{ "type": "URL", "indicator": "https://ns3.xiaopeng111.com/load", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://ns3.xiaopeng111.com/load", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3685822971, "indicator": "https://ns3.xiaopeng111.com/load", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "65a0194269f81650babf9b6c", "name": "Raspberry Robin | Hijacker | link: voyour-cams.xww.de | Monitoring", "description": "Raspberry Robin aka Worm.RaspberyRobin started out as an annoying, yet relatively low-profile threat that was often installed via USB drive.\nTo be able to act as a backdoor, malware needs to be active or you need to be able to trigger it remotely. Raspberry Robin gains persistence by adding itself to the RunOnce key in the CurrentUser registry hive of the user who executed the initial malware.\n\nBy using command-and-control (C2) servers hosted on Tor nodes the Raspberry Robin implant can be used to distribute other malware.", "modified": "2024-02-10T15:03:45.065000", "created": "2024-01-11T16:37:22.751000", "tags": [ "ssl certificate", "whois record", "contacted", "threat roundup", "historical ssl", "december", "october", "august", "referrer", "execution", "raspberry robin", "ghost rat", "service", "dtrack", "download", "malware", "hijacker", "monitoring", "installer", "masquerading", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "nginx", "parked domain", "parking crew", "malware hosting", "dga parking", "msie", "cmd", "worm", "dga malvertizing" ], "references": [ "voyour-cams.xww.de", "https://otx.alienvault.com/malware/Worm:Win32%2FBenjamin/samples", "https://www.malwarebytes.com/blog/news/2022/10/raspberry-robin-worm-used-as-ransomware-prelude" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "LokiBot", "display_name": "LokiBot", "target": null }, { "id": "Ghost RAT", "display_name": "Ghost RAT", "target": null }, { "id": "Worm:Win32/Benjamin", "display_name": "Worm:Win32/Benjamin", "target": "/malware/Worm:Win32/Benjamin" }, { "id": "Raspberry Robin", "display_name": "Raspberry Robin", "target": null }, { "id": "Roshtyak", "display_name": "Roshtyak", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1052.001", "name": "Exfiltration over USB", "display_name": "T1052.001 - Exfiltration over USB" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1415", "name": "URL Scheme Hijacking", "display_name": "T1415 - URL Scheme Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 81, "FileHash-SHA1": 83, "FileHash-SHA256": 3484, "URL": 7778, "domain": 2468, "hostname": 2348, "email": 2, "CVE": 1 }, "indicator_count": 16245, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "842 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "648cf1d1c06f9da7bc8f2c9d", "name": "Twitter Feed - drb_ra - 16-06-2023", "description": "", "modified": "2023-07-16T23:03:38.959000", "created": "2023-06-16T23:35:45.919000", "tags": [ "CobaltStrike", "Qakbot", "Dcrat" ], "references": [ "https://twitter.com/drb_ra/status/1669628802085920768", "https://twitter.com/drb_ra/status/1669629151144230913", "https://twitter.com/drb_ra/status/1669629489670770688", "https://twitter.com/drb_ra/status/1669629520997957633", "https://twitter.com/drb_ra/status/1669629541126397958", "https://twitter.com/drb_ra/status/1669629563104636929", "https://twitter.com/drb_ra/status/1669630098553618433", "https://twitter.com/drb_ra/status/1669630557154693120", "https://twitter.com/drb_ra/status/1669630959593967616", "https://twitter.com/drb_ra/status/1669684268274950144", "https://twitter.com/drb_ra/status/1669684433002086405", "https://twitter.com/drb_ra/status/1669684455601045505", "https://twitter.com/drb_ra/status/1669684487616188416", "https://twitter.com/drb_ra/status/1669684576870973442", "https://twitter.com/drb_ra/status/1669684613172568064", "https://twitter.com/drb_ra/status/1669684777497001984", "https://twitter.com/drb_ra/status/1669684823349252096", "https://twitter.com/drb_ra/status/1669685036033949704", "https://twitter.com/drb_ra/status/1669685111476944896", "https://twitter.com/drb_ra/status/1669685169941250051", "https://twitter.com/drb_ra/status/1669685217563475969", "https://twitter.com/drb_ra/status/1669685246466334721", "https://twitter.com/drb_ra/status/1669685301084663809", "https://twitter.com/drb_ra/status/1669754240103854103", "https://twitter.com/drb_ra/status/1669754271565328404", "https://twitter.com/drb_ra/status/1669754269401067541", "https://twitter.com/drb_ra/status/1669754309611859975", "https://twitter.com/drb_ra/status/1669754331942334475", "https://twitter.com/drb_ra/status/1669754346198773787", "https://twitter.com/drb_ra/status/1669754354918731794", "https://twitter.com/drb_ra/status/1669754392919126019", "https://twitter.com/drb_ra/status/1669754413462827013", "https://twitter.com/drb_ra/status/1669754434316906522", "https://twitter.com/drb_ra/status/1669754449206685713", "https://twitter.com/drb_ra/status/1669754474666110979", "https://twitter.com/drb_ra/status/1669754500637241351", "https://twitter.com/drb_ra/status/1669754537932992541", "https://twitter.com/drb_ra/status/1669754576684167192", "https://twitter.com/drb_ra/status/1669754604546928655", "https://twitter.com/drb_ra/status/1669781873638141952", "https://twitter.com/drb_ra/status/1669781876913872908", "https://twitter.com/drb_ra/status/1669781916185251840", "https://twitter.com/drb_ra/status/1669781929560879104", "https://twitter.com/drb_ra/status/1669781962544783368", "https://twitter.com/drb_ra/status/1669781993519718412", "https://twitter.com/drb_ra/status/1669782019113459712", "https://twitter.com/drb_ra/status/1669782033504018450", "https://twitter.com/drb_ra/status/1669782039963246606", "https://twitter.com/drb_ra/status/1669782070963458049", "https://twitter.com/drb_ra/status/1669782090051641344", "https://twitter.com/drb_ra/status/1669782207752183828", "https://twitter.com/drb_ra/status/1669782220318318599", "https://twitter.com/drb_ra/status/1669782239175909392", "https://twitter.com/drb_ra/status/1669782573294166026", "https://twitter.com/drb_ra/status/1669782637035003905", "https://twitter.com/drb_ra/status/1669782744908406784", "https://twitter.com/drb_ra/status/1669782784804528136", "https://twitter.com/drb_ra/status/1669782805528682498", "https://twitter.com/drb_ra/status/1669782830484733952", "https://twitter.com/drb_ra/status/1669783414348587028", "https://twitter.com/drb_ra/status/1669783423970312195", "https://twitter.com/drb_ra/status/1669783450402824198", "https://twitter.com/drb_ra/status/1669783478211059725", "https://twitter.com/drb_ra/status/1669783486561959936", "https://twitter.com/drb_ra/status/1669783507063676935", "https://twitter.com/drb_ra/status/1669783527976476685", "https://twitter.com/drb_ra/status/1669783550772518928", "https://twitter.com/drb_ra/status/1669783586361294851", "https://twitter.com/drb_ra/status/1669783596956000269", "https://twitter.com/drb_ra/status/1669783607588659200", "https://twitter.com/drb_ra/status/1669783616828612620", "https://twitter.com/drb_ra/status/1669783626035220480", "https://twitter.com/drb_ra/status/1669783661602807808", "https://twitter.com/drb_ra/status/1669783673514741763", "https://twitter.com/drb_ra/status/1669783685883633673", "https://twitter.com/drb_ra/status/1669783696390455296", "https://twitter.com/drb_ra/status/1669783721464004608", "https://twitter.com/drb_ra/status/1669783736135680000", "https://twitter.com/drb_ra/status/1669783745245618181", "https://twitter.com/drb_ra/status/1669783773632708610", "https://twitter.com/drb_ra/status/1669783801231187970", "https://twitter.com/drb_ra/status/1669804536846856192", "https://twitter.com/drb_ra/status/1669811744053555200", "https://twitter.com/drb_ra/status/1669811747627098112" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 