{ "type": "URL", "indicator": "https://ns1.player1532.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://ns1.player1532.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3752889239, "indicator": "https://ns1.player1532.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "69e434769e2a43c088066ca2", "name": "Kraddare \u2022 Agent Tesla \u2022 CVE Jar clone credit octoseek", "description": "", "modified": "2026-04-19T07:36:41.138000", "created": "2026-04-19T01:48:38.335000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" }, { "id": "Kraddare", "display_name": "Kraddare", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "green", "cloned_from": "654a7a53317c717d1f4fee7f", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2, "IPv4": 1 }, "indicator_count": 18567, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "4 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654a772076be04f1649f9a42", "name": "Remote & other attacks. Dapato I Detplock I Emotet I", "description": "http://bpdb.portal.gov.bd:3128/sites/default/files/files/bpdb.portal.gov.bd/npfblock/2021-34bc869d2906198362a4346373ce5b94.jpg\nPurports to be based in Bangladesh, bounces to USA. Tor exit, relay router. Many proxies. Malicious. Very malicious targeting involved. Apple iOS hacking, device unlocking, CNC. Legal mischief.", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T17:42:56.873000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Hall Render", "display_name": "Hall Render", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 151, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "863 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654a7a4d960200d938e180c3", "name": "Kraddare \u2022 Agent Tesla \u2022 CVE Jar", "description": "http://bpdb.portal.gov.bd:3128/sites/default/files/files/bpdb.portal.gov.bd/npfblock/2021-34bc869d2906198362a4346373ce5b94.jpg\nPurports to be based in Bangladesh, bounces to USA. Tor exit, relay router. Many proxies. Malicious. Very malicious targeting involved. Apple iOS hacking, device unlocking, CNC. Legal mischief?\n\nCVE\tCVE-2017-0147\t\t\t\t\t\nCVE\tCVE-2015-1650\t\t\t\t\t\nCVE\tCVE-2014-6352\t\t\t\t\t\nCVE\tCVE-2014-3153\t\t\t\t\t\nCVE\tCVE-2017-8570\t\t\t\t\t\t\nCVE\tCVE-2015-6585\t\t\t\nCVE\tCVE-2012-0158\t\t\t\t\t\t\nCVE\tCVE-2010-3333\t\t\t\t\t\t\nCVE\tCVE-2017-17215\t\t\t\t\nhttp://1.116.132.182/weblogic_CVE_2020_2551.jar", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T17:56:29.786000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" }, { "id": "Kraddare", "display_name": "Kraddare", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 152, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "863 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654a7a53317c717d1f4fee7f", "name": "Kraddare \u2022 Agent Tesla \u2022 CVE Jar", "description": "http://bpdb.portal.gov.bd:3128/sites/default/files/files/bpdb.portal.gov.bd/npfblock/2021-34bc869d2906198362a4346373ce5b94.jpg\nPurports to be based in Bangladesh, bounces to USA. Tor exit, relay router. Many proxies. Malicious. Very malicious targeting involved. Apple iOS hacking, device unlocking, CNC. Legal mischief?\n\nCVE\tCVE-2017-0147\t\t\t\t\t\nCVE\tCVE-2015-1650\t\t\t\t\t\nCVE\tCVE-2014-6352\t\t\t\t\t\nCVE\tCVE-2014-3153\t\t\t\t\t\nCVE\tCVE-2017-8570\t\t\t\t\t\t\nCVE\tCVE-2015-6585\t\t\t\nCVE\tCVE-2012-0158\t\t\t\t\t\t\nCVE\tCVE-2010-3333\t\t\t\t\t\t\nCVE\tCVE-2017-17215\t\t\t\t\nhttp://1.116.132.182/weblogic_CVE_2020_2551.jar", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T17:56:35.967000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" }, { "id": "Kraddare", "display_name": "Kraddare", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 151, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "863 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654ab0f0b732066a2bdd1425", "name": "Remote & other attacks. Dapato I Detplock I Emotet I", "description": "", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T21:49:36.686000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Hall Render", "display_name": "Hall