{ "type": "URL", "indicator": "https://semiconductboard.com/xml", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://semiconductboard.com/xml", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3434674113, "indicator": "https://semiconductboard.com/xml", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "626bba5ec3f783b80d69a882", "name": "Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets", "description": "A North Korean-linked cyber-espionage group, Stonefly, is continuing to target high-value engineering companies, according to security firm Symantec. the company has discovered.", "modified": "2022-07-08T21:20:57.086000", "created": "2022-04-29T10:13:50.154000", "tags": [ "preft", "stonefly", "ddos", "winscp", "infostealer" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage" ], "public": 1, "adversary": "Stonefly", "targeted_countries": [ "Korea, Republic of" ], "malware_families": [ { "id": "Preft", "display_name": "Preft", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" } ], "industries": [ "Financial", "Government", "Aerospace", "Military", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 249, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 25, "URL": 6, "domain": 4 }, "indicator_count": 44, "is_author": false, "is_subscribing": null, "subscriber_count": 377534, "modified_text": "1380 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "634097b4fe58bef0e200b6f7", "name": "RedLine Stealer Malware IOC", "description": "bservado por primera vez en 2020 y anunciado en varios foros de ciberdelincuentes como una amenaza de 'Malware-as-a-Service' (MaaS), Redline es un ladr\u00f3n de informaci\u00f3n que se dirige principalmente a las credenciales de las v\u00edctimas de Windows y las billeteras de criptomonedas, as\u00ed como a la informaci\u00f3n del navegador, conexiones FTP, lanzadores de chat de juegos e informaci\u00f3n del sistema operativo, como hardware del sistema, nombres de procesos, zona horaria, IP, informaci\u00f3n de ubicaci\u00f3n geogr\u00e1fica, versi\u00f3n del sistema operativo e idioma predeterminado.", "modified": "2022-11-06T21:05:58.375000", "created": "2022-10-07T21:18:44.521000", "tags": [ "redline", "xmldictionary", "c2 server", "appdata", "soap", "directory", "discord", "telegram", "windows product", "downloadandex", "redline stealer", "steam", "atomic", "pass", "cuando", "ciberseguridad redline", "cronup", "strong", "imagen", "santiago", "blog contacto", "actualizacin", "stealer", "extraer", "panda", "troyano", "emotet", "february", "alerta", "malware", "autor", "phishing", "ransomware", "q3", "figure", "http post", "windows", "redline control", "english", "soap envelope", "telegram bot", "twitter", "bitcoin", "desktop", "august", "december", "january", "date", "registrar", "organization", "ozil verfig", "country", "download", "insikt", "methods redline", "cybergate", "zingostealer", "dark crystal", "post redline", "summary redline", "ddw redline", "cracked redline", "information redline", "ms windows", "communication redline", "contract redline", "conclusion redline", "vidar", "lapsus$", "phishing activities", "threat intelligence", "maas (malware-as-a-service)", "nfts", "discord channels", "google ads", "smoke loader", "magnat", "telegram forums", "social engineering campaigns", "cyware", "platform", "cyber fusion", "threat briefing", "march", "cyber threat", "fusion", "rats", "june", "april", "soar", "contact", "attack", "autoit", "agenttesla", "limerat", "teamviewer", "spyagent", "team", "concept", "enterprise", "service", "protect", "entity1", "entity7", "details", "parts", "unique id", "send", "youtube video", "entity", "redlinestealer", "chat", "unknown", "raccoon", "amigo", "phantom" ], "references": [ "https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904", "https://cyware.com/research-and-analysis/all-about-high-in-demand-information-theft-tool-redline-stealer-0df1", "https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/", "https://cyberint.com/blog/research/redline-stealer/", "https://www.cronup.com/top-malware-series-redline-stealer/", "https://securityscorecard.com/research/detailed-analysis-redline-stealer" ], "public": 1, "adversary": "Insikt", "targeted_countries": [], "malware_families": [ { "id": "XmlDictionary", "display_name": "XmlDictionary", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Ciberseguridad RedLine", "display_name": "Ciberseguridad