{ "type": "URL", "indicator": "https://rcmp.ca/en/alberta", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://rcmp.ca/en/alberta", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4019698363, "indicator": "https://rcmp.ca/en/alberta", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 10, "pulses": [ { "id": "69b10d1ce4563d38fbbc72d6", "name": "disable_duck clone Alberta", "description": "", "modified": "2026-03-11T07:40:56.177000", "created": "2026-03-11T06:35:08.464000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "white", "modified", "runtime data", "ansi", "public", "months ago", "filehashsha256", "hostname", "domain", "path", "green", "copy", "powershell", "general", "malicious", "pixel", "suspicious", "meta", "covenant", "virustotal", "click", "open", "cobalt strike", "probe", "first", "installer", "template", "crypto", "cobalt", "mozilla", "mirai", "false", "date", "title", "roboto", "arch", "android", "april", "drovorub", "squad", "baby", "geek", "tofsee", "redline stealer", "twitter", "service", "team", "killswitch", "mini", "cobaltstrike", "enterprise", "simda", "suppobox", "ransomware", "maldoc", "computrace", "february", "tetris", "hybrid", "body", "iframe", "qakbot", "double", "proton", "mark", "jakarta", "win32", "explorer", "union", "redirector", "xrat", "model", "rogue", "done", "python", "police", "thor", "xploit", "impact", "retro", "jeff", "oilrig", "sliver", "bypass", "info", "school", "miner", "phishing", "riots", "comment", "gafgyt", "bashlite", "calgary", "tech", "bitcoin", "test", "survey", "ukraine", "gamarue", "swisyn", "krucky", "systembc", "june", "dridex", "agent", "close", "format", "autodetect", "strings", "contact", "switch", "community", "limits", "inquest labs", "resources api", "cve list", "notes blog", "drop your", "file", "kaspersky threat intelligence portal", "online virus scan file", "online file scanner", "kaspersky online scanner", "online file virus scan", "scan file online", "scan file for virus", "file scanner", "online file virus scanner", "check link for virus", "kaspersky online scan", "check file for virus", "false alarm", "false detection", "false positive", "online virus", "scanner", "hybrid analysis", "api key", "vetting process", "please note", "please", "ualberta", "ualberta http", "xormozilla", "disableduck", "virus", "static", "indicator of compromise", "ioc", "extraction", "emulation", "platform", "triage", "report", "reported", "analyze", "filesize", "set value", "iocs", "process", "process key", "monitor", "resource", "config", "target", "generic", "javascript", "static analyzer", "analyzer", "Microsoft", "YEG", "UAlberta", "Google", "AHS", "Covenant Health" ], "references": [ "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d/68e01fdde76500b3c20326c4", "https://metadefender.com/results/file/bzI1MTAwMzhvTXdHbkVaZGItcW0tbnU2Nmkx_mdaas", "https://opentip.kaspersky.com/5E066617CC959DBAB123F23D5D36A4DC4D813358E43EDDBD1A6E7C87827C301D/?tab=upload", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d", "https://www.filescan.io/uploads/68e01279f377ab2310519c81/reports/02a0a465-8936-4b6d-99a2-6950b71ab1c5/ioc", "https://tria.ge/251003-x8c56azky6/behavioral2", "https://www.virustotal.com/gui/file/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d?nocache=1", "https://app.threat.zone/submission/db9c1a4a-a706-4ed9-9229-4190f02151bc/overview" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [ "Education", "Government", "Healthcare" ], "TLP": "white", "cloned_from": "68e02ab7156e79ecd34a4929", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4203, "CIDR": 8, "CVE": 13, "FileHash-MD5": 31, "FileHash-SHA1": 25, "FileHash-SHA256": 74, "domain": 117, "email": 14, "hostname": 76 }, "indicator_count": 4561, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "40 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6709ad372568d7810af2e480", "name": "https://rcmp[.]ca/en/alberta // rcmp[.]ca // rcmp-grc[.]gc[.]ca - 12.06.25", "description": "Alberta RCMP\nhttps://rcmp[.]ca/en/alberta // rcmp[.]ca // rcmp-grc[.]gc[.]ca", "modified": "2026-01-05T22:04:46.025000", "created": "2024-10-11T22:56:55.968000", "tags": [ "entity", "RCMP", "Alberta", "EPS", "Edmonton Police Services", "RCMP AB", "CrimeStoppers AB" ], "references": [ "https://www.virustotal.com/graph/embed/g69422d071856425cb7ef01a90232cae9aef9af2362ad45db8fc83caabe618606?theme=dark", "https://www.virustotal.com/gui/collection/22cbfd4f1a868301f4f66c5914ab66d63695118f829e90ede0c8450876d4dd13/iocs", "https://urlquery.net/report/54993e5a-9b3f-4eef-a219-6ed529b4ea66", "https://www.filescan.io/uploads/6775f8d1108e6fdea94ba637/reports/ba88f2c2-96e9-4106-9b93-4f7fa7f1519a/overview", "https://malpedia.caad.fkie.fraunhofer.de/details/win.tofsee", "https://www.virustotal.com/gui/collection/malpedia_win_tofsee/summary", "https://viz.greynoise.io/analysis/ade7d4f8-0bf7-4582-9a91-f7b26c0bb9f7", "", "https://rcmp[.]ca/en/alberta", "https://www.virustotal.com/gui/collection/22cbfd4f1a868301f4f66c5914ab66d63695118f829e90ede0c8450876d4dd13", "https://www.hybrid-analysis.com/sample/32fee8f77b43f62e89c2156fd15a6fa350beff81429a6bc7984c0e54fe608f2a/67e0baae85aff10b880edd20", "https://www.hybrid-analysis.com/sample/32fee8f77b43f62e89c2156fd15a6fa350beff81429a6bc7984c0e54fe608f2a" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "", "Government", "Telecommunications", "Education", "Technology", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 4, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 764, "FileHash-SHA1": 760, "FileHash-SHA256": 4062, "domain": 378, "hostname": 1808, "URL": 886, "SSLCertFingerprint": 18, "email": 10, "CVE": 1 }, "indicator_count": 8687, "is_author": false, "is_subscribing": null, "subscriber_count": 135, "modified_text": "104 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68e02ab7156e79ecd34a4929", "name": "Samples of OTX 2096 Libraries - up to 10.03.25", "description": "An attempt to skim over a little bit of everything in OTX 2096 for another project in the works\n\nUAlberta sighhh", "modified": "2025-11-02T19:00:47.473000", "created": "2025-10-03T19:57:43.609000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "white", "modified", "runtime data", "ansi", "public", "months ago", "filehashsha256", "hostname", "domain", "path", "green", "copy", "powershell", "general", "malicious", "pixel", "suspicious", "meta", "covenant", "virustotal", "click", "open", "cobalt strike", "probe", "first", "installer", "template", "crypto", "cobalt", "mozilla", "mirai", "false", "date", "title", "roboto", "arch", "android", "april", "drovorub", "squad", "baby", "geek", "tofsee", "redline stealer", "twitter", "service", "team", "killswitch", "mini", "cobaltstrike", "enterprise", "simda", "suppobox", "ransomware", "maldoc", "computrace", "february", "tetris", "hybrid", "body", "iframe", "qakbot", "double", "proton", "mark", "jakarta", "win32", "explorer", "union", "redirector", "xrat", "model", "rogue", "done", "python", "police", "thor", "xploit", "impact", "retro", "jeff", "oilrig", "sliver", "bypass", "info", "school", "miner", "phishing", "riots", "comment", "gafgyt", "bashlite", "calgary", "tech", "bitcoin", "test", "survey", "ukraine", "gamarue", "swisyn", "krucky", "systembc", "june", "dridex", "agent", "close", "format", "autodetect", "strings", "contact", "switch", "community", "limits", "inquest labs", "resources api", "cve list", "notes blog", "drop your", "file", "kaspersky threat intelligence portal", "online virus scan file", "online file scanner", "kaspersky online scanner", "online file virus scan", "scan file online", "scan file for virus", "file scanner", "online file virus scanner", "check link for virus", "kaspersky online scan", "check file for virus", "false alarm", "false detection", "false positive", "online virus", "scanner", "hybrid analysis", "api key", "vetting process", "please note", "please", "ualberta", "ualberta http", "xormozilla", "disableduck", "virus", "static", "indicator of compromise", "ioc", "extraction", "emulation", "platform", "triage", "report", "reported", "analyze", "filesize", "set