Render", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "white", "cloned_from": "654a772076be04f1649f9a42", "export_count": 143, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "863 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "https://brandyallen.com/2022/11/23/sexy", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "https://waf.intelix.pl/957476/Chat/Script/Compatibility", "Urlscan", "http://watchhers.net/index.php", "http://www.jelenia-gora.so.gov.pl/", "polling.portal.gov.bd", "Hybrid Analysis", "https://alohatube.xyz/search/tsara-brashears", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "alohatube.xyz", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "http://emrd.gov.bd/dead.php", "https://twitter.com/PORNO_SEXYBABES", "http://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "OTX AlienVault", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "Any.run", "UrlVoid", "http://mincom.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "ww.google.com.uy", "https://www.colorfulbox.jp/", "https://alohatube.xyz/search/sex-mom-dog-animal", "http://cabinet.gov.bd/dead.php", "https://polling.portal.gov.bd/js/npc.script.js", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "https://polling.portal.gov.bd/js/npop.script.js", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://www.jelenia-gora.so.gov.pl/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "", "Wannacry kill switch", "Nanocore rat", "Silk road", "Noname057", "Worm:vbs/dapato", "Kraddare", "Racoon stealer", "Swort", "Formbook", "Ghandi", "Systweak", "Detplock", "Ransomexx", "Trojanspy", "Maltiverse", "Redline", "Alf:heraklezeval:pua:win32/spyrixkeylogger", "Emotet", "Trojan:win32/wacatac", "Quasar rat", "Njrat - s0385", "Hall render", "Serwer", "Bazaar loader" ], "industries": [], "unique_indicators": 68132 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/player1532.com", "whois": "http://whois.domaintools.com/player1532.com", "domain": "player1532.com", "hostname": "ns1.player1532.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "69e434769e2a43c088066ca2", "name": "Kraddare \u2022 Agent Tesla \u2022 CVE Jar clone credit octoseek", "description": "", "modified": "2026-04-19T07:36:41.138000", "created": "2026-04-19T01:48:38.335000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" }, { "id": "Kraddare", "display_name": "Kraddare", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "green", "cloned_from": "654a7a53317c717d1f4fee7f", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2, "IPv4": 1 }, "indicator_count": 18567, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "4 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654a772076be04f1649f9a42", "name": "Remote & other attacks. Dapato I Detplock I Emotet I", "description": "http://bpdb.portal.gov.bd:3128/sites/default/files/files/bpdb.portal.gov.bd/npfblock/2021-34bc869d2906198362a4346373ce5b94.jpg\nPurports to be based in Bangladesh, bounces to USA. Tor exit, relay router. Many proxies. Malicious. Very malicious targeting involved. Apple iOS hacking, device unlocking, CNC. Legal mischief.", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T17:42:56.873000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Hall Render", "display_name": "Hall Render", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 151, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "863 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654a7a4d960200d938e180c3", "name": "Kraddare \u2022 Agent Tesla \u2022 CVE Jar", "description": "http://bpdb.portal.gov.bd:3128/sites/default/files/files/bpdb.portal.gov.bd/npfblock/2021-34bc869d2906198362a4346373ce5b94.jpg\nPurports to be based in Bangladesh, bounces to USA. Tor exit, relay router. Many proxies. Malicious. Very malicious targeting involved. Apple iOS hacking, device unlocking, CNC. Legal mischief?