{ "type": "URL", "indicator": "https://support.apple.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://support.apple.com", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #45", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #2", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain apple.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain apple.com", "name": "Whitelisted domain" }, { "source": "newssite", "message": "Whitelisted news domain apple.com", "name": "Whitelisted newssite network domain" } ], "base_indicator": { "id": 3155866663, "indicator": "https://support.apple.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 15, "pulses": [ { "id": "69eae966e2994ca9410416e7", "name": "CAPE Sandbox - Watson", "description": "[full list of details about Akamai, the web hosting company, that has been abused on the internet for more than 20 years.. and the names of its users have been published.] pretext. Watson frequents. wizard8.", "modified": "2026-05-24T05:16:16.520000", "created": "2026-04-24T03:54:14.835000", "tags": [ "akamai", "city", "noc united", "orgid", "akamai ref", "net23", "net230000", "cidr", "orgabusehandle", "orgtechhandle" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 382, "FileHash-SHA1": 361, "FileHash-SHA256": 1250, "URL": 1436, "domain": 425, "hostname": 783, "CIDR": 1, "email": 29, "CVE": 1, "URI": 2 }, "indicator_count": 4670, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69e7d7edd91aab8d1e8d5590", "name": "hxxps://support[.]apple[.]com/100100", "description": "hxxps://support[.]apple[.]com/100100", "modified": "2026-05-21T20:10:22.225000", "created": "2026-04-21T20:02:53.543000", "tags": [ "malware", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "switch", "community add", "security menlo", "reports", "cve list", "notes blog", "drop your", "file", "service", "privacy policy", "intelix portal", "javascript", "please", "strong", "united kingdom", "urls", "domain name", "url analysis", "report https", "request", "status", "public ev", "server rsa", "g1 apple", "virustotal", "domain", "benign no", "february", "date february", "safe browsing", "ctx database", "upgrade plan", "my submissions", "free", "april", "august", "sandbox", "static analyzer", "analyzer", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "triage", "report", "reported", "analyze", "md5 sha1", "sha256", "submit download", "sha1", "sha512", "path c", "sha512 tlsh", "ssdeep", "prefetch8", "general", "config", "copy", "target", "score", "impact", "get https", "post https", "sha512 ssdeep", "size", "p2404", "tlsh", "Apple", "iPad", "Update" ], "references": [ "https://www.filescan.io/uploads/69e7ceb08a82359247ab7647/reports/e7fdc5f9-d521-4ce6-afae-50b558e39445/overview", "https://metadefender.com/results/url/aHR0cHM6Ly9zdXBwb3J0LmFwcGxlLmNvbS8xMDAxMDA=", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/file", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/url", "https://app.threat.zone/submission/9484b40d-a27f-4837-9e66-956835282d63/url-analysis-report", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00", "https://tria.ge/260421-ygl5esbt5p/behavioral1", "https://www.scyscan.com/scan-report/?rid=1743532660988884337", "https://polyswarm.network/scan/results/url/a6220c097dabdc5fd659eb3ca1441fd3ce853817647bbac71109847df837af70", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00/69e7d3627e525d99f106537e", "https://tria.ge/260421-ygl5esbt5p", "https://opentip.kaspersky.com/https%3A%2F%2Fsupport.apple.com%2F100100/?tab=lookup", "https://www.virustotal.com/graph/embed/ge7e62e923913419f9a4096f64b057f85af4f61c7ddba41b09ce577061284a468?theme=dark", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/summary", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1124", "name": "System Time Discovery", "display_name": "T1124 - System Time Discovery" }, { "id": "T1217", "name": "Browser Bookmark Discovery", "display_name": "T1217 - Browser Bookmark Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "hostname": 175, "URL": 1571, "FileHash-MD5": 183, "email": 7, "CIDR": 3, "FileHash-SHA1": 117, "FileHash-SHA256": 181, "SSLCertFingerprint": 14 }, "indicator_count": 2331, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6995e22d28c9e9d76f0dec64", "name": "Not So Awesome Fonts", "description": "Researchers: Further review warranted on awesome fonts.", "modified": "2026-04-24T13:20:53", "created": "2026-02-18T16:00:45.725000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 123, "FileHash-MD5": 10, "FileHash-SHA1": 12, "FileHash-SHA256": 223, "email": 5, "hostname": 223, "URL": 565, "CVE": 30, "SSLCertFingerprint": 2 }, "indicator_count": 1193, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "36 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6995ec2803ec8263d6cb9902", "name": "Potential for Abuse on Trusted Support Sites", "description": "Analysis of AlienVault OTX data shows that support.apple.com\u2014a whitelisted domain\u2014is associated with 69 malicious files, including Sodinokibi and BazarLoader.\nThe Potential for Abuse:\nBecause these domains are trusted by security filters (like Cisco Umbrella), they may be being used to:\nBypass Firewalls: Mask malicious traffic behind a \"safe\" reputation.\nTarget Vulnerable Users: Exploit the trust of people in high-stress situations who are seeking help.\nHide in Subdomains: Use fragmented assets (like rss.support.*) to avoid active monitoring.\nThe Precaution:\nWhitelisted status does not equal absolute safety. Researchers and users should:\nCheck Certificates: Verify the SSL/TLS Certificate is official.\nVerify Redirects: Check for Open Redirect triggers in links.\nNavigate Directly: Type URLs manually when possible.\nConclusion:\nSupport infrastructure is a high-trust environment. This trust may be being used to target users when they are most vulnerable. Caution is required.", "modified": "2026-04-01T00:44:45.494000", "created": "2026-02-18T16:43:20.757000", "tags": [], "references": [ "", "msudosos note: Caution is required as I have noticed this accross multiple support sites." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 112, "domain": 178, "CVE": 23, "FileHash-MD5": 62, "FileHash-SHA1": 59, "FileHash-SHA256": 59, "email": 1 }, "indicator_count": 726, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698548fdc5e1b22b45457eb4", "name": "http://support[.]apple[.]com/kb/HT5012 - 02.05.26", "description": "\"Learn more about trusted certificates\" -> http://support[.]apple[.]com/kb/HT5012\nTrust Store Version 2025082000\nTrust Asset Version 1012", "modified": "2026-03-08T02:01:42.135000", "created": "2026-02-06T01:50:53.485000", "tags": [ "vhash", "ssdeep", "html internet", "magic html", "unicode text", "utf8", "trid text", "magika html", "file size", "please", "javascript", "malware", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "url", "sandbox", "scanner", "reputation", "phishing", "warning icon", "share report", "domain", "apple mapkit", "java", "manager", "report", "home search", "insights", "login check", "android", "write", "login report", "overview", "tags submit", "tags url", "finishing url", "asn norway", "title available", "apple", "static analyzer", "analyzer", "type", "website title", "apple support", "date", "security", "access control", "plan search", "submission", "february", "error", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "prefetch8 ansi", "ansi", "show process", "hash seen", "programfiles", "ck id", "command decode", "mitre att", "suricata ipv4", "windir", "suspicious", "comspec", "hybrid", "model", "close", "click", "hosts", "general", "path", "form", "strings", "contact", "p2404", "attrdataver186", "p11770919978", "processorcores6", "tpmversion0", "telemetrylevel1", "oemmodeldell", "osuilocaleenus", "osskuid48", "osnamewin", "main", "sha1", "Apple", "iPadOS", "Freedom" ], "references": [ "https://www.virustotal.com/gui/url/aec932cd6ff44a6b8a13e3573f47d7e543cc0e1cc25f6d4fa2e0b0f1b8c44603/details", "https://www.virustotal.com/gui/file/3447d0e0dce83b163308c04dffeb52afb9f22d756b57d516fb1930d60303278d/details", "https://www.filescan.io/uploads/69853e76930564ff3c8e3576/reports/132722cc-526c-428b-85d8-bb863204ec6f/ioc", "https://urlquery.net/report/f7f1fb29-f7fb-4aec-be06-978b4bb296ab", "https://app.threat.zone/submission/f373032a-49fe-46f2-be28-a4636cbeb3c2/url-analysis-report", "https://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb", "http://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb/698522a0b8d0f8b6c404b7b4", "https://app.any.run/tasks/40ac99f3-0bf0-4455-996b-01e9ba0aaf79", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed/iocs", "https://www.virustotal.com/graph/embed/g70516ab17e6a482eb6641c8d15f795a9d0fbc493ae9d4c3ca0e0617754ba679c?theme=dark", "https://viz.greynoise.io/ip/analysis/66ca01e5-ac9a-4baf-b088-901cfbe72cac" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 29, "FileHash-SHA1": 24, "FileHash-SHA256": 126, "URL": 323, "SSLCertFingerprint": 8, "domain": 14, "email": 4, "hostname": 138 }, "indicator_count": 666, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "84 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65a5ca06c2fd6778541a8b46", "name": "Twitter Feed - phishunt_io - 15-01-2024", "description": "", "modified": "2024-02-15T00:01:50.109000", "created": "2024-01-16T00:12:54.282000", "tags": [ "phishing", "scam" ], "references": [ "https://twitter.com/phishunt_io/status/1746700048916779228", "https://twitter.com/phishunt_io/status/1746730528198266899", "https://twitter.com/phishunt_io/status/1746761013423198674", "https://twitter.com/phishunt_io/status/1746791492230783441", "https://twitter.com/phishunt_io/status/1746822066156814762", "https://twitter.com/phishunt_io/status/1746852545270559008", "https://twitter.com/phishunt_io/status/1746883082685211028", "https://twitter.com/phishunt_io/status/1746913587816214890", "https://twitter.com/phishunt_io/status/1746944193392472215", "https://twitter.com/phishunt_io/status/1747005389428719759", "https://twitter.com/phishunt_io/status/1747035864625016887" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 8, "URL": 10, "domain": 1 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "836 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6546cf78627adef6562a97aa", "name": "Browser Malware Attack", "description": "Attacking my browser to identify.\nCommand for critical failure/destruction: https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "modified": "2023-12-04T22:00:43.514000", "created": "2023-11-04T23:10:48.676000", "tags": [ "united", "facebook", "phishtank", "detection list", "ip address", "blacklist", "paypal", "cisco umbrella", "site", "alexa top", "safe site", "million", "malicious url", "malware site", "malicious site", "malware", "name verdict", "falcon sandbox", "reports no", "speci", "efr1", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "et tor", "known tor", "relayrouter", "date", "unknown", "general", "hybrid", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "phishing site", "heur", "cyber threat", "unsafe", "riskware", "phishing", "bank", "service", "artemis", "team", "xtrat", "agent", "xrat", "filetour", "exploit", "conduit", "opencandy", "fusioncore", "orkut", "steam", "genkryptik", "runescape", "presenoker", "ramnit", "msil", "crack", "tofsee", "suppobox", "malicious", "simda", "vawtrak", "hotmail", "generic", "webtoolbar", "hsbc", "maltiverse", "ip summary", "url summary", "summary", "sample", "samples", "count blacklist", "tag count", "downldr", "cleaner", "iframe", "wacatac", "alexa", "win64", "swrort", "installcore", "azorult", "download", "blacknet rat", "stealer", "softcnapp", "nircmd", "unruy", "patcher", "adload", "dropper", "installpack", "tiggre", "gamehack", "trojanspy", "germany http", "attacker", "static engine", "internet storm", "center", "passive dns", "urls", "scan endpoints", "all search", "otx scoreblue", "url http", "pulse pulses", "http", "related nids" ], "references": [ "https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "object.prototype.hasownproperty.call", "hasownproperty.call", "a.default.meta.applestore.id", "applestore.id", "http://decafsmob.this.id", "id.google.com", "http://critical-system-failure7250.21ny35098453.com-bm3y-v806d9gk.cricket/", "http://git.io/yBU2rg", "critical-failure-alert2286.40ek97931491.com-4nj1ze3ivfwy.website", "https://fairspin.io/?track_id=44698569&pid=1&geo=6252001&utm_source=bonafides&utm_medium=&utm_campaign=smarttds&utm_term=incorrect_param", "http://tracking.3061331.corn10wuk.club", "http://information.7174932.cakcuk.az/tracking/tracking.php?id=8459701&page=904", "apps.apple.com/us/app/id$", "t.name", "http://e.id?e.id:e.id.getAttribute", "location.search", "https://dnsorangetel.dn2.n-helix.com", "1080p-torrent.ml", "states.app", "dev-2.ernestatech.com", "https://hybrid-analysis.com/sample/d26000dfe1137f05f9187996dc752a703000402fe9e35a8ea216e9215a34560d", "209.85.145.113 [malware]", "cdn.fuckporntube.com", "www.search.app.goo.gl", "apps.apple.com", "http://www.youtube.com/gen_204?cplatform=tablet&c=android&cver=5.6.36&cos=Android&cosver=4.4.2&cbr=com.google.android.youtube&cbrv", "https://coloradosprings.americanlisted.com/pets-animals/beautiful-ragdoll-kittens_31591993.html", "globalworker1.sol.us", "worker-m-tlcus1.sol.us" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Ireland", "Singapore" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "HSBC", "display_name": "HSBC", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "GameHack", "display_name": "GameHack", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1015, "hostname": 1309, "FileHash-MD5": 466, "FileHash-SHA1": 255, "FileHash-SHA256": 3783, "URL": 4001, "CVE": 9, "email": 3 }, "indicator_count": 10841, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6546d0120a7e479fecffe2b1", "name": "Browser Malware Attack", "description": "Attacking browser to identify researcher.