{ "type": "URL", "indicator": "https://support.apple.com/favicon.ico", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://support.apple.com/favicon.ico", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #45", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #2", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain apple.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain apple.com", "name": "Whitelisted domain" }, { "source": "newssite", "message": "Whitelisted news domain apple.com", "name": "Whitelisted newssite network domain" } ], "base_indicator": { "id": 4188110431, "indicator": "https://support.apple.com/favicon.ico", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69e7d7edd91aab8d1e8d5590", "name": "hxxps://support[.]apple[.]com/100100", "description": "hxxps://support[.]apple[.]com/100100", "modified": "2026-05-21T20:10:22.225000", "created": "2026-04-21T20:02:53.543000", "tags": [ "malware", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "switch", "community add", "security menlo", "reports", "cve list", "notes blog", "drop your", "file", "service", "privacy policy", "intelix portal", "javascript", "please", "strong", "united kingdom", "urls", "domain name", "url analysis", "report https", "request", "status", "public ev", "server rsa", "g1 apple", "virustotal", "domain", "benign no", "february", "date february", "safe browsing", "ctx database", "upgrade plan", "my submissions", "free", "april", "august", "sandbox", "static analyzer", "analyzer", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "triage", "report", "reported", "analyze", "md5 sha1", "sha256", "submit download", "sha1", "sha512", "path c", "sha512 tlsh", "ssdeep", "prefetch8", "general", "config", "copy", "target", "score", "impact", "get https", "post https", "sha512 ssdeep", "size", "p2404", "tlsh", "Apple", "iPad", "Update" ], "references": [ "https://www.filescan.io/uploads/69e7ceb08a82359247ab7647/reports/e7fdc5f9-d521-4ce6-afae-50b558e39445/overview", "https://metadefender.com/results/url/aHR0cHM6Ly9zdXBwb3J0LmFwcGxlLmNvbS8xMDAxMDA=", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/file", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/url", "https://app.threat.zone/submission/9484b40d-a27f-4837-9e66-956835282d63/url-analysis-report", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00", "https://tria.ge/260421-ygl5esbt5p/behavioral1", "https://www.scyscan.com/scan-report/?rid=1743532660988884337", "https://polyswarm.network/scan/results/url/a6220c097dabdc5fd659eb3ca1441fd3ce853817647bbac71109847df837af70", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00/69e7d3627e525d99f106537e", "https://tria.ge/260421-ygl5esbt5p", "https://opentip.kaspersky.com/https%3A%2F%2Fsupport.apple.com%2F100100/?tab=lookup", "https://www.virustotal.com/graph/embed/ge7e62e923913419f9a4096f64b057f85af4f61c7ddba41b09ce577061284a468?theme=dark", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/summary", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1124", "name": "System Time Discovery", "display_name": "T1124 - System Time Discovery" }, { "id": "T1217", "name": "Browser Bookmark Discovery", "display_name": "T1217 - Browser Bookmark Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "hostname": 175, "URL": 1571, "FileHash-MD5": 183, "email": 7, "CIDR": 3, "FileHash-SHA1": 117, "FileHash-SHA256": 181, "SSLCertFingerprint": 14 }, "indicator_count": 2331, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698548fdc5e1b22b45457eb4", "name": "http://support[.]apple[.]com/kb/HT5012 - 02.05.26", "description": "\"Learn more about trusted certificates\" -> http://support[.]apple[.]com/kb/HT5012\nTrust Store Version 2025082000\nTrust Asset Version 1012", "modified": "2026-03-08T02:01:42.135000", "created": "2026-02-06T01:50:53.485000", "tags": [ "vhash", "ssdeep", "html internet", "magic html", "unicode text", "utf8", "trid text", "magika html", "file size", "please", "javascript", "malware", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "url", "sandbox", "scanner", "reputation", "phishing", "warning icon", "share report", "domain", "apple mapkit", "java", "manager", "report", "home search", "insights", "login check", "android", "write", "login report", "overview", "tags submit", "tags url", "finishing url", "asn norway", "title