{ "type": "URL", "indicator": "https://osce12-0-sc.url.asiainfo-sec.com/dist/css/bootstrap.min.css", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://osce12-0-sc.url.asiainfo-sec.com/dist/css/bootstrap.min.css", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3691090248, "indicator": "https://osce12-0-sc.url.asiainfo-sec.com/dist/css/bootstrap.min.css", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "68bbb31f6d91989d7fcd9592", "name": "Who is Argus Health Systems in relation to United Healthcare", "description": "Strange. Person/s handling a monitored targeted past accounts was contacted to have old bills paid. Told individual had Argus Health Insurance that wouldn\u2019t pay.\n\nIssues: \u2022 Individual wasn\u2019t a client of vendor in 2024\n\u2022 Was never an Argus client.\n\u2022 Social engineering type call. Angry employee demanding copy of front and back of Health Care Insurance card for UH payments for items purchased after approved prior authorization for in past purchases. \n\u2022 Gave an incredible amount of PHI over phone w/o appropriate new (or former) HIPPA standard verification. \u2022 Angrily refused to provide billing # or requesters name.\n*United Health Care has paid ZERO bills. \n* \n(Auto populated - Anel arauchealth cam) | https://www.argushealth.com. Argus Health Systems is a healthcare technology company based in Kansas City, MO. Specializing in pharmacy benefit management ...", "modified": "2025-10-06T03:04:31.707000", "created": "2025-09-06T04:05:50.955000", "tags": [ "server", "date", "registrar abuse", "csc corporate", "domains", "algorithm", "key identifier", "x509v3 subject", "country", "postal code", "code", "united", "showing", "entries", "ip address", "search", "name servers", "unknown aaaa", "domain add", "pulse submit", "passive dns", "content type", "type content", "all ipv4", "url analysis", "urls", "files", "title", "meta", "certificate", "creation date", "record value", "hostname add", "domain", "unknown ns", "china unknown", "body", "please", "x msedge", "pulse pulses", "present aug", "hong kong", "extraction", "data upload", "levelbluelabs", "search otx", "pcap", "stix", "url or", "texdr", "failedto", "drop", "aaaa", "record type", "ttl value", "historical ssl", "certificates", "thumbprint", "present jan", "next associated", "urls show", "date checked", "url hostname", "server response", "google safe", "results jul", "present jun", "moved", "gmt content", "a domains", "next http", "scans show", "error", "present sep", "present may", "present jul", "present mar", "present apr" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2091, "domain": 817, "URL": 7939, "email": 5, "FileHash-SHA256": 2960, "FileHash-SHA1": 240, "FileHash-MD5": 227 }, "indicator_count": 14279, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "240 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "689fb86af7ae894997245158", "name": "Lumen Technologies attacks. Affects telecommunication between patient and Intermountain Health", "description": "Severely impacted a monitored target\u2019s communication with health provider , prohibited patient calls, borne answering calls at UC Health & Intermountain Healthcare. Targets devices routed and / or hijacked by or to other known carriers.\nImpacts Medicaid patient files. NOT CHINA. Colorado. Message #trulymissed intentionally routed to outbound decimated her health & provider relationships. \n\u201cYour administrator contact lumen at 877-453-8353 to resolve the issue. You may dial zero to be connected with an operator to complete your call. The charges may apply operator services will require a valid telephone number and a method of payment for charges to complete the call thank you for calling Luman error code CPN1\u201d\n\nWin32:Downloader-KEQ\\ [Trj]\t\t\n#Lowfi:Cutwail_Upatre_GameOver_Obfuscator\n#malware #Schoolboy\n#.Bulz\n#trojan #Redline\n#.Dorkbot\t#Azorult\n#HawkEye\n#Msilperseus\n#AgentTesla\nhacktool:MSIL/Boilod", "modified": "2025-09-14T21:02:42.856000", "created": "2025-08-15T22:44:58.153000", "tags": [ "united", "passive dns", "ipv4", "pulse submit", "url analysis", "urls", "files", "reverse dns", "location united", "america flag", "creation date", "communications", "expiration date", "domain", "files ip", "address", "asn as3356", "el dorado", "present jun", "present dec", "present sep", "present nov", "present may", "entries", "showing", "next associated", "urls show", "search", "read c", "show", "medium", "unicode", "rgba", "next", "memcommit", "delete", "dock", "write", "execution", "copy", "status", "value emails", "name level", "llc name", "org level", "llc address", "city broomfield", "date", "error nov", "next http", "scans record", "value", "body head", "document moved", "title head", "object moved", "href http", "denver", "hostname add", "ip address", "pulse pulses", "verdict", "present aug", "name servers", "hong kong", "china unknown", "domain add", "present jul", "china showing", "date checked", "url hostname", "mirai", "crlf line", "body", "please", "x msedge", "unknown ns", "unknown soa", "trojan", "virtool", "ipv4 add", "hostname", "set cookie", "accept", "dispatcher", "ref b", "wed may", "backdoor", "mtb aug", "mtb dec", "twitter", "smoke loader", "malware", "hacktool", "mtb feb", "aaaa", "cname" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 562, "hostname": 1988, "URL": 7800, "FileHash-SHA256": 657, "email": 5, "FileHash-MD5": 150, "FileHash-SHA1": 127 }, "indicator_count": 11289, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "261 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "647a7a8fcb56cfb9936228ed", "name": "Twitter Feed - drb_ra - 02-06-2023", "description": "", "modified": "2023-07-02T23:03:26.565000", "created": "2023-06-02T23:26:07.884000", "tags": [ "CobaltStrike", "Qakbot" ], "references": [ "https://twitter.com/drb_ra/status/1664459038052974592", "https://twitter.com/drb_ra/status/1664459647116361729", "https://twitter.com/drb_ra/status/1664562335040643073", "https://twitter.com/drb_ra/status/1664562476728430592", "https://twitter.com/drb_ra/status/1664562580734504962", "https://twitter.com/drb_ra/status/1664611855417917440", "https://twitter.com/drb_ra/status/1664611929724186624", "https://twitter.com/drb_ra/status/1664612046090977281", "https://twitter.com/drb_ra/status/1664612334680125442", "https://twitter.com/drb_ra/status/1664612653531291651", "https://twitter.com/drb_ra/status/1664612694249308160", "https://twitter.com/drb_ra/status/1664612879314608139", "https://twitter.com/drb_ra/status/1664626224432283650", "https://twitter.com/drb_ra/status/1664626268770553857", "https://twitter.com/drb_ra/status/1664626316077924352", "https://twitter.com/drb_ra/status/1664680883712819204", "https://twitter.com/drb_ra/status/1664680914402541569", "https://twitter.com/drb_ra/status/1664680944295354368", "https://twitter.com/drb_ra/status/1664680973781303304", "https://twitter.com/drb_ra/status/1664681008103292933", "https://twitter.com/drb_ra/status/1664681046523117594", "https://twitter.com/drb_ra/status/1664681096322088962", "https://twitter.com/drb_ra/status/1664681156179001546", "https://twitter.com/drb_ra/status/1664681178857603078", "https://twitter.com/drb_ra/status/1664681209417302019", "https://twitter.com/drb_ra/status/1664681243101757457", "https://twitter.com/drb_ra/status/1664681278883483648", "https://twitter.com/drb_ra/status/1664681298332352514", "https://twitter.com/drb_ra/status/1664681359762128900", "https://twitter.com/drb_ra/status/1664681387511762944", "https://twitter.com/drb_ra/status/1664681405232578565", "https://twitter.com/drb_ra/status/1664681442448637983", "https://twitter.com/drb_ra/status/1664681463906807808", "https://twitter.com/drb_ra/status/1664681480444936193", "https://twitter.com/drb_ra/status/1664681512724201472", "https://twitter