{
"type": "URL",
"indicator": "https://pastebin.com/ysr9kKrt",
"general": {
"sections": [
"general",
"url_list",
"http_scans",
"screenshot"
],
"indicator": "https://pastebin.com/ysr9kKrt",
"type": "url",
"type_title": "URL",
"validation": [
{
"source": "akamai",
"message": "Akamai rank: #7443",
"name": "Akamai Popular Domain"
},
{
"source": "whitelist",
"message": "Whitelisted domain pastebin.com",
"name": "Whitelisted domain"
},
{
"source": "majestic",
"message": "Whitelisted domain pastebin.com",
"name": "Whitelisted domain"
}
],
"base_indicator": {
"id": 4037178145,
"indicator": "https://pastebin.com/ysr9kKrt",
"type": "URL",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 3,
"pulses": [
{
"id": "68b78d521f024d3a98fc79c8",
"name": "VT Graph miniuser - Databreach IOCs & Links",
"description": "Related to Pulse: Food for Thought (Updated 09.02.25)\n\n*Note most links are malicious",
"modified": "2025-10-03T00:01:12.616000",
"created": "2025-09-03T00:35:30.936000",
"tags": [
"kgs0",
"kls0",
"entity",
"UAlberta",
"University of Alberta",
"Hacked",
"DataBreach"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 132,
"FileHash-SHA1": 121,
"FileHash-SHA256": 711,
"URL": 83,
"domain": 50,
"hostname": 125
},
"indicator_count": 1222,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "242 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "67e709c0cfa1a1851d81a657",
"name": "Government of Alberta ** Domain Analysis - 05.05.25",
"description": "Domain Name: alberta.ca\nRegistry Domain ID: D198023-CIRA\nRegistrar WHOIS Server: whois.ca.fury.ca\nRegistrar URL: webnames.ca\nRegistrar: Webnames.ca Inc.\nRegistrar IANA ID: 456\nRegistrar Abuse Contact Email: abuse@webnames.ca\nRegistrar Abuse Contact Phone: +1.8662217878\n\nRegistry Registrant ID: R2532-CIRA\nRegistrant Name: Alberta Provincial Government\n3720 - 76 Avenue, Main Floor - Access Building\nEdmonton, AB T6B2N9, CA\nPh: +1.7806381828\nFax: +1.7806385949\nRegistrant Email: dutyweb@gov.ab.ca\nRegistry Admin ID: C851779-CIRA\nAdmin Name: CERTS Analyst\nAdmin Email: certs@gov.ab.ca\nRegistry Tech ID: C851781-CIRA\n\nName Server: is-dns1.gov.ab.ca\nName Server: is-dns3.gov.ab.ca\nDNSSEC: unsigned",
"modified": "2025-06-05T02:05:37.765000",
"created": "2025-03-28T20:42:40.389000",
"tags": [
"sandbox",
"malware",
"analysis",
"online",
"submit",
"vxstream",
"sample",
"download",
"trojan",
"apt",
"ansi",
"symbol",
"memoryfile scan",
"path",
"alberta",
"prefetch8 ansi",
"please",
"show process",
"date",
"span",
"find",
"facebook",
"twitter",
"footer",
"iframe",
"suspicious",
"body",
"generator",
"april",
"energy",
"comspec",
"hybrid",
"form",
"main",
"model",
"close",
"click",
"hosts",
"general",
"starfield",
"strings",
"contact",
"triage",
"report",
"reported",
"analyze",
"download submit",
"sha512",
"sha256",
"prefetch8",
"sha1",
"filesize",
"file",
"prefetch1",
"dataedge cloud",
"process key",
"config",
"copy",
"target",
"impact",
"javascript",
"threat intelligence",
"feed",
"ioc",
"change theme",
"contact us",
"intelligence",
"threats api",
"analyze api",
"overview",
"threats explore",
"rate limits",
"stixtaxii",
"bulk export",
"virus",
"ransomware",
"static",
"indicator of compromise",
"extraction",
"emulation",
"platform",
"eid2",
"eid3",
"uaaaaaaai",
"eid104",
"malcore",
"file analysis",
"historical dns",
"info",
"login",
"scan",
"domain analysis",
"discovered ip",
"subdomains",
"info malcore",
"simple file",
"policy terms",
