{ "type": "URL", "indicator": "https://t.options.target", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://t.options.target", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3181037817, "indicator": "https://t.options.target", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 36, "pulses": [ { "id": "68abf75bf3b03b94a6762409", "name": "(Repost) How to connect listeners to e.intercom | serverhub.com eonix.net", "description": "", "modified": "2025-08-25T05:40:43.552000", "created": "2025-08-25T05:40:43.552000", "tags": [ "context", "error", "ajaxupdate", "request", "requestdata", "name", "xoctoberassets", "datarequest", "typesubmit", "typetext", "click", "function", "typeof c", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof g", "typeof h", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "image", "typeof atrkopts", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "date", "please", "april", "august", "close", "february", "june", "form", "klik", "download", "window", "this", "next", "null", "blank", "este", "anna", "rserver", "mais", "void", "object", "typeerror", "array", "symbol", "bound", "typeof window", "typeof t", "invalid path", "unknown method", "phonenumber", "ninja", "typeof e", "edge", "dataname", "intercom", "typeof symbol", "apple", "webkiti", "criosi", "trident" ], "references": [ "xfe-URL-Eonix.net-stix2-2.1-export.json", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "https://widget.intercom.io/widget/rbc8ok9w", "https://js.hscollectedforms.net/collectedforms.js", "https://js.hsleadflows.net/leadflows.js", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "https://serverhub.com/modules/system/assets/js/framework.js", "https://js.hs-scripts.com/3844463.js", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "xfe-URL-Intercom.io-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "62719a4dec6d0aa4631b9b2f", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5708, "hostname": 1541, "FileHash-SHA256": 876, "domain": 915, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "279 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67f5555b6ce863d998e83e26", "name": "macOS Threat Infrastructure Leveraging Remote Agents via remotewd.com and rtmsprod.net", "description": "This pulse identifies an actively observed macOS-focused remote access infrastructure abusing trusted native Apple agents (ARDAgent.app, SSMenuAgent.app) and communicating with a distributed network of C2-like endpoints under domains such as remotewd.com, idsremoteurlconnectionagent.app, and rtmsprod.net.\n\nThe infrastructure is composed of dynamically generated subdomains \u2014 many in the form of device-.remotewd.com \u2014 indicative of automated deployment, system tracking, or per-host remote access configurations.\n\nAdditional indicators include HTTP/S URLs pointing directly to embedded binary paths within macOS agents, suggesting possible delivery vectors, staging, or persistence techniques.\n\nThis campaign shows signs of structured, programmatic targeting and is highly likely to be pre-operational infrastructure for wide-scale surveillance or access operations. All listed indicators should be considered high-risk. If observed in your environment, initiate a full forensic and IR process immediately.", "modified": "2025-05-11T19:03:59.885000", "created": "2025-04-08T16:56:59.641000", "tags": [ "generated from", "do not", "edit uri", "urls", "edit", "rewriteengine", "rewritecond", "rewriterule", "r301", "xml2encalias", "beralloct", "berbvarrayadd", "berbvarrayfree", "berbvdup", "berbvecadd", "berbvecfree", "berbvfree", "berdump", "berdup", "berdupbv", "laerrordomain", "laerrornoncekey", "lamechanismtree", "lacontext", "ladomainstate", "laenvironment", "lanotification", "laprivatekey", "lapublickey", "laright", "apple swift", "o librarylevel", "combine import", "foundation", "swift import", "mcpeerid", "mcsession", "property", "copyright", "protocol", "class", "bonjour", "ascii lowercase", "abc company", "section", "bonjour txt", "note", "ui element", "utf8 encoding", "nscopying", "nsdictionary", "nsstring", "mcextern", "attribute", "mcextern extern", "mcexternweak", "nsenum", "nsinteger", "mcerrorcode", "mcerrorunknown", "mcerrortimedout", "peer", "example", "bonjour apis", "stop", "tags", "session", "nsprogress", "nserror", "nsurl", "nsarray", "create", "nsuinteger", "notifies", "mcsession api", "interface", "dbictrace", "dbivporth", "dbictracelevel", "dbdtffoo", "dbihseterrchar", "dbicstate", "dbictraceflags", "provides macros", "dbi release", "only", "sqlsuccess", "odbc", "sqlok", "tim bunce", "england", "sql cli", "sql datatype", "sqlguid", "sqlwlongvarchar", "main", "beware", "sv sth", "sv dbh", "impsth", "impdbh", "sv keysv", "sv params", "sv attr", "sv attribs", "sv drh", "void", "fri