{ "type": "URL", "indicator": "https://signicat.jula.no", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://signicat.jula.no", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3596971836, "indicator": "https://signicat.jula.no", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "656a97db9134b17c1f6d845b", "name": "DeepScan:Generic.Ransom.GandCrab5", "description": "", "modified": "2023-12-02T02:35:07.890000", "created": "2023-12-02T02:35:07.890000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "6541df216e018a0bce63e2a3", "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "912 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6541df216e018a0bce63e2a3", "name": "DeepScan:Generic.Ransom.GandCrab5", "description": "Malicious redirect. OWA? Dreaded Canary cookie? I don't know yet. Link affects individuals, corporations and edu's. \n\n{*https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic\n*Redirects to: https://login.microsoftonline.com/jsdisabled}\n(AUTO POPULATED: A full list of findings from the Maltiverse Research Team on Malware and Exploit, as compiled by the National Security Agency (NSA), has been published on the website of Microsoft's website.)", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-01T05:16:17.835000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6541e08c81e836438946bbbf", "name": "TrojanSpy", "description": "Malicious redirect. Targets individual.\n{*https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic\n*Redirects to: https://login.microsoftonline.com/jsdisabled}\n(AUTO POPULATED: A full list of findings from the Maltiverse Research Team on Malware and Exploit, as compiled by the National Security Agency (NSA), has been published on the website of Microsoft's website.)", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-01T05:22:20.519000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6543350c86e1299dc78bfa90", "name": "this dick", "description": "", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-02T05:35:08.226000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "6541df216e018a0bce63e2a3", "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Nicholus33", "id": "76046", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 207, "URI": 1 }, "indicator_count": 7766, "is_author": false, "is_subscribing": null, "subscriber_count": 2, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6545a25d60272bac5827f2fc", "name": "TrojanSpy", "description": "", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-04T01:46:05.174000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "6541e08c81e836438946bbbf", "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "638c0d9d17099aad3e3dcc94", "name": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "description": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "modified": "2023-01-03T02:02:59.827000", "created": "2022-12-04T03:01:49.626000", "tags": [ "hash seen", "size", "copy md5", "sha1", "copy sha1", "copy sha256", "sha256", "united", "runtime process", "osint", "date", "accept", "malicious", "strings", "hybrid", "general", "click", "hosts", "exim", "info", "subject", "twitter ads", "mimeversion", "feedbackid", "Russian", "twitter", "headers", "paymentsense.cloud" ], "references": [ "text.txt", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "yandex.uz", "smart tv", "payment connector - paymentsense.cloud", "Russian" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "hostname": 250, "FileHash-SHA256": 640, "domain": 127, "email": 6, "FileHash-MD5": 13, "FileHash-SHA1": 8 }, "indicator_count": 1528, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1245 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "638c0d9fbdf2a9311be4ec4a", "name": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "description": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "modified": "2023-01-03T02:02:59.827000", "created": "2022-12-04T03:01:51.801000", "tags": [ "hash seen", "size", "copy md5", "sha1", "copy sha1", "copy sha256", "sha256", "united", "runtime process", "osint", "date", "accept", "malicious", "strings", "hybrid", "general", "click", "hosts", "exim", "info", "subject", "twitter ads", "mimeversion", "feedbackid", "Russian", "twitter", "headers", "paymentsense.cloud" ], "references": [ "text.txt", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "yandex.uz", "smart tv", "payment connector - paymentsense.cloud", "Russian" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "hostname": 250, "FileHash-SHA256": 640, "domain": 127, "email": 6, "FileHash-MD5": 13, "FileHash-SHA1": 8 }, "indicator_count": 1528, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1245 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "Russian", "smart tv", "text.txt", "payment connector - paymentsense.cloud", "yandex.uz" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Webtoolbar", "Trojanspy" ], "industries": [], "unique_indicators": 9346 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/jula.no", "whois": "http://whois.domaintools.com/jula.no", "domain": "jula.no", "hostname": "signicat.jula.no" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "656a97db9134b17c1f6d845b", "name": "DeepScan:Generic.Ransom.GandCrab5", "description": "", "modified": "2023-12-02T02:35:07.890000", "created": "2023-12-02T02:35:07.890000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "6541df216e018a0bce63e2a3", "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "912 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6541df216e018a0bce63e2a3", "name": "DeepScan:Generic.Ransom.GandCrab5", "description": "Malicious redirect. OWA? Dreaded Canary cookie? I don't know yet. Link affects individuals, corporations and edu's. \n\n{*https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic\n*Redirects to: https://login.microsoftonline.com/jsdisabled}\n(AUTO POPULATED: A full list of findings from the Maltiverse Research Team on Malware and Exploit, as compiled by the National Security Agency (NSA), has been published on the website of Microsoft's website.)", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-01T05:16:17.835000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6541e08c81e836438946bbbf", "name": "TrojanSpy", "description": "Malicious redirect. Targets individual.