name": "Matrix", "target": null }, { "id": "Trojan", "display_name": "Trojan", "target": null }, { "id": "Tulach Malware", "display_name": "Tulach Malware", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1608.005", "name": "Link Target", "display_name": "T1608.005 - Link Target" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1548.002", "name": "Bypass User Account Control", "display_name": "T1548.002 - Bypass User Account Control" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": "65576cfc8a3c48947d76db0e", "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1384, "domain": 176, "hostname": 502, "FileHash-SHA256": 1609, "FileHash-MD5": 96, "FileHash-SHA1": 93, "CVE": 1 }, "indicator_count": 3861, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708f91a05c09e3364f11cf", "name": "nofaceAnonBOTNET.exe - uniquename.cu.cc - bitcoinj..org", "description": "", "modified": "2023-12-06T15:13:21.463000", "created": "2023-12-06T15:13:21.463000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 334, "URL": 1125, "hostname": 843, "domain": 352 }, "indicator_count": 2656, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f425121331bce0945cd", "name": "ZETALYTICS.COM PT2", "description": "", "modified": "2023-12-06T14:03:46.820000", "created": "2023-12-06T14:03:46.820000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 547, "FileHash-SHA256": 932, "URL": 1267, "domain": 140 }, "indicator_count": 2886, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707ea9c0f2231d524c00ae", "name": "www.zetalytics.com", "description": "", "modified": "2023-12-06T14:01:12.637000", "created": "2023-12-06T14:01:12.637000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 632, "URL": 747, "hostname": 368, "domain": 116, "email": 1, "FileHash-SHA1": 2 }, "indicator_count": 1866, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62ae03b3f74eb946a4d5ff75", "name": "nofaceAnonBOTNET.exe - uniquename.cu.cc - bitcoinj..org", "description": "", "modified": "2022-07-18T00:05:00.110000", "created": "2022-06-18T16:56:19.421000", "tags": [ "https://www.virustotal.com/graph/ge84da7a78a7d4ee9b4871b95f991a8", "217.70.184.38", "bitcoinj.org", "de servers masking alot of ru doms", ".vn ip masking ru doms" ], "references": [ "https://www.virustotal.com/graph/ge84da7a78a7d4ee9b4871b95f991a830224ac11ab15f45239696d272d5648918", "schildbach.de - Leads to RU BTC Wallet", "217.70.184.38 Gandi Seever bitcoinj.org" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1125, "hostname": 843, "domain": 352, "CVE": 2, "FileHash-SHA256": 334 }, "indicator_count": 2656, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1413 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6219004f53e3ae2316efea12", "name": "ZETALYTICS.COM PT2", "description": "", "modified": "2022-03-27T00:00:39.057000", "created": "2022-02-25T16:14:07.302000", "tags": [ "ssl certificate", "whois", "whois record" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "China" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 547, "URL": 1267, "domain": 140, "FileHash-SHA256": 932 }, "indicator_count": 2886, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1526 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6211eaee20bc9b0534df6133", "name": "www.zetalytics.com", "description": "", "modified": "2022-03-24T00:00:00.271000", "created": "2022-02-20T07:17:02.872000", "tags": [ "ssl certificate", "whois record", "whois", "key identifier", "x509v3 subject", "v3 serial", "number", "issuer", "cus cngo", "daddy secure", "g2 lscottsdale", "ouhttp", "validity", "info", "date", "tucows domains", "server", "algorithm", "iana id", "registrar url", "status", "registrar whois", "rank value", "ingestion time", "statvoo", "utc alexa", "utc cisco", "umbrella", "submission", "history first", "analysis", "utc http", "response final", "url https", "ip address", "status code", "body length", "kb body", "tools", "Ransomware", "POSSIBLE ETERNAL BLUE" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "China", "Australia", "Belgium" ], "malware_families": [ { "id": "TEL:NoPowShell!msil", "display_name": "TEL:NoPowShell!msil", "target": null }, { "id": "PWS:Win32/QQPass.GP", "display_name": "PWS:Win32/QQPass.GP", "target": "/malware/PWS:Win32/QQPass.GP" }, { "id": "Win.Malware.Razy-6783523-0", "display_name": "Win.Malware.Razy-6783523-0", "target": null }, { "id": "Win.Trojan.Pasta-827", "display_name": "Win.Trojan.Pasta-827", "target": null }, { "id": "Ransom:Win32/Wannaren.A", "display_name": "Ransom:Win32/Wannaren.A", "target": "/malware/Ransom:Win32/Wannaren.A" }, { "id": "Win.Malware.Zusy-6840460-0", "display_name": "Win.Malware.Zusy-6840460-0", "target": null }, { "id": "Win.Trojan.Agent-1201096", "display_name": "Win.Trojan.Agent-1201096", "target": null }, { "id": "Win32:Dropper-GUP\\ [Drp]", "display_name": "Win32:Dropper-GUP\\ [Drp]", "target": null }, { "id": "Worm:Win32/Macoute", "display_name": "Worm:Win32/Macoute", "target": "/malware/Worm:Win32/Macoute" }, { "id": "Win32:Sobig-H\\ [Wrm]", "display_name": "Win32:Sobig-H\\ [Wrm]", "target": null }, { "id": "Win.Worm.Sobig-5", "display_name": "Win.Worm.Sobig-5", "target": null }, { "id": "Backdoor:Win32/Berbew", "display_name": "Backdoor:Win32/Berbew", "target": "/malware/Backdoor:Win32/Berbew" }, { "id": "Win.Trojan.Crypted-30", "display_name": "Win.Trojan.Crypted-30", "target": null }, { "id": "#VirTool:Win32/Obfuscator.ADB", "display_name": "#VirTool:Win32/Obfuscator.ADB", "target": "/malware/#VirTool:Win32/Obfuscator.ADB" }, { "id": "Win.Trojan.Kazy-6878", "display_name": "Win.Trojan.Kazy-6878", "target": null }, { "id": "Win32:VB-FBX", "display_name": "Win32:VB-FBX", "target": null }, { "id": "Win.Worm.Pajetbin-6726648-0", "display_name": "Win.Worm.Pajetbin-6726648-0", "target": null }, { "id": "Trojan:Win32/Vindor.B", "display_name": "Trojan:Win32/Vindor.B", "target": "/malware/Trojan:Win32/Vindor.B" }, { "id": "MSIL:BrowseFox-FC\\ [Adw]", "display_name": "MSIL:BrowseFox-FC\\ [Adw]", "target": null }, { "id": "Win.Ransomware.Teslacrypt-7082109-1", "display_name": "Win.Ransomware.Teslacrypt-7082109-1", "target": null }, { "id": "ALF:HSTR:Trojan:Win32/Injector.YY!bit", "display_name": "ALF:HSTR:Trojan:Win32/Injector.YY!bit", "target": null }, { "id": "Win32:Papras-AX\\ [Trj]", "display_name": "Win32:Papras-AX\\ [Trj]", "target": null }, { "id": "ALF:HSTR:MITM:UtilAds", "display_name": "ALF:HSTR:MITM:UtilAds", "target": null }, { "id": "Win.Malware.Autoit-6753917-0", "display_name": "Win.Malware.Autoit-6753917-0", "target": null } ], "attack_ids": [], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 368, "URL": 747, "domain": 116, "FileHash-SHA256": 632, "email": 1, "FileHash-SHA1": 2 }, "indicator_count": 1866, "is_author": false, "is_subscribing": null, "subscriber_count": 408, "modified_text": "1529 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "https://hybrid-analysis.com/sample/2cfbf379c005c2c33276d56def17858aeded1996d0c5de0c9d607c88cda8897d", "https://www.anyxxxtube.net/media/favicon/apple", "schildbach.de - Leads to RU BTC Wallet", "bam.nr-data.net", "https://www.virustotal.com/graph/ge84da7a78a7d4ee9b4871b95f991a830224ac11ab15f45239696d272d5648918", "217.70.184.38 Gandi Seever bitcoinj.org", "gov-bam.nr-data.net", "http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/", "https://hybrid-analysis.com/sample/da72172e40686435fedc33045fd7e605531edd4b11617b6e605b459f047ce913", "http://45.159.189.105/bot/regex" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Backdoor:win32/berbew", "Win.malware.zusy-6840460-0", "Worm:win32/macoute", "Alf:hstr:trojan:win32/injector.yy!bit", "Alf:hstr:mitm:utilads", "Win.malware.razy-6783523-0", "Win.ransomware.teslacrypt-7082109-1", "Win.malware.autoit-6753917-0", "Win.trojan.crypted-30", "Nanocore rat", "Tel:nopowshell!msil", "Msil:browsefox-fc\\ [adw]", "Win32:papras-ax\\ [trj]", "Relic", "Win.trojan.agent-1201096", "#virtool:win32/obfuscator.adb", "Win.worm.sobig-5", "Matrix", "Win32:sobig-h\\ [wrm]", "Win.trojan.pasta-827", "Vidar", "Win32:vb-fbx", "Tulach malware", "Trojan:win32/vindor.b", "Win32:dropper-gup\\ [drp]", "Pws:win32/qqpass.gp", "Remcos", "Trojan", "Win.worm.pajetbin-6726648-0", "Ransom:win32/wannaren.a", "Win.trojan.kazy-6878" ], "industries": [ "Technology" ], "unique_indicators": 9804 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/deabwqlm.ru", "whois": "http://whois.domaintools.com/deabwqlm.ru", "domain": "deabwqlm.ru", "hostname": "ns1.deabwqlm.ru" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "69d4db11500ea6dcbc2afd10", "name": "ZETALYTICS.COM PT2 CREATED 2 YEARS AGO by StreamMiningEx Public TLP: Green clone", "description": "", "modified": "2026-04-07T10:23:13.255000", "created": "2026-04-07T10:23:13.255000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65707f425121331bce0945cd", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 547, "FileHash-SHA256": 932, "URL": 1267, "domain": 140 }, "indicator_count": 2886, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "54 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65576cfc8a3c48947d76db0e", "name": "Apple Private Data Collection Data.net\u2192Asp.net", "description": "APDC became apparent to me when it showed up in plain text on a discarded iOS belonging to target. Fraud services puts target in jeopardy, tracking, location hunting, listening, camera , access, photo access, message, threats via digital communication, emails archived, hidden users, social engineering, drive by app chooser, no click attacks.", "modified": "2023-12-17T12:01:00.032000", "created": "2023-11-17T13:39:08.903000", "tags": [ "url http", "entries", "apple private data collection", "whois record", "contacted", "ssl certificate", "execution", "communicating", "referrer", "historical ssl", "tsara brashears", "collections dns", "rwi dtools", "relic", "monitoring", "vidar", "remcos", "august", "nanocore rat", "malware", "name verdict", "pattern match", "script", "beginstring", "mitre att", "misc attack", "ascii text", "null", "ck id", "show technique", "ck matrix", "date", "unknown", "error", "refresh", "span", "tools", "body", "class", "generator", "critical", "look", "verify", "restart", "meta", "hybrid", "general", "local", "click", "strings", "http://114.114.114.114:90/login", "brian sabey", "hallrender", "malvertizing", "dumping", "framing", "fraud services", "trojan", "command_and_control", "silencing", "retaliation", "cyber threat", "confusing", "impersonation", "network rat", "privilege abuse", "hijacker" ], "references": [ "https://hybrid-analysis.com/sample/da72172e40686435fedc33045fd7e605531edd4b11617b6e605b459f047ce913", "https://hybrid-analysis.com/sample/2cfbf379c005c2c33276d56def17858aeded1996d0c5de0c9d607c88cda8897d", "gov-bam.nr-data.net", "bam.nr-data.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "http://45.159.189.105/bot/regex", "http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/", "https://www.anyxxxtube.net/media/favicon/apple" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Matrix", "display_name": "Matrix", "target": null }, { "id": "Trojan", "display_name": "Trojan", "target": null }, { "id": "Tulach Malware", "display_name": "Tulach Malware", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1608.005", "name": "Link Target", "display_name": "T1608.005 - Link Target" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1548.002", "name": "Bypass User Account Control", "display_name": "T1548.002 - Bypass User Account Control" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1384, "domain": 176, "hostname": 502, "FileHash-SHA256": 1609, "FileHash-MD5": 96, "FileHash-SHA1": 93, "CVE": 1 }, "indicator_count": 3861, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580d2e6c8373c7290d9ad8", "name": "Apple Private Data Collection Data.net\u2192Asp.net", "description": "", "modified": "2023-12-17T12:01:00.032000", "created": "2023-11-18T01:02:38.770000", "tags": [ "url http", "entries", "apple private data collection", "whois record", "contacted", "ssl certificate", "execution", "communicating", "referrer", "historical ssl", "tsara brashears", "collections dns", "rwi dtools", "relic", "monitoring", "vidar", "remcos", "august", "nanocore rat", "malware", "name