{
"type": "URL",
"indicator": "https://pop.this.ca",
"general": {
"sections": [
"general",
"url_list",
"http_scans",
"screenshot"
],
"indicator": "https://pop.this.ca",
"type": "url",
"type_title": "URL",
"validation": [],
"base_indicator": {
"id": 3395256964,
"indicator": "https://pop.this.ca",
"type": "URL",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 35,
"pulses": [
{
"id": "655f6d7ac217661e4bc37f4d",
"name": "Qbot | Miscellaneous Attacks",
"description": "The following is a full list of links between malware and cyber-attackers, following a series of alerts from Phishtank, the UK-based cyber security firm, and the US government.",
"modified": "2023-12-23T07:03:55.171000",
"created": "2023-11-23T15:19:22.356000",
"tags": [
"pattern match",
"ascii text",
"file",
"jpeg image",
"exif standard",
"tiff image",
"png image",
"united",
"baseline",
"rgba",
"date",
"class",
"unknown",
"hybrid",
"accept",
"local",
"click",
"strings",
"generator",
"critical",
"error",
"firehol",
"detection list",
"ip address",
"blacklist",
"botnet command",
"control server",
"noname057",
"facebook",
"phishtank",
"blacklist http",
"organization",
"ssl certificate",
"whois record",
"contacted",
"historical ssl",
"n64xtx0vpihxzc",
"whois whois",
"qpyrn6pd http",
"referrer",
"execution",
"communicating",
"core",
"discord",
"hiddentear",
"metro",
"probe",
"ransomexx",
"quasar",
"asyncrat",
"bleachgap",
"formbook",
"nanocore",
"roblox",
"heur",
"cyber threat",
"engineering",
"malware",
"phishing",
"malicious site",
"phishing site",
"covid19",
"team",
"bank",
"cobalt strike",
"artemis",
"download",
"zbot",
"suppobox",
"service",
"downloader",
"virut",
"malicious",
"emotet",
"stealer",
"exploit",
"generic",
"dropper",
"unruy",
"agent",
"unsafe",
"ramnit",
"redline stealer",
"smsspy",
"bradesco",
"fakealert",
"qakbot",
"outbreak",
"qbot",
"bankerx",
"riskware",
"nimda",
"swrort",
"adwind",
"trojanx",
"crack",
"win64",
"squirrelwaffle",
"pony",
"binder",
"virustotal",
"azorult",
"zeus",
"nymaim",
"matsnu",
"simda",
"runescape",
"cutwail",
"dnspionage",
"redirector",
"fusioncore",
"iframe",
"killav",
"raccoon",
"daum",
"installcore",
"ransomware",
"cisco umbrella",
"site",
"safe site",
"alexa top",
"million",
"presenoker",
"downldr",
"alexa",
"applicunwnt",
"opencandy",
"cleaner",
"wacatac",
"xrat",
"xtrat",
"dbatloader",
"infy",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"keygen",
"fareit",
"secrisk",
"phish",
"deepscan",
"trojanspy",
"maltiverse",
"qpyrn6pd",
"spyware",
"injector",
"jul jan",
"tag count",
"tue jan",
"threat report",
"ip summary",
"url summary",
"summary",
"sample"
],
"references": [
"https://www.hybrid-analysis.com/sample/d4e0619008da0bf555fd1d9af2797eaed02c89512239cbdaf64c08e795bb9658",
"http://www.jamesbgriffinlaw.com/wp-content/plugins/formcraft/file-upload/server/content/files/16132c66b562a3---dewubomojagorekijufuruni [ Malicious Plugins]",
"*otc.greatcall.com [Botnetwork]",
"https://www.norad.mil/ [ Modified by others| Parking Crew - is a Tracker]",
"https://otx.alienvault.com/indicator/url/http://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel [ Malware Server | iTunes path hacktool]",
"tulach.cc. [Malevolent | Modified description]",
"https://tulach.cc/ [phishing]",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ [ ELF - Descriptions modified by others]",
"https://www.pornhub.com/video/search?search=tsara+brashears [NORAD.mil phone tracking. Description modified]",
"s3.amazonaws.com [Virut Tsara Brashears Botnetwork | Modified description]"
],
"public": 1,
"adversary": "Qbot",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Roblox",
"display_name": "Roblox",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Tulach Malware",
"display_name": "Tulach Malware",
"target": null
}
],
"attack_ids": [
{
"id": "T1041",