RedLine", "target": null }, { "id": "Q3", "display_name": "Q3", "target": null }, { "id": "Dark Crystal", "display_name": "Dark Crystal", "target": null }, { "id": "ZingoStealer", "display_name": "ZingoStealer", "target": null }, { "id": "CyberGate", "display_name": "CyberGate", "target": null }, { "id": "Methods RedLine", "display_name": "Methods RedLine", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Conclusion Redline", "display_name": "Conclusion Redline", "target": null }, { "id": "Contract Redline", "display_name": "Contract Redline", "target": null }, { "id": "Communication Redline", "display_name": "Communication Redline", "target": null }, { "id": "MS Windows", "display_name": "MS Windows", "target": null }, { "id": "Information Redline", "display_name": "Information Redline", "target": null }, { "id": "Cracked Redline", "display_name": "Cracked Redline", "target": null }, { "id": "DDW Redline", "display_name": "DDW Redline", "target": null }, { "id": "Summary Redline", "display_name": "Summary Redline", "target": null }, { "id": "Post Redline", "display_name": "Post Redline", "target": null }, { "id": "Redline", "display_name": "Redline", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Financial", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dagger-1", "id": "202493", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 41, "FileHash-SHA1": 32, "FileHash-SHA256": 51, "URL": 21, "domain": 34, "hostname": 29 }, "indicator_count": 208, "is_author": false, "is_subscribing": null, "subscriber_count": 36, "modified_text": "1259 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62718539151db9461c89a6a5", "name": "Killing The Bear - Campaign \"Silent Chollima - Spying Operation\" (2022-04-27)", "description": "North Korea-sponsored hackers have used a series of open-source tools to gain access to data on a public-facing VMware View server, according to a security firm and its researchers, who have identified the group.", "modified": "2022-05-03T19:41:11.686000", "created": "2022-05-03T19:40:41.327000", "tags": [ "preft", "stonefly", "domain na", "symantec", "preft backdoor", "unknown file", "min read", "ddos", "threat hunter", "winscp", "download", "trojan", "february", "dtrack", "mimikatz", "powershell", "info", "service", "infostealer", "winrar", "team", "ransomware", "mitre", "stage", "mitre att", "darkseoul", "silent chollima", "cve202144228", "vmware view", "invokethehash", "energy" ], "references": [ "https://killingthebear.jorgetesta.tech/silent-chollima/iocs", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage?utm_medium=email&_hsmi=211902406&_hsenc=p2ANqtz-9VWZpbrLP9E9QK6wFk-tu1VF_rhc1DHdK6OAvq50jEt9KYKhyWKrogb6WZFrXLcM9rthHSaHrI8bhujV9p9KndIx6NZRdkSDhAZcJ4Vsssqvfku7Y&utm_content=211902406&utm_source=hs_email" ], "public": 1, "adversary": "Stonefly", "targeted_countries": [], "malware_families": [ { "id": "Preft", "display_name": "Preft", "target": null } ], "attack_ids": [ { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [ "Military", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "JTestaTech", "id": "176400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_176400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 28, "URL": 6, "domain": 5 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 75, "modified_text": "1446 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626a269bab03bfde07e384df", "name": "Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets | Symantec Blogs", "description": "A North Korean-linked cyber-espionage group, Stonefly, is continuing to target high-value engineering companies, according to security firm Symantec. the company has discovered.", "modified": "2022-04-28T05:31:07.603000", "created": "2022-04-28T05:31:07.603000", "tags": [ "preft", "stonefly", "domain na", "symantec", "min read", "preft backdoor", "unknown file", "threat hunter", "ddos", "continues", "team symantec", "winscp", "download", "main", "trojan", "february", "dtrack", "mimikatz", "powershell", "info", "service", "infostealer", "winrar", "team", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Preft", "display_name": "Preft", "target": null }, { "id": "Stonefly", "display_name": "Stonefly", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" } ], "industries": [ "Financial", "Government", "Aerospace", "Military", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 