\n\nCVE\tCVE-2017-0147\t\t\t\t\t\nCVE\tCVE-2015-1650\t\t\t\t\t\nCVE\tCVE-2014-6352\t\t\t\t\t\nCVE\tCVE-2014-3153\t\t\t\t\t\nCVE\tCVE-2017-8570\t\t\t\t\t\t\nCVE\tCVE-2015-6585\t\t\t\nCVE\tCVE-2012-0158\t\t\t\t\t\t\nCVE\tCVE-2010-3333\t\t\t\t\t\t\nCVE\tCVE-2017-17215\t\t\t\t\nhttp://1.116.132.182/weblogic_CVE_2020_2551.jar", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T17:56:29.786000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" }, { "id": "Kraddare", "display_name": "Kraddare", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 152, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "863 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654a7a53317c717d1f4fee7f", "name": "Kraddare \u2022 Agent Tesla \u2022 CVE Jar", "description": "http://bpdb.portal.gov.bd:3128/sites/default/files/files/bpdb.portal.gov.bd/npfblock/2021-34bc869d2906198362a4346373ce5b94.jpg\nPurports to be based in Bangladesh, bounces to USA. Tor exit, relay router. Many proxies. Malicious. Very malicious targeting involved. Apple iOS hacking, device unlocking, CNC. Legal mischief?\n\nCVE\tCVE-2017-0147\t\t\t\t\t\nCVE\tCVE-2015-1650\t\t\t\t\t\nCVE\tCVE-2014-6352\t\t\t\t\t\nCVE\tCVE-2014-3153\t\t\t\t\t\nCVE\tCVE-2017-8570\t\t\t\t\t\t\nCVE\tCVE-2015-6585\t\t\t\nCVE\tCVE-2012-0158\t\t\t\t\t\t\nCVE\tCVE-2010-3333\t\t\t\t\t\t\nCVE\tCVE-2017-17215\t\t\t\t\nhttp://1.116.132.182/weblogic_CVE_2020_2551.jar", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T17:56:35.967000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" }, { "id": "Kraddare", "display_name": "Kraddare", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 151, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "863 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654ab0f0b732066a2bdd1425", "name": "Remote & other attacks. Dapato I Detplock I Emotet I", "description": "", "modified": "2023-12-07T17:00:24.699000", "created": "2023-11-07T21:49:36.686000", "tags": [ "heur", "cisco umbrella", "site", "alexa top", "malware", "million", "xcnfe", "maltiverse", "malware site", "safe site", "malicious", "trojan", "artemis", "vidar", "redline stealer", "raccoon", "keylogger", "riskware", "agent tesla", "remcos", "stealer", "miner", "hacktool", "bank", "agenttesla", "agent", "unknown", "downloader", "unsafe", "detplock", "networm", "win64", "service", "smokeloader", "dropper", "crack", "alexa", "trojanspy", "detection list", "blacklist https", "kyriazhs1975", "noname057", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist", "cyber threat", "united", "engineering", "phishing", "covid19", "facebook", "phishing site", "paypal", "njrat", "emotet", "nanocore rat", "meterpreter", "azorult", "download", "msil", "bladabindi", "mirai", "pony", "nanocore", "bradesco", "cobalt strike", "cve201711882", "redline", "ssl certificate", "tsara brashears", "cyberstalking", "spyware", "apple ios", "quasar", "ransomware", "malware norad", "cry kill", "attack", "installer", "formbook", "lockbit", "open", "banker", "bazarloader", "core", "ransomexx", "name verdict", "pattern match", "et tor", "known tor", "relayrouter", "exit", "node traffic", "misc attack", "script", "beginstring", "ascii text", "null", "date", "error", "span", "refresh", "class", "generator", "critical", "body", "look", "verify", "restart", "meta", "hybrid", "general", "click", "strings", "tools", "as141773", "as63932", "moved", "passive dns", "search", "entries", "gmt content", "type", "keep alive", "scan endpoints", "all octoseek", "pulse pulses", "as17806 mango", "blacklist http", "phishtank", "malicious site", "apple", "blockchain", "runescape", "twitter", "qakbot", "asyncrat", "team", "internet storm", "generic", "union", "bazaloader", "media", "generic malware", "hostname", "suppobox", "netwire rc", "installcore", "conduit", "iobit", "mediaget", "outbreak", "acint", "installpack", "phish", "rostpay", "fakeinstaller", "spyrixkeylogger", "bitminer", "loadmoney", "filetour", "wacatac", "fusioncore", "dapato", "cleaner", "softonic", "encpk", "qbot", "predator", "swrort", "kraddare", "systweak", "dllinject", "driverpack", "iframe", "downldr", "presenoker", "as61317", "asnone united", "urls", "files", "next", "as15169 google", "japan unknown", "as17506 arteria", "as32244 liquid", "as49505", "russia