56 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "1050 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "646feea05a69ce1fad65db0d", "name": "Twitter Feed - drb_ra - 25-05-2023", "description": "", "modified": "2023-06-24T23:03:28.853000", "created": "2023-05-25T23:26:24.203000", "tags": [ "CobaltStrike" ], "references": [ "https://twitter.com/drb_ra/status/1661560217811779584", "https://twitter.com/drb_ra/status/1661612651258970112", "https://twitter.com/drb_ra/status/1661656667589693441", "https://twitter.com/drb_ra/status/1661656765954510849", "https://twitter.com/drb_ra/status/1661656939082702850", "https://twitter.com/drb_ra/status/1661657105848254465", "https://twitter.com/drb_ra/status/1661657214782697472", "https://twitter.com/drb_ra/status/1661657399919357954", "https://twitter.com/drb_ra/status/1661657604060217344", "https://twitter.com/drb_ra/status/1661657790354448384", "https://twitter.com/drb_ra/status/1661657942192422912", "https://twitter.com/drb_ra/status/1661658166541647877", "https://twitter.com/drb_ra/status/1661658353918005249", "https://twitter.com/drb_ra/status/1661658564291710976", "https://twitter.com/drb_ra/status/1661658746492186626", "https://twitter.com/drb_ra/status/1661676931354447873", "https://twitter.com/drb_ra/status/1661677013835345920", "https://twitter.com/drb_ra/status/1661677016821776384", "https://twitter.com/drb_ra/status/1661677052121042945", "https://twitter.com/drb_ra/status/1661677070181703681", "https://twitter.com/drb_ra/status/1661677108555403272", "https://twitter.com/drb_ra/status/1661677106420490240", "https://twitter.com/drb_ra/status/1661677110694486018", "https://twitter.com/drb_ra/status/1661709077855051776", "https://twitter.com/drb_ra/status/1661709364283973632", "https://twitter.com/drb_ra/status/1661709621461958657", "https://twitter.com/drb_ra/status/1661709803863920641" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "1072 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/drb_ra/status/1669811747627098112", "https://twitter.com/drb_ra/status/1669783745245618181", "https://twitter.com/drb_ra/status/1669782637035003905", "https://twitter.com/drb_ra/status/1669783721464004608", "https://twitter.com/drb_ra/status/1661657214782697472", "https://twitter.com/drb_ra/status/1661657604060217344", "https://twitter.com/drb_ra/status/1669754392919126019", "https://twitter.com/drb_ra/status/1669783801231187970", "voyour-cams.xww.de", "https://twitter.com/drb_ra/status/1669628802085920768", "https://twitter.com/drb_ra/status/1669630098553618433", "https://twitter.com/drb_ra/status/1661658746492186626", "https://twitter.com/drb_ra/status/1669781873638141952", "https://twitter.com/drb_ra/status/1669804536846856192", "https://twitter.com/drb_ra/status/1669781962544783368", "https://twitter.com/drb_ra/status/1669685111476944896", "https://twitter.com/drb_ra/status/1661657105848254465", "https://twitter.com/drb_ra/status/1661658353918005249", "https://twitter.com/drb_ra/status/1669629520997957633", "https://twitter.com/drb_ra/status/1669782784804528136", "https://twitter.com/drb_ra/status/1669754331942334475", "https://twitter.com/drb_ra/status/1669781929560879104", "https://twitter.com/drb_ra/status/1661677108555403272", "https://twitter.com/drb_ra/status/1669783586361294851", "https://twitter.com/drb_ra/status/1669783673514741763", "https://twitter.com/drb_ra/status/1661677052121042945", "https://twitter.com/drb_ra/status/1669684576870973442", "https://twitter.com/drb_