{
  "type": "URL",
  "indicator": "https://t.event.target/",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://t.event.target/",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 3779231599,
      "indicator": "https://t.event.target/",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 7,
      "pulses": [
        {
          "id": "69cc876e1a85eb578af3460c",
          "name": "Gatsby.",
          "description": "The results of an analysis of data gathered from a single web address are published on the website of the University of California, San Francisco, as part of its 2016/17 Research into Open Access.<pretext.fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4",
          "modified": "2026-04-13T23:15:43.048000",
          "created": "2026-04-01T02:48:14.165000",
          "tags": [
            "a nxdomain",
            "unknown",
            "ip address",
            "domain",
            "present jun",
            "files",
            "ip related",
            "pulses otx",
            "pulses",
            "tags",
            "number",
            "ja3s",
            "get http",
            "ja3 client",
            "ja3 server",
            "ssdeep",
            "file type",
            "magic ascii",
            "crlf line",
            "trid digital",
            "unix",
            "cache entry",
            "zstandard",
            "dictionary id",
            "extra info",
            "process",
            "performs dns",
            "urls",
            "domain ip",
            "tls version",
            "https"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 272,
            "domain": 168,
            "hostname": 281,
            "FileHash-MD5": 170,
            "FileHash-SHA1": 51,
            "FileHash-SHA256": 113,
            "IPv4": 14,
            "email": 6
          },
          "indicator_count": 1075,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 49,
          "modified_text": "5 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64ed117e2308a042e50e1e9e",
          "name": "Investigation of Distribution Vectors and Threat Network Infrastructure",
          "description": "Targets: Individual(s), University of Alberta Infrastructure, Covenant Health (Alberta Health Services), TELUS Communications (Network & Mobile infrastructure), Government of Alberta, Government of Canada. International entities spanning primarily government, healthcare, and educational institutions.",
          "modified": "2025-11-23T23:20:07.571000",
          "created": "2023-08-28T21:28:30.294000",
          "tags": [
            "Domains",
            "ip addresses",
            "URLs",
            "Files",
            "Alberta Health Services",
            "BEC",
            "Education",
            "University of Alberta",
            "Government of Alberta",
            "Covenant Health Alberta",
            "Telus Communications",
            "Canadian Universities",
            "Malicious Certificates",
            "Digital Identity Theft / Credential Theft"
          ],
          "references": [
            "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376",
            "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b",
            "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb",
            "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783",
            "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9",
            "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e",
            "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328",
            "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305",
            "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98",
            "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352",
            "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary",
            "https://www.virustotal.com/gui/collection/3bf1c0922ee6f4d041effbf9f72a21a1e9f4b38d0593cfbeaca24851cf712eac",
            "https://www.virustotal.com/gui/collection/2cdadbf6aa2ec4f9815c038b0e9375b1475ac7e049fd123861d6e925e7802c6a",
            "https://www.virustotal.com/gui/collection/ba238f4d585b87abb85c126f927090cb866facfa9e4e2e0db8e307aff553397d",
            "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5/summary",
            "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2",
            "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327",
            "https://www.virustotal.com/gui/collection/fd8ebe64d72b2ad9e90773791522c3ec5863868dc3b9c58a929c6b4e01bb3042",
            "https://www.virustotal.com/gui/collection/8d65d93130b4775903adbffbb53820d40bb9425dcf1848b806ffee65ee883984",
            "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5",
            "https://www.virustotal.com/gui/collection/6434f0cf09638991baf3be289834696b46e11c4c6cbe1e7b9548f9ac27372b53",
            "https://www.virustotal.com/gui/collection/bc7e252dcc07855314e153efe890d70e7a7e9b8a743e171eac31e5951260c1b7",
            "https://www.virustotal.com/gui/collection/dbf356b0a281fa94308e2e24738d839491491bfb2defa4e6c42662646e52c8f8",
            "https://www.virustotal.com/gui/collection/f60b8061133367a1047262a1e90d54cd72de4d59885c267906c6eeb557a35500",
            "https://www.virustotal.com/gui/collection/da124f42943c08f1cafdc1c42635457b0c69ccce41b4031263af3235717996a2/summary",
            "https://www.virustotal.com/gui/collection/daab0521ae533cbdfeec047e51a9499aedfd27c8cc05c644950126c1947131f9",
            "https://www.virustotal.com/gui/collection/12100cb4982365cfe5122fcedda2c084d60cebe09314846cae980c36fc90fc8c/iocs",
            "https://www.virustotal.com/graph/embed/g9219350397134ff3a645319a88b67833077c9cf0f50d4979aa0239a3d0b6ecea?theme=dark",
            "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602",
            "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/graph",
            "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/iocs",
            "https://www.virustotal.com/gui/collection/da35693aa528a682ca91aee332c8155d99ac8e4a13077cc73b2a8921c8fea36b",
            "https://www.virustotal.com/gui/collection/1497c56a475d73236c67292964eabd7f8961f88c57fa5a2e3f30720dc29a51e7",
            "https://www.virustotal.com/gui/collection/8228434e85241bd42ae063de8cf2ee2afb86f0848675ed11e3f33b967e8c3c7c",
            "https://www.virustotal.com/gui/collection/aabd4abecf7099202ccbfbc1cec130ea266329ade38b040169399c6abf97a188",
            "https://www.virustotal.com/gui/collection/6a4e699473879d39e15ed7cd130f2ee9543f842b92c9ad8b78e310968f4b086f",
            "https://www.virustotal.com/graph/embed/g3dae42eb79cc447182e3a3dd746e462f0903d71c784d4f5cacf970954deea221?theme=dark",
            "https://www.virustotal.com/graph/embed/gc0d82762363b4aa88991027c391afdbfe9585395bd8d4273bbe09907fbfaf532?theme=light",
            "https://www.virustotal.com/graph/embed/g78ea5ea9b68b4a4bbcd2bc078e23b321985e72d90da146c19d8d80ede366c1fa?theme=dark",
            "https://www.virustotal.com/gui/collection/8f89eb9579ca53d15294ec27a4c1e763998ce57d3644ea746621d9fe0cb57e55/iocs",
            "https://www.virustotal.com/graph/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076",
            "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f/iocs",
            "https://www.virustotal.com/graph/g38632f8b939b443ab3b69f6a3171d02ffd2696a0f3714325a84b9a5f227a7d1c",
            "https://www.virustotal.com/gui/collection/4b166c2c1752d85215da951b15a065688bfe24ea92c65228a45ded6f2d94685b/iocs",
            "https://www.virustotal.com/graph/embed/g798b5e01446c4711ba22802009d71f5ba78553df16794088a907ae7456e2a017?theme=dark",