verdict", "pattern match", "script", "beginstring", "mitre att", "misc attack", "ascii text", "null", "ck id", "show technique", "ck matrix", "date", "unknown", "error", "refresh", "span", "tools", "body", "class", "generator", "critical", "look", "verify", "restart", "meta", "hybrid", "general", "local", "click", "strings", "http://114.114.114.114:90/login", "brian sabey", "hallrender", "malvertizing", "dumping", "framing", "fraud services", "trojan", "command_and_control", "silencing", "retaliation", "cyber threat", "confusing", "impersonation", "network rat", "privilege abuse", "hijacker" ], "references": [ "https://hybrid-analysis.com/sample/da72172e40686435fedc33045fd7e605531edd4b11617b6e605b459f047ce913", "https://hybrid-analysis.com/sample/2cfbf379c005c2c33276d56def17858aeded1996d0c5de0c9d607c88cda8897d", "gov-bam.nr-data.net", "bam.nr-data.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "http://45.159.189.105/bot/regex", "http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/", "https://www.anyxxxtube.net/media/favicon/apple" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Matrix", "display_name": "Matrix", "target": null }, { "id": "Trojan", "display_name": "Trojan", "target": null }, { "id": "Tulach Malware", "display_name": "Tulach Malware", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1608.005", "name": "Link Target", "display_name": "T1608.005 - Link Target" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1548.002", "name": "Bypass User Account Control", "display_name": "T1548.002 - Bypass User Account Control" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": "65576cfc8a3c48947d76db0e", "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1384, "domain": 176, "hostname": 502, "FileHash-SHA256": 1609, "FileHash-MD5": 96, "FileHash-SHA1": 93, "CVE": 1 }, "indicator_count": 3861, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708f91a05c09e3364f11cf", "name": "nofaceAnonBOTNET.exe - uniquename.cu.cc - bitcoinj..org", "description": "", "modified": "2023-12-06T15:13:21.463000", "created": "2023-12-06T15:13:21.463000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 334, "URL": 1125, "hostname": 843, "domain": 352 }, "indicator_count": 2656, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f425121331bce0945cd", "name": "ZETALYTICS.COM PT2", "description": "", "modified": "2023-12-06T14:03:46.820000", "created": "2023-12-06T14:03:46.820000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 547, "FileHash-SHA256": 932, "URL": 1267, "domain": 140 }, "indicator_count": 2886, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707ea9c0f2231d524c00ae", "name": "www.zetalytics.com", "description": "", "modified": "2023-12-06T14:01:12.637000", "created": "2023-12-06T14:01:12.637000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 632, "URL": 747, "hostname": 368, "domain": 116, "email": 1, "FileHash-SHA1": 2 }, "indicator_count": 1866, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62ae03b3f74eb946a4d5ff75", "name": "nofaceAnonBOTNET.exe - uniquename.cu.cc - bitcoinj..org", "description": "", "modified": "2022-07-18T00:05:00.110000", "created": "2022-06-18T16:56:19.421000", "tags": [ "https://www.virustotal.com/graph/ge84da7a78a7d4ee9b4871b95f991a8", "217.70.184.38", "bitcoinj.org", "de servers masking alot of ru doms", ".vn ip masking ru doms" ], "references": [ "https://www.virustotal.com/graph/ge84da7a78a7d4ee9b4871b95f991a830224ac11ab15f45239696d272d5648918", "schildbach.de - Leads to RU BTC Wallet", "217.70.184.38 Gandi Seever bitcoinj.org" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1125, "hostname": 843, "domain": 352, "CVE": 2, "FileHash-SHA256": 334 }, "indicator_count": 2656, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1413 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6219004f53e3ae2316efea12", "name": "ZETALYTICS.COM PT2", "description": "", "modified": "2022-03-27T00:00:39.057000", "created": "2022-02-25T16:14:07.302000", "tags": [ "ssl certificate", "whois", "whois record" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "China" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 547, "URL": 1267, "domain": 140, "FileHash-SHA256": 932 }, "indicator_count": 2886, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1526 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6211eaee20bc9b0534df6133", "name": "www.zetalytics.com", "description": "", "modified": "2022-03-24T00:00:00.271000", "created": "2022-02-20T07:17:02.872000", "tags": [ "ssl certificate", "whois record", "whois", "key identifier", "x509v3 subject", "v3 serial", "number", "issuer", "cus cngo", "daddy secure", "g2 lscottsdale", "ouhttp", "validity", "info", "date", "tucows domains", "server", "algorithm", "iana id", "registrar url", "status", "registrar whois", "rank value", "ingestion time", "statvoo", "utc alexa", "utc cisco", "umbrella", "submission", "history first", "analysis", "utc http", "response final", "url https", "ip address", "status code", "body length", "kb body", "tools", "Ransomware", "POSSIBLE ETERNAL BLUE" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "China", "Australia", "Belgium" ], "malware_families": [ { "id": "TEL:NoPowShell!msil", "display_name": "TEL:NoPowShell!msil", "target": null }, { "id": "PWS:Win32/QQPass.GP", "display_name": "PWS:Win32/QQPass.GP", "target": "/malware/PWS:Win32/QQPass.GP" }, { "id": "Win.Malware.Razy-6783523-0", "display_name": "Win.Malware.Razy-6783523-0", "target": null }, { "id": "Win.Trojan.Pasta-827", "display_name": "Win.Trojan.Pasta-827", "target": null }, { "id": "Ransom:Win32/Wannaren.A", "display_name": "Ransom:Win32/Wannaren.A", "target": "/malware/Ransom:Win32/Wannaren.A" }, { "id": "Win.Malware.Zusy-6840460-0", "display_name": "Win.Malware.Zusy-6840460-0", "target": null }, { "id": "Win.Trojan.Agent-1201096", "display_name": "Win.Trojan.Agent-1201096", "target": null }, { "id": "Win32:Dropper-GUP\\ [Drp]", "display_name": "Win32:Dropper-GUP\\ [Drp]", "target": null }, { "id": "Worm:Win32/Macoute", "display_name": "Worm:Win32/Macoute", "target": "/malware/Worm:Win32/Macoute" }, { "id": "Win32:Sobig-H\\ [Wrm]", "display_name": "Win32:Sobig-H\\ [Wrm]", "target": null }, { "id": "Win.Worm.Sobig-5", "display_name": "Win.Worm.Sobig-5", "target": null }, { "id": "Backdoor:Win32/Berbew", "display_name": "Backdoor:Win32/Berbew", "target": "/malware/Backdoor:Win32/Berbew" }, { "id": "Win.Trojan.Crypted-30", "display_name": "Win.Trojan.Crypted-30", "target": null }, { "id": "#VirTool:Win32/Obfuscator.ADB", "display_name": "#VirTool:Win32/Obfuscator.ADB", "target": "/malware/#VirTool:Win32/Obfuscator.ADB" }, { "id": "Win.Trojan.Kazy-6878", "display_name": "Win.Trojan.Kazy-6878", "target": null }, { "id": "Win32:VB-FBX", "display_name": "Win32:VB-FBX", "target": null }, { "id": "Win.Worm.Pajetbin-6726648-0", "display_name": "Win.Worm.Pajetbin-6726648-0", "target": null }, { "id": "Trojan:Win32/Vindor.B", "display_name": "Trojan:Win32/Vindor.B", "target": "/malware/Trojan:Win32/Vindor.B" }, { "id": "MSIL:BrowseFox-FC\\ [Adw]", "display_name": "MSIL:BrowseFox-FC\\ [Adw]", "target": null }, { "id": "Win.Ransomware.Teslacrypt-7082109-1", "display_name": "Win.Ransomware.Teslacrypt-7082109-1", "target": null }, { "id": "ALF:HSTR:Trojan:Win32/Injector.YY!bit", "display_name": "ALF:HSTR:Trojan:Win32/Injector.YY!bit", "target": null }, { "id": "Win32:Papras-AX\\ [Trj]", "display_name": "Win32:Papras-AX\\ [Trj]", "target": null }, { "id": "ALF:HSTR:MITM:UtilAds", "display_name": "ALF:HSTR:MITM:UtilAds", "target": null }, { "id": "Win.Malware.Autoit-6753917-0", "display_name": "Win.Malware.Autoit-6753917-0", "target": null } ], "attack_ids": [], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 368, "URL": 747, "domain": 116, "FileHash-SHA256": 632, "email": 1, "FileHash-SHA1": 2 }, "indicator_count": 1866, "is_author": false, "is_subscribing": null, "subscriber_count": 408, "modified_text": "1529 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://ns1.deabwqlm.ru", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://ns1.deabwqlm.ru", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780241626.462358 }