\n{*https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic\n*Redirects to: https://login.microsoftonline.com/jsdisabled}\n(AUTO POPULATED: A full list of findings from the Maltiverse Research Team on Malware and Exploit, as compiled by the National Security Agency (NSA), has been published on the website of Microsoft's website.)", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-01T05:22:20.519000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6543350c86e1299dc78bfa90", "name": "this dick", "description": "", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-02T05:35:08.226000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "6541df216e018a0bce63e2a3", "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Nicholus33", "id": "76046", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 207, "URI": 1 }, "indicator_count": 7766, "is_author": false, "is_subscribing": null, "subscriber_count": 2, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6545a25d60272bac5827f2fc", "name": "TrojanSpy", "description": "", "modified": "2023-12-01T04:05:20.963000", "created": "2023-11-04T01:46:05.174000", "tags": [ "cisco umbrella", "site", "safe site", "detection list", "blacklist", "million", "malicious url", "maltiverse", "heuristic", "redirme", "exploit", "malware", "team", "microsoft", "urlhttps", "blacklist https", "noname057", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "hacktool", "arkeistealer", "mail spammer", "united", "germany", "opencandy", "proxy", "firehol", "alexa top", "phishing site", "malicious site", "malware site", "alexa", "phishing", "iframe", "downldr", "agent", "presenoker", "riskware", "unsafe", "artemis", "bank", "cve201711882", "tag count", "cyber threat", "httponly", "samesitenone", "http response", "final url", "ip address", "status code", "body length", "kb body", "sha256", "headers", "pragma", "contacted urls", "ssl certificate", "whois record", "xmodeargs", "whois whois", "xdpid1203", "xpubid10839", "september", "tsara brashears", "collection", "emotet", "malicious", "critical", "copy", "installer", "banker", "keylogger", "heur", "filerepmetagen", "suspected", "adware", "acint", "nircmd", "swrort", "systweak", "behav", "crack", "tiggre", "genkryptik", "filetour", "cleaner", "conduit", "wacatac", "trojanspy", "webtoolbar" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "6541e08c81e836438946bbbf", "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2559, "CVE": 6, "FileHash-MD5": 582, "FileHash-SHA1": 353, "FileHash-SHA256": 3232, "hostname": 826, "domain": 206, "URI": 1 }, "indicator_count": 7765, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "638c0d9d17099aad3e3dcc94", "name": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "description": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "modified": "2023-01-03T02:02:59.827000", "created": "2022-12-04T03:01:49.626000", "tags": [ "hash seen", "size", "copy md5", "sha1", "copy sha1", "copy sha256", "sha256", "united", "runtime process", "osint", "date", "accept", "malicious", "strings", "hybrid", "general", "click", "hosts", "exim", "info", "subject", "twitter ads", "mimeversion", "feedbackid", "Russian", "twitter", "headers", "paymentsense.cloud" ], "references": [ "text.txt", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "yandex.uz", "smart tv", "payment connector - paymentsense.cloud", "Russian" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "hostname": 250, "FileHash-SHA256": 640, "domain": 127, "email": 6, "FileHash-MD5": 13, "FileHash-SHA1": 8 }, "indicator_count": 1528, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1245 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "638c0d9fbdf2a9311be4ec4a", "name": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "description": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "modified": "2023-01-03T02:02:59.827000", "created": "2022-12-04T03:01:51.801000", "tags": [ "hash seen", "size", "copy md5", "sha1", "copy sha1", "copy sha256", "sha256", "united", "runtime process", "osint", "date", "accept", "malicious", "strings", "hybrid", "general", "click", "hosts", "exim", "info", "subject", "twitter ads", "mimeversion", "feedbackid", "Russian", "twitter", "headers", "paymentsense.cloud" ], "references": [ "text.txt", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "yandex.uz", "smart tv", "payment connector - paymentsense.cloud", "Russian" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "hostname": 250, "FileHash-SHA256": 640, "domain": 127, "email": 6, "FileHash-MD5": 13, "FileHash-SHA1": 8 }, "indicator_count": 1528, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1245 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://signicat.jula.no", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://signicat.jula.no", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780292050.216461 }