"intelligence x",
"results",
"product blog",
"sign",
"most relevant",
"darknet",
"please search",
"search advanced",
"categories date",
"term",
"slow",
"scroll",
"schedule",
"cavalier",
"bayonet",
"full report",
"users",
"free report",
"hudson rock",
"attack surface",
"customers",
"demo explore",
"tools",
"third",
"protect",
"over",
"rock",
"service"
],
"references": [
"https://hybrid-analysis.com/sample/b0221df98cf7c8cbb752166c2942167038905c6ce60cd4289bee7d6c9d9c9981/67e70010db76da6d2704fa75",
"https://tria.ge/250328-yq3hrsz1c1/behavioral1",
"https://www.virustotal.com/gui/domain/alberta.ca",
"https://pulsedive.com/indicator/?iid=9866511",
"https://www.filescan.io/uploads/67e70367631830704a8a8a0c/reports/0cb06032-68da-40e4-8f2a-f2ef06384df8/ioc",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce = Domain Analysis (refer to databreaches)",
"https://intelx.io/?s=alberta.ca",
"https://www.hudsonrock.com/search?domain=alberta.ca",
"https://polyswarm.network/scan/results/url/8f3e04dffd9a4447667ca0135138ca8da321c66c9dbd6be815c17e2aa6e6f292",
"https://www.urlvoid.com/whois-lookup/",
"https://app.pentester.com/scans/U2NhblR5cGU6NjM1NDk1OA==",
"https://cwe.mitre.org/data/definitions/79.html",
"https://www.virustotal.com/gui/domain/alberta.ca/relations",
"http://ci-www.threatcrowd.org/domain.php?domain=alberta.ca",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce",
"https://www.hybrid-analysis.com/sample/9b22c3771c435ce35bd0d8c766594a7e01156167829b60155e028d8852c69ba2/681974f451849933040662f6",
"https://www.filescan.io/uploads/68197523c7418694c8a5dcd3/reports/ae06283d-f5d8-426d-a32c-1a04566e7635/ioc"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1129",
"name": "Shared Modules",
"display_name": "T1129 - Shared Modules"
},
{
"id": "T1518",
"name": "Software Discovery",
"display_name": "T1518 - Software Discovery"
},
{
"id": "T1553",
"name": "Subvert Trust Controls",
"display_name": "T1553 - Subvert Trust Controls"
},
{
"id": "T1566",
"name": "Phishing",
"display_name": "T1566 - Phishing"
},
{
"id": "T1568",
"name": "Dynamic Resolution",
"display_name": "T1568 - Dynamic Resolution"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1583",
"name": "Acquire Infrastructure",
"display_name": "T1583 - Acquire Infrastructure"
},
{
"id": "T1012",
"name": "Query Registry",
"display_name": "T1012 - Query Registry"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1217",
"name": "Browser Bookmark Discovery",
"display_name": "T1217 - Browser Bookmark Discovery"
}
],
"industries": [
"Education",
"Technology",
"Government",
"Healthcare"
],
"TLP": "white",
"cloned_from": null,
"export_count": 62,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 2,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 126,
"FileHash-SHA1": 118,
"FileHash-SHA256": 347,
"SSLCertFingerprint": 18,
"domain": 149,
"email": 16,
"URL": 478,
"hostname": 1562,
"CVE": 7
},
"indicator_count": 2821,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 130,
"modified_text": "362 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "67b109cbfbcc6f92c399b327",
"name": "UAlberta Breach Data - Food for thought - thoughts & input on how to 'bring some attention to this' (not enriched)",