\nCommand for critical failure/destruction: https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "modified": "2023-12-04T22:00:43.514000", "created": "2023-11-04T23:13:21.883000", "tags": [ "united", "facebook", "phishtank", "detection list", "ip address", "blacklist", "paypal", "cisco umbrella", "site", "alexa top", "safe site", "million", "malicious url", "malware site", "malicious site", "malware", "name verdict", "falcon sandbox", "reports no", "speci", "efr1", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "et tor", "known tor", "relayrouter", "date", "unknown", "general", "hybrid", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "phishing site", "heur", "cyber threat", "unsafe", "riskware", "phishing", "bank", "service", "artemis", "team", "xtrat", "agent", "xrat", "filetour", "exploit", "conduit", "opencandy", "fusioncore", "orkut", "steam", "genkryptik", "runescape", "presenoker", "ramnit", "msil", "crack", "tofsee", "suppobox", "malicious", "simda", "vawtrak", "hotmail", "generic", "webtoolbar", "hsbc", "maltiverse", "ip summary", "url summary", "summary", "sample", "samples", "count blacklist", "tag count", "downldr", "cleaner", "iframe", "wacatac", "alexa", "win64", "swrort", "installcore", "azorult", "download", "blacknet rat", "stealer", "softcnapp", "nircmd", "unruy", "patcher", "adload", "dropper", "installpack", "tiggre", "gamehack", "trojanspy", "germany http", "attacker", "static engine", "internet storm", "center", "passive dns", "urls", "scan endpoints", "all search", "otx scoreblue", "url http", "pulse pulses", "http", "related nids" ], "references": [ "https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "object.prototype.hasownproperty.call", "hasownproperty.call", "a.default.meta.applestore.id", "applestore.id", "http://decafsmob.this.id", "id.google.com", "http://critical-system-failure7250.21ny35098453.com-bm3y-v806d9gk.cricket/", "http://git.io/yBU2rg", "critical-failure-alert2286.40ek97931491.com-4nj1ze3ivfwy.website", "https://fairspin.io/?track_id=44698569&pid=1&geo=6252001&utm_source=bonafides&utm_medium=&utm_campaign=smarttds&utm_term=incorrect_param", "http://tracking.3061331.corn10wuk.club", "http://information.7174932.cakcuk.az/tracking/tracking.php?id=8459701&page=904", "apps.apple.com/us/app/id$", "t.name", "http://e.id?e.id:e.id.getAttribute", "location.search", "https://dnsorangetel.dn2.n-helix.com", "1080p-torrent.ml", "states.app", "dev-2.ernestatech.com", "https://hybrid-analysis.com/sample/d26000dfe1137f05f9187996dc752a703000402fe9e35a8ea216e9215a34560d", "209.85.145.113 [malware]", "cdn.fuckporntube.com", "www.search.app.goo.gl", "apps.apple.com", "http://www.youtube.com/gen_204?cplatform=tablet&c=android&cver=5.6.36&cos=Android&cosver=4.4.2&cbr=com.google.android.youtube&cbrv", "https://coloradosprings.americanlisted.com/pets-animals/beautiful-ragdoll-kittens_31591993.html", "globalworker1.sol.us", "worker-m-tlcus1.sol.us" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Ireland", "Singapore" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "HSBC", "display_name": "HSBC", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "GameHack", "display_name": "GameHack", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1015, "hostname": 1309, "FileHash-MD5": 466, "FileHash-SHA1": 255, "FileHash-SHA256": 3783, "URL": 4001, "CVE": 9, "email": 3 }, "indicator_count": 10841, "is_author": false, "is_subscribing": null, "subscriber_count": 232, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653bf3b076e4dbcd0c099992", "name": "Remote Access | DeepScan | Dumping | DNS | Internal System Infiltration", "description": "DeepScan run (absolute overkill). I witnessed excessive data use, device is completely practically unusable, many black pages, denial of most services. CNC. Browser bar became a malicious app that returns 0 searches. Attack directed towards my devices.\nNo stone left unturned. Passwords taken. Apps installed to device Covered can on device takes pictures/flash at will. Evasive. Very talented hackers. \nBravo! Very intrusive. Constantly attacking.\nTarget: Tsara Brashears and researcher", "modified": "2023-11-26T14:04:04.692000", "created": "2023-10-27T17:30:24.926000", "tags": [ "ssl certificate", "historical ssl", "resolutions", "referrer", "collections", "contacted", "efr1", "parent domain", "amazon 02", "metro", "crypto", "cisco umbrella", "site", "safe site", "heur", "malware", "alexa top", "million", "malicious url", "malware site", "malicious site", "opencandy", "riskware", "unsafe", "phishing", "zbot", "team", "exploit", "agent", "mimikatz", "azorult", "service", "runescape", "facebook", "bank", "download", "downldr", "presenoker", "fusioncore", "cleaner", "wacatac", "artemis", "blacknet rat", "stealer", "trojanspy", "blacklist https", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "count blacklist", "tag count", "tsara brashears", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "whois record", "contacted urls", "siblings domain", "execution", "goldmax", "goldfinder", "sibot", "emotet", "united", "phishing site", "maltiverse", "adware", "phishtank", "xtrat", "xrat", "redline stealer", "xtreme", "crack", "genkryptik", "deepscan", "win64", "quasar rat", "fareit", "downloader", "trojan", "alexa", "iframe", "cve201711882", "phish", "genpack", "suspicious", "magazine", "applicunwnt", "cobalt strike", "malicious", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "ascii text", "mitre att", "ck id", "date", "unknown", "hybrid", "accept", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "pmejdjsu12", "Royal Bank of Scotland", "Phishing Bank of America Corporation", "Phishing Netflix", "Phishing Wells Fargo", "Phishing RuneScape", "Phishing Internal Revenue Service", "Phtarget unspecified phishing", "PAYPAL phishing", "Phishing Indeed", "Phishing eBay, Inc", "PhisSafe", "mobigame", "Phishing Facebook", "remote", "mitm", "tower", "worm", "firm", "privilege", "attacker", "monitoring", "cyber threat", "apple", "illegal", "DNS_PROBE_STARTED", "insurance", "revenge", "legal entities", "https://boxofporn.com" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Trojan.Hotkeychick", "display_name": "Trojan.Hotkeychick", "target": null }, { "id": "CVE Exploits", "display_name": "CVE Exploits", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Virus.Sality", "display_name": "Virus.Sality", "target": null }, { "id": "W32.Malware", "display_name": "W32.Malware", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "Trojan.OTNR", "display_name": "Trojan.OTNR", "target": null }, { "id": "Zbot", "display_name": "Zbot", "target": null }, { "id": "RedLine Stealer", "display_name": "RedLine Stealer", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Mimikatz - S0002", "display_name": "Mimikatz - S0002", "target": null }, { "id": "GoldFinder", "display_name": "GoldFinder", "target": null }, { "id": "GoldMax - S0588", "display_name": "GoldMax - S0588", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Sibot", "display_name": "Sibot", "target": null }, { "id": "Downloader.OpenCandy", "display_name": "Downloader.OpenCandy", "target": null }, { "id": "Azorult", "display_name": "Azorult", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "GoogleToolbar", "display_name": "GoogleToolbar", "target": null }, { "id": "BScope.Adware.MSIL", "display_name": "BScope.Adware.MSIL", "target": null }, { "id": "Application.Auslogics", "display_name": "Application.Auslogics", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Gen:Variant.Application.Bundler.DownloadGuide", "display_name": "Gen:Variant.Application.Bundler.DownloadGuide", "target": null }, { "id": "Trojan:Win32/Xtrat", "display_name": "Trojan:Win32/Xtrat", "target": "/malware/Trojan:Win32/Xtrat" }, { "id": "Xtreme RAT", "display_name": "Xtreme RAT", "target": null }, { "id": "ML.Attribute", "display_name": "ML.Attribute", "target": null }, { "id": "AGEN.1045143", "display_name": "AGEN.1045143", "target": null }, { "id": "Hoax.DeceptPCClean", "display_name": "Hoax.DeceptPCClean", "target": null }, { "id": "Packed.Themida", "display_name": "Packed.Themida", "target": null }, { "id": "MSIL_Bladabindi.G.gen", "display_name": "MSIL_Bladabindi.G.gen", "target": null }, { "id": "Gen:NN.ZexaF.34090", "display_name": "Gen:NN.ZexaF.34090", "target": null }, { "id": "Unsafe.AI_Score_95% 2", "display_name": "Unsafe.AI_Score_95% 2", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "JS:Trojan.HideLink 2", "display_name": "JS:Trojan.HideLink 2", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Application.BitCoinMiner", "display_name": "Application.BitCoinMiner", "target": null }, { "id": "WebToolbar.Asparnet", "display_name": "WebToolbar.Asparnet", "target": null }, { "id": "W32.HfsAutoB", "display_name": "W32.HfsAutoB", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Application.Deceptor", "display_name": "Application.Deceptor", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "HEUR:Hoax.PCFixer", "display_name": "HEUR:Hoax.PCFixer", "target": null }, { "id": "Gen:Variant.Jacard", "display_name": "Gen:Variant.Jacard", "target": null }, { "id": "Tool.Patcher", "display_name": "Tool.Patcher", "target": null }, { "id": "Trojan.Khalesi 2\tAdware 2", "display_name": "Trojan.Khalesi 2\tAdware 2", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Unsafe.AI_Score_94%", "display_name": "Unsafe.AI_Score_94%", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "TrojanBanker.Banbra", "display_name": "TrojanBanker.Banbra", "target": null }, { "id": "DriverReviver.A potentially unwanted", "display_name": "DriverReviver.A potentially unwanted", "target": null }, { "id": "Warezov.gen3", "display_name": "Warezov.gen3", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Nemucod.21C8", "display_name": "Nemucod.21C8", "target": null }, { "id": "Asparnet.P", "display_name": "Asparnet.P", "target": null }, { "id": "InstallCore.Gen7", "display_name": "InstallCore.Gen7", "target": null }, { "id": "CsQKHtaAI", "display_name": "CsQKHtaAI", "target": null }, { "id": "Clicker.VB", "display_name": "Clicker.VB", "target": null }, { "id": "Exploit.Zip.Heuristic", "display_name": "Exploit.Zip.Heuristic", "target": null }, { "id": "Trojan.Ransom.GandCrab", "display_name": "Trojan.Ransom.GandCrab", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "ScrInject.eric", "display_name": "ScrInject.eric", "target": null }, { "id": "HEUR:Trojan.Diztakun", "display_name": "HEUR:Trojan.Diztakun", "target": null }, { "id": "Agent.OCJ", "display_name": "Agent.OCJ", "target": null }, { "id": "Vdehu.A", "display_name": "Vdehu.A", "target": null }, { "id": "Hacktool.Crack", "display_name": "Hacktool.Crack", "target": null }, { "id": "Backdoor.DTR.15", "display_name": "Backdoor.DTR.15", "target": null }, { "id": "Freemake.A potentially unwanted", "display_name": "Freemake.A potentially unwanted", "target": null }, { "id": "Absolute Uninstaller", "display_name": "Absolute Uninstaller", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "Trojan.Small", "display_name": "Trojan.Small", "target": null }, { "id": "HackTool.Crack", "display_name": "HackTool.Crack", "target": null }, { "id": "Generic.Application.JS.Sobrab.1", "display_name": "Generic.Application.JS.Sobrab.1", "target": null }, { "id": "Trojan.Rozena", "display_name": "Trojan.Rozena", "target": null }, { "id": "Trojan.Downloader", "display_name": "Trojan.Downloader", "target": null }, { "id": "Trojan.Bayrob", "display_name": "Trojan.Bayrob", "target": null }, { "id": "Adware.OxyPumper", "display_name": "Adware.OxyPumper", "target": null }, { "id": "Worm.Chir", "display_name": "Worm.Chir", "target": null }, { "id": "Trojan.Linux.Generic", "display_name": "Trojan.Linux.Generic", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Heur.BZC.YAX.Boxter.819", "display_name": "Heur.BZC.YAX.Boxter.819", "target": null }, { "id": "Faceliker.D", "display_name": "Faceliker.D", "target": null }, { "id": "Adware", "display_name": "Adware", "target": null }, { "id": "DeepScan:Generic.BrResMon.1", "display_name": "DeepScan:Generic.BrResMon.1", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "Trojan.Brsecmon", "display_name": "Trojan.Brsecmon", "target": null }, { "id": "SigRiskware.LespeedTechnologyLtd", "display_name": "SigRiskware.LespeedTechnologyLtd", "target": null }, { "id": "Doplik.J", "display_name": "Doplik.J", "target": null }, { "id": "Backdoor.Nhopro", "display_name": "Backdoor.Nhopro", "target": null }, { "id": "TrojanBanker.Banbra", "display_name": "TrojanBanker.Banbra", "target": null }, { "id": "Gen:NN.ZemsilF.32515", "display_name": "Gen:NN.ZemsilF.32515", "target": null }, { "id": "Downware", "display_name": "Downware", "target": null }, { "id": "MxResIcn.Heur", "display_name": "MxResIcn.Heur", "target": null }, { "id": "Mimikatz", "display_name": "Mimikatz", "target": null }, { "id": "Magazine phishing", "display_name": "Magazine phishing", "target": null }, { "id": "ApplicUnwnt@#2n6\tIRS", "display_name": "ApplicUnwnt@#2n6\tIRS", "target": null }, { "id": "TEL:Trojan:HTML/Phishing", "display_name": "TEL:Trojan:HTML/Phishing", "target": null }, { "id": "DriverReviver.A potentially unwanted", "display_name": "DriverReviver.A potentially unwanted", "target": null }, { "id": "Trojan.GandCrypt", "display_name": "Trojan.GandCrypt", "target": null }, { "id": "Redirector.AN", "display_name": "Redirector.AN", "target": null }, { "id": "Agent.CUX.gen", "display_name": "Agent.CUX.gen", "target": null }, { "id": "Gen:Variant.Application.Bundler", "display_name": "Gen:Variant.Application.Bundler", "target": null }, { "id": "Downloader.Generic", "display_name": "Downloader.Generic", "target": null }, { "id": "Trojan.ClipBanker", "display_name": "Trojan.ClipBanker", "target": null }, { "id": "TrojanDropper.Autit", "display_name": "TrojanDropper.Autit", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "QVM05.1.08E5.Malware", "display_name": "QVM05.1.08E5.Malware", "target": null }, { "id": "Trojan.CookiesStealer", "display_name": "Trojan.CookiesStealer", "target": null }, { "id": "Agent.MU", "display_name": "Agent.MU", "target": null }, { "id": "Wacatac.B", "display_name": "Wacatac.B", "target": null }, { "id": "Dropper.Gen", "display_name": "Dropper.Gen", "target": null }, { "id": "WiseCleaner.A potentially unwanted", "display_name": "WiseCleaner.A potentially unwanted", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Gen:NN.ZemsilF.34170", "display_name": "Gen:NN.ZemsilF.34170", "target": null }, { "id": "Gen:Variant.MSILHeracles", "display_name": "Gen:Variant.MSILHeracles", "target": null }, { "id": "Trojan.DownLoader33", "display_name": "Trojan.DownLoader33", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Program.Freemake", "display_name": "Program.Freemake", "target": null }, { "id": "Kryptik.dawvk", "display_name": "Kryptik.dawvk", "target": null }, { "id": "AdwareSig [Adw]", "display_name": "AdwareSig [Adw]", "target": null }, { "id": "Phishing JPMorgan Chase and Co.", "display_name": "Phishing JPMorgan Chase and Co.", "target": null }, { "id": "Adware.BrowseFoxCRTD", "display_name": "Adware.BrowseFoxCRTD", "target": null }, { "id": "Suspici.1F4405D1", "display_name": "Suspici.1F4405D1", "target": null }, { "id": "PUA.Wombat", "display_name": "PUA.Wombat", "target": null }, { "id": "AdWare.DealPly", "display_name": "AdWare.DealPly", "target": null }, { "id": "Injector.CUAM", "display_name": "Injector.CUAM", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "Troj_Gen.F04IE00CI19", "display_name": "Troj_Gen.F04IE00CI19", "target": null }, { "id": "Worm.Autorun", "display_name": "Worm.Autorun", "target": null }, { "id": "Worm.Boychi", "display_name": "Worm.Boychi", "target": null }, { "id": "Worm.Allaple", "display_name": "Worm.Allaple", "target": null }, { "id": "CVE-2014-3153", "display_name": "CVE-2014-3153", "target": null }, { "id": "BehavesLike.ICLoader", "display_name": "BehavesLike.ICLoader", "target": null }, { "id": "BScope.Backdoor", "display_name": "BScope.Backdoor", "target": null }, { "id": "Trojan.WIN32.PDF.Alien", "display_name": "Trojan.WIN32.PDF.Alien", "target": null }, { "id": "PUP.Systweak", "display_name": "PUP.Systweak", "target": null }, { "id": "Sabsik.FL.B", "display_name": "Sabsik.FL.B", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Gen:Variant.Tedy HackTool.VulnDriver", "display_name": "Gen:Variant.Tedy HackTool.VulnDriver", "target": null }, { "id": "Backdoor.Predator", "display_name": "Backdoor.Predator", "target": null }, { "id": "Kryptik.GKQR", "display_name": "Kryptik.GKQR", "target": null }, { "id": "DarkKomet.ife", "display_name": "DarkKomet.ife", "target": null }, { "id": "BehavesLike.Downloader", "display_name": "BehavesLike.Downloader", "target": null }, { "id": "Trojan.JS.Iframe", "display_name": "Trojan.JS.Iframe", "target": null }, { "id": "InstallCore.NP", "display_name": "InstallCore.NP", "target": null }, { "id": "Generic.JS.BlackHole", "display_name": "Generic.JS.BlackHole", "target": null }, { "id": "Dropper.Wanna", "display_name": "Dropper.Wanna", "target": null }, { "id": "Remote Utilities", "display_name": "Remote Utilities", "target": null }, { "id": "W32.InstallCore.AGX", "display_name": "W32.InstallCore.AGX", "target": null }, { "id": "NetTool.RemoteExec", "display_name": "NetTool.RemoteExec", "target": null }, { "id": "Bondat.A", "display_name": "Bondat.A", "target": null }, { "id": "VM201.0.B70B.Malware", "display_name": "VM201.0.B70B.Malware", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "Infected.WebPage", "display_name": "Infected.WebPage", "target": null }, { "id": "HEUR:Exploit.Script", "display_name": "HEUR:Exploit.Script", "target": null }, { "id": "BScope.TrojanDownloader", "display_name": "BScope.TrojanDownloader", "target": null }, { "id": "HTML:RedirBA", "display_name": "HTML:RedirBA", "target": null }, { "id": "Trojan.BAT.Qhost", "display_name": "Trojan.BAT.Qhost", "target": null }, { "id": "HTML:RedirME", "display_name": "HTML:RedirME", "target": null }, { "id": "TrojWare.JS.AdWare.Agent", "display_name": "TrojWare.JS.AdWare.Agent", "target": null }, { "id": "Packed.Dico", "display_name": "Packed.Dico", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1491.001", "name": "Internal Defacement", "display_name": "T1491.001 - Internal Defacement" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1602.001", "name": "SNMP (MIB Dump)", "display_name": "T1602.001 - SNMP (MIB Dump)" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1695, "FileHash-SHA1": 756, "FileHash-SHA256": 2029, "domain": 290, "URL": 1854, "hostname": 568, "CVE": 5 }, "indicator_count": 7197, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "916 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f09785f9ee8aebca2a667", "name": "Remote Access | DeepScan | Dumping | DNS | Internal System Infiltration", "description": "", "modified": "2023-11-26T14:04:04.692000", "created": "2023-10-30T01:40:08.022000", "tags": [ "ssl certificate", "historical ssl", "resolutions", "referrer", "collections", "contacted", "efr1", "parent domain", "amazon 02", "metro", "crypto", "cisco umbrella", "site", "safe site", "heur", "malware", "alexa top", "million", "malicious url", "malware site", "malicious site", "opencandy", "riskware", "unsafe", "phishing", "zbot", "team", "exploit", "agent", "mimikatz", "azorult", "service", "runescape", "facebook", "bank", "download", "downldr", "presenoker", "fusioncore", "cleaner", "wacatac", "artemis", "blacknet rat", "stealer", "trojanspy", "blacklist https", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "count blacklist", "tag count", "tsara brashears", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "whois record", "contacted urls", "siblings domain", "execution", "goldmax", "goldfinder", "sibot", "emotet", "united", "phishing site", "maltiverse", "adware", "phishtank", "xtrat", "xrat", "redline stealer", "xtreme", "crack", "genkryptik", "deepscan", "win64", "quasar rat", "fareit", "downloader", "trojan", "alexa", "iframe", "cve201711882", "phish", "genpack", "suspicious", "magazine", "applicunwnt", "cobalt strike", "malicious", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "ascii text", "mitre att", "ck id", "date", "unknown", "hybrid", "accept", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "pmejdjsu12", "Royal Bank of Scotland", "Phishing Bank of America Corporation", "Phishing Netflix", "Phishing Wells Fargo", "Phishing RuneScape", "Phishing Internal Revenue Service", "Phtarget unspecified phishing", "PAYPAL phishing", "Phishing Indeed", "Phishing eBay, Inc", "PhisSafe", "mobigame", "Phishing Facebook", "remote", "mitm", "tower", "worm", "firm", "privilege", "attacker", "monitoring", "cyber threat", "apple", "illegal", "DNS_PROBE_STARTED", "insurance", "revenge", "legal entities", "https://boxofporn.com" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Trojan.Hotkeychick", "display_name": "Trojan.Hotkeychick", "target": null }, { "id": "CVE Exploits", "display_name": "CVE Exploits", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Virus.Sality", "display_name": "Virus.Sality", "target": null }, { "id": "W32.Malware", "display_name": "W32.Malware", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "Trojan.OTNR", "display_name": "Trojan.OTNR", "target": null }, { "id": "Zbot", "display_name": "Zbot", "target": null }, { "id": "RedLine Stealer", "display_name": "RedLine Stealer", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Mimikatz - S0002", "display_name": "Mimikatz - S0002", "target": null }, { "id": "GoldFinder", "display_name": "GoldFinder", "target": null }, { "id": "GoldMax - S0588", "display_name": "GoldMax - S0588", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Sibot", "display_name": "Sibot", "target": null }, { "id": "Downloader.OpenCandy", "display_name": "Downloader.OpenCandy", "target": null }, { "id": "Azorult", "display_name": "Azorult", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "GoogleToolbar", "display_name": "GoogleToolbar", "target": null }, { "id": "BScope.Adware.MSIL", "display_name": "BScope.Adware.MSIL", "target": null }, { "id": "Application.Auslogics", "display_name": "Application.Auslogics", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Gen:Variant.Application.Bundler.DownloadGuide", "display_name": "Gen:Variant.Application.Bundler.DownloadGuide", "target": null }, { "id": "Trojan:Win32/Xtrat", "display_name": "Trojan:Win32/Xtrat", "target": "/malware/Trojan:Win32/Xtrat" }, { "id": "Xtreme RAT", "display_name": "Xtreme RAT", "target": null }, { "id": "ML.Attribute", "display_name": "ML.Attribute", "target": null }, { "id": "AGEN.1045143", "display_name": "AGEN.1045143", "target": null }, { "id": "Hoax.DeceptPCClean", "display_name": "Hoax.DeceptPCClean", "target": null }, { "id": "Packed.Themida", "display_name": "Packed.Themida", "target": null }, { "id": "MSIL_Bladabindi.G.gen", "display_name": "MSIL_Bladabindi.G.gen", "target": null }, { "id": "Gen:NN.ZexaF.34090", "display_name": "Gen:NN.ZexaF.34090", "target": null }, { "id": "Unsafe.AI_Score_95% 2", "display_name": "Unsafe.AI_Score_95% 2", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "JS:Trojan.HideLink 2", "display_name": "JS:Trojan.HideLink 2", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Application.BitCoinMiner", "display_name": "Application.BitCoinMiner", "target": null }, { "id": "WebToolbar.Asparnet", "display_name": "WebToolbar.Asparnet", "target": null }, { "id": "W32.HfsAutoB", "display_name": "W32.HfsAutoB", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Application.Deceptor", "display_name": "Application.Deceptor", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "HEUR:Hoax.PCFixer", "display_name": "HEUR:Hoax.PCFixer", "target": null }, { "id": "Gen:Variant.Jacard", "display_name": "Gen:Variant.Jacard", "target": null }, { "id": "Tool.Patcher", "display_name": "Tool.Patcher", "target": null }, { "id": "Trojan.Khalesi 2\tAdware 2", "display_name": "Trojan.Khalesi 2\tAdware 2", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Unsafe.AI_Score_94%", "display_name": "Unsafe.AI_Score_94%", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "TrojanBanker.Banbra", "display_name": "TrojanBanker.Banbra", "target": null }, { "id": "DriverReviver.A potentially unwanted", "display_name": "DriverReviver.A potentially unwanted", "target": null }, { "id": "Warezov.gen3", "display_name": "Warezov.gen3", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Nemucod.21C8", "display_name": "Nemucod.21C8", "target": null }, { "id": "Asparnet.P", "display_name": "Asparnet.P", "target": null }, { "id": "InstallCore.Gen7", "display_name": "InstallCore.Gen7", "target": null }, { "id": "CsQKHtaAI", "display_name": "CsQKHtaAI", "target": null }, { "id": "Clicker.VB", "display_name": "Clicker.VB", "target": null }, { "id": "Exploit.Zip.Heuristic", "display_name": "Exploit.Zip.Heuristic", "target": null }, { "id": "Trojan.Ransom.GandCrab", "display_name": "Trojan.Ransom.GandCrab", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "ScrInject.eric", "display_name": "ScrInject.eric", "target": null }, { "id": "HEUR:Trojan.Diztakun", "display_name": "HEUR:Trojan.Diztakun", "target": null }, { "id": "Agent.OCJ", "display_name": "Agent.OCJ", "target": null }, { "id": "Vdehu.A", "display_name": "Vdehu.A", "target": null }, { "id": "Hacktool.Crack", "display_name": "Hacktool.Crack", "target": null }, { "id": "Backdoor.DTR.15", "display_name": "Backdoor.DTR.15", "target": null }, { "id": "Freemake.A potentially unwanted", "display_name": "Freemake.A potentially unwanted", "target": null }, { "id": "Absolute Uninstaller", "display_name": "Absolute