ra/status/1661709621461958657", "https://twitter.com/drb_ra/status/1669783423970312195", "https://twitter.com/drb_ra/status/1661657790354448384", "https://twitter.com/drb_ra/status/1669629489670770688", "https://twitter.com/drb_ra/status/1669783478211059725", "https://twitter.com/drb_ra/status/1661709077855051776", "https://twitter.com/drb_ra/status/1669782744908406784", "https://twitter.com/drb_ra/status/1661560217811779584", "https://twitter.com/drb_ra/status/1669754576684167192", "https://twitter.com/drb_ra/status/1669783773632708610", "https://twitter.com/drb_ra/status/1669754269401067541", "https://twitter.com/drb_ra/status/1669783685883633673", "https://twitter.com/drb_ra/status/1669783661602807808", "https://twitter.com/drb_ra/status/1669754434316906522", "https://twitter.com/drb_ra/status/1669685169941250051", "https://twitter.com/drb_ra/status/1669754500637241351", "https://twitter.com/drb_ra/status/1669684613172568064", "https://twitter.com/drb_ra/status/1661677016821776384", "https://twitter.com/drb_ra/status/1669783616828612620", "https://twitter.com/drb_ra/status/1669754604546928655", "https://twitter.com/drb_ra/status/1669684268274950144", "https://twitter.com/drb_ra/status/1669630557154693120", "https://twitter.com/drb_ra/status/1669782039963246606", "https://twitter.com/drb_ra/status/1669782830484733952", "https://twitter.com/drb_ra/status/1661658166541647877", "https://twitter.com/drb_ra/status/1669685217563475969", "https://twitter.com/drb_ra/status/1669782573294166026", "https://twitter.com/drb_ra/status/1669782207752183828", "https://twitter.com/drb_ra/status/1661677110694486018", "https://twitter.com/drb_ra/status/1661656667589693441", "https://twitter.com/drb_ra/status/1669685036033949704", "https://twitter.com/drb_ra/status/1669783450402824198", "https://twitter.com/drb_ra/status/1669811744053555200", "https://otx.alienvault.com/malware/Worm:Win32%2FBenjamin/samples", "https://twitter.com/drb_ra/status/1669783596956000269", "https://twitter.com/drb_ra/status/1669754346198773787", "https://twitter.com/drb_ra/status/1669684455601045505", "https://twitter.com/drb_ra/status/1669754271565328404", "https://twitter.com/drb_ra/status/1661657399919357954", "https://twitter.com/drb_ra/status/1669783507063676935", "https://twitter.com/drb_ra/status/1669685301084663809", "https://twitter.com/drb_ra/status/1669629541126397958", "https://twitter.com/drb_ra/status/1661676931354447873", "https://twitter.com/drb_ra/status/1661677013835345920", "https://twitter.com/drb_ra/status/1669685246466334721", "https://twitter.com/drb_ra/status/1669783626035220480", "https://twitter.com/drb_ra/status/1661677070181703681", "https://twitter.com/drb_ra/status/1669783527976476685", "https://twitter.com/drb_ra/status/1669754537932992541", "https://twitter.com/drb_ra/status/1661658564291710976", "https://twitter.com/drb_ra/status/1669629151144230913", "https://twitter.com/drb_ra/status/1669754413462827013", "https://twitter.com/drb_ra/status/1669754474666110979", "https://twitter.com/drb_ra/status/1661677106420490240", "https://twitter.com/drb_ra/status/1661656765954510849", "https://twitter.com/drb_ra/status/1669629563104636929", "https://twitter.com/drb_ra/status/1669754309611859975", "https://twitter.com/drb_ra/status/1661709803863920641", "https://twitter.com/drb_ra/status/1669783607588659200", "https://twitter.com/drb_ra/status/1669754240103854103", "https://twitter.com/drb_ra/status/1669684823349252096", "https://twitter.com/drb_ra/status/1669754449206685713", "https://twitter.com/drb_ra/status/1669781993519718412", "https://twitter.com/drb_ra/status/1661709364283973632", "https://twitter.com/drb_ra/status/1661657942192422912", "https://twitter.com/drb_ra/status/1669782090051641344", "https://twitter