value", "iocs", "process", "process key", "monitor", "resource", "config", "target", "generic", "javascript", "static analyzer", "analyzer", "Microsoft", "YEG", "UAlberta", "Google", "AHS", "Covenant Health" ], "references": [ "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d/68e01fdde76500b3c20326c4", "https://metadefender.com/results/file/bzI1MTAwMzhvTXdHbkVaZGItcW0tbnU2Nmkx_mdaas", "https://opentip.kaspersky.com/5E066617CC959DBAB123F23D5D36A4DC4D813358E43EDDBD1A6E7C87827C301D/?tab=upload", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d", "https://www.filescan.io/uploads/68e01279f377ab2310519c81/reports/02a0a465-8936-4b6d-99a2-6950b71ab1c5/ioc", "https://tria.ge/251003-x8c56azky6/behavioral2", "https://www.virustotal.com/gui/file/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d?nocache=1", "https://app.threat.zone/submission/db9c1a4a-a706-4ed9-9229-4190f02151bc/overview" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [ "Education", "Government", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4203, "CIDR": 8, "CVE": 13, "FileHash-MD5": 31, "FileHash-SHA1": 25, "FileHash-SHA256": 74, "domain": 115, "email": 14, "hostname": 76 }, "indicator_count": 4559, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "168 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68468500f573317422968c7c", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:53:52.404000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68468501eb091ae414509121", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:53:53.417000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68468505ee31db44fe063e82", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:53:57.123000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6846850783baea1a6beb7e71", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. I won\u2019t be surprised if OTX cannot pull the threat. My account isn\u2019t allowing me full permissions. \n\n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:53:59.933000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68468511340fb7ba8eeb7aae", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:54:09.116000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6846860a0c5ff214f345717c", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:58:17.902000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6846860ee9b4faefae8d4cf9", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:58:22.091000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "", "https://app.threat.zone/submission/db9c1a4a-a706-4ed9-9229-4190f02151bc/overview", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d/68e01fdde76500b3c20326c4", "https://www.virustotal.com/graph/embed/g69422d071856425cb7ef01a90232cae9aef9af2362ad45db8fc83caabe618606?theme=dark", "https://www.hybrid-analysis.com/sample/32fee8f77b43f62e89c2156fd15a6fa350beff81429a6bc7984c0e54fe608f2a", "https://rcmp[.]ca/en/alberta", "https://urlquery.net/report/54993e5a-9b3f-4eef-a219-6ed529b4ea66", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d", "https://tria.ge/251003-x8c56azky6/behavioral2", "https://www.virustotal.com/gui/collection/22cbfd4f1a868301f4f66c5914ab66d63695118f829e90ede0c8450876d4dd13", "https://www.filescan.io/uploads/6775f8d1108e6fdea94ba637/reports/ba88f2c2-96e9-4106-9b93-4f7fa7f1519a/overview", "https://metadefender.com/results/file/bzI1MTAwMzhvTXdHbkVaZGItcW0tbnU2Nmkx_mdaas", "https://www.virustotal.com/gui/collection/22cbfd4f1a868301f4f66c5914ab66d63695118f829e90ede0c8450876d4dd13/iocs", "https://www.virustotal.com/gui/file/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d?nocache=1", "https://www.hybrid-analysis.com/sample/32fee8f77b43f62e89c2156fd15a6fa350beff81429a6bc7984c0e54fe608f2a/67e0baae85aff10b880edd20", "https://malpedia.caad.fkie.fraunhofer.de/details/win.tofsee", "https://viz.greynoise.io/analysis/ade7d4f8-0bf7-4582-9a91-f7b26c0bb9f7", "https://www.virustotal.com/gui/collection/malpedia_win_tofsee/summary", "https://opentip.kaspersky.com/5E066617CC959DBAB123F23D5D36A4DC4D813358E43EDDBD1A6E7C87827C301D/?tab=upload", "https://www.filescan.io/uploads/68e01279f377ab2310519c81/reports/02a0a465-8936-4b6d-99a2-6950b71ab1c5/ioc" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "", "Education", "Technology", "Government", "Telecommunications", "Healthcare" ], "unique_indicators": 