unknown", "expired", "domain", "falcon", "as19969", "ipv4", "ransom", "encrypt", "file", "windows nt", "indicator", "response", "appdata", "gmt contenttype", "png image", "local", "contacted", "fali malicious", "dropped", "communicating", "referrer", "fali contacted", "silk road", "immediate", "cymulate2", "tsara brashears", "malvertizing" ], "references": [ "https://wallpapers-nature.com/tsara-brashears/urlscan-io", "alohatube.xyz", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://alohatube.xyz/search/tsara-brashears", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "ww.google.com.uy", "https://alohatube.xyz/search/tsara-brashears", "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "https://polling.portal.gov.bd/js/npc.script.js", "polling.portal.gov.bd", "https://polling.portal.gov.bd/js/npop.script.js", "http://watchhers.net/index.php", "https://brandyallen.com/2022/11/23/sexy", "m.pornsexer.xxx.3.1.adiosfil.roksit.net", "http://park.above.com/jr.php?gz=DjDNgvDQ0WlpBALxevxSvkF3jBH95b5riUvmgFjb1tbPDV06suYFlRcPA34ufLE5UZ8spiM7ya7tRXR8nLUgk920DSaIXniiR5hkoveznG%20mez7OU5R%20HKIczV475LuRwxm3J1pcRSpQcePtF/4aD%20frLO%205mYc0Maj8Z1IwBeAMESc9Gk3BzCkGUHNVeCAZ9vZrQhEeVvN%20QVBAu1boZNJTnvCAP0lB5ebMSP92bFHD/ItyL53LoVDSYWMd64KTNMMJaXE0kZVqQn/%20STriQbrA6cmW3Xj4sAJ3XXEbNNJzTbIvgsy00PlKWInEUK/iXzVecaBsXg3vkUcvkeM3HPPIajaBexXO7ATYz/qTeKAksI9l2IoDAsn0S9BYCTuP8uTYdgJAv0LO%20MkNBOrSqJnFQzTlNxG4NRSP6K4VDWklVPpCwQc/s/AfrwIdLcdrV6CQDLaluG1naOjXDc", "http://nhrc.portal.gov.bd/sites/default/files/files/nhrc.portal.gov.bd/page/348ec5eb_22f8_4754_bb62_6a0d15ba1513/Study-Report-on-Sexual-Offences_Final.pdf", "https://twitter.com/PORNO_SEXYBABES", "https://alohatube.xyz/search/sex-mom-dog-animal", "https://www.colorfulbox.jp/", "Hybrid Analysis", "Any.run", "OTX AlienVault", "Urlscan", "UrlVoid", "http://emrd.gov.bd/dead.php", "http://titasgas.portal.gov.bd/dead.php", "http://mincom.gov.bd/dead.php", "http://cabinet.gov.bd/dead.php" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia", "Bangladesh" ], "malware_families": [ { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Hall Render", "display_name": "Hall Render", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Racoon Stealer", "display_name": "Racoon Stealer", "target": null }, { "id": "Ransomexx", "display_name": "Ransomexx", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "njRAT - S0385", "display_name": "njRAT - S0385", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Bazaar Loader", "display_name": "Bazaar Loader", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Detplock", "display_name": "Detplock", "target": null }, { "id": "WannaCry Kill Switch", "display_name": "WannaCry Kill Switch", "target": null }, { "id": "Ghandi", "display_name": "Ghandi", "target": null }, { "id": "Systweak", "display_name": "Systweak", "target": null }, { "id": "Swort", "display_name": "Swort", "target": null }, { "id": "Silk Road", "display_name": "Silk Road", "target": null }, { "id": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "display_name": "ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger", "target": null }, { "id": "Trojan:Win32/Wacatac", "display_name": "Trojan:Win32/Wacatac", "target": "/malware/Trojan:Win32/Wacatac" }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "noname057", "display_name": "noname057", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "Worm:VBS/Dapato", "display_name": "Worm:VBS/Dapato", "target": "/malware/Worm:VBS/Dapato" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" } ], "industries": [], "TLP": "white", "cloned_from": "654a772076be04f1649f9a42", "export_count": 143, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2522, "FileHash-SHA1": 862, "FileHash-SHA256": 2855, "URL": 7963, "domain": 1168, "hostname": 3181, "CVE": 13, "email": 2 }, "indicator_count": 18566, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "863 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://ns1.player1532.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://ns1.player1532.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776600768.0165102 }