.com/drb_ra/status/1669684777497001984", "https://twitter.com/drb_ra/status/1669782239175909392", "https://twitter.com/drb_ra/status/1669782220318318599", "https://twitter.com/drb_ra/status/1669782805528682498", "https://twitter.com/drb_ra/status/1669782070963458049", "https://twitter.com/drb_ra/status/1669783414348587028", "https://twitter.com/drb_ra/status/1669782019113459712", "https://twitter.com/drb_ra/status/1669684487616188416", "https://twitter.com/drb_ra/status/1669783736135680000", "https://twitter.com/drb_ra/status/1669783696390455296", "https://twitter.com/drb_ra/status/1669782033504018450", "https://twitter.com/drb_ra/status/1669781876913872908", "https://twitter.com/drb_ra/status/1661612651258970112", "https://twitter.com/drb_ra/status/1669783550772518928", "https://twitter.com/drb_ra/status/1669754354918731794", "https://twitter.com/drb_ra/status/1669781916185251840", "https://twitter.com/drb_ra/status/1661656939082702850", "https://www.malwarebytes.com/blog/news/2022/10/raspberry-robin-worm-used-as-ransomware-prelude", "https://twitter.com/drb_ra/status/1669783486561959936", "https://twitter.com/drb_ra/status/1669630959593967616", "https://twitter.com/drb_ra/status/1669684433002086405" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Lokibot", "Worm:win32/benjamin", "Raspberry robin", "Roshtyak", "Ghost rat" ], "industries": [], "unique_indicators": 16932 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/xiaopeng111.com", "whois": "http://whois.domaintools.com/xiaopeng111.com", "domain": "xiaopeng111.com", "hostname": "ns3.xiaopeng111.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "65a0194269f81650babf9b6c", "name": "Raspberry Robin | Hijacker | link: voyour-cams.xww.de | Monitoring", "description": "Raspberry Robin aka Worm.RaspberyRobin started out as an annoying, yet relatively low-profile threat that was often installed via USB drive.\nTo be able to act as a backdoor, malware needs to be active or you need to be able to trigger it remotely. Raspberry Robin gains persistence by adding itself to the RunOnce key in the CurrentUser registry hive of the user who executed the initial malware.\n\nBy using command-and-control (C2) servers hosted on Tor nodes the Raspberry Robin implant can be used to distribute other malware.", "modified": "2024-02-10T15:03:45.065000", "created": "2024-01-11T16:37:22.751000", "tags": [ "ssl certificate", "whois record", "contacted", "threat roundup", "historical ssl", "december", "october", "august", "referrer", "execution", "raspberry robin", "ghost rat", "service", "dtrack", "download", "malware", "hijacker", "monitoring", "installer", "masquerading", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "nginx", "parked domain", "parking crew", "malware hosting", "dga parking", "msie", "cmd", "worm", "dga malvertizing" ], "references": [ "voyour-cams.xww.de", "https://otx.alienvault.com/malware/Worm:Win32%2FBenjamin/samples", "https://www.malwarebytes.com/blog/news/2022/10/raspberry-robin-worm-used-as-ransomware-prelude" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "LokiBot", "display_name": "LokiBot", "target": null }, { "id": "Ghost RAT", "display_name": "Ghost RAT", "target": null }, { "id": "Worm:Win32/Benjamin", "display_name": "Worm:Win32/Benjamin", "target": "/malware/Worm:Win32/Benjamin" }, { "id": "Raspberry Robin", "display_name": "Raspberry Robin", "target": null }, { "id": "Roshtyak", "display_name": "Roshtyak", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1052.001", "name": "Exfiltration over USB", "display_name": "T1052.001 - Exfiltration over USB" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1415", "name": "URL Scheme Hijacking", "display_name": "T1415 - URL Scheme Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 