16908 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/rcmp.ca", "whois": "http://whois.domaintools.com/rcmp.ca", "domain": "rcmp.ca", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 10, "pulses": [ { "id": "69b10d1ce4563d38fbbc72d6", "name": "disable_duck clone Alberta", "description": "", "modified": "2026-03-11T07:40:56.177000", "created": "2026-03-11T06:35:08.464000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "white", "modified", "runtime data", "ansi", "public", "months ago", "filehashsha256", "hostname", "domain", "path", "green", "copy", "powershell", "general", "malicious", "pixel", "suspicious", "meta", "covenant", "virustotal", "click", "open", "cobalt strike", "probe", "first", "installer", "template", "crypto", "cobalt", "mozilla", "mirai", "false", "date", "title", "roboto", "arch", "android", "april", "drovorub", "squad", "baby", "geek", "tofsee", "redline stealer", "twitter", "service", "team", "killswitch", "mini", "cobaltstrike", "enterprise", "simda", "suppobox", "ransomware", "maldoc", "computrace", "february", "tetris", "hybrid", "body", "iframe", "qakbot", "double", "proton", "mark", "jakarta", "win32", "explorer", "union", "redirector", "xrat", "model", "rogue", "done", "python", "police", "thor", "xploit", "impact", "retro", "jeff", "oilrig", "sliver", "bypass", "info", "school", "miner", "phishing", "riots", "comment", "gafgyt", "bashlite", "calgary", "tech", "bitcoin", "test", "survey", "ukraine", "gamarue", "swisyn", "krucky", "systembc", "june", "dridex", "agent", "close", "format", "autodetect", "strings", "contact", "switch", "community", "limits", "inquest labs", "resources api", "cve list", "notes blog", "drop your", "file", "kaspersky threat intelligence portal", "online virus scan file", "online file scanner", "kaspersky online scanner", "online file virus scan", "scan file online", "scan file for virus", "file scanner", "online file virus scanner", "check link for virus", "kaspersky online scan", "check file for virus", "false alarm", "false detection", "false positive", "online virus", "scanner", "hybrid analysis", "api key", "vetting process", "please note", "please", "ualberta", "ualberta http", "xormozilla", "disableduck", "virus", "static", "indicator of compromise", "ioc", "extraction", "emulation", "platform", "triage", "report", "reported", "analyze", "filesize", "set value", "iocs", "process", "process key", "monitor", "resource", "config", "target", "generic", "javascript", "static analyzer", "analyzer", "Microsoft", "YEG", "UAlberta", "Google", "AHS", "Covenant Health" ], "references": [ "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d/68e01fdde76500b3c20326c4", "https://metadefender.com/results/file/bzI1MTAwMzhvTXdHbkVaZGItcW0tbnU2Nmkx_mdaas", "https://opentip.kaspersky.com/5E066617CC959DBAB123F23D5D36A4DC4D813358E43EDDBD1A6E7C87827C301D/?tab=upload", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d", "https://www.filescan.io/uploads/68e01279f377ab2310519c81/reports/02a0a465-8936-4b6d-99a2-6950b71ab1c5/ioc", "https://tria.ge/251003-x8c56azky6/behavioral2", "https://www.virustotal.com/gui/file/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d?nocache=1", "https://app.threat.zone/submission/db9c1a4a-a706-4ed9-9229-4190f02151bc/overview" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [ "Education", "Government", "Healthcare" ], "TLP": "white", "cloned_from": "68e02ab7156e79ecd34a4929", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4203, "CIDR": 8, "CVE": 13, "FileHash-MD5": 31, "FileHash-SHA1": 25, "FileHash-SHA256": 74, "domain": 117, "email": 14, "hostname": 76 }, "indicator_count": 4561, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "40 