"name": "Exfiltration Over C2 Channel",
"display_name": "T1041 - Exfiltration Over C2 Channel"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1100",
"name": "Web Shell",
"display_name": "T1100 - Web Shell"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1204",
"name": "User Execution",
"display_name": "T1204 - User Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 82,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 897,
"FileHash-SHA1": 479,
"URL": 9847,
"domain": 2344,
"hostname": 2398,
"CVE": 22,
"FileHash-SHA256": 4712
},
"indicator_count": 20699,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "890 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "655f6edffd3910161c2ad1a2",
"name": "D26A | DNSpionage| Qbot | Tulach Malaware | https://theanimallawfirm.com/ | FakeAlert",
"description": "",
"modified": "2023-12-23T07:03:55.171000",
"created": "2023-11-23T15:25:19.843000",
"tags": [
"pattern match",
"ascii text",
"file",
"jpeg image",
"exif standard",
"tiff image",
"png image",
"united",
"baseline",
"rgba",
"date",
"class",
"unknown",
"hybrid",
"accept",
"local",
"click",
"strings",
"generator",
"critical",
"error",
"firehol",
"detection list",
"ip address",
"blacklist",
"botnet command",
"control server",
"noname057",
"facebook",
"phishtank",
"blacklist http",
"organization",
"ssl certificate",
"whois record",
"contacted",
"historical ssl",
"n64xtx0vpihxzc",
"whois whois",
"qpyrn6pd http",
"referrer",
"execution",
"communicating",
"core",
"discord",
"hiddentear",
"metro",
"probe",
"ransomexx",
"quasar",
"asyncrat",
"bleachgap",
"formbook",
"nanocore",
"roblox",
"heur",
"cyber threat",
"engineering",
"malware",
"phishing",
"malicious site",
"phishing site",
"covid19",
"team",
"bank",
"cobalt strike",
"artemis",
"download",
"zbot",
"suppobox",
"service",
"downloader",
"virut",
"malicious",
"emotet",
"stealer",
"exploit",
"generic",
"dropper",
"unruy",
"agent",
"unsafe",
"ramnit",
"redline stealer",
"smsspy",
"bradesco",
"fakealert",
"qakbot",
"outbreak",
"qbot",
"bankerx",
"riskware",
"nimda",
"swrort",
"adwind",
"trojanx",
"crack",
"win64",
"squirrelwaffle",
"pony",
"binder",
"virustotal",
"azorult",
"zeus",
"nymaim",
"matsnu",
"simda",
"runescape",
"cutwail",
"dnspionage",
"redirector",
"fusioncore",
"iframe",
"killav",
"raccoon",
"daum",
"installcore",
"ransomware",
"cisco umbrella",
"site",
"safe site",
"alexa top",
"million",
"presenoker",
"downldr",
"alexa",
"applicunwnt",
"opencandy",
"cleaner",
"wacatac",
"xrat",
"xtrat",
"dbatloader",
"infy",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"keygen",
"fareit",
"secrisk",
"phish",
"deepscan",
"trojanspy",
"maltiverse",
"qpyrn6pd",
"spyware",
"injector",
"jul jan",
"tag count",
"tue jan",
"threat report",
"ip summary",
"url summary",
"summary",
"sample"
],
"references": [
"https://www.hybrid-analysis.com/sample/d4e0619008da0bf555fd1d9af2797eaed02c89512239cbdaf64c08e795bb9658",
"http://www.jamesbgriffinlaw.com/wp-content/plugins/formcraft/file-upload/server/content/files/16132c66b562a3---dewubomojagorekijufuruni [ Malicious Plugins]",
"*otc.greatcall.com [Botnetwork]",
"https://www.norad.mil/ [ Modified by others| Parking Crew - is a Tracker]",
"https://otx.alienvault.com/indicator/url/http://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel [ Malware Server | iTunes path hacktool]",
"tulach.cc. [Malevolent | Modified description]",
"https://tulach.cc/ [phishing]",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ [ ELF - Descriptions modified by others]",
"https://www.pornhub.com/video/search?search=tsara+brashears [NORAD.mil phone tracking. Description modified]",
"s3.amazonaws.com [Virut Tsara Brashears Botnetwork | Modified description]"
],
"public": 1,
"adversary": "Qbot",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Roblox",