.com/drb_ra/status/1664681534459084816", "https://twitter.com/drb_ra/status/1664704770983055366", "https://twitter.com/drb_ra/status/1664704904273842193", "https://twitter.com/drb_ra/status/1664704924473610265", "https://twitter.com/drb_ra/status/1664704959118561297", "https://twitter.com/drb_ra/status/1664705387843538961", "https://twitter.com/drb_ra/status/1664705640118341632", "https://twitter.com/drb_ra/status/1664705732925706241", "https://twitter.com/drb_ra/status/1664705763154055180", "https://twitter.com/drb_ra/status/1664705778584899592", "https://twitter.com/drb_ra/status/1664705808238628873", "https://twitter.com/drb_ra/status/1664705965248204803", "https://twitter.com/drb_ra/status/1664705977394909201", "https://twitter.com/drb_ra/status/1664706002804002821", "https://twitter.com/drb_ra/status/1664706021502210084", "https://twitter.com/drb_ra/status/1664706032566784023", "https://twitter.com/drb_ra/status/1664706042633113607", "https://twitter.com/drb_ra/status/1664706053534109716", "https://twitter.com/drb_ra/status/1664706068566495238", "https://twitter.com/drb_ra/status/1664706077550686208", "https://twitter.com/drb_ra/status/1664706087008849932", "https://twitter.com/drb_ra/status/1664706100384485393", "https://twitter.com/drb_ra/status/1664706131397156864", "https://twitter.com/drb_ra/status/1664706148883222543", "https://twitter.com/drb_ra/status/1664706159989645312", "https://twitter.com/drb_ra/status/1664706177878446094", "https://twitter.com/drb_ra/status/1664706206907224071", "https://twitter.com/drb_ra/status/1664706216491208727", "https://twitter.com/drb_ra/status/1664706232005939205", "https://twitter.com/drb_ra/status/1664706257196929043", "https://twitter.com/drb_ra/status/1664706287777587201" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 39 }, "indicator_count": 39, "is_author": false, "is_subscribing": null, "subscriber_count": 1624, "modified_text": "1066 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/drb_ra/status/1664706232005939205", "https://twitter.com/drb_ra/status/1664706148883222543", "https://twitter.com/drb_ra/status/1664681387511762944", "https://twitter.com/drb_ra/status/1664681534459084816", "https://twitter.com/drb_ra/status/1664612879314608139", "https://twitter.com/drb_ra/status/1664704924473610265", "https://twitter.com/drb_ra/status/1664681480444936193", "https://twitter.com/drb_ra/status/1664681442448637983", "https://twitter.com/drb_ra/status/1664612694249308160", "https://twitter.com/drb_ra/status/1664681209417302019", "https://twitter.com/drb_ra/status/1664706021502210084", "https://twitter.com/drb_ra/status/1664704959118561297", "https://twitter.com/drb_ra/status/1664626224432283650", "https://twitter.com/drb_ra/status/1664706042633113607", "https://twitter.com/drb_ra/status/1664459038052974592", "https://twitter.com/drb_ra/status/1664706177878446094", "https://twitter.com/drb_ra/status/1664706206907224071", "https://twitter.com/drb_ra/status/1664612653531291651", "https://twitter.com/drb_ra/status/1664681405232578565", "https://twitter.com/drb_ra/status/1664681008103292933", "https://twitter.com/drb_ra/status/1664704770983055366", "https://twitter.com/drb_ra/status/1664706131397156864", "https://twitter.com/drb_ra/status/1664706216491208727", "https://twitter.com/drb_ra/status/1664681298332352514", "https://twitter.com/drb_ra/status/1664705387843538961", "https://twitter.com/drb_ra/status/1664681463906807808", "https://twitter.com/drb_ra/status/1664706287777587201", "https://twitter.com/drb_ra/status/1664706087008849932", "https://twitter.com/drb_ra/status/1664705763154055180", "https://twitter.com/drb_ra/status/1664706077550686208", "https://twitter.com/drb_ra/status/1664612046090977281", "https://twitter.com/drb_ra/status/1664705977394909201", "https://twitter.com/drb_ra/status/1664626316077924352", "https://twitter.com/drb_ra/status/1664705965248204803", "https://twitter.com/drb_ra