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6709ad372568d7810af2e480", "name": "https://rcmp[.]ca/en/alberta // rcmp[.]ca // rcmp-grc[.]gc[.]ca - 12.06.25", "description": "Alberta RCMP\nhttps://rcmp[.]ca/en/alberta // rcmp[.]ca // rcmp-grc[.]gc[.]ca", "modified": "2026-01-05T22:04:46.025000", "created": "2024-10-11T22:56:55.968000", "tags": [ "entity", "RCMP", "Alberta", "EPS", "Edmonton Police Services", "RCMP AB", "CrimeStoppers AB" ], "references": [ "https://www.virustotal.com/graph/embed/g69422d071856425cb7ef01a90232cae9aef9af2362ad45db8fc83caabe618606?theme=dark", "https://www.virustotal.com/gui/collection/22cbfd4f1a868301f4f66c5914ab66d63695118f829e90ede0c8450876d4dd13/iocs", "https://urlquery.net/report/54993e5a-9b3f-4eef-a219-6ed529b4ea66", "https://www.filescan.io/uploads/6775f8d1108e6fdea94ba637/reports/ba88f2c2-96e9-4106-9b93-4f7fa7f1519a/overview", "https://malpedia.caad.fkie.fraunhofer.de/details/win.tofsee", "https://www.virustotal.com/gui/collection/malpedia_win_tofsee/summary", "https://viz.greynoise.io/analysis/ade7d4f8-0bf7-4582-9a91-f7b26c0bb9f7", "", "https://rcmp[.]ca/en/alberta", "https://www.virustotal.com/gui/collection/22cbfd4f1a868301f4f66c5914ab66d63695118f829e90ede0c8450876d4dd13", "https://www.hybrid-analysis.com/sample/32fee8f77b43f62e89c2156fd15a6fa350beff81429a6bc7984c0e54fe608f2a/67e0baae85aff10b880edd20", "https://www.hybrid-analysis.com/sample/32fee8f77b43f62e89c2156fd15a6fa350beff81429a6bc7984c0e54fe608f2a" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "", "Government", "Telecommunications", "Education", "Technology", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 4, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 764, "FileHash-SHA1": 760, "FileHash-SHA256": 4062, "domain": 378, "hostname": 1808, "URL": 886, "SSLCertFingerprint": 18, "email": 10, "CVE": 1 }, "indicator_count": 8687, "is_author": false, "is_subscribing": null, "subscriber_count": 135, "modified_text": "104 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68e02ab7156e79ecd34a4929", "name": "Samples of OTX 2096 Libraries - up to 10.03.25", "description": "An attempt to skim over a little bit of everything in OTX 2096 for another project in the works\n\nUAlberta sighhh", "modified": "2025-11-02T19:00:47.473000", "created": "2025-10-03T19:57:43.609000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "white", "modified", "runtime data", "ansi", "public", "months ago", "filehashsha256", "hostname", "domain", "path", "green", "copy", "powershell", "general", "malicious", "pixel", "suspicious", "meta", "covenant", "virustotal", "click", "open", "cobalt strike", "probe", "first", "installer", "template", "crypto", "cobalt", "mozilla", "mirai", "false", "date", "title", "roboto", "arch", "android", "april", "drovorub", "squad", "baby", "geek", "tofsee", "redline stealer", "twitter", "service", "team", "killswitch", "mini", "cobaltstrike", "enterprise", "simda", "suppobox", "ransomware", "maldoc", "computrace", "february", "tetris", "hybrid", "body", "iframe", "qakbot", "double", "proton", "mark", "jakarta", "win32", "explorer", "union", "redirector", "xrat", "model", "rogue", "done", "python", "police", "thor", "xploit", "impact", "retro", "jeff", "oilrig", "sliver", "bypass", "info", "school", "miner", "phishing", "riots", "comment", "gafgyt", "bashlite", "calgary", "tech", "bitcoin", "test", "survey", "ukraine", "gamarue", "swisyn", "krucky", "systembc", "june", "dridex", "agent", "close", "format", "autodetect", "strings", "contact", "switch", "community", "limits", "inquest labs", "resources api", "cve list", "notes blog", "drop your", "file", "kaspersky threat intelligence portal", "online virus scan file", "online file scanner", "kaspersky online scanner", "online file virus scan", "scan file online", "scan file for virus", "file scanner", "online file virus scanner", "check link for virus", "kaspersky online scan", "check file for virus", "false alarm", "false detection", "false positive", "online virus", "scanner", "hybrid analysis", "api key", "vetting process", "please