81, "FileHash-SHA1": 83, "FileHash-SHA256": 3484, "URL": 7778, "domain": 2468, "hostname": 2348, "email": 2, "CVE": 1 }, "indicator_count": 16245, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "842 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "648cf1d1c06f9da7bc8f2c9d", "name": "Twitter Feed - drb_ra - 16-06-2023", "description": "", "modified": "2023-07-16T23:03:38.959000", "created": "2023-06-16T23:35:45.919000", "tags": [ "CobaltStrike", "Qakbot", "Dcrat" ], "references": [ "https://twitter.com/drb_ra/status/1669628802085920768", "https://twitter.com/drb_ra/status/1669629151144230913", "https://twitter.com/drb_ra/status/1669629489670770688", "https://twitter.com/drb_ra/status/1669629520997957633", "https://twitter.com/drb_ra/status/1669629541126397958", "https://twitter.com/drb_ra/status/1669629563104636929", "https://twitter.com/drb_ra/status/1669630098553618433", "https://twitter.com/drb_ra/status/1669630557154693120", "https://twitter.com/drb_ra/status/1669630959593967616", "https://twitter.com/drb_ra/status/1669684268274950144", "https://twitter.com/drb_ra/status/1669684433002086405", "https://twitter.com/drb_ra/status/1669684455601045505", "https://twitter.com/drb_ra/status/1669684487616188416", "https://twitter.com/drb_ra/status/1669684576870973442", "https://twitter.com/drb_ra/status/1669684613172568064", "https://twitter.com/drb_ra/status/1669684777497001984", "https://twitter.com/drb_ra/status/1669684823349252096", "https://twitter.com/drb_ra/status/1669685036033949704", "https://twitter.com/drb_ra/status/1669685111476944896", "https://twitter.com/drb_ra/status/1669685169941250051", "https://twitter.com/drb_ra/status/1669685217563475969", "https://twitter.com/drb_ra/status/1669685246466334721", "https://twitter.com/drb_ra/status/1669685301084663809", "https://twitter.com/drb_ra/status/1669754240103854103", "https://twitter.com/drb_ra/status/1669754271565328404", "https://twitter.com/drb_ra/status/1669754269401067541", "https://twitter.com/drb_ra/status/1669754309611859975", "https://twitter.com/drb_ra/status/1669754331942334475", "https://twitter.com/drb_ra/status/1669754346198773787", "https://twitter.com/drb_ra/status/1669754354918731794", "https://twitter.com/drb_ra/status/1669754392919126019", "https://twitter.com/drb_ra/status/1669754413462827013", "https://twitter.com/drb_ra/status/1669754434316906522", "https://twitter.com/drb_ra/status/1669754449206685713", "https://twitter.com/drb_ra/status/1669754474666110979", "https://twitter.com/drb_ra/status/1669754500637241351", "https://twitter.com/drb_ra/status/1669754537932992541", "https://twitter.com/drb_ra/status/1669754576684167192", "https://twitter.com/drb_ra/status/1669754604546928655", "https://twitter.com/drb_ra/status/1669781873638141952", "https://twitter.com/drb_ra/status/1669781876913872908", "https://twitter.com/drb_ra/status/1669781916185251840", "https://twitter.com/drb_ra/status/1669781929560879104", "https://twitter.com/drb_ra/status/1669781962544783368", "https://twitter.com/drb_ra/status/1669781993519718412", "https://twitter.com/drb_ra/status/1669782019113459712", "https://twitter.com/drb_ra/status/1669782033504018450", "https://twitter.com/drb_ra/status/1669782039963246606", "https://twitter.com/drb_ra/status/1669782070963458049", "https://twitter.com/drb_ra/status/1669782090051641344", "https://twitter.com/drb_ra/status/1669782207752183828", "https://twitter.com/drb_ra/status/1669782220318318599", "https://twitter.com/drb_ra/status/1669782239175909392", "https://twitter.com/drb_ra/status/1669782573294166026", "https://twitter.com/drb_ra/status/1669782637035003905", "https://twitter.com/drb_ra/status/1669782744908406784", "https://twitter.com/drb_ra/status/1669782784804528136