            "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f",
            "https://www.virustotal.com/gui/collection/a6a81c8412b19ac6357a7c6e978c31a38d52a75fbb3b2e44f0f1a2bf0deb8a58/iocs",
            "https://www.virustotal.com/graph/embed/g699a7b9bfb324855859555181d01666c372310cf233441e08a095459b3394dea?theme=dark",
            "https://www.virustotal.com/graph/embed/g6a67af8ffa22446da35d6989d7d0bc47efcd295eb893471e9b4912080c1dddef?theme=dark",
            "https://www.virustotal.com/graph/embed/g23481631a7c745c6ba19f72ce9f853643d17706c08ab44eb8851eb5c56c0f073?theme=dark",
            "https://www.virustotal.com/graph/embed/g3b316b58b8c54064b322b2e186d62950d7632add2f3f408f8d8a1706563fd3c0?theme=dark",
            "https://www.virustotal.com/graph/embed/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076?theme=dark",
            "https://www.virustotal.com/graph/g40f442f2b5d64cba818cac88855ba4ce274d109ce4ef4fb496f1af4efb993886",
            "https://www.virustotal.com/gui/collection/0c9360cb9f8601bd6cdf912eb414d67902487f0c4eec96e952377e300ff4e983/iocs",
            "https://www.virustotal.com/gui/collection/a1866f4c7dbc79920d0c7e914a3bace0d3dc424a2aac06bf30bf724c6c8b0375/iocs",
            "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/iocs",
            "https://viz.greynoise.io/ip/analysis/ae06b3b5-c746-4b44-b2ac-19bb3aea14a1 [11.23.25 - 1000ipv4]"
          ],
          "public": 1,
          "adversary": "Unknown APT Group(s) / Threat Actor (s)",
          "targeted_countries": [
            "Canada",
            "United States of America",
            "Philippines",
            "Panama",
            "Netherlands",
            "Anguilla",
            "Saint Vincent and the Grenadines",
            "Aruba",
            "Mexico",
            "Guatemala",
            "Costa Rica",
            "Tanzania, United Republic of"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Healthcare",
            "Government"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 111,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 236,
            "FileHash-SHA1": 139,
            "FileHash-SHA256": 1421,
            "URL": 9580,
            "CIDR": 30,
            "domain": 10205,
            "email": 12,
            "hostname": 517612,
            "IPv4": 11,
            "CVE": 62
          },
          "indicator_count": 539308,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 145,
          "modified_text": "146 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6842489989d6db4d41fd8322",
          "name": "Vulnerable Driver Load",
          "description": "Here is the full list of malicious Windows drivers, which can be blocked with the help of a special tool, or a built-in system, if you want to know what to do with it.",
          "modified": "2025-07-06T01:00:17.231000",
          "created": "2025-06-06T01:47:05.317000",
          "tags": [
            "malicious",
            "vulnerable",
            "living",
            "land drivers",
            "premium",
            "windows",
            "feel",
            "strong",
            "json",
            "sysmon",
            "subdomains",
            "whasz",
            "html internet",
            "magia dokument",
            "html",
            "ascii",
            "z bardzo",
            "triid plik",
            "magika html",
            "rozmiar",
            "zgoszenie",
            "error",
            "100255",
            "255100",
            "number",
            "e100",
            "100i100n",
            "65535255",
            "25565535",
            "mmm d",
            "typeof window",
            "null",
            "bubble",
            "radar",
            "false",
            "click",
            "isitem",
            "dark",
            "copy",
            "shell",
            "panelbox",
            "document",
            "code",
            "body",
            "light",
            "mark",
            "date",
            "scroll",
            "target",
            "blank",
            "back",
            "main",
            "lowfi"
          ],
          "references": [
            "https://loldrivers.io/",
            "https://www.loldrivers.io/js/chart.min.js",
            "https://www.loldrivers.io/js/bundle.7cd1a644ff4540d19bfa43f193df74afce746a0213920f45d73bf720542f682d81b6ad0320242744d332512cfb63eac5790fab1a240d6e6c8cb89f25fcacfbd7.js",
            "https://www.loldrivers.io/favicons/browserconfig.xml"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 20,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Arek-BTC",
            "id": "212764",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1885,
            "FileHash-SHA1": 1367,
            "FileHash-SHA256": 1615,
            "hostname": 214,
            "domain": 52,
            "URL": 468,
            "CVE": 2
          },
          "indicator_count": 5603,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 123,
          "modified_text": "287 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "67a7f06a5d0f22ad92684646",
          "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd",
          "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.",
          "modified": "2025-05-14T21:27:17.040000",
          "created": "2025-02-09T00:01:46.054000",
          "tags": [
            "null",
            "nie mona",
            "array",
            "input",
            "nonmsdombrowser",
            "object",
            "html",
            "component",
            "body",
            "horizontal",
            "date",
            "calendar",
            "february",
            "april",
            "june",
            "august",
            "iframe",
            "form",
            "friday",
            "explorer",
            "target",
            "error",
            "legend",
            "this",
            "type",
            "regexp",
            "elem",
            "index",
            "function",
            "handle",
            "check",
            "safari",
            "expando",
            "android",
            "false",
            "hooks",
            "copy",
            "prop",
            "class",
            "mark",
            "window",
            "code",
            "capture",
            "accept",
            "seed",
            "override",
            "hook",
            "look",
            "loop",
            "install",
            "pass",
            "enough",
            "bind",
            "core",
            "local",
            "verify",
            "done",
            "find",
            "internal",
            "inject",
            "possible",
            "hold",
            "middle",
            "guard",
            "fall",
            "stop",
            "panic",
            "back",
            "restrict",
            "speed",
            "turn",
            "grab",
            "getclass",
            "jquery",
            "bubble",
            "anchor",
            "shift"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1134",
              "name": "Access Token Manipulation",
              "display_name": "T1134 - Access Token Manipulation"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 13,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Arek-BTC",
            "id": "212764",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 1143,
            "domain": 155,
            "hostname": 523,
            "FileHash-SHA256": 151
          },
          "indicator_count": 1972,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 122,