note", "please", "ualberta", "ualberta http", "xormozilla", "disableduck", "virus", "static", "indicator of compromise", "ioc", "extraction", "emulation", "platform", "triage", "report", "reported", "analyze", "filesize", "set value", "iocs", "process", "process key", "monitor", "resource", "config", "target", "generic", "javascript", "static analyzer", "analyzer", "Microsoft", "YEG", "UAlberta", "Google", "AHS", "Covenant Health" ], "references": [ "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d/68e01fdde76500b3c20326c4", "https://metadefender.com/results/file/bzI1MTAwMzhvTXdHbkVaZGItcW0tbnU2Nmkx_mdaas", "https://opentip.kaspersky.com/5E066617CC959DBAB123F23D5D36A4DC4D813358E43EDDBD1A6E7C87827C301D/?tab=upload", "https://hybrid-analysis.com/sample/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d", "https://www.filescan.io/uploads/68e01279f377ab2310519c81/reports/02a0a465-8936-4b6d-99a2-6950b71ab1c5/ioc", "https://tria.ge/251003-x8c56azky6/behavioral2", "https://www.virustotal.com/gui/file/5e066617cc959dbab123f23d5d36a4dc4d813358e43eddbd1a6e7c87827c301d?nocache=1", "https://app.threat.zone/submission/db9c1a4a-a706-4ed9-9229-4190f02151bc/overview" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [ "Education", "Government", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4203, "CIDR": 8, "CVE": 13, "FileHash-MD5": 31, "FileHash-SHA1": 25, "FileHash-SHA256": 74, "domain": 115, "email": 14, "hostname": 76 }, "indicator_count": 4559, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "168 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68468500f573317422968c7c", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:53:52.404000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68468501eb091ae414509121", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:53:53.417000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68468505ee31db44fe063e82", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:53:57.123000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6846850783baea1a6beb7e71", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. I won\u2019t be surprised if OTX cannot pull the threat. My account isn\u2019t allowing me full permissions. \n\n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:53:59.933000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68468511340fb7ba8eeb7aae", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:54:09.116000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6846860a0c5ff214f345717c", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:58:17.902000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6846860ee9b4faefae8d4cf9", "name": "Crowdsourced research | IP 192.229.221.95", "description": "Crowdsourced research. \t\nLegitimately contracted for all forms of surveillance & other unspeakable jobs against crime victims.\nThis is as dangerous as it gets. The targets are sometimes individuals with absolutely no means of escape, I am speaking for crime victims, investigative journalists, insiders, informants, etc. This is outrageous. The highest level of threat as this is a global operation, primarily in the US with endless resources. No exaggerations. The warfare could , has and has been attempted to result in loss of life. There is quite a bit of information available regarding this merciless, meritless attacks. OTX isn\u2019t allowing full permissions. \n| 1003.v.vgt.pl |\nhttps://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | \nfoundry2-lbl.dvr.dn2.n-helix.com | \n192.229.221.95 | \ndns0.org | cdnfastly.net", "modified": "2025-07-09T05:00:24.293000", "created": "2025-06-09T06:58:22.091000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "FileHash-SHA1": 285, "FileHash-SHA256": 3666, "domain": 511, "hostname": 845, "URL": 3282, "CVE": 2, "email": 1 }, "indicator_count": 8876, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://rcmp.ca/en/alberta", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://rcmp.ca/en/alberta", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776670859.0568726 }