"description": "Just thought I'd throw thisntogether and 'see what ya'll make of it' (documents a VT graph produced and slightly modified) that pulls a lot of things together. Highlights both 'some problems' - U of A / Gov. of AB (who are also some 'solutions'). \nIdeas on how to grab their attention and maybe bring some 'urgency' to this issue? I have a few solutions and ideas for everyone - problem: I require some folks to 'do their jobs' (there is not 10 of me). Thoughts on how to encourage them to act on these problems. Present status: Connected directly to them on other devices. Within literal 5 min walking range.",
"modified": "2025-05-27T07:01:17.646000",
"created": "2025-02-15T21:40:27.895000",
"tags": [
"kgs0",
"kls0"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Healthcare",
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 5,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 215,
"FileHash-SHA1": 193,
"FileHash-SHA256": 1302,
"URL": 166,
"domain": 100,
"hostname": 234
},
"indicator_count": 2210,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 131,
"modified_text": "371 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
}
],
"references": [
"https://www.hybrid-analysis.com/sample/9b22c3771c435ce35bd0d8c766594a7e01156167829b60155e028d8852c69ba2/681974f451849933040662f6",
"https://tria.ge/250328-yq3hrsz1c1/behavioral1",
"https://www.filescan.io/uploads/67e70367631830704a8a8a0c/reports/0cb06032-68da-40e4-8f2a-f2ef06384df8/ioc",
"http://ci-www.threatcrowd.org/domain.php?domain=alberta.ca",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce",
"https://app.pentester.com/scans/U2NhblR5cGU6NjM1NDk1OA==",
"https://www.filescan.io/uploads/68197523c7418694c8a5dcd3/reports/ae06283d-f5d8-426d-a32c-1a04566e7635/ioc",
"https://intelx.io/?s=alberta.ca",
"https://www.hudsonrock.com/search?domain=alberta.ca",
"https://pulsedive.com/indicator/?iid=9866511",
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe",
"https://www.virustotal.com/gui/domain/alberta.ca",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce = Domain Analysis (refer to databreaches)",
"https://polyswarm.network/scan/results/url/8f3e04dffd9a4447667ca0135138ca8da321c66c9dbd6be815c17e2aa6e6f292",
"https://www.virustotal.com/gui/domain/alberta.ca/relations",
"https://www.urlvoid.com/whois-lookup/",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"https://hybrid-analysis.com/sample/b0221df98cf7c8cbb752166c2942167038905c6ce60cd4289bee7d6c9d9c9981/67e70010db76da6d2704fa75",
"https://cwe.mitre.org/data/definitions/79.html"
],
"related": {
"alienvault": {
"adversary": [],
"malware_families": [],
"industries": [],
"unique_indicators": 0
},
"other": {
"adversary": [],
"malware_families": [],
"industries": [
"Technology",
"Healthcare",
"Education",
"Government"
],
"unique_indicators": 4521
}
}
},
"false_positive": [],
"alexa": "http://www.alexa.com/siteinfo/pastebin.com",
"whois": "http://whois.domaintools.com/pastebin.com",
"domain": "pastebin.com",
"hostname": "Unavailable"
},
"geo": {},
"geo_ipapicom": {},
"pulse_count": 3,
"pulses": [
{
"id": "68b78d521f024d3a98fc79c8",
"name": "VT Graph miniuser - Databreach IOCs & Links",
"description": "Related to Pulse: Food for Thought (Updated 09.02.25)\n\n*Note most links are malicious",
"modified": "2025-10-03T00:01:12.616000",
"created": "2025-09-03T00:35:30.936000",
"tags": [
"kgs0",
"kls0",
"entity",
"UAlberta",
"University of Alberta",
"Hacked",
"DataBreach"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 132,
"FileHash-SHA1": 121,
"FileHash-SHA256": 711,
"URL": 83,
"domain": 50,
"hostname": 125
},