Uninstaller", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "Trojan.Small", "display_name": "Trojan.Small", "target": null }, { "id": "HackTool.Crack", "display_name": "HackTool.Crack", "target": null }, { "id": "Generic.Application.JS.Sobrab.1", "display_name": "Generic.Application.JS.Sobrab.1", "target": null }, { "id": "Trojan.Rozena", "display_name": "Trojan.Rozena", "target": null }, { "id": "Trojan.Downloader", "display_name": "Trojan.Downloader", "target": null }, { "id": "Trojan.Bayrob", "display_name": "Trojan.Bayrob", "target": null }, { "id": "Adware.OxyPumper", "display_name": "Adware.OxyPumper", "target": null }, { "id": "Worm.Chir", "display_name": "Worm.Chir", "target": null }, { "id": "Trojan.Linux.Generic", "display_name": "Trojan.Linux.Generic", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Heur.BZC.YAX.Boxter.819", "display_name": "Heur.BZC.YAX.Boxter.819", "target": null }, { "id": "Faceliker.D", "display_name": "Faceliker.D", "target": null }, { "id": "Adware", "display_name": "Adware", "target": null }, { "id": "DeepScan:Generic.BrResMon.1", "display_name": "DeepScan:Generic.BrResMon.1", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "Trojan.Brsecmon", "display_name": "Trojan.Brsecmon", "target": null }, { "id": "SigRiskware.LespeedTechnologyLtd", "display_name": "SigRiskware.LespeedTechnologyLtd", "target": null }, { "id": "Doplik.J", "display_name": "Doplik.J", "target": null }, { "id": "Backdoor.Nhopro", "display_name": "Backdoor.Nhopro", "target": null }, { "id": "TrojanBanker.Banbra", "display_name": "TrojanBanker.Banbra", "target": null }, { "id": "Gen:NN.ZemsilF.32515", "display_name": "Gen:NN.ZemsilF.32515", "target": null }, { "id": "Downware", "display_name": "Downware", "target": null }, { "id": "MxResIcn.Heur", "display_name": "MxResIcn.Heur", "target": null }, { "id": "Mimikatz", "display_name": "Mimikatz", "target": null }, { "id": "Magazine phishing", "display_name": "Magazine phishing", "target": null }, { "id": "ApplicUnwnt@#2n6\tIRS", "display_name": "ApplicUnwnt@#2n6\tIRS", "target": null }, { "id": "TEL:Trojan:HTML/Phishing", "display_name": "TEL:Trojan:HTML/Phishing", "target": null }, { "id": "DriverReviver.A potentially unwanted", "display_name": "DriverReviver.A potentially unwanted", "target": null }, { "id": "Trojan.GandCrypt", "display_name": "Trojan.GandCrypt", "target": null }, { "id": "Redirector.AN", "display_name": "Redirector.AN", "target": null }, { "id": "Agent.CUX.gen", "display_name": "Agent.CUX.gen", "target": null }, { "id": "Gen:Variant.Application.Bundler", "display_name": "Gen:Variant.Application.Bundler", "target": null }, { "id": "Downloader.Generic", "display_name": "Downloader.Generic", "target": null }, { "id": "Trojan.ClipBanker", "display_name": "Trojan.ClipBanker", "target": null }, { "id": "TrojanDropper.Autit", "display_name": "TrojanDropper.Autit", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "QVM05.1.08E5.Malware", "display_name": "QVM05.1.08E5.Malware", "target": null }, { "id": "Trojan.CookiesStealer", "display_name": "Trojan.CookiesStealer", "target": null }, { "id": "Agent.MU", "display_name": "Agent.MU", "target": null }, { "id": "Wacatac.B", "display_name": "Wacatac.B", "target": null }, { "id": "Dropper.Gen", "display_name": "Dropper.Gen", "target": null }, { "id": "WiseCleaner.A potentially unwanted", "display_name": "WiseCleaner.A potentially unwanted", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Gen:NN.ZemsilF.34170", "display_name": "Gen:NN.ZemsilF.34170", "target": null }, { "id": "Gen:Variant.MSILHeracles", "display_name": "Gen:Variant.MSILHeracles", "target": null }, { "id": "Trojan.DownLoader33", "display_name": "Trojan.DownLoader33", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Program.Freemake", "display_name": "Program.Freemake", "target": null }, { "id": "Kryptik.dawvk", "display_name": "Kryptik.dawvk", "target": null }, { "id": "AdwareSig [Adw]", "display_name": "AdwareSig [Adw]", "target": null }, { "id": "Phishing JPMorgan Chase and Co.", "display_name": "Phishing JPMorgan Chase and Co.", "target": null }, { "id": "Adware.BrowseFoxCRTD", "display_name": "Adware.BrowseFoxCRTD", "target": null }, { "id": "Suspici.1F4405D1", "display_name": "Suspici.1F4405D1", "target": null }, { "id": "PUA.Wombat", "display_name": "PUA.Wombat", "target": null }, { "id": "AdWare.DealPly", "display_name": "AdWare.DealPly", "target": null }, { "id": "Injector.CUAM", "display_name": "Injector.CUAM", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "Troj_Gen.F04IE00CI19", "display_name": "Troj_Gen.F04IE00CI19", "target": null }, { "id": "Worm.Autorun", "display_name": "Worm.Autorun", "target": null }, { "id": "Worm.Boychi", "display_name": "Worm.Boychi", "target": null }, { "id": "Worm.Allaple", "display_name": "Worm.Allaple", "target": null }, { "id": "CVE-2014-3153", "display_name": "CVE-2014-3153", "target": null }, { "id": "BehavesLike.ICLoader", "display_name": "BehavesLike.ICLoader", "target": null }, { "id": "BScope.Backdoor", "display_name": "BScope.Backdoor", "target": null }, { "id": "Trojan.WIN32.PDF.Alien", "display_name": "Trojan.WIN32.PDF.Alien", "target": null }, { "id": "PUP.Systweak", "display_name": "PUP.Systweak", "target": null }, { "id": "Sabsik.FL.B", "display_name": "Sabsik.FL.B", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Gen:Variant.Tedy HackTool.VulnDriver", "display_name": "Gen:Variant.Tedy HackTool.VulnDriver", "target": null }, { "id": "Backdoor.Predator", "display_name": "Backdoor.Predator", "target": null }, { "id": "Kryptik.GKQR", "display_name": "Kryptik.GKQR", "target": null }, { "id": "DarkKomet.ife", "display_name": "DarkKomet.ife", "target": null }, { "id": "BehavesLike.Downloader", "display_name": "BehavesLike.Downloader", "target": null }, { "id": "Trojan.JS.Iframe", "display_name": "Trojan.JS.Iframe", "target": null }, { "id": "InstallCore.NP", "display_name": "InstallCore.NP", "target": null }, { "id": "Generic.JS.BlackHole", "display_name": "Generic.JS.BlackHole", "target": null }, { "id": "Dropper.Wanna", "display_name": "Dropper.Wanna", "target": null }, { "id": "Remote Utilities", "display_name": "Remote Utilities", "target": null }, { "id": "W32.InstallCore.AGX", "display_name": "W32.InstallCore.AGX", "target": null }, { "id": "NetTool.RemoteExec", "display_name": "NetTool.RemoteExec", "target": null }, { "id": "Bondat.A", "display_name": "Bondat.A", "target": null }, { "id": "VM201.0.B70B.Malware", "display_name": "VM201.0.B70B.Malware", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "Infected.WebPage", "display_name": "Infected.WebPage", "target": null }, { "id": "HEUR:Exploit.Script", "display_name": "HEUR:Exploit.Script", "target": null }, { "id": "BScope.TrojanDownloader", "display_name": "BScope.TrojanDownloader", "target": null }, { "id": "HTML:RedirBA", "display_name": "HTML:RedirBA", "target": null }, { "id": "Trojan.BAT.Qhost", "display_name": "Trojan.BAT.Qhost", "target": null }, { "id": "HTML:RedirME", "display_name": "HTML:RedirME", "target": null }, { "id": "TrojWare.JS.AdWare.Agent", "display_name": "TrojWare.JS.AdWare.Agent", "target": null }, { "id": "Packed.Dico", "display_name": "Packed.Dico", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1491.001", "name": "Internal Defacement", "display_name": "T1491.001 - Internal Defacement" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1602.001", "name": "SNMP (MIB Dump)", "display_name": "T1602.001 - SNMP (MIB Dump)" } ], "industries": [], "TLP": "white", "cloned_from": "653bf3b076e4dbcd0c099992", "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1695, "FileHash-SHA1": 756, "FileHash-SHA256": 2029, "domain": 290, "URL": 1854, "hostname": 568, "CVE": 5 }, "indicator_count": 7197, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "916 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62951232023c3cdc0a0f7a1c", "name": "support.apple.com:de-de:HT204247%22", "description": "", "modified": "2022-06-29T00:00:46.963000", "created": "2022-05-30T18:51:30.784000", "tags": [], "references": [ "support.apple.com:de-de:HT204247%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 423, "hostname": 188, "domain": 33, "FileHash-SHA256": 278, "CIDR": 3, "FileHash-MD5": 4 }, "indicator_count": 929, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1432 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "623b76906394e513998559be", "name": "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378", "description": "", "modified": "2022-04-22T00:03:50.614000", "created": "2022-03-23T19:35:44.755000", "tags": [], "references": [ "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378- 483986&cp=em-P0021378-483986&sr=em%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 33, "URL": 490, "hostname": 185, "FileHash-SHA256": 272, "CIDR": 4, "FileHash-MD5": 5 }, "indicator_count": 989, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1500 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6231bba93e094ab9c9858a1a", "name": "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378- 483986&cp=em-P0021378-483986&sr=em%22,.pdf", "description": "", "modified": "2022-04-15T00:03:47.669000", "created": "2022-03-16T10:27:53.224000", "tags": [], "references": [ "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378- 483986&cp=em-P0021378-483986&sr=em%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 460, "hostname": 173, "domain": 32, "FileHash-SHA256": 272, "CIDR": 4, "FileHash-MD5": 5 }, "indicator_count": 946, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1507 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6230ed78d2ec30487a19e1e0", "name": "support.apple.com:en-gb:HT201222%22", "description": "", "modified": "2022-04-14T00:01:40.805000", "created": "2022-03-15T19:48:08.100000", "tags": [], "references": [ "support.apple.com:en-gb:HT201222%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 204, "URL": 104, "hostname": 35, "domain": 14, "CIDR": 1, "FileHash-MD5": 3 }, "indicator_count": 361, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1508 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6230eddd25692f0fc9d5dad8", "name": "support.apple.com:en-us:HT211204%22", "description": "", "modified": "2022-04-14T00:01:40.805000", "created": "2022-03-15T19:49:49.667000", "tags": [], "references": [ "support.apple.com:en-us:HT211204%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 401, "hostname": 134, "domain": 32, "FileHash-SHA256": 235, "CIDR": 4, "FileHash-MD5": 3 }, "indicator_count": 809, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1508 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "", "apps.apple.com", "dev-2.ernestatech.com", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/iocs", "msudosos note: Caution is required as I have noticed this accross multiple support sites.", "applestore.id", "cdn.fuckporntube.com", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed", "https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "209.85.145.113 [malware]", "http://www.youtube.com/gen_204?cplatform=tablet&c=android&cver=5.6.36&cos=Android&cosver=4.4.2&cbr=com.google.android.youtube&cbrv", "worker-m-tlcus1.sol.us", "location.search", "https://app.any.run/tasks/40ac99f3-0bf0-4455-996b-01e9ba0aaf79", "https://app.threat.zone/submission/9484b40d-a27f-4837-9e66-956835282d63/url-analysis-report", "https://twitter.com/phishunt_io/status/1746761013423198674", "http://decafsmob.this.id", "https://twitter.com/phishunt_io/status/1746700048916779228", "locate.apple.com:in:en:?cid=CDM-IN-DM-P0021378- 483986&cp=em-P0021378-483986&sr=em%22,.pdf", "https://tria.ge/260421-ygl5esbt5p/behavioral1", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/file", "id.google.com", "https://twitter.com/phishunt_io/status/1746791492230783441", "https://fairspin.io/?track_id=44698569&pid=1&geo=6252001&utm_source=bonafides&utm_medium=&utm_campaign=smarttds&utm_term=incorrect_param", "https://twitter.com/phishunt_io/status/1746913587816214890", "https://urlquery.net/report/f7f1fb29-f7fb-4aec-be06-978b4bb296ab", "http://e.id?e.id:e.id.getAttribute", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00", "https://twitter.com/phishunt_io/status/1746730528198266899", "a.default.meta.applestore.id", "https://app.threat.zone/submission/f373032a-49fe-46f2-be28-a4636cbeb3c2/url-analysis-report", "http://git.io/yBU2rg", "http://information.7174932.cakcuk.az/tracking/tracking.php?id=8459701&page=904", "apps.apple.com/us/app/id$", "www.search.app.goo.gl", "support.apple.com:de-de:HT204247%22,.pdf", "https://www.filescan.io/uploads/69853e76930564ff3c8e3576/reports/132722cc-526c-428b-85d8-bb863204ec6f/ioc", "https://www.filescan.io/uploads/69e7ceb08a82359247ab7647/reports/e7fdc5f9-d521-4ce6-afae-50b558e39445/overview", "http://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb/698522a0b8d0f8b6c404b7b4", "https://www.virustotal.com/gui/url/aec932cd6ff44a6b8a13e3573f47d7e543cc0e1cc25f6d4fa2e0b0f1b8c44603/details", "https://twitter.com/phishunt_io/status/1746944193392472215", "t.name", "https://www.virustotal.com/gui/file/3447d0e0dce83b163308c04dffeb52afb9f22d756b57d516fb1930d60303278d/details", "support.apple.com:en-gb:HT201222%22,.pdf", "https://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb", "https://hybrid-analysis.com/sample/d26000dfe1137f05f9187996dc752a703000402fe9e35a8ea216e9215a34560d", "https://polyswarm.network/scan/results/url/a6220c097dabdc5fd659eb3ca1441fd3ce853817647bbac71109847df837af70", "https://twitter.com/phishunt_io/status/1747005389428719759", "hasownproperty.call", "http://critical-system-failure7250.21ny35098453.com-bm3y-v806d9gk.cricket/", "https://www.scyscan.com/scan-report/?rid=1743532660988884337", "https://tria.ge/260421-ygl5esbt5p", "https://twitter.com/phishunt_io/status/1746883082685211028", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00/69e7d3627e525d99f106537e", "critical-failure-alert2286.40ek97931491.com-4nj1ze3ivfwy.website", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/summary", "support.apple.com:en-us:HT211204%22,.pdf", "1080p-torrent.ml", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed/iocs", "https://twitter.com/phishunt_io/status/1747035864625016887", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/url", "https://viz.greynoise.io/ip/analysis/66ca01e5-ac9a-4baf-b088-901cfbe72cac", "http://tracking.3061331.corn10wuk.club", "states.app", "object.prototype.hasownproperty.call", "https://coloradosprings.americanlisted.com/pets-animals/beautiful-ragdoll-kittens_31591993.html", "https://opentip.kaspersky.com/https%3A%2F%2Fsupport.apple.com%2F100100/?tab=lookup", "https://twitter.com/phishunt_io/status/1746852545270559008", "https://www.virustotal.com/graph/embed/g70516ab17e6a482eb6641c8d15f795a9d0fbc493ae9d4c3ca0e0617754ba679c?theme=dark", "https://www.virustotal.com/graph/embed/ge7e62e923913419f9a4096f64b057f85af4f61c7ddba41b09ce577061284a468?theme=dark", "globalworker1.sol.us", "https://twitter.com/phishunt_io/status/1746822066156814762", "https://dnsorangetel.dn2.n-helix.com", "https://metadefender.com/results/url/aHR0cHM6Ly9zdXBwb3J0LmFwcGxlLmNvbS8xMDAxMDA=" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "[Unnamed group]" ], "malware_families": [ "Bscope.trojan", "Clicker.vb", "Worm.chir", "Redirector.an", "Tool.patcher", "Trojware.js.adware.agent", "Infected.webpage", "Adwaresig [adw]", "Virus.sality", "Warezov.gen3", "Trojan.otnr", "Worm.allaple", "Dropper.trojan.agent", "Mimikatz - s0002", "Trojan.small", "Trojan.js.iframe", "Behaveslike.downloader", "Trojan.clipbanker", "Installcore.gen7", "Hacktool.bruteforce", "Googletoolbar", "Vm201.0.b70b.malware", "Hacktool.crack", "Cobalt strike", "Trojan.ransom.generickd", "Sigriskware.lespeedtechnologyltd", "Dropper.gen", "Pe.heur", "Sabsik.fl.b", "Js:trojan.clicker", "Heur.bzc.yax.boxter.819", "Riskware.netfilter", "Trojan.win32.pdf.alien", "Gen:variant.symmi", "Riskware.crack", "Cve exploits", "Agent.mu", "Trojan.linux.generic", "Trojan.khalesi 2\tadware 2", "Generic.js.blackhole", "Gen:variant.msilheracles", "Bondat.a", "Qvm05.1.08e5.malware", "Generic.application.js.sobrab.1", "Adware.oxypumper", "Hw32.packed", "Adware.dealply", "Gen:nn.zexaf.34090", "Dropper.wanna", "Goldmax - s0588", "Nemucod.21c8", "Wisecleaner.a potentially unwanted", "Exploit.zip.heuristic", "Downldr.gen", "Troj_gen.f04ie00ci19", "Tsgeneric", "Vb:trojan.valyria", "Webtoolbar", "Bscope.adware.msil", "Html:redirba", "Trojan.hotkeychick", "Adware.browsefoxcrtd", "Wacatac.b", "Quasar rat", "Gen:variant.ursu", "Agen.1144657", "Gen:variant.tedy hacktool.vulndriver", "Trojanbanker.banbra", "Mxresicn.heur", "Csqkhtaai", "Packed.dico", "Kryptik.gkqr", "Gen:variant.jacard", "Asparnet.p", "Trojan.gandcrypt", "Adware.kuzitui", "Kryptik.dawvk", "Application.bitcoinminer", "Backdoor.dtr.15", "Behaveslike.icloader", "Packed.themida", "Malicious.f01f67", "Driverreviver.a potentially unwanted", "Bscope.trojandownloader", "Suspici.1f4405d1", "Adware", "Trojandropper.autit", "W32.installcore.agx", "Unsafe.ai_score_95% 2", "Trojan.bat.qhost", "Backdoor.nhopro", "Gamehack", "Trojan.bayrob", "Gen:variant.application.bundler.downloadguide", "Bscope.backdoor", "Heur:trojan.diztakun", "Deepscan:generic.brresmon.1", "Gen:heur.msil.inject", "Agent.cux.gen", "Redline stealer", "Trojan.wisdomeyes.16070401.9500", "Maltiverse", "Agen.1045143", "Js:trojan.hidelink 2", "Application.deceptor", "Hsbc", "Nettool.remoteexec", "Agent.ocj", "Downware", "Ml.attribute", "Downloader.generic", "Gen:nn.zemsilf.34170", "Emotet", "Cve-2014-3153", "Injector.cuam", "W32.malware", "Darkkomet.ife", "Html:redirme", "Webtoolbar.asparnet", "Faceliker.d", "Trojan.cookiesstealer", "Scrinject.b", "Worm.autorun", "Azorult", "Hacktool.cheatengine", "Doplik.j", "Applicunwnt@#2n6\tirs", "Riskware.hacktool.agent", "Goldfinder", "Gen:variant.bulz", "Trojan.brsecmon", "Program.freemake", "Mimikatz", "Application.auslogics", "Remote utilities", "W32.hfsautob", "Trojan.rozena", "Gen:variant.application.bundler", "Blacknet rat", "Trojanspy", "Magazine phishing", "Phishing jpmorgan chase and co.", "Backdoor.androm", "Zbot", "Gen:heur.msil.androm", "Trojan:win32/xtrat", "Hoax.deceptpcclean", "Html:script", "Sibot", "Trojan.msil", "Absolute uninstaller", "Gen:nn.zemsilf.32515", "Trojan.downloader", "Pup.systweak", "Heur:hoax.pcfixer", "Installcore.np", "Heur:exploit.script", "Freemake.a potentially unwanted", "Worm.boychi", "Generic.asmalws", "Backdoor.predator", "Pua.wombat", "Trojan.ransom.gandcrab", "Downloader.opencandy", "Xtreme rat", "Scrinject.eric", "Tel:trojan:html/phishing", "Vdehu.a", "Unsafe.ai_score_94%", "Trojan.downloader33", "Msil_bladabindi.g.gen" ], "industries": [ "Technology" ], "unique_indicators": 24950 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/apple.com", "whois": "http://whois.domaintools.com/apple.com", "domain": "apple.com", "hostname": "support.apple.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 15, "pulses": [ { "id": "69eae966e2994ca9410416e7", "name": "CAPE Sandbox - Watson", "description": "[full list of details about Akamai, the web hosting company, that has been abused on the internet for more than 20 years.. and the names of its users have been published.] pretext. Watson frequents. wizard8.", "modified": "2026-05-24T05:16:16.520000", "created": "2026-04-24T03:54:14.835000", "tags": [ "akamai", "city", "noc united", "orgid", "akamai ref", "net23", "net230000", "cidr", "orgabusehandle", "orgtechhandle" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 382, "FileHash-SHA1": 361, "FileHash-SHA256": 1250, "URL": 1436, "domain": 425, "hostname": 783, "CIDR": 1, "email": 29, "CVE": 1, "URI": 2 }, "indicator_count": 4670, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69e7d7edd91aab8d1e8d5590", "name": "hxxps://support[.]apple[.]com/100100", "description": "hxxps://support[.]apple[.]com/100100", "modified": "2026-05-21T20:10:22.225000", "created": "2026-04-21T20:02:53.543000", "tags": [ "malware", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "switch", "community add", "security menlo", "reports", "cve list", "notes blog", "drop your", "file", "service", "privacy policy", "intelix portal", "javascript", "please", "strong", "united kingdom", "urls", "domain name", "url analysis", "report https", "request", "status", "public ev", "server rsa", "g1 apple", "virustotal", "domain", "benign no", "february", "date february", "safe browsing", "ctx database", "upgrade plan", "my submissions", "free", "april", "august", "sandbox", "static analyzer", "analyzer", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "triage", "report", "reported", "analyze", "md5 sha1", "sha256", "submit download", "sha1", "sha512", "path c", "sha512 tlsh", "ssdeep", "prefetch8", "general", "config", "copy", "target", "score", "impact", "get https", "post https", "sha512 ssdeep", "size", "p2404", "tlsh", "Apple", "iPad", "Update" ], "references": [ "https://www.filescan.io/uploads/69e7ceb08a82359247ab7647/reports/e7fdc5f9-d521-4ce6-afae-50b558e39445/overview", "https://metadefender.com/results/url/aHR0cHM6Ly9zdXBwb3J0LmFwcGxlLmNvbS8xMDAxMDA=", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/file", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/url", "https://app.threat.zone/submission/9484b40d-a27f-4837-9e66-956835282d63/url-analysis-report", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00", "https://tria.ge/260421-ygl5esbt5p/behavioral1", "https://www.scyscan.com/scan-report/?rid=1743532660988884337", "https://polyswarm.network/scan/results/url/a6220c097dabdc5fd659eb3ca1441fd3ce853817647bbac71109847df837af70", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00/69e7d3627e525d99f106537e", "https://tria.ge/260421-ygl5esbt5p", "https://opentip.kaspersky.com/https%3A%2F%2Fsupport.apple.com%2F100100/?tab=lookup", "https://www.virustotal.com/graph/embed/ge7e62e923913419f9a4096f64b057f85af4f61c7ddba41b09ce577061284a468?theme=dark", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/summary", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1124", "name": "System Time Discovery", "display_name": "T1124 - System Time Discovery" }, { "id": "T1217", "name": "Browser Bookmark Discovery", "display_name": "T1217 - Browser Bookmark Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "hostname": 175, "URL": 1571, "FileHash-MD5": 183, "email": 7, "CIDR": 3, "FileHash-SHA1": 117, "FileHash-SHA256": 181, "SSLCertFingerprint": 14 }, "indicator_count": 2331, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6995e22d28c9e9d76f0dec64", "name": "Not So Awesome Fonts", "description": "Researchers: Further review warranted on awesome fonts.", "modified": "2026-04-24T13:20:53", "created": "2026-02-18T16:00:45.725000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 123, "FileHash-MD5": 10, "FileHash-SHA1": 12, "FileHash-SHA256": 223, "email": 5, "hostname": 223, "URL": 565, "CVE": 30, "SSLCertFingerprint": 2 }, "indicator_count": 1193, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "36 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6995ec2803ec8263d6cb9902", "name": "Potential for Abuse on Trusted Support Sites", "description": "Analysis of AlienVault OTX data shows that support.apple.com\u2014a whitelisted domain\u2014is associated with 69 malicious files, including Sodinokibi and BazarLoader.\nThe Potential for Abuse:\nBecause these domains are trusted by security filters (like Cisco Umbrella), they may be being used to:\nBypass Firewalls: Mask malicious traffic behind a \"safe\" reputation.\nTarget Vulnerable Users: Exploit the trust of people in high-stress situations who are seeking help.\nHide in Subdomains: Use fragmented assets (like rss.support.*) to avoid active monitoring.\nThe Precaution:\nWhitelisted status does not equal absolute safety. Researchers and users should:\nCheck Certificates: Verify the SSL/TLS Certificate is official.\nVerify Redirects: Check for Open Redirect triggers in links.\nNavigate Directly: Type URLs manually when possible.\nConclusion:\nSupport infrastructure is a high-trust environment. This trust may be being used to target users when they are most vulnerable. Caution is required.", "modified": "2026-04-01T00:44:45.494000", "created": "2026-02-18T16:43:20.757000", "tags": [], "references": [ "", "msudosos note: Caution is required as I have noticed this accross multiple support sites." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 112, "domain": 178, "CVE": 23, "FileHash-MD5": 62, "FileHash-SHA1": 59, "FileHash-SHA256": 59, "email": 1 }, "indicator_count": 726, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698548fdc5e1b22b45457eb4", "name": "http://support[.]apple[.]com/kb/HT5012 - 02.05.26", "description": "\"Learn more about trusted certificates\" -> http://support[.]apple[.]com/kb/HT5012\nTrust Store Version 2025082000\nTrust Asset Version 1012", "modified": "2026-03-08T02:01:42.135000", "created": "2026-02-06T01:50:53.485000", "tags": [ "vhash", "ssdeep", "html internet", "magic html", "unicode text", "utf8", "trid text", "magika html", "file size", "please", "javascript", "malware", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "url", "sandbox", "scanner", "reputation", "phishing", "warning icon", "share report", "domain", "apple mapkit", "java", "manager", "report", "home search", "insights", "login check", "android", "write", "login report", "overview", "tags submit", "tags url", "finishing url", "asn norway", "title available", "apple", "static analyzer", "analyzer", "type", "website title", "apple support", "date", "security", "access control", "plan search", "submission", "february", "error", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "prefetch8 ansi", "ansi", "show process", "hash seen", "programfiles", "ck id", "command decode", "mitre att", "suricata ipv4", "windir", "suspicious", "comspec", "hybrid", "model", "close", "click", "hosts", "general", "path", "form", "strings", "contact", "p2404", "attrdataver186", "p11770919978", "processorcores6", "tpmversion0", "telemetrylevel1", "oemmodeldell", "osuilocaleenus", "osskuid48", "osnamewin", "main", "sha1", "Apple", "iPadOS", "Freedom" ], "references": [ "https://www.virustotal.com/gui/url/aec932cd6ff44a6b8a13e3573f47d7e543cc0e1cc25f6d4fa2e0b0f1b8c44603/details", "https://www.virustotal.com/gui/file/3447d0e0dce83b163308c04dffeb52afb9f22d756b57d516fb1930d60303278d/details", "https://www.filescan.io/uploads/69853e76930564ff3c8e3576/reports/132722cc-526c-428b-85d8-bb863204ec6f/ioc", "https://urlquery.net/report/f7f1fb29-f7fb-4aec-be06-978b4bb296ab", "https://app.threat.zone/submission/f373032a-49fe-46f2-be28-a4636cbeb3c2/url-analysis-report", "https://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb", "http://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb/698522a0b8d0f8b6c404b7b4", "https://app.any.run/tasks/40ac99f3-0bf0-4455-996b-01e9ba0aaf79", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed/iocs", "https://www.virustotal.com/graph/embed/g70516ab17e6a482eb6641c8d15f795a9d0fbc493ae9d4c3ca0e0617754ba679c?theme=dark", "https://viz.greynoise.io/ip/analysis/66ca01e5-ac9a-4baf-b088-901cfbe72cac" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 29, "FileHash-SHA1": 24, "FileHash-SHA256": 126, "URL": 323, "SSLCertFingerprint": 8, "domain": 14, "email": 4, "hostname": 138 }, "indicator_count": 666, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "84 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65a5ca06c2fd6778541a8b46", "name": "Twitter Feed - phishunt_io - 15-01-2024", "description": "", "modified": "2024-02-15T00:01:50.109000", "created": "2024-01-16T00:12:54.282000", "tags": [ "phishing", "scam" ], "references": [ "https://twitter.com/phishunt_io/status/1746700048916779228", "https://twitter.com/phishunt_io/status/1746730528198266899", "https://twitter.com/phishunt_io/status/1746761013423198674", "https://twitter.com/phishunt_io/status/1746791492230783441", "https://twitter.com/phishunt_io/status/1746822066156814762", "https://twitter.com/phishunt_io/status/1746852545270559008", "https://twitter.com/phishunt_io/status/1746883082685211028", "https://twitter.com/phishunt_io/status/1746913587816214890", "https://twitter.com/phishunt_io/status/1746944193392472215", "https://twitter.com/phishunt_io/status/1747005389428719759", "https://twitter.com/phishunt_io/status/1747035864625016887" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 8, "URL": 10, "domain": 1 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "836 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6546cf78627adef6562a97aa", "name": "Browser Malware Attack", "description": "Attacking my browser to identify.\nCommand for critical failure/destruction: https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "modified": "2023-12-04T22:00:43.514000", "created": "2023-11-04T23:10:48.676000", "tags": [ "united", "facebook", "phishtank", "detection list", "ip address", "blacklist", "paypal", "cisco umbrella", "site", "alexa top", "safe site", "million", "malicious url", "malware site", "malicious site", "malware", "name verdict", "falcon sandbox", "reports no", "speci", "efr1", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "et tor", "known tor", "relayrouter", "date", "unknown", "general", "hybrid", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "phishing site", "heur", "cyber threat", "unsafe", "riskware", "phishing", "bank", "service", "artemis", "team", "xtrat", "agent", "xrat", "filetour", "exploit", "conduit", "opencandy", "fusioncore", "orkut", "steam", "genkryptik", "runescape", "presenoker", "ramnit", "msil", "crack", "tofsee", "suppobox", "malicious", "simda", "vawtrak", "hotmail", "generic", "webtoolbar", "hsbc", "maltiverse", "ip summary", "url summary", "summary", "sample", "samples", "count blacklist", "tag count", "downldr", "cleaner", "iframe", "wacatac", "alexa", "win64", "swrort", "installcore", "azorult", "download", "blacknet rat", "stealer", "softcnapp", "nircmd", "unruy", "patcher", "adload", "dropper", "installpack", "tiggre", "gamehack", "trojanspy", "germany http", "attacker", "static engine", "internet storm", "center", "passive dns", "urls", "scan endpoints", "all search", "otx scoreblue", "url http", "pulse pulses", "http", "related nids" ], "references": [ "https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "object.prototype.hasownproperty.call", "hasownproperty.call", "a.default.meta.applestore.id", "applestore.id", "http://decafsmob.this.id", "id.google.com", "http://critical-system-failure7250.21ny35098453.com-bm3y-v806d9gk.cricket/", "http://git.io/yBU2rg", "critical-failure-alert2286.40ek97931491.com-4nj1ze3ivfwy.website", "https://fairspin.io/?track_id=44698569&pid=1&geo=6252001&utm_source=bonafides&utm_medium=&utm_campaign=smarttds&utm_term=incorrect_param", "http://tracking.3061331.corn10wuk.club", "http://information.7174932.cakcuk.az/tracking/tracking.php?id=8459701&page=904", "apps.apple.com/us/app/id$", "t.name", "http://e.id?e.id:e.id.getAttribute", "location.search", "https://dnsorangetel.dn2.n-helix.com", "1080p-torrent.ml", "states.app", "dev-2.ernestatech.com", "https://hybrid-analysis.com/sample/d26000dfe1137f05f9187996dc752a703000402fe9e35a8ea216e9215a34560d", "209.85.145.113 [malware]", "cdn.fuckporntube.com", "www.search.app.goo.gl", "apps.apple.com", "http://www.youtube.com/gen_204?cplatform=tablet&c=android&cver=5.6.36&cos=Android&cosver=4.4.2&cbr=com.google.android.youtube&cbrv", "https://coloradosprings.americanlisted.com/pets-animals/beautiful-ragdoll-kittens_31591993.html", "globalworker1.sol.us", "worker-m-tlcus1.sol.us" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Ireland", "Singapore" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "HSBC", "display_name": "HSBC", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "GameHack", "display_name": "GameHack", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1015, "hostname": 1309, "FileHash-MD5": 466, "FileHash-SHA1": 255, "FileHash-SHA256": 3783, "URL": 4001, "CVE": 9, "email": 3 }, "indicator_count": 10841, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6546d0120a7e479fecffe2b1", "name": "Browser Malware Attack", "description": "Attacking browser to identify researcher.\nCommand for critical failure/destruction: https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "modified": "2023-12-04T22:00:43.514000", "created": "2023-11-04T23:13:21.883000", "tags": [ "united", "facebook", "phishtank", "detection list", "ip address", "blacklist", "paypal", "cisco umbrella", "site", "alexa top", "safe site", "million", "malicious url", "malware site", "malicious site", "malware", "name verdict", "falcon sandbox", "reports no", "speci", "efr1", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "et tor", "known tor", "relayrouter", "date", "unknown", "general", "hybrid", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "phishing site", "heur", "cyber threat", "unsafe", "riskware", "phishing", "bank", "service", "artemis", "team", "xtrat", "agent", "xrat", "filetour", "exploit", "conduit", "opencandy", "fusioncore", "orkut", "steam", "genkryptik", "runescape", "presenoker", "ramnit", "msil", "crack", "tofsee", "suppobox", "malicious", "simda", "vawtrak", "hotmail", "generic", "webtoolbar", "hsbc", "maltiverse", "ip summary", "url summary", "summary", "sample", "samples", "count blacklist", "tag count", "downldr", "cleaner", "iframe", "wacatac", "alexa", "win64", "swrort", "installcore", "azorult", "download", "blacknet rat", "stealer", "softcnapp", "nircmd", "unruy", "patcher", "adload", "dropper", "installpack", "tiggre", "gamehack", "trojanspy", "germany http", "attacker", "static engine", "internet storm", "center", "passive dns", "urls", "scan endpoints", "all search", "otx scoreblue", "url http", "pulse pulses", "http", "related nids" ], "references": [ "https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "object.prototype.hasownproperty.call", "hasownproperty.call", "a.default.meta.applestore.id", "applestore.id", "http://decafsmob.this.id", "id.google.com", "http://critical-system-failure7250.21ny35098453.com-bm3y-v806d9gk.cricket/", "http://git.io/yBU2rg", "critical-failure-alert2286.40ek97931491.com-4nj1ze3ivfwy.website", "https://fairspin.io/?track_id=44698569&pid=1&geo=6252001&utm_source=bonafides&utm_medium=&utm_campaign=smarttds&utm_term=incorrect_param", "http://tracking.3061331.corn10wuk.club", "http://information.7174932.cakcuk.az/tracking/tracking.php?id=8459701&page=904", "apps.apple.com/us/app/id$", "t.name", "http://e.id?e.id:e.id.getAttribute", "location.search", "https://dnsorangetel.dn2.n-helix.com", "1080p-torrent.ml", "states.app", "dev-2.ernestatech.com", "https://hybrid-analysis.com/sample/d26000dfe1137f05f9187996dc752a703000402fe9e35a8ea216e9215a34560d", "209.85.145.113 [malware]", "cdn.fuckporntube.com", "www.search.app.goo.gl", "apps.apple.com", "http://www.youtube.com/gen_204?cplatform=tablet&c=android&cver=5.6.36&cos=Android&cosver=4.4.2&cbr=com.google.android.youtube&cbrv", "https://coloradosprings.americanlisted.com/pets-animals/beautiful-ragdoll-kittens_31591993.html", "globalworker1.sol.us", "worker-m-tlcus1.sol.us" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Ireland", "Singapore" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "HSBC", "display_name": "HSBC", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "GameHack", "display_name": "GameHack", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1015, "hostname": 1309, "FileHash-MD5": 466, "FileHash-SHA1": 255, "FileHash-SHA256": 3783, "URL": 4001, "CVE": 9, "email": 3 }, "indicator_count": 10841, "is_author": false, "is_subscribing": null, "subscriber_count": 232, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653bf3b076e4dbcd0c099992", "name": "Remote Access | DeepScan | Dumping | DNS | Internal System Infiltration", "description": "DeepScan run (absolute overkill). I witnessed excessive data use, device is completely practically unusable, many black pages, denial of most services. CNC. Browser bar became a malicious app that returns 0 searches. Attack directed towards my devices.\nNo stone left unturned. Passwords taken. Apps installed to device Covered can on device takes pictures/flash at will. Evasive. Very talented hackers. \nBravo! Very intrusive. Constantly attacking.\nTarget: Tsara Brashears and researcher", "modified": "2023-11-26T14:04:04.692000", "created": "2023-10-27T17:30:24.926000", "tags": [ "ssl certificate", "historical ssl", "resolutions", "referrer", "collections", "contacted", "efr1", "parent domain", "amazon 02", "metro", "crypto", "cisco umbrella", "site", "safe site", "heur", "malware", "alexa top", "million", "malicious url", "malware site", "malicious site", "opencandy", "riskware", "unsafe", "phishing", "zbot", "team", "exploit", "agent", "mimikatz", "azorult", "service", "runescape", "facebook", "bank", "download", "downldr", "presenoker", "fusioncore", "cleaner", "wacatac", "artemis", "blacknet rat", "stealer", "trojanspy", "blacklist https", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "count blacklist", "tag count", "tsara brashears", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "whois record", "contacted urls", "siblings domain", "execution", "goldmax", "goldfinder", "sibot", "emotet", "united", "phishing site", "maltiverse", "adware", "phishtank", "xtrat", "xrat", "redline stealer", "xtreme", "crack", "genkryptik", "deepscan", "win64", "quasar rat", "fareit", "downloader", "trojan", "alexa", "iframe", "cve201711882", "phish", "genpack", "suspicious", "magazine", "applicunwnt", "cobalt strike", "malicious", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "ascii text", "mitre att", "ck id", "date", "unknown", "hybrid", "accept", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "pmejdjsu12", "Royal Bank of Scotland", "Phishing Bank of America Corporation", "Phishing Netflix", "Phishing Wells Fargo", "Phishing RuneScape", "Phishing Internal Revenue Service", "Phtarget unspecified phishing", "PAYPAL phishing", "Phishing Indeed", "Phishing eBay, Inc", "PhisSafe", "mobigame", "Phishing Facebook", "remote", "mitm", "tower", "worm", "firm", "privilege", "attacker", "monitoring", "cyber threat", "apple", "illegal", "DNS_PROBE_STARTED", "insurance", "revenge", "legal entities", "https://boxofporn.com" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Trojan.Hotkeychick", "display_name": "Trojan.Hotkeychick", "target": null }, { "id": "CVE Exploits", "display_name": "CVE Exploits", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Virus.Sality", "display_name": "Virus.Sality", "target": null }, { "id": "W32.Malware", "display_name": "W32.Malware", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "Trojan.OTNR", "display_name": "Trojan.OTNR", "target": null }, { "id": "Zbot", "display_name": "Zbot", "target": null }, { "id": "RedLine Stealer", "display_name": "RedLine Stealer", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Mimikatz - S0002", "display_name": "Mimikatz - S0002", "target": null }, { "id": "GoldFinder", "display_name": "GoldFinder", "target": null }, { "id": "GoldMax - S0588", "display_name": "GoldMax - S0588", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Sibot", "display_name": "Sibot", "target": null }, { "id": "Downloader.OpenCandy", "display_name": "Downloader.OpenCandy", "target": null }, { "id": "Azorult", "display_name": "Azorult", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "GoogleToolbar", "display_name": "GoogleToolbar", "target": null }, { "id": "BScope.Adware.MSIL", "display_name": "BScope.Adware.MSIL", "target": null }, { "id": "Application.Auslogics", "display_name": "Application.Auslogics", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Gen:Variant.Application.Bundler.DownloadGuide", "display_name": "Gen:Variant.Application.Bundler.DownloadGuide", "target": null }, { "id": "Trojan:Win32/Xtrat", "display_name": "Trojan:Win32/Xtrat", "target": "/malware/Trojan:Win32/Xtrat" }, { "id": "Xtreme RAT", "display_name": "Xtreme RAT", "target": null }, { "id": "ML.Attribute", "display_name": "ML.Attribute", "target": null }, { "id": "AGEN.1045143", "display_name": "AGEN.1045143", "target": null }, { "id": "Hoax.DeceptPCClean", "display_name": "Hoax.DeceptPCClean", "target": null }, { "id": "Packed.Themida", "display_name": "Packed.Themida", "target": null }, { "id": "MSIL_Bladabindi.G.gen", "display_name": "MSIL_Bladabindi.G.gen", "target": null }, { "id": "Gen:NN.ZexaF.34090", "display_name": "Gen:NN.ZexaF.34090", "target": null }, { "id": "Unsafe.AI_Score_95% 2", "display_name": "Unsafe.AI_Score_95% 2", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "JS:Trojan.HideLink 2", "display_name": "JS:Trojan.HideLink 2", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Application.BitCoinMiner", "display_name": "Application.BitCoinMiner", "target": null }, { "id": "WebToolbar.Asparnet", "display_name": "WebToolbar.Asparnet", "target": null }, { "id": "W32.HfsAutoB", "display_name": "W32.HfsAutoB", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Application.Deceptor", "display_name": "Application.Deceptor", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "HEUR:Hoax.PCFixer", "display_name": "HEUR:Hoax.PCFixer", "target": null }, { "id": "Gen:Variant.Jacard", "display_name": "Gen:Variant.Jacard", "target": null }, { "id": "Tool.Patcher", "display_name": "Tool.Patcher", "target": null }, { "id": "Trojan.Khalesi 2\tAdware 2", "display_name": "Trojan.Khalesi 2\tAdware 2", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Unsafe.AI_Score_94%", "display_name": "Unsafe.AI_Score_94%", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "TrojanBanker.Banbra", "display_name": "TrojanBanker.Banbra", "target": null }, { "id": "DriverReviver.A potentially unwanted", "display_name": "DriverReviver.A potentially unwanted", "target": null }, { "id": "Warezov.gen3", "display_name": "Warezov.gen3", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Nemucod.21C8", "display_name": "Nemucod.21C8", "target": null }, { "id": "Asparnet.P", "display_name": "Asparnet.P", "target": null }, { "id": "InstallCore.Gen7", "display_name": "InstallCore.Gen7", "target": null }, { "id": "CsQKHtaAI", "display_name": "CsQKHtaAI", "target": null }, { "id": "Clicker.VB", "display_name": "Clicker.VB", "target": null }, { "id": "Exploit.Zip.Heuristic", "display_name": "Exploit.Zip.Heuristic", "target": null }, { "id": "Trojan.Ransom.GandCrab", "display_name": "Trojan.Ransom.GandCrab", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "ScrInject.eric", "display_name": "ScrInject.eric", "target": null }, { "id": "HEUR:Trojan.Diztakun", "display_name": "HEUR:Trojan.Diztakun", "target": null }, { "id": "Agent.OCJ", "display_name": "Agent.OCJ", "target": null }, { "id": "Vdehu.A", "display_name": "Vdehu.A", "target": null }, { "id": "Hacktool.Crack", "display_name": "Hacktool.Crack", "target": null }, { "id": "Backdoor.DTR.15", "display_name": "Backdoor.DTR.15", "target": null }, { "id": "Freemake.A potentially unwanted", "display_name": "Freemake.A potentially unwanted", "target": null }, { "id": "Absolute Uninstaller", "display_name": "Absolute Uninstaller", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "Trojan.Small", "display_name": "Trojan.Small", "target": null }, { "id": "HackTool.Crack", "display_name": "HackTool.Crack", "target": null }, { "id": "Generic.Application.JS.Sobrab.1", "display_name": "Generic.Application.JS.Sobrab.1", "target": null }, { "id": "Trojan.Rozena", "display_name": "Trojan.Rozena", "target": null }, { "id": "Trojan.Downloader", "display_name": "Trojan.Downloader", "target": null }, { "id": "Trojan.Bayrob", "display_name": "Trojan.Bayrob", "target": null }, { "id": "Adware.OxyPumper", "display_name": "Adware.OxyPumper", "target": null }, { "id": "Worm.Chir", "display_name": "Worm.Chir", "target": null }, { "id": "Trojan.Linux.Generic", "display_name": "Trojan.Linux.Generic", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Heur.BZC.YAX.Boxter.819", "display_name": "Heur.BZC.YAX.Boxter.819", "target": null }, { "id": "Faceliker.D", "display_name": "Faceliker.D", "target": null }, { "id": "Adware", "display_name": "Adware", "target": null }, { "id": "DeepScan:Generic.BrResMon.1", "display_name": "DeepScan:Generic.BrResMon.1", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "Trojan.Brsecmon", "display_name": "Trojan.Brsecmon", "target": null }, { "id": "SigRiskware.LespeedTechnologyLtd", "display_name": "SigRiskware.LespeedTechnologyLtd", "target": null }, { "id": "Doplik.J", "display_name": "Doplik.J", "target": null }, { "id": "Backdoor.Nhopro", "display_name": "Backdoor.Nhopro", "target": null }, { "id": "TrojanBanker.Banbra", "display_name": "TrojanBanker.Banbra", "target": null }, { "id": "Gen:NN.ZemsilF.32515", "display_name": "Gen:NN.ZemsilF.32515", "target": null }, { "id": "Downware", "display_name": "Downware", "target": null }, { "id": "MxResIcn.Heur", "display_name": "MxResIcn.Heur", "target": null }, { "id": "Mimikatz", "display_name": "Mimikatz", "target": null }, { "id": "Magazine phishing", "display_name": "Magazine phishing", "target": null }, { "id": "ApplicUnwnt@#2n6\tIRS", "display_name": "ApplicUnwnt@#2n6\tIRS", "target": null }, { "id": "TEL:Trojan:HTML/Phishing", "display_name": "TEL:Trojan:HTML/Phishing", "target": null }, { "id": "DriverReviver.A potentially unwanted", "display_name": "DriverReviver.A potentially unwanted", "target": null }, { "id": "Trojan.GandCrypt", "display_name": "Trojan.GandCrypt", "target": null }, { "id": "Redirector.AN", "display_name": "Redirector.AN", "target": null }, { "id": "Agent.CUX.gen", "display_name": "Agent.CUX.gen", "target": null }, { "id": "Gen:Variant.Application.Bundler", "display_name": "Gen:Variant.Application.Bundler", "target": null }, { "id": "Downloader.Generic", "display_name": "Downloader.Generic", "target": null }, { "id": "Trojan.ClipBanker", "display_name": "Trojan.ClipBanker", "target": null }, { "id": "TrojanDropper.Autit", "display_name": "TrojanDropper.Autit", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "QVM05.1.08E5.Malware", "display_name": "QVM05.1.08E5.Malware", "target": null }, { "id": "Trojan.CookiesStealer", "display_name": "Trojan.CookiesStealer", "target": null }, { "id": "Agent.MU", "display_name": "Agent.MU", "target": null }, { "id": "Wacatac.B", "display_name": "Wacatac.B", "target": null }, { "id": "Dropper.Gen", "display_name": "Dropper.Gen", "target": null }, { "id": "WiseCleaner.A potentially unwanted", "display_name": "WiseCleaner.A potentially unwanted", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Gen:NN.ZemsilF.34170", "display_name": "Gen:NN.ZemsilF.34170", "target": null }, { "id": "Gen:Variant.MSILHeracles", "display_name": "Gen:Variant.MSILHeracles", "target": null }, { "id": "Trojan.DownLoader33", "display_name": "Trojan.DownLoader33", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Program.Freemake", "display_name": "Program.Freemake", "target": null }, { "id": "Kryptik.dawvk", "display_name": "Kryptik.dawvk", "target": null }, { "id": "AdwareSig [Adw]", "display_name": "AdwareSig [Adw]", "target": null }, { "id": "Phishing JPMorgan Chase and Co.", "display_name": "Phishing JPMorgan Chase and Co.", "target": null }, { "id": "Adware.BrowseFoxCRTD", "display_name": "Adware.BrowseFoxCRTD", "target": null }, { "id": "Suspici.1F4405D1", "display_name": "Suspici.1F4405D1", "target": null }, { "id": "PUA.Wombat", "display_name": "PUA.Wombat", "target": null }, { "id": "AdWare.DealPly", "display_name": "AdWare.DealPly", "target": null }, { "id": "Injector.CUAM", "display_name": "Injector.CUAM", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "Troj_Gen.F04IE00CI19", "display_name": "Troj_Gen.F04IE00CI19", "target": null }, { "id": "Worm.Autorun", "display_name": "Worm.Autorun", "target": null }, { "id": "Worm.Boychi", "display_name": "Worm.Boychi", "target": null }, { "id": "Worm.Allaple", "display_name": "Worm.Allaple", "target": null }, { "id": "CVE-2014-3153", "display_name": "CVE-2014-3153", "target": null }, { "id": "BehavesLike.ICLoader", "display_name": "BehavesLike.ICLoader", "target": null }, { "id": "BScope.Backdoor", "display_name": "BScope.Backdoor", "target": null }, { "id": "Trojan.WIN32.PDF.Alien", "display_name": "Trojan.WIN32.PDF.Alien", "target": null }, { "id": "PUP.Systweak", "display_name": "PUP.Systweak", "target": null }, { "id": "Sabsik.FL.B", "display_name": "Sabsik.FL.B", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Gen:Variant.Tedy HackTool.VulnDriver", "display_name": "Gen:Variant.Tedy HackTool.VulnDriver", "target": null }, { "id": "Backdoor.Predator", "display_name": "Backdoor.Predator", "target": null }, { "id": "Kryptik.GKQR", "display_name": "Kryptik.GKQR", "target": null }, { "id": "DarkKomet.ife", "display_name": "DarkKomet.ife", "target": null }, { "id": "BehavesLike.Downloader", "display_name": "BehavesLike.Downloader", "target": null }, { "id": "Trojan.JS.Iframe", "display_name": "Trojan.JS.Iframe", "target": null }, { "id": "InstallCore.NP", "display_name": "InstallCore.NP", "target": null }, { "id": "Generic.JS.BlackHole", "display_name": "Generic.JS.BlackHole", "target": null }, { "id": "Dropper.Wanna", "display_name": "Dropper.Wanna", "target": null }, { "id": "Remote Utilities", "display_name": "Remote Utilities", "target": null }, { "id": "W32.InstallCore.AGX", "display_name": "W32.InstallCore.AGX", "target": null }, { "id": "NetTool.RemoteExec", "display_name": "NetTool.RemoteExec", "target": null }, { "id": "Bondat.A", "display_name": "Bondat.A", "target": null }, { "id": "VM201.0.B70B.Malware", "display_name": "VM201.0.B70B.Malware", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "Infected.WebPage", "display_name": "Infected.WebPage", "target": null }, { "id": "HEUR:Exploit.Script", "display_name": "HEUR:Exploit.Script", "target": null }, { "id": "BScope.TrojanDownloader", "display_name": "BScope.TrojanDownloader", "target": null }, { "id": "HTML:RedirBA", "display_name": "HTML:RedirBA", "target": null }, { "id": "Trojan.BAT.Qhost", "display_name": "Trojan.BAT.Qhost", "target": null }, { "id": "HTML:RedirME", "display_name": "HTML:RedirME", "target": null }, { "id": "TrojWare.JS.AdWare.Agent", "display_name": "TrojWare.JS.AdWare.Agent", "target": null }, { "id": "Packed.Dico", "display_name": "Packed.Dico", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1491.001", "name": "Internal Defacement", "display_name": "T1491.001 - Internal Defacement" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1602.001", "name": "SNMP (MIB Dump)", "display_name": "T1602.001 - SNMP (MIB Dump)" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1695, "FileHash-SHA1": 756, "FileHash-SHA256": 2029, "domain": 290, "URL": 1854, "hostname": 568, "CVE": 5 }, "indicator_count": 7197, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "916 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f09785f9ee8aebca2a667", "name": "Remote Access | DeepScan | Dumping | DNS | Internal System Infiltration", "description": "", "modified": "2023-11-26T14:04:04.692000", "created": "2023-10-30T01:40:08.022000", "tags": [ "ssl certificate", "historical ssl", "resolutions", "referrer", "collections", "contacted", "efr1", "parent domain", "amazon 02", "metro", "crypto", "cisco umbrella", "site", "safe site", "heur", "malware", "alexa top", "million", "malicious url", "malware site", "malicious site", "opencandy", "riskware", "unsafe", "phishing", "zbot", "team", "exploit", "agent", "mimikatz", "azorult", "service", "runescape", "facebook", "bank", "download", "downldr", "presenoker", "fusioncore", "cleaner", "wacatac", "artemis", "blacknet rat", "stealer", "trojanspy", "blacklist https", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "count blacklist", "tag count", "tsara brashears", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "whois record", "contacted urls", "siblings domain", "execution", "goldmax", "goldfinder", "sibot", "emotet", "united", "phishing site", "maltiverse", "adware", "phishtank", "xtrat", "xrat", "redline stealer", "xtreme", "crack", "genkryptik", "deepscan", "win64", "quasar rat", "fareit", "downloader", "trojan", "alexa", "iframe", "cve201711882", "phish", "genpack", "suspicious", "magazine", "applicunwnt", "cobalt strike", "malicious", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "ascii text", "mitre att", "ck id", "date", "unknown", "hybrid", "accept", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "pmejdjsu12", "Royal Bank of Scotland", "Phishing Bank of America Corporation", "Phishing Netflix", "Phishing Wells Fargo", "Phishing RuneScape", "Phishing Internal Revenue Service", "Phtarget unspecified phishing", "PAYPAL phishing", "Phishing