{ "type": "URL", "indicator": "https://store.kaspersky.co.th", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://store.kaspersky.co.th", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3606077258, "indicator": "https://store.kaspersky.co.th", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "66c5dcd42da951f32ee24e0f", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashesrs", "description": "", "modified": "2024-08-21T12:25:56.328000", "created": "2024-08-21T12:25:56.328000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": "655d0ec7b7cb12c66cac457d", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "650 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0ec7b7cb12c66cac457d", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:10:47.792000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 69, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0edbb8c22bcb4e5969b8", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:11:07.064000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 68, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0f94ad4d7cdc5e3f0a98", "name": "BlackNET", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:14:12.454000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 73, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657095cae448a5d8d4bb49d2", "name": "192.168.0.86 - j2br7yp43f.dattolocal.net - malicious abuse on home router", "description": "", "modified": "2023-12-06T15:39:54.390000", "created": "2023-12-06T15:39:54.390000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 557, "hostname": 249, "URL": 605, "domain": 32, "FileHash-MD5": 40, "FileHash-SHA1": 40 }, "indicator_count": 1523, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63af05abbb822d1ef22cb26d", "name": "192.168.0.86 - j2br7yp43f.dattolocal.net - malicious abuse on home router", "description": "192.168.0.23 and 139 - www.yndesen.net - to device-local-(...)remotewd.com bad actor abusing home devices under this cloud/storage provider", "modified": "2023-01-29T14:03:36.994000", "created": "2022-12-30T15:37:15.190000", "tags": [ "j2br7yp43f.dattolocal.net", "www.yndesen.net", "192.168.0.23", "192.168.0139", "192.168.0.24", "192.168.0.86" ], "references": [ "https://www.virustotal.com/graph/g7227176581de4678b6f3bfdeb541cbcfda2a37cf7e894b5e99575774a1969b07", "j2br7yp43f.dattolocal.net", "ccs01lte.vo.ca-cncx.net", "www.concentric.com", "5.5.6.1", "llnwd.net", "twitter i8n locale page error revealing pivot" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 249, "URL": 605, "FileHash-SHA256": 557, "domain": 32, "FileHash-MD5": 40, "FileHash-SHA1": 40 }, "indicator_count": 1523, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1220 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/graph/g7227176581de4678b6f3bfdeb541cbcfda2a37cf7e894b5e99575774a1969b07", "llnwd.net", "twitter i8n locale page error revealing pivot", "j2br7yp43f.dattolocal.net", "5.5.6.1", "ccs01lte.vo.ca-cncx.net", "www.concentric.com" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Cl0p", "Blacknet", "Maltiverse" ], "industries": [], "unique_indicators": 13743 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/kaspersky.co.th", "whois": "http://whois.domaintools.com/kaspersky.co.th", "domain": "kaspersky.co.th", "hostname": "store.kaspersky.co.th" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "66c5dcd42da951f32ee24e0f", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashesrs", "description": "", "modified": "2024-08-21T12:25:56.328000", "created": "2024-08-21T12:25:56.328000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": "655d0ec7b7cb12c66cac457d", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "650 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0ec7b7cb12c66cac457d", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:10:47.792000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 69, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0edbb8c22bcb4e5969b8", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:11:07.064000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 68, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0f94ad4d7cdc5e3f0a98", "name": "BlackNET", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:14:12.454000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 73, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "894 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657095cae448a5d8d4bb49d2", "name": "192.168.0.86 - j2br7yp43f.dattolocal.net - malicious abuse on home router", "description": "", "modified": "2023-12-06T15:39:54.390000", "created": "2023-12-06T15:39:54.390000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 557, "hostname": 249, "URL": 605, "domain": 32, "FileHash-MD5": 40, "FileHash-SHA1": 40 }, "indicator_count": 1523, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63af05abbb822d1ef22cb26d", "name": "192.168.0.86 - j2br7yp43f.dattolocal.net - malicious abuse on home router", "description": "192.168.0.23 and 139 - www.yndesen.net - to device-local-(...)remotewd.com bad actor abusing home devices under this cloud/storage provider", "modified": "2023-01-29T14:03:36.994000", "created": "2022-12-30T15:37:15.190000", "tags": [ "j2br7yp43f.dattolocal.net", "www.yndesen.net", "192.168.0.23", "192.168.0139", "192.168.0.24", "192.168.0.86" ], "references": [ "https://www.virustotal.com/graph/g7227176581de4678b6f3bfdeb541cbcfda2a37cf7e894b5e99575774a1969b07", "j2br7yp43f.dattolocal.net", "ccs01lte.vo.ca-cncx.net", "www.concentric.com", "5.5.6.1", "llnwd.net", "twitter i8n locale page error revealing pivot" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 249, "URL": 605, "FileHash-SHA256": 557, "domain": 32, "FileHash-MD5": 40, "FileHash-SHA1": 40 }, "indicator_count": 1523, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1220 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://store.kaspersky.co.th", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://store.kaspersky.co.th", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780465060.3247297 }