          "modified_text": "339 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "66246ff49ed29ea9bb2bf122",
          "name": "S\u0105d Rejonowy w Jeleniej Gorze  POLAND",
          "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations",
          "modified": "2025-05-14T21:18:36.989000",
          "created": "2024-04-21T01:46:28.554000",
          "tags": [
            "jeleniej grze",
            "aktualnoci",
            "informacje",
            "jednostka",
            "rejonowy",
            "konkurs",
            "najczciej",
            "sd rejonowy",
            "przejd",
            "czytaj",
            "click",
            "sdzia jarosaw",
            "wydziau",
            "sdzia grzegorz",
            "katarzyna",
            "rudnicka dane",
            "kontaktowe sd",
            "jelenia gra",
            "mickiewicza",
            "zawarto",
            "html",
            "nazwa meta",
            "robotw",
            "telefon",
            "brak",
            "skala",
            "ua zgodna",
            "head body",
            "zasb",
            "cname",
            "kod odpowiedzi",
            "kodowanie treci",
            "wygasa",
            "gmt serwer",
            "pragma",
            "kontrola pamici",
            "podrcznej",
            "data",
            "gmt kontrola",
            "dostpuzezwl na",
            "czytaj wicej",
            "sd okrgowy",
            "jednostki",
            "okrgowy",
            "ogoszenia",
            "sha256",
            "vhash",
            "ssdeep",
            "https odcisk",
            "palca jarma",
            "https dane",
            "v3 numer",
            "odcisk palca",
            "tworzy katalog",
            "tworzy pliki",
            "typ pliku",
            "json",
            "ascii",
            "windows",
            "sqlite",
            "foxpro fpt",
            "links typ",
            "mapa",
            "152 x",
            "sqlite w",
            "sha1",
            "sha512",
            "file size",
            "b file",
            "testing",
            "komornik sdowy",
            "sdzie rejonowym",
            "tomasz rodacki",
            "obwieszczenie",
            "komornicze",
            "tumacza migam",
            "tumacz czynny",
            "zamknite",
            "wiadczenia",
            "schedule",
            "error",
            "javascript",
            "bakers hall",
            "ixaction",
            "script",
            "ixchatlauncher",
            "compatibility",
            "com dla",
            "t1055 pewno",
            "unikanie obrony",
            "t1036 maskarada",
            "t1082 pewno",
            "informacje o",
            "nazwa pliku",
            "dokument pdf",
            "rozmiar pliku",
            "zapowied",
            "type",
            "iii dbt",
            "utf8",
            "dziennik"
          ],
          "references": [
            "S?d Rejonowy w Jeleniej G\u00f3rze.htm",
            "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm",
            "http://www.jelenia-gora.so.gov.pl/",
            "https://www.jelenia-gora.so.gov.pl/",
            "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze",
            "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora",
            "https://www.jelenia-gora.sr.gov.pl/spacer",
            "https://waf.intelix.pl/957476/Chat/Script/Compatibility"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "",
              "display_name": "",
              "target": null
            },
            {
              "id": "serwer",
              "display_name": "serwer",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1553",
              "name": "Subvert Trust Controls",
              "display_name": "T1553 - Subvert Trust Controls"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 24,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Arek-BTC",
            "id": "212764",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "email": 71,
            "domain": 7651,
            "hostname": 7680,
            "IPv4": 331,
            "FileHash-SHA256": 16168,
            "URL": 10399,
            "FileHash-MD5": 3639,
            "FileHash-SHA1": 3468,
            "CIDR": 4,
            "CVE": 89,
            "YARA": 521,
            "SSLCertFingerprint": 25,
            "JA3": 1,
            "IPv6": 5813
          },
          "indicator_count": 55860,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 141,
          "modified_text": "339 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6647908c09468f42bc1249f1",
          "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution",
          "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com",
          "modified": "2025-03-01T04:59:57.222000",
          "created": "2024-05-17T17:14:52.317000",
          "tags": [
            "false",
            "true",
            "visible",
            "application",
            "microsoft teams",
            "microsoft azure",
            "office",
            "service",
            "dynamics",
            "hidden",
            "android",
            "explorer",
            "write",
            "connector",
            "test",
            "sharepoint",
            "live",
            "meister",
            "tools",
            "desktop",
            "spark",
            "front",
            "enterprise",
            "designer",
            "atlas",
            "premium",
            "assistant",
            "allow",
            "azureadmyorg",
            "game",
            "verify",
            "microsoft power",
            "channelsurfcli",
            "mtd1",
            "file transfer",
            "magnus",
            "microsoft crm",
            "youth"
          ],
          "references": [
            "All - EnterpriseAppsList.csv",
            "AppRegistrationList.csv",
            "https://tria.ge/240517-vc7c1shc62/behavioral1",
            "https://tria.ge/240517-vdwb5shc71/behavioral1",
            "https://tria.ge/240517-vqxezaaa33/behavioral1",
            "https://tria.ge/240517-t9pc2ahb2t",
            "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark",
            "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs",
            "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph",
            "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary",
            "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb",
            "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7",
            "Thor Scan: S-I9VvMTB6cZU",
            "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview",
            "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview",
            "https://imp0rtp3.wordpress.com/2021/08/12/tetris/",
            "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview",
            "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview",
            "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview",
            "https://tria.ge/240521-q4s79agb25/static1",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093",
            "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview",
            "https://www.filescan.io/uploads/666d69ff6b8dba248b414767",
            "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3",
            "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b",
            "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2",
            "https://www.hudsonrock.com/search?domain=ualberta.ca",