available", "apple", "static analyzer", "analyzer", "type", "website title", "apple support", "date", "security", "access control", "plan search", "submission", "february", "error", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "prefetch8 ansi", "ansi", "show process", "hash seen", "programfiles", "ck id", "command decode", "mitre att", "suricata ipv4", "windir", "suspicious", "comspec", "hybrid", "model", "close", "click", "hosts", "general", "path", "form", "strings", "contact", "p2404", "attrdataver186", "p11770919978", "processorcores6", "tpmversion0", "telemetrylevel1", "oemmodeldell", "osuilocaleenus", "osskuid48", "osnamewin", "main", "sha1", "Apple", "iPadOS", "Freedom" ], "references": [ "https://www.virustotal.com/gui/url/aec932cd6ff44a6b8a13e3573f47d7e543cc0e1cc25f6d4fa2e0b0f1b8c44603/details", "https://www.virustotal.com/gui/file/3447d0e0dce83b163308c04dffeb52afb9f22d756b57d516fb1930d60303278d/details", "https://www.filescan.io/uploads/69853e76930564ff3c8e3576/reports/132722cc-526c-428b-85d8-bb863204ec6f/ioc", "https://urlquery.net/report/f7f1fb29-f7fb-4aec-be06-978b4bb296ab", "https://app.threat.zone/submission/f373032a-49fe-46f2-be28-a4636cbeb3c2/url-analysis-report", "https://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb", "http://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb/698522a0b8d0f8b6c404b7b4", "https://app.any.run/tasks/40ac99f3-0bf0-4455-996b-01e9ba0aaf79", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed/iocs", "https://www.virustotal.com/graph/embed/g70516ab17e6a482eb6641c8d15f795a9d0fbc493ae9d4c3ca0e0617754ba679c?theme=dark", "https://viz.greynoise.io/ip/analysis/66ca01e5-ac9a-4baf-b088-901cfbe72cac" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 29, "FileHash-SHA1": 24, "FileHash-SHA256": 126, "URL": 323, "SSLCertFingerprint": 8, "domain": 14, "email": 4, "hostname": 138 }, "indicator_count": 666, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "84 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "697931b0ee201182f970bc33", "name": "https://support[.]apple[.]com/en-ca/", "description": "Apple iPadOS Update\nhttps://support[.]apple[.]com/en-ca/126047\nCertificate Trust Settings:\nTrust Store Version: 2025082000\nTrust Asset Version: 1011", "modified": "2026-02-26T21:03:49.546000", "created": "2026-01-27T21:44:16.421000", "tags": [ "Apple" ], "references": [ "https://www.virustotal.com/gui/collection/49dc173bbaf3c632d46d614106ac72d2fba72444f14c618995b797757815d5b4", "https://www.virustotal.com/gui/collection/49dc173bbaf3c632d46d614106ac72d2fba72444f14c618995b797757815d5b4/iocs", "https://www.virustotal.com/graph/embed/g67beb17fa38042baaa378cde359bbf4ba510be6f4d5c4f40b2d39917c7f7b67c?theme=dark" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Germany", "Netherlands", "Poland" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "URL": 438, "domain": 18, "hostname": 9, "FileHash-SHA256": 102 }, "indicator_count": 571, "is_author": false, "is_subscribing": null, "subscriber_count": 133, "modified_text": "94 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/graph/embed/g67beb17fa38042baaa378cde359bbf4ba510be6f4d5c4f40b2d39917c7f7b67c?theme=dark", "https://tria.ge/260421-ygl5esbt5p", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00", "https://opentip.kaspersky.com/https%3A%2F%2Fsupport.apple.com%2F100100/?tab=lookup", "https://viz.greynoise.io/ip/analysis/66ca01e5-ac9a-4baf-b088-901cfbe72cac", "https://polyswarm.network/scan/results/url/a6220c097dabdc5fd659eb3ca1441fd3ce853817647bbac71109847df837af70", "https://metadefender.com/results/url/aHR0cHM6Ly9zdXBwb3J0LmFwcGxlLmNvbS8xMDAxMDA=", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed", "https://www.virustotal.com/gui/collection/49dc173bbaf3c632d46d614106ac72d2fba72444f14c618995b797757815d5b4/iocs", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00/69e7d3627e525d99f106537e", "https://app.any.run/tasks/40ac99f3-0bf0-4455-996b-01e9ba0aaf79", "https://www.virustotal.com/gui/collection/49dc173bbaf3c632d46d614106ac72d2fba72444f14c618995b797757815d5b4", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/file", "https://www.filescan.io/uploads/69853e76930564ff3c8e3576/reports/132722cc-526c-428b-85d8-bb863204ec6f/ioc", "https://www.scyscan.com/scan-report/?rid=1743532660988884337", "https://www.virustotal.com/graph/embed/g70516ab17e6a482eb6641c8d15f795a9d0fbc493ae9d4c3ca0e0617754ba679c?theme=dark", "https://tria.ge/260421-ygl5esbt5p/behavioral1", "http://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb/698522a0b8d0f8b6c404b7b4", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/summary", "https://urlquery.net/report/f7f1fb29-f7fb-4aec-be06-978b4bb296ab", "https://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb", "https://app.threat.zone/submission/9484b40d-a27f-4837-9e66-956835282d63/url-analysis-report", "https://www.filescan.io/uploads/69e7ceb08a82359247ab7647/reports/e7fdc5f9-d521-4ce6-afae-50b558e39445/overview", "https://www.virustotal.com/gui/url/aec932cd6ff44a6b8a13e3573f47d7e543cc0e1cc25f6d4fa2e0b0f1b8c44603/details", "https://app.threat.zone/submission/f373032a-49fe-46f2-be28-a4636cbeb3c2/url-analysis-report", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/url", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed/iocs", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/iocs", "https://www.virustotal.com/gui/file/3447d0e0dce83b163308c04dffeb52afb9f22d756b57d516fb1930d60303278d/details", "https://www.virustotal.com/graph/embed/ge7e62e923913419f9a4096f64b057f85af4f61c7ddba41b09ce577061284a468?theme=dark" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Technology" ], "unique_indicators": 2459 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/apple.com", "whois": "http://whois.domaintools.com/apple.com", "domain": "apple.com", "hostname": "support.apple.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69e7d7edd91aab8d1e8d5590", "name": "hxxps://support[.]apple[.]com/100100", "description": "hxxps://support[.]apple[.]com/100100", "modified": "2026-05-21T20:10:22.225000", "created": "2026-04-21T20:02:53.543000", "tags": [ "malware", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "switch", "community add", "security menlo", "reports", "cve list", "notes blog", "drop your", "file", "service", "privacy policy", "intelix portal", "javascript", "please", "strong", "united kingdom", "urls", "domain name", "url analysis", "report https", "request", "status", "public ev", "server rsa", "g1 apple", "virustotal", "domain", "benign no", "february", "date february", "safe browsing", "ctx database", "upgrade plan", "my submissions", "free", "april", "august", "sandbox", "static analyzer", "analyzer", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "triage", "report", "reported", "analyze", "md5 sha1", "sha256", "submit download", "sha1", "sha512", "path c", "sha512 tlsh", "ssdeep", "prefetch8", "general", "config", "copy", "target", "score", "impact", "get https", "post https", "sha512 ssdeep", "size", "p2404", "tlsh", "Apple", "iPad", "Update" ], "references": [ "https://www.filescan.io/uploads/69e7ceb08a82359247ab7647/reports/e7fdc5f9-d521-4ce6-afae-50b558e39445/overview", "https://metadefender.com/results/url/aHR0cHM6Ly9zdXBwb3J0LmFwcGxlLmNvbS8xMDAxMDA=", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/file", "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/url", "https://app.threat.zone/submission/9484b40d-a27f-4837-9e66-956835282d63/url-analysis-report", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00", "https://tria.ge/260421-ygl5esbt5p/behavioral1", "https://www.scyscan.com/scan-report/?rid=1743532660988884337", "https://polyswarm.network/scan/results/url/a6220c097dabdc5fd659eb3ca1441fd3ce853817647bbac71109847df837af70", "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00/69e7d3627e525d99f106537e", "https://tria.ge/260421-ygl5esbt5p", "https://opentip.kaspersky.com/https%3A%2F%2Fsupport.apple.com%2F100100/?tab=lookup", "https://www.virustotal.com/graph/embed/ge7e62e923913419f9a4096f64b057f85af4f61c7ddba41b09ce577061284a468?theme=dark", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/summary", "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1124", "name": "System Time Discovery", "display_name": "T1124 - System Time Discovery" }, { "id": "T1217", "name": "Browser Bookmark Discovery", "display_name": "T1217 - Browser Bookmark Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "hostname": 175, "URL": 1571, "FileHash-MD5": 183, "email": 7, "CIDR": 3, "FileHash-SHA1": 117, "FileHash-SHA256": 181, "SSLCertFingerprint": 14 }, "indicator_count": 