28, "URL": 6, "domain": 5 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 359, "modified_text": "1452 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626a269a7e1966346042da23", "name": "Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets | Symantec Blogs", "description": "A North Korean-linked cyber-espionage group, Stonefly, is continuing to target high-value engineering companies, according to security firm Symantec. the company has discovered.", "modified": "2022-04-28T05:31:06.708000", "created": "2022-04-28T05:31:06.708000", "tags": [ "preft", "stonefly", "domain na", "symantec", "min read", "preft backdoor", "unknown file", "threat hunter", "ddos", "continues", "team symantec", "winscp", "download", "main", "trojan", "february", "dtrack", "mimikatz", "powershell", "info", "service", "infostealer", "winrar", "team", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Preft", "display_name": "Preft", "target": null }, { "id": "Stonefly", "display_name": "Stonefly", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" } ], "industries": [ "Financial", "Government", "Aerospace", "Military", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 28, "URL": 6, "domain": 5 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 358, "modified_text": "1452 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/", "https://securityscorecard.com/research/detailed-analysis-redline-stealer", "http://www.jelenia-gora.so.gov.pl/", "https://www.cronup.com/top-malware-series-redline-stealer/", "https://killingthebear.jorgetesta.tech/silent-chollima/iocs", "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://cyberint.com/blog/research/redline-stealer/", "https://cyware.com/research-and-analysis/all-about-high-in-demand-information-theft-tool-redline-stealer-0df1", "https://waf.intelix.pl/957476/Chat/Script/Compatibility", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage?utm_medium=email&_hsmi=211902406&_hsenc=p2ANqtz-9VWZpbrLP9E9QK6wFk-tu1VF_rhc1DHdK6OAvq50jEt9KYKhyWKrogb6WZFrXLcM9rthHSaHrI8bhujV9p9KndIx6NZRdkSDhAZcJ4Vsssqvfku7Y&utm_content=211902406&utm_source=hs_email", "https://www.jelenia-gora.so.gov.pl/", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage" ], "related": { "alienvault": { "adversary": [ "Stonefly" ], "malware_families": [ "Preft" ], "industries": [ "Financial", "Government", "Energy", "Aerospace", "Military" ], "unique_indicators": 44 }, "other": { "adversary": [ "Insikt", "Stonefly" ], "malware_families": [ "", "Ms windows", "Conclusion redline", "Redline", "Contract redline", "Post redline", "Dark crystal", "Information redline", "Stonefly", "Ciberseguridad redline", "Ddw redline", "Preft", "Cybergate", "Summary redline", "Serwer", "Cracked redline", "Vidar", "Methods redline", "Zingostealer", "Communication redline", "Xmldictionary", "Q3" ], "industries": [ "Financial", "Government", "Energy", "Technology", "Aerospace", "Military" ], "unique_indicators": 48235 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/semiconductboard.com", "whois": "http://whois.domaintools.com/semiconductboard.com", "domain": "semiconductboard.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "626bba5ec3f783b80d69a882", "name": "Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets", "description": "A North Korean-linked cyber-espionage group, Stonefly, is continuing to target high-value engineering companies, according to security firm Symantec. the company has discovered.", "modified": "2022-07-08T21:20:57.086000", "created": "2022-04-29T10:13:50.154000", "tags": [ "preft", "stonefly", "ddos", "winscp", "infostealer" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage" ], "public": 1, "adversary": "Stonefly", "targeted_countries": [ "Korea, Republic of" ], "malware_families": [ { "id": "Preft", "display_name": "Preft", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" } ], "industries": [ "Financial", "Government", "Aerospace", "Military", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 249, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 25, "URL": 6, "domain": 4 }, "indicator_count": 44, "is_author": false, "is_subscribing": null, "subscriber_count": 377534, "modified_text": "1380 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "634097b4fe58bef0e200b6f7", "name": "RedLine Stealer Malware IOC", "description": "bservado por primera vez en 2020 y anunciado en varios