"display_name": "Roblox",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Tulach Malware",
"display_name": "Tulach Malware",
"target": null
}
],
"attack_ids": [
{
"id": "T1041",
"name": "Exfiltration Over C2 Channel",
"display_name": "T1041 - Exfiltration Over C2 Channel"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1100",
"name": "Web Shell",
"display_name": "T1100 - Web Shell"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1204",
"name": "User Execution",
"display_name": "T1204 - User Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": "655f6d89b33758a190399f39",
"export_count": 86,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 897,
"FileHash-SHA1": 479,
"URL": 9847,
"domain": 2344,
"hostname": 2398,
"CVE": 22,
"FileHash-SHA256": 4712
},
"indicator_count": 20699,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 228,
"modified_text": "890 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "655f6d89b33758a190399f39",
"name": "Qbot | Miscellaneous Attacks",
"description": "The following is a full list of links between malware and cyber-attackers, following a series of alerts from Phishtank, the UK-based cyber security firm, and the US government.",
"modified": "2023-12-23T07:03:55.171000",
"created": "2023-11-23T15:19:37.838000",
"tags": [
"pattern match",
"ascii text",
"file",
"jpeg image",
"exif standard",
"tiff image",
"png image",
"united",
"baseline",
"rgba",
"date",
"class",
"unknown",
"hybrid",
"accept",
"local",
"click",
"strings",
"generator",
"critical",
"error",
"firehol",
"detection list",
"ip address",
"blacklist",
"botnet command",
"control server",
"noname057",
"facebook",
"phishtank",
"blacklist http",
"organization",
"ssl certificate",
"whois record",
"contacted",
"historical ssl",
"n64xtx0vpihxzc",
"whois whois",
"qpyrn6pd http",
"referrer",
"execution",
"communicating",
"core",
"discord",
"hiddentear",
"metro",
"probe",
"ransomexx",
"quasar",
"asyncrat",
"bleachgap",
"formbook",
"nanocore",
"roblox",
"heur",
"cyber threat",
"engineering",
"malware",
"phishing",
"malicious site",
"phishing site",
"covid19",
"team",
"bank",
"cobalt strike",
"artemis",
"download",
"zbot",
"suppobox",
"service",
"downloader",
"virut",
"malicious",
"emotet",
"stealer",
"exploit",
"generic",
"dropper",
"unruy",
"agent",
"unsafe",
"ramnit",
"redline stealer",
"smsspy",
"bradesco",
"fakealert",
"qakbot",
"outbreak",
"qbot",
"bankerx",
"riskware",
"nimda",
"swrort",
"adwind",
"trojanx",
"crack",
"win64",
"squirrelwaffle",
"pony",
"binder",
"virustotal",
"azorult",
"zeus",
"nymaim",
"matsnu",
"simda",
"runescape",
"cutwail",
"dnspionage",
"redirector",
"fusioncore",
"iframe",
"killav",
"raccoon",
"daum",
"installcore",
"ransomware",
"cisco umbrella",
"site",
"safe site",
"alexa top",
"million",
"presenoker",
"downldr",
"alexa",
"applicunwnt",
"opencandy",
"cleaner",
"wacatac",
"xrat",
"xtrat",
"dbatloader",
"infy",
"psexec",
"occamy",
"brontok",
"zpevdo",
"startpage",
"keygen",
"fareit",
"secrisk",
"phish",
"deepscan",
"trojanspy",
"maltiverse",
"qpyrn6pd",
"spyware",
"injector",
"jul jan",
"tag count",
"tue jan",
"threat report",
"ip summary",
"url summary",
"summary",
"sample"
],
"references": [
"https://www.hybrid-analysis.com/sample/d4e0619008da0bf555fd1d9af2797eaed02c89512239cbdaf64c08e795bb9658",
"http://www.jamesbgriffinlaw.com/wp-content/plugins/formcraft/file-upload/server/content/files/16132c66b562a3---dewubomojagorekijufuruni [ Malicious Plugins]",
"*otc.greatcall.com [Botnetwork]",
"https://www.norad.mil/ [ Modified by others| Parking Crew - is a Tracker]",
"https://otx.alienvault.com/indicator/url/http://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel [ Malware Server | iTunes path hacktool]",
"tulach.cc. [Malevolent | Modified description]",
"https://tulach.cc/ [phishing]",