2331, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698548fdc5e1b22b45457eb4", "name": "http://support[.]apple[.]com/kb/HT5012 - 02.05.26", "description": "\"Learn more about trusted certificates\" -> http://support[.]apple[.]com/kb/HT5012\nTrust Store Version 2025082000\nTrust Asset Version 1012", "modified": "2026-03-08T02:01:42.135000", "created": "2026-02-06T01:50:53.485000", "tags": [ "vhash", "ssdeep", "html internet", "magic html", "unicode text", "utf8", "trid text", "magika html", "file size", "please", "javascript", "malware", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "url", "sandbox", "scanner", "reputation", "phishing", "warning icon", "share report", "domain", "apple mapkit", "java", "manager", "report", "home search", "insights", "login check", "android", "write", "login report", "overview", "tags submit", "tags url", "finishing url", "asn norway", "title available", "apple", "static analyzer", "analyzer", "type", "website title", "apple support", "date", "security", "access control", "plan search", "submission", "february", "error", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "prefetch8 ansi", "ansi", "show process", "hash seen", "programfiles", "ck id", "command decode", "mitre att", "suricata ipv4", "windir", "suspicious", "comspec", "hybrid", "model", "close", "click", "hosts", "general", "path", "form", "strings", "contact", "p2404", "attrdataver186", "p11770919978", "processorcores6", "tpmversion0", "telemetrylevel1", "oemmodeldell", "osuilocaleenus", "osskuid48", "osnamewin", "main", "sha1", "Apple", "iPadOS", "Freedom" ], "references": [ "https://www.virustotal.com/gui/url/aec932cd6ff44a6b8a13e3573f47d7e543cc0e1cc25f6d4fa2e0b0f1b8c44603/details", "https://www.virustotal.com/gui/file/3447d0e0dce83b163308c04dffeb52afb9f22d756b57d516fb1930d60303278d/details", "https://www.filescan.io/uploads/69853e76930564ff3c8e3576/reports/132722cc-526c-428b-85d8-bb863204ec6f/ioc", "https://urlquery.net/report/f7f1fb29-f7fb-4aec-be06-978b4bb296ab", "https://app.threat.zone/submission/f373032a-49fe-46f2-be28-a4636cbeb3c2/url-analysis-report", "https://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb", "http://hybrid-analysis.com/sample/04fcf10162401756459d90569bdda9bd3f264efc7ce75e2ca96a8fc93e159bdb/698522a0b8d0f8b6c404b7b4", "https://app.any.run/tasks/40ac99f3-0bf0-4455-996b-01e9ba0aaf79", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed", "https://www.virustotal.com/gui/collection/fc2724a35b1672bcbcbb1af5a8e77d1e6095818a9db880a18661208aa9e9f1ed/iocs", "https://www.virustotal.com/graph/embed/g70516ab17e6a482eb6641c8d15f795a9d0fbc493ae9d4c3ca0e0617754ba679c?theme=dark", "https://viz.greynoise.io/ip/analysis/66ca01e5-ac9a-4baf-b088-901cfbe72cac" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 29, "FileHash-SHA1": 24, "FileHash-SHA256": 126, "URL": 323, "SSLCertFingerprint": 8, "domain": 14, "email": 4, "hostname": 138 }, "indicator_count": 666, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "84 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "697931b0ee201182f970bc33", "name": "https://support[.]apple[.]com/en-ca/", "description": "Apple iPadOS Update\nhttps://support[.]apple[.]com/en-ca/126047\nCertificate Trust Settings:\nTrust Store Version: 2025082000\nTrust Asset Version: 1011", "modified": "2026-02-26T21:03:49.546000", "created": "2026-01-27T21:44:16.421000", "tags": [ "Apple" ], "references": [ "https://www.virustotal.com/gui/collection/49dc173bbaf3c632d46d614106ac72d2fba72444f14c618995b797757815d5b4", "https://www.virustotal.com/gui/collection/49dc173bbaf3c632d46d614106ac72d2fba72444f14c618995b797757815d5b4/iocs", "https://www.virustotal.com/graph/embed/g67beb17fa38042baaa378cde359bbf4ba510be6f4d5c4f40b2d39917c7f7b67c?theme=dark" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Germany", "Netherlands", "Poland" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "URL": 438, "domain": 18, "hostname": 9, "FileHash-SHA256": 102 }, "indicator_count": 571, "is_author": false, "is_subscribing": null, "subscriber_count": 133, "modified_text": "94 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://support.apple.com/favicon.ico", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://support.apple.com/favicon.ico", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780265975.948523 }