            "https://www.criminalip.io/domain/report?scan_id=13798622",
            "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24",
            "https://urlscan.io/search/#ualberta.ca",
            "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs",
            "https://sitereport.netcraft.com/?url=http://ualberta.ca",
            "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/",
            "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll",
            "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark",
            "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22",
            "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22",
            "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22",
            "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "Canada"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Technology",
            "Healthcare",
            "Telecommunications",
            "Government"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 25,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 7,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1703,
            "FileHash-SHA256": 90472,
            "URL": 99185,
            "domain": 82954,
            "hostname": 39041,
            "FileHash-SHA1": 1624,
            "email": 4658,
            "CVE": 12
          },
          "indicator_count": 319649,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 139,
          "modified_text": "414 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "663d2869e0f3a42bbddc42ff",
          "name": "UPX executable packer.",
          "description": "A new rule has been introduced  a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"",
          "modified": "2024-10-14T00:01:17.069000",
          "created": "2024-05-09T19:47:53.786000",
          "tags": [
            "cioch adrian",
            "centrum usug",
            "sieciowych",
            "elf binary",
            "upx compression",
            "roth",
            "nextron",
            "info",
            "javascript",
            "html",
            "office open",
            "xml document",
            "network capture",
            "win32 exe",
            "xml pakietu",
            "pdf zestawy",
            "przechwytywanie",
            "office",
            "filehashsha1",
            "url https",
            "cve cve20201070",
            "cve cve20203153",
            "cve cve20201048",
            "cve cve20211732",
            "cve20201048 apr",
            "filehashmd5",
            "cve cve20010901",
            "cve cve20021841",
            "cve20153202 apr",
            "cve cve20160728",
            "cve cve20161807",
            "cve cve20175123",
            "cve20185407 apr",
            "cve cve20054605",
            "cve cve20060745",
            "cve cve20070452",
            "cve cve20070453",
            "cve cve20070454",
            "cve cve20071355",
            "cve cve20071358",
            "cve cve20071871",
            "cve20149614 apr",
            "cve cve20151503",
            "cve cve20152080",
            "cve cve20157377",
            "cve cve20170131",
            "cve20200796 may",
            "cve cve20113403"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 6861,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Arek-BTC",
            "id": "212764",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 5771,
            "domain": 3139,
            "URL": 14525,
            "FileHash-SHA1": 2610,
            "IPv4": 108,
            "CIDR": 40,
            "FileHash-SHA256": 10705,
            "FileHash-MD5": 3373,
            "YARA": 2,
            "CVE": 148,
            "Mutex": 7,
            "FilePath": 3,
            "SSLCertFingerprint": 3,
            "email": 23,
            "JA3": 1,
            "IPv6": 2
          },
          "indicator_count": 40460,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 137,
          "modified_text": "552 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602",
        "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22",
        "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark",
        "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****",
        "https://www.virustotal.com/graph/embed/gc0d82762363b4aa88991027c391afdbfe9585395bd8d4273bbe09907fbfaf532?theme=light",
        "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327",
        "https://www.virustotal.com/graph/embed/g699a7b9bfb324855859555181d01666c372310cf233441e08a095459b3394dea?theme=dark",
        "https://viz.greynoise.io/ip/analysis/ae06b3b5-c746-4b44-b2ac-19bb3aea14a1 [11.23.25 - 1000ipv4]",
        "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e",
        "https://www.jelenia-gora.so.gov.pl/",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be",
        "https://www.virustotal.com/graph/g38632f8b939b443ab3b69f6a3171d02ffd2696a0f3714325a84b9a5f227a7d1c",
        "AppRegistrationList.csv",
        "https://www.virustotal.com/gui/collection/daab0521ae533cbdfeec047e51a9499aedfd27c8cc05c644950126c1947131f9",
        "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f",
        "https://www.virustotal.com/gui/collection/ba238f4d585b87abb85c126f927090cb866facfa9e4e2e0db8e307aff553397d",
        "https://www.virustotal.com/gui/collection/da35693aa528a682ca91aee332c8155d99ac8e4a13077cc73b2a8921c8fea36b",
        "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5/summary",
        "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22",
        "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f/iocs",
        "https://tria.ge/240517-t9pc2ahb2t",
        "https://www.virustotal.com/gui/collection/8228434e85241bd42ae063de8cf2ee2afb86f0848675ed11e3f33b967e8c3c7c",
        "https://tria.ge/240517-vdwb5shc71/behavioral1",
        "http://www.jelenia-gora.so.gov.pl/",
        "https://www.virustotal.com/gui/collection/f60b8061133367a1047262a1e90d54cd72de4d59885c267906c6eeb557a35500",
        "https://waf.intelix.pl/957476/Chat/Script/Compatibility",
        "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb",
        "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783",
        "https://www.virustotal.com/gui/collection/3bf1c0922ee6f4d041effbf9f72a21a1e9f4b38d0593cfbeaca24851cf712eac",
        "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs",
        "https://www.hudsonrock.com/search?domain=ualberta.ca",
        "https://www.virustotal.com/gui/collection/dbf356b0a281fa94308e2e24738d839491491bfb2defa4e6c42662646e52c8f8",
        "https://www.virustotal.com/graph/embed/g3dae42eb79cc447182e3a3dd746e462f0903d71c784d4f5cacf970954deea221?theme=dark",
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/iocs",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a",
        "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview",
        "https://www.virustotal.com/gui/collection/aabd4abecf7099202ccbfbc1cec130ea266329ade38b040169399c6abf97a188",
        "https://www.virustotal.com/gui/collection/0c9360cb9f8601bd6cdf912eb414d67902487f0c4eec96e952377e300ff4e983/iocs",
        "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll",
        "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2",
        "https://www.virustotal.com/gui/collection/1497c56a475d73236c67292964eabd7f8961f88c57fa5a2e3f30720dc29a51e7",
        "https://www.virustotal.com/gui/collection/2cdadbf6aa2ec4f9815c038b0e9375b1475ac7e049fd123861d6e925e7802c6a",
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs",
        "https://sitereport.netcraft.com/?url=http://ualberta.ca",