", "https://twitter.com/drb_ra/status/1669782805528682498", "https://twitter.com/drb_ra/status/1669782830484733952", "https://twitter.com/drb_ra/status/1669783414348587028", "https://twitter.com/drb_ra/status/1669783423970312195", "https://twitter.com/drb_ra/status/1669783450402824198", "https://twitter.com/drb_ra/status/1669783478211059725", "https://twitter.com/drb_ra/status/1669783486561959936", "https://twitter.com/drb_ra/status/1669783507063676935", "https://twitter.com/drb_ra/status/1669783527976476685", "https://twitter.com/drb_ra/status/1669783550772518928", "https://twitter.com/drb_ra/status/1669783586361294851", "https://twitter.com/drb_ra/status/1669783596956000269", "https://twitter.com/drb_ra/status/1669783607588659200", "https://twitter.com/drb_ra/status/1669783616828612620", "https://twitter.com/drb_ra/status/1669783626035220480", "https://twitter.com/drb_ra/status/1669783661602807808", "https://twitter.com/drb_ra/status/1669783673514741763", "https://twitter.com/drb_ra/status/1669783685883633673", "https://twitter.com/drb_ra/status/1669783696390455296", "https://twitter.com/drb_ra/status/1669783721464004608", "https://twitter.com/drb_ra/status/1669783736135680000", "https://twitter.com/drb_ra/status/1669783745245618181", "https://twitter.com/drb_ra/status/1669783773632708610", "https://twitter.com/drb_ra/status/1669783801231187970", "https://twitter.com/drb_ra/status/1669804536846856192", "https://twitter.com/drb_ra/status/1669811744053555200", "https://twitter.com/drb_ra/status/1669811747627098112" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 56 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "1050 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "646feea05a69ce1fad65db0d", "name": "Twitter Feed - drb_ra - 25-05-2023", "description": "", "modified": "2023-06-24T23:03:28.853000", "created": "2023-05-25T23:26:24.203000", "tags": [ "CobaltStrike" ], "references": [ "https://twitter.com/drb_ra/status/1661560217811779584", "https://twitter.com/drb_ra/status/1661612651258970112", "https://twitter.com/drb_ra/status/1661656667589693441", "https://twitter.com/drb_ra/status/1661656765954510849", "https://twitter.com/drb_ra/status/1661656939082702850", "https://twitter.com/drb_ra/status/1661657105848254465", "https://twitter.com/drb_ra/status/1661657214782697472", "https://twitter.com/drb_ra/status/1661657399919357954", "https://twitter.com/drb_ra/status/1661657604060217344", "https://twitter.com/drb_ra/status/1661657790354448384", "https://twitter.com/drb_ra/status/1661657942192422912", "https://twitter.com/drb_ra/status/1661658166541647877", "https://twitter.com/drb_ra/status/1661658353918005249", "https://twitter.com/drb_ra/status/1661658564291710976", "https://twitter.com/drb_ra/status/1661658746492186626", "https://twitter.com/drb_ra/status/1661676931354447873", "https://twitter.com/drb_ra/status/1661677013835345920", "https://twitter.com/drb_ra/status/1661677016821776384", "https://twitter.com/drb_ra/status/1661677052121042945", "https://twitter.com/drb_ra/status/1661677070181703681", "https://twitter.com/drb_ra/status/1661677108555403272", "https://twitter.com/drb_ra/status/1661677106420490240", "https://twitter.com/drb_ra/status/1661677110694486018", "https://twitter.com/drb_ra/status/1661709077855051776", "https://twitter.com/drb_ra/status/1661709364283973632", "https://twitter.com/drb_ra/status/1661709621461958657", "https://twitter.com/drb_ra/status/1661709803863920641" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "1072 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://ns3.xiaopeng111.com/load", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://ns3.xiaopeng111.com/load", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780354725.1024253 }