foros de ciberdelincuentes como una amenaza de 'Malware-as-a-Service' (MaaS), Redline es un ladr\u00f3n de informaci\u00f3n que se dirige principalmente a las credenciales de las v\u00edctimas de Windows y las billeteras de criptomonedas, as\u00ed como a la informaci\u00f3n del navegador, conexiones FTP, lanzadores de chat de juegos e informaci\u00f3n del sistema operativo, como hardware del sistema, nombres de procesos, zona horaria, IP, informaci\u00f3n de ubicaci\u00f3n geogr\u00e1fica, versi\u00f3n del sistema operativo e idioma predeterminado.", "modified": "2022-11-06T21:05:58.375000", "created": "2022-10-07T21:18:44.521000", "tags": [ "redline", "xmldictionary", "c2 server", "appdata", "soap", "directory", "discord", "telegram", "windows product", "downloadandex", "redline stealer", "steam", "atomic", "pass", "cuando", "ciberseguridad redline", "cronup", "strong", "imagen", "santiago", "blog contacto", "actualizacin", "stealer", "extraer", "panda", "troyano", "emotet", "february", "alerta", "malware", "autor", "phishing", "ransomware", "q3", "figure", "http post", "windows", "redline control", "english", "soap envelope", "telegram bot", "twitter", "bitcoin", "desktop", "august", "december", "january", "date", "registrar", "organization", "ozil verfig", "country", "download", "insikt", "methods redline", "cybergate", "zingostealer", "dark crystal", "post redline", "summary redline", "ddw redline", "cracked redline", "information redline", "ms windows", "communication redline", "contract redline", "conclusion redline", "vidar", "lapsus$", "phishing activities", "threat intelligence", "maas (malware-as-a-service)", "nfts", "discord channels", "google ads", "smoke loader", "magnat", "telegram forums", "social engineering campaigns", "cyware", "platform", "cyber fusion", "threat briefing", "march", "cyber threat", "fusion", "rats", "june", "april", "soar", "contact", "attack", "autoit", "agenttesla", "limerat", "teamviewer", "spyagent", "team", "concept", "enterprise", "service", "protect", "entity1", "entity7", "details", "parts", "unique id", "send", "youtube video", "entity", "redlinestealer", "chat", "unknown", "raccoon", "amigo", "phantom" ], "references": [ "https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904", "https://cyware.com/research-and-analysis/all-about-high-in-demand-information-theft-tool-redline-stealer-0df1", "https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/", "https://cyberint.com/blog/research/redline-stealer/", "https://www.cronup.com/top-malware-series-redline-stealer/", "https://securityscorecard.com/research/detailed-analysis-redline-stealer" ], "public": 1, "adversary": "Insikt", "targeted_countries": [], "malware_families": [ { "id": "XmlDictionary", "display_name": "XmlDictionary", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Ciberseguridad RedLine", "display_name": "Ciberseguridad RedLine", "target": null }, { "id": "Q3", "display_name": "Q3", "target": null }, { "id": "Dark Crystal", "display_name": "Dark Crystal", "target": null }, { "id": "ZingoStealer", "display_name": "ZingoStealer", "target": null }, { "id": "CyberGate", "display_name": "CyberGate", "target": null }, { "id": "Methods RedLine", "display_name": "Methods RedLine", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Conclusion Redline", "display_name": "Conclusion Redline", "target": null }, { "id": "Contract Redline", "display_name": "Contract Redline", "target": null }, { "id": "Communication Redline", "display_name": "Communication Redline", "target": null }, { "id": "MS Windows", "display_name": "MS Windows", "target": null }, { "id": "Information Redline", "display_name": "Information Redline", "target": null }, { "id": "Cracked Redline", "display_name": "Cracked Redline", "target": null }, { "id": "DDW Redline", "display_name": "DDW Redline", "target": null }, { "id": "Summary Redline", "display_name": "Summary Redline", "target": null }, { "id": "Post Redline", "display_name": "Post Redline", "target": null }, { "id": "Redline", "display_name": "Redline", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Financial", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dagger-1", "id": "202493", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 41, "FileHash-SHA1": 32, "FileHash-SHA256": 51, "URL": 21, "domain": 34, "hostname": 29 }, "indicator_count": 208, "is_author": false, "is_subscribing": null, "subscriber_count": 