        "https://www.virustotal.com/graph/embed/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076?theme=dark",
        "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List",
        "https://www.virustotal.com/gui/collection/12100cb4982365cfe5122fcedda2c084d60cebe09314846cae980c36fc90fc8c/iocs",
        "All - EnterpriseAppsList.csv",
        "https://www.virustotal.com/gui/collection/6a4e699473879d39e15ed7cd130f2ee9543f842b92c9ad8b78e310968f4b086f",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea",
        "https://www.virustotal.com/graph/embed/g23481631a7c745c6ba19f72ce9f853643d17706c08ab44eb8851eb5c56c0f073?theme=dark",
        "https://loldrivers.io/",
        "https://www.filescan.io/uploads/666d69ff6b8dba248b414767",
        "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5",
        "https://www.virustotal.com/graph/embed/g9219350397134ff3a645319a88b67833077c9cf0f50d4979aa0239a3d0b6ecea?theme=dark",
        "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7",
        "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98",
        "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview",
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary",
        "https://urlscan.io/search/#ualberta.ca",
        "https://www.loldrivers.io/js/bundle.7cd1a644ff4540d19bfa43f193df74afce746a0213920f45d73bf720542f682d81b6ad0320242744d332512cfb63eac5790fab1a240d6e6c8cb89f25fcacfbd7.js",
        "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328",
        "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview",
        "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22",
        "https://www.virustotal.com/gui/collection/a1866f4c7dbc79920d0c7e914a3bace0d3dc424a2aac06bf30bf724c6c8b0375/iocs",
        "S?d Rejonowy w Jeleniej G\u00f3rze.htm",
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/graph",
        "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3",
        "https://www.virustotal.com/graph/embed/g798b5e01446c4711ba22802009d71f5ba78553df16794088a907ae7456e2a017?theme=dark",
        "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305",
        "https://www.virustotal.com/gui/collection/a6a81c8412b19ac6357a7c6e978c31a38d52a75fbb3b2e44f0f1a2bf0deb8a58/iocs",
        "https://www.virustotal.com/gui/collection/fd8ebe64d72b2ad9e90773791522c3ec5863868dc3b9c58a929c6b4e01bb3042",
        "https://www.virustotal.com/gui/collection/da124f42943c08f1cafdc1c42635457b0c69ccce41b4031263af3235717996a2/summary",
        "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b",
        "https://www.jelenia-gora.sr.gov.pl/spacer",
        "https://www.virustotal.com/graph/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076",
        "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/iocs",
        "Thor Scan: S-I9VvMTB6cZU",
        "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview",
        "https://www.loldrivers.io/js/chart.min.js",
        "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm",
        "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376",
        "https://www.virustotal.com/graph/g40f442f2b5d64cba818cac88855ba4ce274d109ce4ef4fb496f1af4efb993886",
        "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark",
        "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22",
        "https://imp0rtp3.wordpress.com/2021/08/12/tetris/",
        "https://www.virustotal.com/gui/collection/8d65d93130b4775903adbffbb53820d40bb9425dcf1848b806ffee65ee883984",
        "https://www.virustotal.com/gui/collection/bc7e252dcc07855314e153efe890d70e7a7e9b8a743e171eac31e5951260c1b7",
        "https://tria.ge/240517-vc7c1shc62/behavioral1",
        "https://www.criminalip.io/domain/report?scan_id=13798622",
        "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24",
        "https://www.virustotal.com/gui/collection/4b166c2c1752d85215da951b15a065688bfe24ea92c65228a45ded6f2d94685b/iocs",
        "https://www.virustotal.com/graph/embed/g3b316b58b8c54064b322b2e186d62950d7632add2f3f408f8d8a1706563fd3c0?theme=dark",
        "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview",
        "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb",
        "https://www.virustotal.com/graph/embed/g78ea5ea9b68b4a4bbcd2bc078e23b321985e72d90da146c19d8d80ede366c1fa?theme=dark",
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b",
        "https://www.virustotal.com/gui/collection/8f89eb9579ca53d15294ec27a4c1e763998ce57d3644ea746621d9fe0cb57e55/iocs",
        "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6",
        "https://www.virustotal.com/gui/collection/6434f0cf09638991baf3be289834696b46e11c4c6cbe1e7b9548f9ac27372b53",
        "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093",
        "https://www.virustotal.com/graph/embed/g6a67af8ffa22446da35d6989d7d0bc47efcd295eb893471e9b4912080c1dddef?theme=dark",
        "https://tria.ge/240521-q4s79agb25/static1",
        "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2",
        "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2",
        "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary",
        "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a",
        "https://tria.ge/240517-vqxezaaa33/behavioral1",
        "https://www.loldrivers.io/favicons/browserconfig.xml",
        "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [
            "Unknown APT Group(s) / Threat Actor (s)"
          ],
          "malware_families": [
            "",
            "Serwer"
          ],
          "industries": [
            "Telecommunications",
            "Education",
            "Technology",
            "Government",
            "Healthcare"
          ],
          "unique_indicators": 145936
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/event.target",
    "whois": "http://whois.domaintools.com/event.target",
    "domain": "event.target",
    "hostname": "t.event.target"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 7,
  "pulses": [
    {
      "id": "69cc876e1a85eb578af3460c",
      "name": "Gatsby.",
      "description": "The results of an analysis of data gathered from a single web address are published on the website of the University of California, San Francisco, as part of its 2016/17 Research into Open Access.<pretext.fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4",
      "modified": "2026-04-13T23:15:43.048000",
      "created": "2026-04-01T02:48:14.165000",
      "tags": [
        "a nxdomain",
        "unknown",
        "ip address",
        "domain",
        "present jun",
        "files",
        "ip related",
        "pulses otx",
        "pulses",
        "tags",
        "number",
        "ja3s",
        "get http",
        "ja3 client",
        "ja3 server",
        "ssdeep",
        "file type",
        "magic ascii",
        "crlf line",
        "trid digital",
        "unix",
        "cache entry",
        "zstandard",
        "dictionary id",
        "extra info",
        "process",
        "performs dns",
        "urls",
        "domain ip",
        "tls version",
        "https"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 272,
        "domain": 168,
        "hostname": 281,
        "FileHash-MD5": 170,
        "FileHash-SHA1": 51,
        "FileHash-SHA256": 113,
        "IPv4": 14,
        "email": 6
      },
      "indicator_count": 1075,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 49,
      "modified_text": "5 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "64ed117e2308a042e50e1e9e",
      "name": "Investigation of Distribution Vectors and Threat Network Infrastructure",