"indicator_count": 1222,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "242 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "67e709c0cfa1a1851d81a657",
"name": "Government of Alberta ** Domain Analysis - 05.05.25",
"description": "Domain Name: alberta.ca\nRegistry Domain ID: D198023-CIRA\nRegistrar WHOIS Server: whois.ca.fury.ca\nRegistrar URL: webnames.ca\nRegistrar: Webnames.ca Inc.\nRegistrar IANA ID: 456\nRegistrar Abuse Contact Email: abuse@webnames.ca\nRegistrar Abuse Contact Phone: +1.8662217878\n\nRegistry Registrant ID: R2532-CIRA\nRegistrant Name: Alberta Provincial Government\n3720 - 76 Avenue, Main Floor - Access Building\nEdmonton, AB T6B2N9, CA\nPh: +1.7806381828\nFax: +1.7806385949\nRegistrant Email: dutyweb@gov.ab.ca\nRegistry Admin ID: C851779-CIRA\nAdmin Name: CERTS Analyst\nAdmin Email: certs@gov.ab.ca\nRegistry Tech ID: C851781-CIRA\n\nName Server: is-dns1.gov.ab.ca\nName Server: is-dns3.gov.ab.ca\nDNSSEC: unsigned",
"modified": "2025-06-05T02:05:37.765000",
"created": "2025-03-28T20:42:40.389000",
"tags": [
"sandbox",
"malware",
"analysis",
"online",
"submit",
"vxstream",
"sample",
"download",
"trojan",
"apt",
"ansi",
"symbol",
"memoryfile scan",
"path",
"alberta",
"prefetch8 ansi",
"please",
"show process",
"date",
"span",
"find",
"facebook",
"twitter",
"footer",
"iframe",
"suspicious",
"body",
"generator",
"april",
"energy",
"comspec",
"hybrid",
"form",
"main",
"model",
"close",
"click",
"hosts",
"general",
"starfield",
"strings",
"contact",
"triage",
"report",
"reported",
"analyze",
"download submit",
"sha512",
"sha256",
"prefetch8",
"sha1",
"filesize",
"file",
"prefetch1",
"dataedge cloud",
"process key",
"config",
"copy",
"target",
"impact",
"javascript",
"threat intelligence",
"feed",
"ioc",
"change theme",
"contact us",
"intelligence",
"threats api",
"analyze api",
"overview",
"threats explore",
"rate limits",
"stixtaxii",
"bulk export",
"virus",
"ransomware",
"static",
"indicator of compromise",
"extraction",
"emulation",
"platform",
"eid2",
"eid3",
"uaaaaaaai",
"eid104",
"malcore",
"file analysis",
"historical dns",
"info",
"login",
"scan",
"domain analysis",
"discovered ip",
"subdomains",
"info malcore",
"simple file",
"policy terms",
"intelligence x",
"results",
"product blog",
"sign",
"most relevant",
"darknet",
"please search",
"search advanced",
"categories date",
"term",
"slow",
"scroll",
"schedule",
"cavalier",
"bayonet",
"full report",
"users",
"free report",
"hudson rock",
"attack surface",
"customers",
"demo explore",
"tools",
"third",
"protect",
"over",
"rock",
"service"
],
"references": [
"https://hybrid-analysis.com/sample/b0221df98cf7c8cbb752166c2942167038905c6ce60cd4289bee7d6c9d9c9981/67e70010db76da6d2704fa75",
"https://tria.ge/250328-yq3hrsz1c1/behavioral1",
"https://www.virustotal.com/gui/domain/alberta.ca",
"https://pulsedive.com/indicator/?iid=9866511",
"https://www.filescan.io/uploads/67e70367631830704a8a8a0c/reports/0cb06032-68da-40e4-8f2a-f2ef06384df8/ioc",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce = Domain Analysis (refer to databreaches)",
"https://intelx.io/?s=alberta.ca",
"https://www.hudsonrock.com/search?domain=alberta.ca",
"https://polyswarm.network/scan/results/url/8f3e04dffd9a4447667ca0135138ca8da321c66c9dbd6be815c17e2aa6e6f292",
"https://www.urlvoid.com/whois-lookup/",
"https://app.pentester.com/scans/U2NhblR5cGU6NjM1NDk1OA==",
"https://cwe.mitre.org/data/definitions/79.html",
"https://www.virustotal.com/gui/domain/alberta.ca/relations",