/status/1664680883712819204", "https://twitter.com/drb_ra/status/1664706100384485393", "https://twitter.com/drb_ra/status/1664681278883483648", "https://twitter.com/drb_ra/status/1664626268770553857", "https://twitter.com/drb_ra/status/1664705732925706241", "https://twitter.com/drb_ra/status/1664562335040643073", "https://twitter.com/drb_ra/status/1664706257196929043", "https://twitter.com/drb_ra/status/1664680944295354368", "https://twitter.com/drb_ra/status/1664562476728430592", "https://twitter.com/drb_ra/status/1664705778584899592", "https://twitter.com/drb_ra/status/1664705808238628873", "https://twitter.com/drb_ra/status/1664611855417917440", "https://twitter.com/drb_ra/status/1664681359762128900", "https://twitter.com/drb_ra/status/1664681156179001546", "https://twitter.com/drb_ra/status/1664704904273842193", "https://twitter.com/drb_ra/status/1664706032566784023", "https://twitter.com/drb_ra/status/1664706068566495238", "https://twitter.com/drb_ra/status/1664680973781303304", "https://twitter.com/drb_ra/status/1664706053534109716", "https://twitter.com/drb_ra/status/1664681046523117594", "https://twitter.com/drb_ra/status/1664680914402541569", "https://twitter.com/drb_ra/status/1664705640118341632", "https://twitter.com/drb_ra/status/1664611929724186624", "https://twitter.com/drb_ra/status/1664681178857603078", "https://twitter.com/drb_ra/status/1664459647116361729", "https://twitter.com/drb_ra/status/1664681096322088962", "https://twitter.com/drb_ra/status/1664562580734504962", "https://twitter.com/drb_ra/status/1664706159989645312", "https://twitter.com/drb_ra/status/1664706002804002821", "https://twitter.com/drb_ra/status/1664681243101757457", "https://twitter.com/drb_ra/status/1664612334680125442", "https://twitter.com/drb_ra/status/1664681512724201472" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 22372 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/asiainfo-sec.com", "whois": "http://whois.domaintools.com/asiainfo-sec.com", "domain": "asiainfo-sec.com", "hostname": "osce12-0-sc.url.asiainfo-sec.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "68bbb31f6d91989d7fcd9592", "name": "Who is Argus Health Systems in relation to United Healthcare", "description": "Strange. Person/s handling a monitored targeted past accounts was contacted to have old bills paid. Told individual had Argus Health Insurance that wouldn\u2019t pay.\n\nIssues: \u2022 Individual wasn\u2019t a client of vendor in 2024\n\u2022 Was never an Argus client.\n\u2022 Social engineering type call. Angry employee demanding copy of front and back of Health Care Insurance card for UH payments for items purchased after approved prior authorization for in past purchases. \n\u2022 Gave an incredible amount of PHI over phone w/o appropriate new (or former) HIPPA standard verification. \u2022 Angrily refused to provide billing # or requesters name.\n*United Health Care has paid ZERO bills. \n* \n(Auto populated - Anel arauchealth cam) | https://www.argushealth.com. Argus Health Systems is a healthcare technology company based in Kansas City, MO. Specializing in pharmacy benefit management ...", "modified": "2025-10-06T03:04:31.707000", "created": "2025-09-06T04:05:50.955000", "tags": [ "server", "date", "registrar abuse", "csc corporate", "domains", "algorithm", "key identifier", "x509v3 subject", "country", "postal code", "code", "united", "showing", "entries", "ip address", "search", "name servers", "unknown aaaa", "domain add", "pulse submit", "passive dns", "content type", "type content", "all ipv4", "url analysis", "urls", "files", "title", "meta", "certificate", "creation date", "record value", "hostname add", "domain", "unknown ns", "china unknown", "body", "please", "x msedge", "pulse pulses", "present aug", "hong kong", "extraction", "data upload", "levelbluelabs", "search otx", "pcap", "stix", "url or", "texdr", "failedto", "drop", "aaaa", "record type", "ttl