"https://www.anyxxxtube.net/search-porn/tsara-brashears/ [ ELF - Descriptions modified by others]",
"https://www.pornhub.com/video/search?search=tsara+brashears [NORAD.mil phone tracking. Description modified]",
"s3.amazonaws.com [Virut Tsara Brashears Botnetwork | Modified description]"
],
"public": 1,
"adversary": "Qbot",
"targeted_countries": [
"United States of America"
],
"malware_families": [
{
"id": "Roblox",
"display_name": "Roblox",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "Tulach Malware",
"display_name": "Tulach Malware",
"target": null
}
],
"attack_ids": [
{
"id": "T1041",
"name": "Exfiltration Over C2 Channel",
"display_name": "T1041 - Exfiltration Over C2 Channel"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1100",
"name": "Web Shell",
"display_name": "T1100 - Web Shell"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1204",
"name": "User Execution",
"display_name": "T1204 - User Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 84,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 897,
"FileHash-SHA1": 479,
"URL": 9847,
"domain": 2344,
"hostname": 2398,
"CVE": 22,
"FileHash-SHA256": 4712
},
"indicator_count": 20699,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "890 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708e254b734f1efd8bd0ad",
"name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4",
"description": "",
"modified": "2023-12-06T15:07:17.380000",
"created": "2023-12-06T15:07:17.380000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1645,
"URL": 8598,
"domain": 1004,
"hostname": 2066,
"FileHash-MD5": 3
},
"indicator_count": 13316,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708e178755574d9812e4c9",
"name": "Followed lead to brechlerinsurance.com",
"description": "",
"modified": "2023-12-06T15:07:03.528000",
"created": "2023-12-06T15:07:03.528000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"FileHash-SHA256": 1329,
"domain": 2068,
"hostname": 4185,
"URL": 12454,
"email": 1,
"FileHash-MD5": 3,
"FileHash-SHA1": 1
},
"indicator_count": 20043,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708d657f0895a860febf8f",
"name": "SafeFrame Container",
"description": "",
"modified": "2023-12-06T15:04:05.932000",
"created": "2023-12-06T15:04:05.932000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1416,
"domain": 2979,
"URL": 8250,
"hostname": 2262
},
"indicator_count": 14907,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c57c7b19b62c501601a",
"name": "Hurricane Electric - csp.he.net :)",
"description": "",
"modified": "2023-12-06T14:59:35.479000",
"created": "2023-12-06T14:59:35.479000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 186,
"hostname": 490,
"URL": 1339,
"domain": 311
},
"indicator_count": 2326,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c534aadf7adf4f27d77",
"name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation",
"description": "",
"modified": "2023-12-06T14:59:31.122000",
"created": "2023-12-06T14:59:31.122000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 302,
"domain": 634,
"URL": 2988,
"hostname": 1208
},
"indicator_count": 5132,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708bbc4c8bf557c17688e1",
"name": "\u9ad8\u5c71tv,\u9ad8\u5c71tv,\u9ad8\u5c71tv\u5f71\u9662,\u9ad8\u5c71tv\u770b\u7247\u7f51",
"description": "",
"modified": "2023-12-06T14:57:00.280000",
"created": "2023-12-06T14:57:00.280000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"FileHash-SHA256": 233,
"domain": 361,
"hostname": 563,
"URL": 1374,
"FileHash-SHA1": 1,
"FileHash-MD5": 1
},
"indicator_count": 2534,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708a8b61abf1b451f2aebc",
"name": "Botnet",
"description": "",
"modified": "2023-12-06T14:51:55.086000",
"created": "2023-12-06T14:51:55.086000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"hostname": 619,