Indeed", "Phishing eBay, Inc", "PhisSafe", "mobigame", "Phishing Facebook", "remote", "mitm", "tower", "worm", "firm", "privilege", "attacker", "monitoring", "cyber threat", "apple", "illegal", "DNS_PROBE_STARTED", "insurance", "revenge", "legal entities", "https://boxofporn.com" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Trojan.Hotkeychick", "display_name": "Trojan.Hotkeychick", "target": null }, { "id": "CVE Exploits", "display_name": "CVE Exploits", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Virus.Sality", "display_name": "Virus.Sality", "target": null }, { "id": "W32.Malware", "display_name": "W32.Malware", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "Trojan.OTNR", "display_name": "Trojan.OTNR", "target": null }, { "id": "Zbot", "display_name": "Zbot", "target": null }, { "id": "RedLine Stealer", "display_name": "RedLine Stealer", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Mimikatz - S0002", "display_name": "Mimikatz - S0002", "target": null }, { "id": "GoldFinder", "display_name": "GoldFinder", "target": null }, { "id": "GoldMax - S0588", "display_name": "GoldMax - S0588", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Sibot", "display_name": "Sibot", "target": null }, { "id": "Downloader.OpenCandy", "display_name": "Downloader.OpenCandy", "target": null }, { "id": "Azorult", "display_name": "Azorult", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "GoogleToolbar", "display_name": "GoogleToolbar", "target": null }, { "id": "BScope.Adware.MSIL", "display_name": "BScope.Adware.MSIL", "target": null }, { "id": "Application.Auslogics", "display_name": "Application.Auslogics", "target": null }, { "id": "PE.Heur", "display_name": "PE.Heur", "target": null }, { "id": "Gen:Variant.Application.Bundler.DownloadGuide", "display_name": "Gen:Variant.Application.Bundler.DownloadGuide", "target": null }, { "id": "Trojan:Win32/Xtrat", "display_name": "Trojan:Win32/Xtrat", "target": "/malware/Trojan:Win32/Xtrat" }, { "id": "Xtreme RAT", "display_name": "Xtreme RAT", "target": null }, { "id": "ML.Attribute", "display_name": "ML.Attribute", "target": null }, { "id": "AGEN.1045143", "display_name": "AGEN.1045143", "target": null }, { "id": "Hoax.DeceptPCClean", "display_name": "Hoax.DeceptPCClean", "target": null }, { "id": "Packed.Themida", "display_name": "Packed.Themida", "target": null }, { "id": "MSIL_Bladabindi.G.gen", "display_name": "MSIL_Bladabindi.G.gen", "target": null }, { "id": "Gen:NN.ZexaF.34090", "display_name": "Gen:NN.ZexaF.34090", "target": null }, { "id": "Unsafe.AI_Score_95% 2", "display_name": "Unsafe.AI_Score_95% 2", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "JS:Trojan.HideLink 2", "display_name": "JS:Trojan.HideLink 2", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Application.BitCoinMiner", "display_name": "Application.BitCoinMiner", "target": null }, { "id": "WebToolbar.Asparnet", "display_name": "WebToolbar.Asparnet", "target": null }, { "id": "W32.HfsAutoB", "display_name": "W32.HfsAutoB", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Application.Deceptor", "display_name": "Application.Deceptor", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "HEUR:Hoax.PCFixer", "display_name": "HEUR:Hoax.PCFixer", "target": null }, { "id": "Gen:Variant.Jacard", "display_name": "Gen:Variant.Jacard", "target": null }, { "id": "Tool.Patcher", "display_name": "Tool.Patcher", "target": null }, { "id": "Trojan.Khalesi 2\tAdware 2", "display_name": "Trojan.Khalesi 2\tAdware 2", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Unsafe.AI_Score_94%", "display_name": "Unsafe.AI_Score_94%", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "TrojanBanker.Banbra", "display_name": "TrojanBanker.Banbra", "target": null }, { "id": "DriverReviver.A potentially unwanted", "display_name": "DriverReviver.A potentially unwanted", "target": null }, { "id": "Warezov.gen3", "display_name": "Warezov.gen3", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Nemucod.21C8", "display_name": "Nemucod.21C8", "target": null }, { "id": "Asparnet.P", "display_name": "Asparnet.P", "target": null }, { "id": "InstallCore.Gen7", "display_name": "InstallCore.Gen7", "target": null }, { "id": "CsQKHtaAI", "display_name": "CsQKHtaAI", "target": null }, { "id": "Clicker.VB", "display_name": "Clicker.VB", "target": null }, { "id": "Exploit.Zip.Heuristic", "display_name": "Exploit.Zip.Heuristic", "target": null }, { "id": "Trojan.Ransom.GandCrab", "display_name": "Trojan.Ransom.GandCrab", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "ScrInject.eric", "display_name": "ScrInject.eric", "target": null }, { "id": "HEUR:Trojan.Diztakun", "display_name": "HEUR:Trojan.Diztakun", "target": null }, { "id": "Agent.OCJ", "display_name": "Agent.OCJ", "target": null }, { "id": "Vdehu.A", "display_name": "Vdehu.A", "target": null }, { "id": "Hacktool.Crack", "display_name": "Hacktool.Crack", "target": null }, { "id": "Backdoor.DTR.15", "display_name": "Backdoor.DTR.15", "target": null }, { "id": "Freemake.A potentially unwanted", "display_name": "Freemake.A potentially unwanted", "target": null }, { "id": "Absolute Uninstaller", "display_name": "Absolute Uninstaller", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "Trojan.Small", "display_name": "Trojan.Small", "target": null }, { "id": "HackTool.Crack", "display_name": "HackTool.Crack", "target": null }, { "id": "Generic.Application.JS.Sobrab.1", "display_name": "Generic.Application.JS.Sobrab.1", "target": null }, { "id": "Trojan.Rozena", "display_name": "Trojan.Rozena", "target": null }, { "id": "Trojan.Downloader", "display_name": "Trojan.Downloader", "target": null }, { "id": "Trojan.Bayrob", "display_name": "Trojan.Bayrob", "target": null }, { "id": "Adware.OxyPumper", "display_name": "Adware.OxyPumper", "target": null }, { "id": "Worm.Chir", "display_name": "Worm.Chir", "target": null }, { "id": "Trojan.Linux.Generic", "display_name": "Trojan.Linux.Generic", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Heur.BZC.YAX.Boxter.819", "display_name": "Heur.BZC.YAX.Boxter.819", "target": null }, { "id": "Faceliker.D", "display_name": "Faceliker.D", "target": null }, { "id": "Adware", "display_name": "Adware", "target": null }, { "id": "DeepScan:Generic.BrResMon.1", "display_name": "DeepScan:Generic.BrResMon.1", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "Trojan.Brsecmon", "display_name": "Trojan.Brsecmon", "target": null }, { "id": "SigRiskware.LespeedTechnologyLtd", "display_name": "SigRiskware.LespeedTechnologyLtd", "target": null }, { "id": "Doplik.J", "display_name": "Doplik.J", "target": null }, { "id": "Backdoor.Nhopro", "display_name": "Backdoor.Nhopro", "target": null }, { "id": "TrojanBanker.Banbra", "display_name": "TrojanBanker.Banbra", "target": null }, { "id": "Gen:NN.ZemsilF.32515", "display_name": "Gen:NN.ZemsilF.32515", "target": null }, { "id": "Downware", "display_name": "Downware", "target": null }, { "id": "MxResIcn.Heur", "display_name": "MxResIcn.Heur", "target": null }, { "id": "Mimikatz", "display_name": "Mimikatz", "target": null }, { "id": "Magazine phishing", "display_name": "Magazine phishing", "target": null }, { "id": "ApplicUnwnt@#2n6\tIRS", "display_name": "ApplicUnwnt@#2n6\tIRS", "target": null }, { "id": "TEL:Trojan:HTML/Phishing", "display_name": "TEL:Trojan:HTML/Phishing", "target": null }, { "id": "DriverReviver.A potentially unwanted", "display_name": "DriverReviver.A potentially unwanted", "target": null }, { "id": "Trojan.GandCrypt", "display_name": "Trojan.GandCrypt", "target": null }, { "id": "Redirector.AN", "display_name": "Redirector.AN", "target": null }, { "id": "Agent.CUX.gen", "display_name": "Agent.CUX.gen", "target": null }, { "id": "Gen:Variant.Application.Bundler", "display_name": "Gen:Variant.Application.Bundler", "target": null }, { "id": "Downloader.Generic", "display_name": "Downloader.Generic", "target": null }, { "id": "Trojan.ClipBanker", "display_name": "Trojan.ClipBanker", "target": null }, { "id": "TrojanDropper.Autit", "display_name": "TrojanDropper.Autit", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "QVM05.1.08E5.Malware", "display_name": "QVM05.1.08E5.Malware", "target": null }, { "id": "Trojan.CookiesStealer", "display_name": "Trojan.CookiesStealer", "target": null }, { "id": "Agent.MU", "display_name": "Agent.MU", "target": null }, { "id": "Wacatac.B", "display_name": "Wacatac.B", "target": null }, { "id": "Dropper.Gen", "display_name": "Dropper.Gen", "target": null }, { "id": "WiseCleaner.A potentially unwanted", "display_name": "WiseCleaner.A potentially unwanted", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Gen:NN.ZemsilF.34170", "display_name": "Gen:NN.ZemsilF.34170", "target": null }, { "id": "Gen:Variant.MSILHeracles", "display_name": "Gen:Variant.MSILHeracles", "target": null }, { "id": "Trojan.DownLoader33", "display_name": "Trojan.DownLoader33", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Program.Freemake", "display_name": "Program.Freemake", "target": null }, { "id": "Kryptik.dawvk", "display_name": "Kryptik.dawvk", "target": null }, { "id": "AdwareSig [Adw]", "display_name": "AdwareSig [Adw]", "target": null }, { "id": "Phishing JPMorgan Chase and Co.", "display_name": "Phishing JPMorgan Chase and Co.", "target": null }, { "id": "Adware.BrowseFoxCRTD", "display_name": "Adware.BrowseFoxCRTD", "target": null }, { "id": "Suspici.1F4405D1", "display_name": "Suspici.1F4405D1", "target": null }, { "id": "PUA.Wombat", "display_name": "PUA.Wombat", "target": null }, { "id": "AdWare.DealPly", "display_name": "AdWare.DealPly", "target": null }, { "id": "Injector.CUAM", "display_name": "Injector.CUAM", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "Troj_Gen.F04IE00CI19", "display_name": "Troj_Gen.F04IE00CI19", "target": null }, { "id": "Worm.Autorun", "display_name": "Worm.Autorun", "target": null }, { "id": "Worm.Boychi", "display_name": "Worm.Boychi", "target": null }, { "id": "Worm.Allaple", "display_name": "Worm.Allaple", "target": null }, { "id": "CVE-2014-3153", "display_name": "CVE-2014-3153", "target": null }, { "id": "BehavesLike.ICLoader", "display_name": "BehavesLike.ICLoader", "target": null }, { "id": "BScope.Backdoor", "display_name": "BScope.Backdoor", "target": null }, { "id": "Trojan.WIN32.PDF.Alien", "display_name": "Trojan.WIN32.PDF.Alien", "target": null }, { "id": "PUP.Systweak", "display_name": "PUP.Systweak", "target": null }, { "id": "Sabsik.FL.B", "display_name": "Sabsik.FL.B", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Gen:Variant.Tedy HackTool.VulnDriver", "display_name": "Gen:Variant.Tedy HackTool.VulnDriver", "target": null }, { "id": "Backdoor.Predator", "display_name": "Backdoor.Predator", "target": null }, { "id": "Kryptik.GKQR", "display_name": "Kryptik.GKQR", "target": null }, { "id": "DarkKomet.ife", "display_name": "DarkKomet.ife", "target": null }, { "id": "BehavesLike.Downloader", "display_name": "BehavesLike.Downloader", "target": null }, { "id": "Trojan.JS.Iframe", "display_name": "Trojan.JS.Iframe", "target": null }, { "id": "InstallCore.NP", "display_name": "InstallCore.NP", "target": null }, { "id": "Generic.JS.BlackHole", "display_name": "Generic.JS.BlackHole", "target": null }, { "id": "Dropper.Wanna", "display_name": "Dropper.Wanna", "target": null }, { "id": "Remote Utilities", "display_name": "Remote Utilities", "target": null }, { "id": "W32.InstallCore.AGX", "display_name": "W32.InstallCore.AGX", "target": null }, { "id": "NetTool.RemoteExec", "display_name": "NetTool.RemoteExec", "target": null }, { "id": "Bondat.A", "display_name": "Bondat.A", "target": null }, { "id": "VM201.0.B70B.Malware", "display_name": "VM201.0.B70B.Malware", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "Infected.WebPage", "display_name": "Infected.WebPage", "target": null }, { "id": "HEUR:Exploit.Script", "display_name": "HEUR:Exploit.Script", "target": null }, { "id": "BScope.TrojanDownloader", "display_name": "BScope.TrojanDownloader", "target": null }, { "id": "HTML:RedirBA", "display_name": "HTML:RedirBA", "target": null }, { "id": "Trojan.BAT.Qhost", "display_name": "Trojan.BAT.Qhost", "target": null }, { "id": "HTML:RedirME", "display_name": "HTML:RedirME", "target": null }, { "id": "TrojWare.JS.AdWare.Agent", "display_name": "TrojWare.JS.AdWare.Agent", "target": null }, { "id": "Packed.Dico", "display_name": "Packed.Dico", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1491.001", "name": "Internal Defacement", "display_name": "T1491.001 - Internal Defacement" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1602.001", "name": "SNMP (MIB Dump)", "display_name": "T1602.001 - SNMP (MIB Dump)" } ], "industries": [], "TLP": "white", "cloned_from": "653bf3b076e4dbcd0c099992", "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1695, "FileHash-SHA1": 756, "FileHash-SHA256": 2029, "domain": 290, "URL": 1854, "hostname": 568, "CVE": 5 }, "indicator_count": 7197, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "916 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://support.apple.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://support.apple.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780212173.8955994 }