value", "historical ssl", "certificates", "thumbprint", "present jan", "next associated", "urls show", "date checked", "url hostname", "server response", "google safe", "results jul", "present jun", "moved", "gmt content", "a domains", "next http", "scans show", "error", "present sep", "present may", "present jul", "present mar", "present apr" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2091, "domain": 817, "URL": 7939, "email": 5, "FileHash-SHA256": 2960, "FileHash-SHA1": 240, "FileHash-MD5": 227 }, "indicator_count": 14279, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "240 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "689fb86af7ae894997245158", "name": "Lumen Technologies attacks. Affects telecommunication between patient and Intermountain Health", "description": "Severely impacted a monitored target\u2019s communication with health provider , prohibited patient calls, borne answering calls at UC Health & Intermountain Healthcare. Targets devices routed and / or hijacked by or to other known carriers.\nImpacts Medicaid patient files. NOT CHINA. Colorado. Message #trulymissed intentionally routed to outbound decimated her health & provider relationships. \n\u201cYour administrator contact lumen at 877-453-8353 to resolve the issue. You may dial zero to be connected with an operator to complete your call. The charges may apply operator services will require a valid telephone number and a method of payment for charges to complete the call thank you for calling Luman error code CPN1\u201d\n\nWin32:Downloader-KEQ\\ [Trj]\t\t\n#Lowfi:Cutwail_Upatre_GameOver_Obfuscator\n#malware #Schoolboy\n#.Bulz\n#trojan #Redline\n#.Dorkbot\t#Azorult\n#HawkEye\n#Msilperseus\n#AgentTesla\nhacktool:MSIL/Boilod", "modified": "2025-09-14T21:02:42.856000", "created": "2025-08-15T22:44:58.153000", "tags": [ "united", "passive dns", "ipv4", "pulse submit", "url analysis", "urls", "files", "reverse dns", "location united", "america flag", "creation date", "communications", "expiration date", "domain", "files ip", "address", "asn as3356", "el dorado", "present jun", "present dec", "present sep", "present nov", "present may", "entries", "showing", "next associated", "urls show", "search", "read c", "show", "medium", "unicode", "rgba", "next", "memcommit", "delete", "dock", "write", "execution", "copy", "status", "value emails", "name level", "llc name", "org level", "llc address", "city broomfield", "date", "error nov", "next http", "scans record", "value", "body head", "document moved", "title head", "object moved", "href http", "denver", "hostname add", "ip address", "pulse pulses", "verdict", "present aug", "name servers", "hong kong", "china unknown", "domain add", "present jul", "china showing", "date checked", "url hostname", "mirai", "crlf line", "body", "please", "x msedge", "unknown ns", "unknown soa", "trojan", "virtool", "ipv4 add", "hostname", "set cookie", "accept", "dispatcher", "ref b", "wed may", "backdoor", "mtb aug", "mtb dec", "twitter", "smoke loader", "malware", "hacktool", "mtb feb", "aaaa", "cname" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 562, "hostname": 1988, "URL": 7800, "FileHash-SHA256": 657, "email": 5, "FileHash-MD5": 150, "FileHash-SHA1": 127 }, "indicator_count": 11289, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "261 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "647a7a8fcb56cfb9936228ed", "name": "Twitter Feed - drb_ra - 02-06-2023", "description": "", "modified": "2023-07-02T23:03:26.565000", "created": "2023-06-02T23:26:07.884000", "tags": [ "CobaltStrike", "Qakbot" ], "references": [ "https://twitter.com/drb_ra/status/1664459038052974592", "https://twitter.com/drb_ra/status/1664459647116361729", "https://twitter.com/drb_ra/status/1664562335040643073", "https://twitter.com/drb_ra/status/1664562476728430592", "https://twitter.com/drb_ra/status/1664562580734504962", "https://twitter.com/drb_ra/status/1664611855417917440", "https://twitter.com/drb_ra/status/1664611929724186624", "https://twitter.com/drb_ra/status/1664612046090977281", "https://twitter.com/drb_ra/status/1664612334680125442", "https://twitter.com/drb_ra/status/1664612653531291651", "https://twitter.com/drb_ra/status/1664612694249308160", "https://twitter.com/drb_ra/status/1664612879314608139", "https://twitter.com/drb_ra/status/1664626224432283650", "https://twitter.com/drb_ra/status/1664626268770553857", "https://twitter.com/drb_ra/status/1664626316077924352", "https://twitter.com/drb_ra/status/1664680883712819204", "https://twitter.com/drb_ra/status/1664680914402541569", "https://twitter.com/drb_ra/status/1664680944295354368", "https://twitter.com/drb_ra/status/1664680973781303304", "https://twitter.com/drb_ra/status/1664681008103292933", "https://twitter.com/drb_ra/status/1664681046523117594", "https://twitter.com/drb_ra/status/1664681096322088962", "https://twitter.com/drb_ra/status/1664681156179001546", "https://twitter.com/drb_ra/status/1664681178857603078", "https://twitter.com/drb_ra/status/1664681209417302019", "https://twitter.com/drb_ra/status/1664681243101757457", "https://twitter.com/drb_ra/status/1664681278883483648", "https://twitter.com/drb_ra/status/1664681298332352514", "https://twitter.com/drb_ra/status/1664681359762128900", "https://twitter.com/drb_ra/status/1664681387511762944", "https://twitter.com/drb_ra/status/1664681405232578565", "https://twitter.com/drb_ra/status/1664681442448637983", "https://twitter.com/drb_ra/status/1664681463906807808", "https://twitter.com/drb_ra/status/1664681480444936193", "https://twitter.com/drb_ra/status/1664681512724201472", "https://twitter.com/drb_ra/status/1664681534459084816", "https://twitter.com/drb_ra/status/1664704770983055366", "https://twitter.com/drb_ra/status/1664704904273842193", "https://twitter.com/drb_ra/status/1664704924473610265", "https://twitter.com/drb_ra/status/1664704959118561297", "https://twitter.com/drb_ra/status/1664705387843538961", "https://twitter.com/drb_ra/status/1664705640118341632", "https://twitter.com/drb_ra/status/1664705732925706241", "https://twitter.com/drb_ra/status/1664705763154055180", "https://twitter.com/drb_ra/status/1664705778584899592", "https://twitter.com/drb_ra/status/1664705808238628873", "https://twitter.com/drb_ra/status/1664705965248204803", "https://twitter.com/drb_ra/status/1664705977394909201", "https://twitter.com/drb_ra/status/1664706002804002821", "https://twitter.com/drb_ra/status/1664706021502210084", "https://twitter.com/drb_ra/status/1664706032566784023", "https://twitter.com/drb_ra/status/1664706042633113607", "https://twitter.com/drb_ra/status/1664706053534109716", "https://twitter.com/drb_ra/status/1664706068566495238", "https://twitter.com/drb_ra/status/1664706077550686208", "https://twitter.com/drb_ra/status/1664706087008849932", "https://twitter.com/drb_ra/status/1664706100384485393", "https://twitter.com/drb_ra/status/1664706131397156864", "https://twitter.com/drb_ra/status/1664706148883222543", "https://twitter.com/drb_ra/status/1664706159989645312", "https://twitter.com/drb_ra/status/1664706177878446094", "https://twitter.com/drb_ra/status/1664706206907224071", "https://twitter.com/drb_ra/status/1664706216491208727", "https://twitter.com/drb_ra/status/1664706232005939205", "https://twitter.com/drb_ra/status/1664706257196929043", "https://twitter.com/drb_ra/status/1664706287777587201" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 39 }, "indicator_count": 39, "is_author": false, "is_subscribing": null, "subscriber_count": 1624, "modified_text": "1066 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://osce12-0-sc.url.asiainfo-sec.com/dist/css/bootstrap.min.css", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://osce12-0-sc.url.asiainfo-sec.com/dist/css/bootstrap.min.css", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780472877.741238 }