"http://ci-www.threatcrowd.org/domain.php?domain=alberta.ca",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce",
"https://www.hybrid-analysis.com/sample/9b22c3771c435ce35bd0d8c766594a7e01156167829b60155e028d8852c69ba2/681974f451849933040662f6",
"https://www.filescan.io/uploads/68197523c7418694c8a5dcd3/reports/ae06283d-f5d8-426d-a32c-1a04566e7635/ioc"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1129",
"name": "Shared Modules",
"display_name": "T1129 - Shared Modules"
},
{
"id": "T1518",
"name": "Software Discovery",
"display_name": "T1518 - Software Discovery"
},
{
"id": "T1553",
"name": "Subvert Trust Controls",
"display_name": "T1553 - Subvert Trust Controls"
},
{
"id": "T1566",
"name": "Phishing",
"display_name": "T1566 - Phishing"
},
{
"id": "T1568",
"name": "Dynamic Resolution",
"display_name": "T1568 - Dynamic Resolution"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1583",
"name": "Acquire Infrastructure",
"display_name": "T1583 - Acquire Infrastructure"
},
{
"id": "T1012",
"name": "Query Registry",
"display_name": "T1012 - Query Registry"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1217",
"name": "Browser Bookmark Discovery",
"display_name": "T1217 - Browser Bookmark Discovery"
}
],
"industries": [
"Education",
"Technology",
"Government",
"Healthcare"
],
"TLP": "white",
"cloned_from": null,
"export_count": 62,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 2,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 126,
"FileHash-SHA1": 118,
"FileHash-SHA256": 347,
"SSLCertFingerprint": 18,
"domain": 149,
"email": 16,
"URL": 478,
"hostname": 1562,
"CVE": 7
},
"indicator_count": 2821,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 130,
"modified_text": "362 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "67b109cbfbcc6f92c399b327",
"name": "UAlberta Breach Data - Food for thought - thoughts & input on how to 'bring some attention to this' (not enriched)",
"description": "Just thought I'd throw thisntogether and 'see what ya'll make of it' (documents a VT graph produced and slightly modified) that pulls a lot of things together. Highlights both 'some problems' - U of A / Gov. of AB (who are also some 'solutions'). \nIdeas on how to grab their attention and maybe bring some 'urgency' to this issue? I have a few solutions and ideas for everyone - problem: I require some folks to 'do their jobs' (there is not 10 of me). Thoughts on how to encourage them to act on these problems. Present status: Connected directly to them on other devices. Within literal 5 min walking range.",
"modified": "2025-05-27T07:01:17.646000",
"created": "2025-02-15T21:40:27.895000",
"tags": [
"kgs0",
"kls0"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Healthcare",
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 5,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 215,
"FileHash-SHA1": 193,
"FileHash-SHA256": 1302,
"URL": 166,
"domain": 100,
"hostname": 234
},
"indicator_count": 2210,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 131,
"modified_text": "371 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
}
],
"error": null,
"vt": {
"error": "VirusTotal rate limit reached. Try again shortly.",
"indicator": "https://pastebin.com/ysr9kKrt",
"type": "URL"
},
"abuseipdb": null,
"urlhaus": {
"indicator": "https://pastebin.com/ysr9kKrt",
"type": "URL",
"found": false,
"verdict": "clean",
"error": null
},
"from_cache": true,
"_cached_at": 1780389663.131317
}