      "description": "Targets: Individual(s), University of Alberta Infrastructure, Covenant Health (Alberta Health Services), TELUS Communications (Network & Mobile infrastructure), Government of Alberta, Government of Canada. International entities spanning primarily government, healthcare, and educational institutions.",
      "modified": "2025-11-23T23:20:07.571000",
      "created": "2023-08-28T21:28:30.294000",
      "tags": [
        "Domains",
        "ip addresses",
        "URLs",
        "Files",
        "Alberta Health Services",
        "BEC",
        "Education",
        "University of Alberta",
        "Government of Alberta",
        "Covenant Health Alberta",
        "Telus Communications",
        "Canadian Universities",
        "Malicious Certificates",
        "Digital Identity Theft / Credential Theft"
      ],
      "references": [
        "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376",
        "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b",
        "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb",
        "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783",
        "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9",
        "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e",
        "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328",
        "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305",
        "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98",
        "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352",
        "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary",
        "https://www.virustotal.com/gui/collection/3bf1c0922ee6f4d041effbf9f72a21a1e9f4b38d0593cfbeaca24851cf712eac",
        "https://www.virustotal.com/gui/collection/2cdadbf6aa2ec4f9815c038b0e9375b1475ac7e049fd123861d6e925e7802c6a",
        "https://www.virustotal.com/gui/collection/ba238f4d585b87abb85c126f927090cb866facfa9e4e2e0db8e307aff553397d",
        "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5/summary",
        "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2",
        "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327",
        "https://www.virustotal.com/gui/collection/fd8ebe64d72b2ad9e90773791522c3ec5863868dc3b9c58a929c6b4e01bb3042",
        "https://www.virustotal.com/gui/collection/8d65d93130b4775903adbffbb53820d40bb9425dcf1848b806ffee65ee883984",
        "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5",
        "https://www.virustotal.com/gui/collection/6434f0cf09638991baf3be289834696b46e11c4c6cbe1e7b9548f9ac27372b53",
        "https://www.virustotal.com/gui/collection/bc7e252dcc07855314e153efe890d70e7a7e9b8a743e171eac31e5951260c1b7",
        "https://www.virustotal.com/gui/collection/dbf356b0a281fa94308e2e24738d839491491bfb2defa4e6c42662646e52c8f8",
        "https://www.virustotal.com/gui/collection/f60b8061133367a1047262a1e90d54cd72de4d59885c267906c6eeb557a35500",
        "https://www.virustotal.com/gui/collection/da124f42943c08f1cafdc1c42635457b0c69ccce41b4031263af3235717996a2/summary",
        "https://www.virustotal.com/gui/collection/daab0521ae533cbdfeec047e51a9499aedfd27c8cc05c644950126c1947131f9",
        "https://www.virustotal.com/gui/collection/12100cb4982365cfe5122fcedda2c084d60cebe09314846cae980c36fc90fc8c/iocs",
        "https://www.virustotal.com/graph/embed/g9219350397134ff3a645319a88b67833077c9cf0f50d4979aa0239a3d0b6ecea?theme=dark",
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602",
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/graph",
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/iocs",
        "https://www.virustotal.com/gui/collection/da35693aa528a682ca91aee332c8155d99ac8e4a13077cc73b2a8921c8fea36b",
        "https://www.virustotal.com/gui/collection/1497c56a475d73236c67292964eabd7f8961f88c57fa5a2e3f30720dc29a51e7",
        "https://www.virustotal.com/gui/collection/8228434e85241bd42ae063de8cf2ee2afb86f0848675ed11e3f33b967e8c3c7c",
        "https://www.virustotal.com/gui/collection/aabd4abecf7099202ccbfbc1cec130ea266329ade38b040169399c6abf97a188",
        "https://www.virustotal.com/gui/collection/6a4e699473879d39e15ed7cd130f2ee9543f842b92c9ad8b78e310968f4b086f",
        "https://www.virustotal.com/graph/embed/g3dae42eb79cc447182e3a3dd746e462f0903d71c784d4f5cacf970954deea221?theme=dark",
        "https://www.virustotal.com/graph/embed/gc0d82762363b4aa88991027c391afdbfe9585395bd8d4273bbe09907fbfaf532?theme=light",
        "https://www.virustotal.com/graph/embed/g78ea5ea9b68b4a4bbcd2bc078e23b321985e72d90da146c19d8d80ede366c1fa?theme=dark",
        "https://www.virustotal.com/gui/collection/8f89eb9579ca53d15294ec27a4c1e763998ce57d3644ea746621d9fe0cb57e55/iocs",
        "https://www.virustotal.com/graph/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076",
        "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f/iocs",
        "https://www.virustotal.com/graph/g38632f8b939b443ab3b69f6a3171d02ffd2696a0f3714325a84b9a5f227a7d1c",
        "https://www.virustotal.com/gui/collection/4b166c2c1752d85215da951b15a065688bfe24ea92c65228a45ded6f2d94685b/iocs",
        "https://www.virustotal.com/graph/embed/g798b5e01446c4711ba22802009d71f5ba78553df16794088a907ae7456e2a017?theme=dark",
        "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f",
        "https://www.virustotal.com/gui/collection/a6a81c8412b19ac6357a7c6e978c31a38d52a75fbb3b2e44f0f1a2bf0deb8a58/iocs",
        "https://www.virustotal.com/graph/embed/g699a7b9bfb324855859555181d01666c372310cf233441e08a095459b3394dea?theme=dark",
        "https://www.virustotal.com/graph/embed/g6a67af8ffa22446da35d6989d7d0bc47efcd295eb893471e9b4912080c1dddef?theme=dark",
        "https://www.virustotal.com/graph/embed/g23481631a7c745c6ba19f72ce9f853643d17706c08ab44eb8851eb5c56c0f073?theme=dark",
        "https://www.virustotal.com/graph/embed/g3b316b58b8c54064b322b2e186d62950d7632add2f3f408f8d8a1706563fd3c0?theme=dark",
        "https://www.virustotal.com/graph/embed/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076?theme=dark",
        "https://www.virustotal.com/graph/g40f442f2b5d64cba818cac88855ba4ce274d109ce4ef4fb496f1af4efb993886",
        "https://www.virustotal.com/gui/collection/0c9360cb9f8601bd6cdf912eb414d67902487f0c4eec96e952377e300ff4e983/iocs",
        "https://www.virustotal.com/gui/collection/a1866f4c7dbc79920d0c7e914a3bace0d3dc424a2aac06bf30bf724c6c8b0375/iocs",
        "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/iocs",
        "https://viz.greynoise.io/ip/analysis/ae06b3b5-c746-4b44-b2ac-19bb3aea14a1 [11.23.25 - 1000ipv4]"
      ],
      "public": 1,
      "adversary": "Unknown APT Group(s) / Threat Actor (s)",
      "targeted_countries": [
        "Canada",
        "United States of America",
        "Philippines",
        "Panama",
        "Netherlands",
        "Anguilla",
        "Saint Vincent and the Grenadines",
        "Aruba",
        "Mexico",
        "Guatemala",
        "Costa Rica",
        "Tanzania, United Republic of"
      ],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Healthcare",
        "Government"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 111,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 1,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Disable_Duck",
        "id": "244325",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 236,
        "FileHash-SHA1": 139,
        "FileHash-SHA256": 1421,
        "URL": 9580,
        "CIDR": 30,
        "domain": 10205,
        "email": 12,
        "hostname": 517612,
        "IPv4": 11,
        "CVE": 62
      },