"URL": 1547,
"domain": 246,
"FileHash-SHA256": 124
},
"indicator_count": 2538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708a87eeed875a212dff0a",
"name": "Botnet",
"description": "",
"modified": "2023-12-06T14:51:51.546000",
"created": "2023-12-06T14:51:51.546000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"hostname": 619,
"URL": 1547,
"domain": 246,
"FileHash-SHA256": 124
},
"indicator_count": 2538,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708142e05f3a7ea9e654d5",
"name": "truthsociaal.com",
"description": "",
"modified": "2023-12-06T14:12:18.772000",
"created": "2023-12-06T14:12:18.772000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"hostname": 75,
"FileHash-SHA256": 257,
"domain": 187,
"URL": 805,
"FileHash-SHA1": 3,
"email": 1
},
"indicator_count": 1330,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "63f536f3d17c09ae380da074",
"name": "webcomponents-sd-ce-pf_1_.js",
"description": "",
"modified": "2023-02-21T21:26:11.748000",
"created": "2023-02-21T21:26:11.748000",
"tags": [
"memoryfile scan",
"typeerror",
"null",
"polymer project",
"trident",
"generator",
"void",
"webcomponents-sd-ce-pf_1_.js",
"f2c3f35a3349d92a4ce9a246fda9dc456df516c8f3d6006b219d21690575b75b",
"c.insertbefore.call"
],
"references": [
"https://hybrid-analysis.com/sample/f2c3f35a3349d92a4ce9a246fda9dc456df516c8f3d6006b219d21690575b75b/63f299f3c79eb479f661e947",
"c.insertbefore.call - fail"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1010",
"name": "Application Window Discovery",
"display_name": "T1010 - Application Window Discovery"
},
{
"id": "T1012",
"name": "Query Registry",
"display_name": "T1012 - Query Registry"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1113",
"name": "Screen Capture",
"display_name": "T1113 - Screen Capture"
},
{
"id": "T1546",
"name": "Event Triggered Execution",
"display_name": "T1546 - Event Triggered Execution"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1614",
"name": "System Location Discovery",
"display_name": "T1614 - System Location Discovery"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 4,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 723,
"FileHash-SHA256": 39,
"hostname": 171,
"domain": 91,
"FileHash-MD5": 5,
"FileHash-SHA1": 1
},
"indicator_count": 1030,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 90,
"modified_text": "1194 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "62e1ca167a1591e7b4ca1129",
"name": "VirusTotal view-source on https://www.virustotal.com/en/file/undefined/analysis/",
"description": "someone really needs to figure out wtf this is all doing it has to be part of the net.sh",
"modified": "2022-07-28T02:05:04.183000",
"created": "2022-07-27T23:28:22.504000",
"tags": [
"array",
"object",
"typeof t",
"layer1",
"error",
"path",
"function",
"typeerror",
"date",
"svg export",
"span",
"null",
"unknown",
"click",
"february",
"april",
"june",
"august",
"this",
"void",
"bounce",
"string",
"regexp",
"number",
"sxa0",
"amptoken",
"optout",
"notfound",
"contenttype",
"form",
"copyright",
"element",
"polymer project",
"authors",
"bsd style",
"code",
"google",
"software",
"window",
"generator",
"comment",
"trident",
"typeof e",
"typeof symbol",
"typeof btoa",
"btoa",
"typeof reflect",
"boolean",
"customevent",
"plugin",
"build",
"home",
"intelligence",
"graph",
"report",
"urls",
"please",
"javascript",
"https://www.virustotal.com/en/file/undefined/analysis/",
"net.sh"
],
"references": [
"entity%3Aip%20whois%3Ainfo%40anodicnetwork.com.html",
"14.main.bundle.91f9f7ff635e0b797de3.js",
"5.main.bundle.e92e5e24e074f9c2a52b.js",
"0.main.bundle.a9d68f5204cd3ac257b6.js",
"webcomponent-polyfill.js",
"analytics.js",
"12.main.bundle.50be73a11d1d3745a5ee.js",
"\" Page not found Page not found