36, "modified_text": "1259 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62718539151db9461c89a6a5", "name": "Killing The Bear - Campaign \"Silent Chollima - Spying Operation\" (2022-04-27)", "description": "North Korea-sponsored hackers have used a series of open-source tools to gain access to data on a public-facing VMware View server, according to a security firm and its researchers, who have identified the group.", "modified": "2022-05-03T19:41:11.686000", "created": "2022-05-03T19:40:41.327000", "tags": [ "preft", "stonefly", "domain na", "symantec", "preft backdoor", "unknown file", "min read", "ddos", "threat hunter", "winscp", "download", "trojan", "february", "dtrack", "mimikatz", "powershell", "info", "service", "infostealer", "winrar", "team", "ransomware", "mitre", "stage", "mitre att", "darkseoul", "silent chollima", "cve202144228", "vmware view", "invokethehash", "energy" ], "references": [ "https://killingthebear.jorgetesta.tech/silent-chollima/iocs", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage?utm_medium=email&_hsmi=211902406&_hsenc=p2ANqtz-9VWZpbrLP9E9QK6wFk-tu1VF_rhc1DHdK6OAvq50jEt9KYKhyWKrogb6WZFrXLcM9rthHSaHrI8bhujV9p9KndIx6NZRdkSDhAZcJ4Vsssqvfku7Y&utm_content=211902406&utm_source=hs_email" ], "public": 1, "adversary": "Stonefly", "targeted_countries": [], "malware_families": [ { "id": "Preft", "display_name": "Preft", "target": null } ], "attack_ids": [ { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [ "Military", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "JTestaTech", "id": "176400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_176400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 28, "URL": 6, "domain": 5 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 75, "modified_text": "1446 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626a269bab03bfde07e384df", "name": "Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets | Symantec Blogs", "description": "A North Korean-linked cyber-espionage group, Stonefly, is continuing to target high-value engineering companies, according to security firm Symantec. the company has discovered.", "modified": "2022-04-28T05:31:07.603000", "created": "2022-04-28T05:31:07.603000", "tags": [ "preft", "stonefly", "domain na", "symantec", "min read", "preft backdoor", "unknown file", "threat hunter", "ddos", "continues", "team symantec", "winscp", "download", "main", "trojan", "february", "dtrack", "mimikatz", "powershell", "info", "service", "infostealer", "winrar", "team", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Preft", "display_name": "Preft", "target": null }, { "id": "Stonefly", "display_name": "Stonefly", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" } ], "industries": [ "Financial", "Government", "Aerospace", "Military", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 28, "URL": 6, "domain": 5 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 359, "modified_text": "1452 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626a269a7e1966346042da23", "name": "Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets | Symantec Blogs", "description": "A North Korean-linked cyber-espionage group, Stonefly, is continuing to target high-value engineering companies, according to security firm Symantec. the company has discovered.", "modified": "2022-04-28T05:31:06.708000", "created": "2022-04-28T05:31:06.708000", "tags": [ "preft", "stonefly", "domain na", "symantec", "min read", "preft backdoor", "unknown file", "threat hunter", "ddos", "continues", "team symantec", "winscp", "download", "main", "trojan", "february", "dtrack", "mimikatz", "powershell", "info", "service", "infostealer", "winrar", "team", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Preft", "display_name": "Preft", "target": null }, { "id": "Stonefly", "display_name": "Stonefly", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" } ], "industries": [ "Financial", "Government", "Aerospace", "Military", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 28, "URL": 6, "domain": 5 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 358, "modified_text": "1452 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://semiconductboard.com/xml", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://semiconductboard.com/xml", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776616698.640572 }