      "indicator_count": 539308,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 145,
      "modified_text": "146 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6842489989d6db4d41fd8322",
      "name": "Vulnerable Driver Load",
      "description": "Here is the full list of malicious Windows drivers, which can be blocked with the help of a special tool, or a built-in system, if you want to know what to do with it.",
      "modified": "2025-07-06T01:00:17.231000",
      "created": "2025-06-06T01:47:05.317000",
      "tags": [
        "malicious",
        "vulnerable",
        "living",
        "land drivers",
        "premium",
        "windows",
        "feel",
        "strong",
        "json",
        "sysmon",
        "subdomains",
        "whasz",
        "html internet",
        "magia dokument",
        "html",
        "ascii",
        "z bardzo",
        "triid plik",
        "magika html",
        "rozmiar",
        "zgoszenie",
        "error",
        "100255",
        "255100",
        "number",
        "e100",
        "100i100n",
        "65535255",
        "25565535",
        "mmm d",
        "typeof window",
        "null",
        "bubble",
        "radar",
        "false",
        "click",
        "isitem",
        "dark",
        "copy",
        "shell",
        "panelbox",
        "document",
        "code",
        "body",
        "light",
        "mark",
        "date",
        "scroll",
        "target",
        "blank",
        "back",
        "main",
        "lowfi"
      ],
      "references": [
        "https://loldrivers.io/",
        "https://www.loldrivers.io/js/chart.min.js",
        "https://www.loldrivers.io/js/bundle.7cd1a644ff4540d19bfa43f193df74afce746a0213920f45d73bf720542f682d81b6ad0320242744d332512cfb63eac5790fab1a240d6e6c8cb89f25fcacfbd7.js",
        "https://www.loldrivers.io/favicons/browserconfig.xml"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 20,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Arek-BTC",
        "id": "212764",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1885,
        "FileHash-SHA1": 1367,
        "FileHash-SHA256": 1615,
        "hostname": 214,
        "domain": 52,
        "URL": 468,
        "CVE": 2
      },
      "indicator_count": 5603,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 123,
      "modified_text": "287 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "67a7f06a5d0f22ad92684646",
      "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd",
      "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.",
      "modified": "2025-05-14T21:27:17.040000",
      "created": "2025-02-09T00:01:46.054000",
      "tags": [
        "null",
        "nie mona",
        "array",
        "input",
        "nonmsdombrowser",
        "object",
        "html",
        "component",
        "body",
        "horizontal",
        "date",
        "calendar",
        "february",
        "april",
        "june",
        "august",
        "iframe",
        "form",
        "friday",
        "explorer",
        "target",
        "error",
        "legend",
        "this",
        "type",
        "regexp",
        "elem",
        "index",
        "function",
        "handle",
        "check",
        "safari",
        "expando",
        "android",
        "false",
        "hooks",
        "copy",
        "prop",
        "class",
        "mark",
        "window",
        "code",
        "capture",
        "accept",
        "seed",
        "override",
        "hook",
        "look",
        "loop",
        "install",
        "pass",
        "enough",
        "bind",
        "core",
        "local",
        "verify",
        "done",
        "find",
        "internal",
        "inject",
        "possible",
        "hold",
        "middle",
        "guard",
        "fall",
        "stop",
        "panic",
        "back",
        "restrict",
        "speed",
        "turn",
        "grab",
        "getclass",
        "jquery",
        "bubble",
        "anchor",
        "shift"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1134",
          "name": "Access Token Manipulation",
          "display_name": "T1134 - Access Token Manipulation"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 13,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Arek-BTC",
        "id": "212764",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 1143,
        "domain": 155,
        "hostname": 523,
        "FileHash-SHA256": 151
      },
      "indicator_count": 1972,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 122,
      "modified_text": "339 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "66246ff49ed29ea9bb2bf122",
      "name": "S\u0105d Rejonowy w Jeleniej Gorze  POLAND",
      "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations",
      "modified": "2025-05-14T21:18:36.989000",
      "created": "2024-04-21T01:46:28.554000",
      "tags": [
        "jeleniej grze",
        "aktualnoci",
        "informacje",
        "jednostka",
        "rejonowy",
        "konkurs",
        "najczciej",
        "sd rejonowy",
        "przejd",
        "czytaj",
        "click",
        "sdzia jarosaw",
        "wydziau",
        "sdzia grzegorz",
        "katarzyna",
        "rudnicka dane",
        "kontaktowe sd",
        "jelenia gra",
        "mickiewicza",
        "zawarto",
        "html",
        "nazwa meta",
        "robotw",
        "telefon",
        "brak",
        "skala",
        "ua zgodna",
        "head body",
        "zasb",
        "cname",
        "kod odpowiedzi",
        "kodowanie treci",
        "wygasa",
        "gmt serwer",
        "pragma",
        "kontrola pamici",
        "podrcznej",
        "data",
        "gmt kontrola",
        "dostpuzezwl na",
        "czytaj wicej",
        "sd okrgowy",
        "jednostki",
        "okrgowy",
        "ogoszenia",
        "sha256",
        "vhash",
        "ssdeep",
        "https odcisk",
        "palca jarma",
        "https dane",
        "v3 numer",
        "odcisk palca",
        "tworzy katalog",
        "tworzy pliki",
        "typ pliku",
        "json",
        "ascii",
        "windows",
        "sqlite",
        "foxpro fpt",
        "links typ",
        "mapa",
        "152 x",
        "sqlite w",
        "sha1",
        "sha512",
        "file size",
        "b file",
        "testing",
        "komornik sdowy",
        "sdzie rejonowym",
        "tomasz rodacki",
        "obwieszczenie",
        "komornicze",
        "tumacza migam",
        "tumacz czynny",
        "zamknite",
        "wiadczenia",
        "schedule",
        "error",
        "javascript",
        "bakers hall",
        "ixaction",
        "script",
        "ixchatlauncher",
        "compatibility",
        "com dla",
        "t1055 pewno",
        "unikanie obrony",
        "t1036 maskarada",
        "t1082 pewno",
        "informacje o",
        "nazwa pliku",
        "dokument pdf",
        "rozmiar pliku",
        "zapowied",
        "type",
        "iii dbt",
        "utf8",
        "dziennik"
      ],
      "references": [
        "S?d Rejonowy w Jeleniej G\u00f3rze.htm",
        "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm",
        "http://www.jelenia-gora.so.gov.pl/",
        "https://www.jelenia-gora.so.gov.pl/",
        "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze",
        "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora",
        "https://www.jelenia-gora.sr.gov.pl/spacer",
        "https://waf.intelix.pl/957476/Chat/Script/Compatibility"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "",
          "display_name": "",
          "target": null
        },
        {
          "id": "serwer",
          "display_name": "serwer",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        },
        {
          "id": "T1553",
          "name": "Subvert Trust Controls",
          "display_name": "T1553 - Subvert Trust Controls"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 24,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Arek-BTC",
        "id": "212764",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "email": 71,
        "domain": 7651,
        "hostname": 7680,
        "IPv4": 331,
        "FileHash-SHA256": 16168,
        "URL": 10399,
        "FileHash-MD5": 3639,
        "FileHash-SHA1": 3468,
        "CIDR": 4,
        "CVE": 89,
        "YARA": 521,
        "SSLCertFingerprint": 25,
        "JA3": 1,
        "IPv6": 5813
      },
      "indicator_count": 55860,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 141,
      "modified_text": "339 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6647908c09468f42bc1249f1",
      "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution",
      "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com",
      "modified": "2025-03-01T04:59:57.222000",
      "created": "2024-05-17T17:14:52.317000",
      "tags": [
        "false",
        "true",
        "visible",
        "application",
        "microsoft teams",
        "microsoft azure",
        "office",
        "service",
        "dynamics",
        "hidden",
        "android",
        "explorer",
        "write",
        "connector",
        "test",
        "sharepoint",
        "live",
        "meister",
        "tools",
        "desktop",
        "spark",
        "front",
        "enterprise",
        "designer",
        "atlas",
        "premium",
        "assistant",
        "allow",
        "azureadmyorg",
        "game",
        "verify",
        "microsoft power",
        "channelsurfcli",
        "mtd1",
        "file transfer",
        "magnus",
        "microsoft crm",
        "youth"
      ],
      "references": [
        "All - EnterpriseAppsList.csv",
        "AppRegistrationList.csv",
        "https://tria.ge/240517-vc7c1shc62/behavioral1",
        "https://tria.ge/240517-vdwb5shc71/behavioral1",
        "https://tria.ge/240517-vqxezaaa33/behavioral1",
        "https://tria.ge/240517-t9pc2ahb2t",
        "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark",
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs",
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph",
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary",
        "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb",
        "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7",
        "Thor Scan: S-I9VvMTB6cZU",
        "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview",
        "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview",
        "https://imp0rtp3.wordpress.com/2021/08/12/tetris/",
        "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview",
        "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview",
        "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview",
        "https://tria.ge/240521-q4s79agb25/static1",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093",
        "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview",
        "https://www.filescan.io/uploads/666d69ff6b8dba248b414767",
        "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3",
        "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b",
        "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2",
        "https://www.hudsonrock.com/search?domain=ualberta.ca",
        "https://www.criminalip.io/domain/report?scan_id=13798622",
        "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24",
        "https://urlscan.io/search/#ualberta.ca",
        "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs",
        "https://sitereport.netcraft.com/?url=http://ualberta.ca",
        "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/",
        "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll",
        "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark",
        "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22",
        "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22",
        "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22",
        "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America",
        "Canada"
      ],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Technology",
        "Healthcare",
        "Telecommunications",
        "Government"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 25,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 7,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Disable_Duck",
        "id": "244325",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1703,
        "FileHash-SHA256": 90472,
        "URL": 99185,
        "domain": 82954,
        "hostname": 39041,
        "FileHash-SHA1": 1624,
        "email": 4658,
        "CVE": 12
      },
      "indicator_count": 319649,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 139,
      "modified_text": "414 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "663d2869e0f3a42bbddc42ff",
      "name": "UPX executable packer.",
      "description": "A new rule has been introduced  a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"",
      "modified": "2024-10-14T00:01:17.069000",
      "created": "2024-05-09T19:47:53.786000",
      "tags": [
        "cioch adrian",
        "centrum usug",
        "sieciowych",
        "elf binary",
        "upx compression",
        "roth",
        "nextron",
        "info",
        "javascript",
        "html",
        "office open",
        "xml document",
        "network capture",
        "win32 exe",
        "xml pakietu",
        "pdf zestawy",
        "przechwytywanie",
        "office",
        "filehashsha1",
        "url https",
        "cve cve20201070",
        "cve cve20203153",
        "cve cve20201048",
        "cve cve20211732",
        "cve20201048 apr",
        "filehashmd5",
        "cve cve20010901",
        "cve cve20021841",
        "cve20153202 apr",
        "cve cve20160728",
        "cve cve20161807",
        "cve cve20175123",
        "cve20185407 apr",
        "cve cve20054605",
        "cve cve20060745",
        "cve cve20070452",
        "cve cve20070453",
        "cve cve20070454",
        "cve cve20071355",
        "cve cve20071358",
        "cve cve20071871",
        "cve20149614 apr",
        "cve cve20151503",
        "cve cve20152080",
        "cve cve20157377",
        "cve cve20170131",
        "cve20200796 may",
        "cve cve20113403"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 6861,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Arek-BTC",
        "id": "212764",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 5771,
        "domain": 3139,
        "URL": 14525,
        "FileHash-SHA1": 2610,
        "IPv4": 108,
        "CIDR": 40,
        "FileHash-SHA256": 10705,
        "FileHash-MD5": 3373,
        "YARA": 2,
        "CVE": 148,
        "Mutex": 7,
        "FilePath": 3,
        "SSLCertFingerprint": 3,
        "email": 23,
        "JA3": 1,
        "IPv6": 2
      },
      "indicator_count": 40460,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 137,
      "modified_text": "552 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://t.event.target/",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://t.event.target/",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1776617018.4948077
}