jul", "mixed", "dbixsrevision", "plsvundef", "license", "spagain", "perlioprintf", "dbiclogpio", "putback", "ireland", "gnu general", "super", "magic", "dbicflags", "dbis", "svrv", "null", "imp2com", "dbicactivekids", "dbicfiadestroy", "sv h", "dbicdbistate", "code", "copy", "refer", "trace", "error", "unknown", "hookopcheckh", "startexternc", "hookopcheckcb", "userdata", "endexternc", "isinternalbuild", "kickmcxdforuid", "loadappkit", "ardconfig", "authenticator", "dsauthenticator", "dsnode", "dsrecord", "group", "hostconfig", "apfsvolumelock", "apfsvolumerole", "aoskgetosinfo", "aoskgetuserinfo", "aosaddappleid", "aosdisablepcs", "aosenablepcs", "aoslog", "aoslogforce", "aosrelaycookie", "didfailcallback", "kaosaccountkey", "kapcsbundle", "kapcspath", "kjsonextension", "apcsbucketid", "apcsreports", "apconfiguration", "apversiondata", "apversionhelper", "systemvolumesvm", "name size", "identifier", "gb disk0s3", "devdisk3", "apfs container", "scheme", "physical store", "macintosh hd", "apfs snapshot", "preboot", "refs address", "size wired", "name", "version", "uuid", "linked against", "renderer", "helper", "chrome helper", "contains", "cloud ui", "macintosh", "khtml", "gecko", "ui helper", "plugin", "service", "good", "battery power", "apfs encryption", "jumpcloud go", "chrome web", "store", "privacy badger", "flowcrypt", "encrypt gmail", "simple", "google", "b2b phone", "number", "apollo", "future", "exccrash", "sigkill", "code signature", "invalid", "sigabrt", "protonvpn", "excguard", "excbreakpoint", "sigtrap", "excbadaccess", "appl", "english", "adobe crash", "adobe", "acrobat dcadobe", "processor", "uninstaller", "assistant", "install", "cloud", "dock", "calendar", "music", "terminal", "tips", "installer", "updater", "proton", "tools", "stub", "python", "clock", "powershell", "team", "rave scout", "cookies", "public folder", "key cert", "sign", "crl sign", "root ca", "authority", "public primary", "global root", "verisign", "academic", "premium", "adaptive", "interactive", "background", "standard", "launchd sandbox", "s mdworker", "agent", "command line", "progress", "yubico", "macos13action", "disableoverride", "disableairdrop", "denyactivation", "enable", "loginwindowtext", "jumpcloud", "autoupdate", "loggingoption", "enablefirewall", "arm64e", "apple m2", "mac142", "kjqqtw7pqt", "daemon", "server", "open directory", "user", "account", "kerberos admin", "kerberos change", "device daemon", "network", "desktop", "screensaver", "bridge", "aesxtsarm", "aesecbarm", "sha512vngarmhw", "sha384vngarmhw", "sha256vngarm", "sha1vngarm", "darwin kernel", "wed mar", "wkarraycreate", "wkbooleancreate", "wkcontextcreate", "wkdatacreate", "wkdatagettypeid", "wkdoublecreate", "wkframecopyurl", "wkgettypeid", "wkimagecreate", "wkpagecandelete", "webview", "notice", "this software", "including", "but not", "limited to", "redistribution", "is provided", "by apple", "direct", "damage", "apiavailable", "webkit", "nsswiftname", "document", "a block", "as is", "hasinclude", "wkdownload", "abstract", "wkerrorcode", "wkerrorunknown", "discussion", "bool", "whether", "wkcontentworld", "wkwebview", "javascript", "nsunavailable", "vaargs", "nsswiftasync", "wkswiftasync", "wkcookiepolicy", "wkswiftuiactor", "nshttpcookie", "targetosiphone", "wknavigation", "decides", "boolean value", "apideprecated", "methodkind", "wkerrordomain", "wkscriptmessage", "promise", "fulfill", "const", "url scheme", "mark", "wkuserscript", "targetosvision", "param", "wkframeinfo", "targetosios", "pass", "window", "mime type", "link", "nsimage", "returns", "nsset", "checks", "matches", "a boolean", "defaults", "wkwebextension", "cgsize", "uiimage", "apis", "nsdate", "wkcontentmode", "wkextern", "possible", "cgfloat", "media", "cgrect", "apiunavailable", "framework", "nsswiftuiactor", "targetoswatch", "confirms", "apple upgrade", "nsstring user", "nsobject", "provider", "apple", "password", "uicontrol", "nscontrol", "asuseragerange", "check", "opaque user", "apple id", "initiate", "asauthorization", "operation", "state", "nserrorenum", "nsdata", "relying party", "asapiavailable", "perform", "realm", "http response", "authorization", "http", "oauth", "saml", "a byte", "nsdata userid", "relying", "a string", "nsdata readdata", "bool didwrite", "a cose", "nsdata first", "nsdata second", "nsstring name", "bool appid", "targetosxr", "nsstring appid", "bluetooth", "mdm profile", "nsurl url", "returns yes", "a state", "a json", "web token", "private seckeys", "enables", "keychain", "asswiftsendable", "cose algorithm", "ecdsa", "sha256", "cose curve", "p256", "nullable", "bool success", "remove", "call", "complete", "initializes", "time code", "extensions", "asextern extern", "asextern", "nsswiftsendable", "prepare", "list", "nsextension", "attempt", "nsstring label", "creates", "nsstring code", "a key", "webauthn", "nssecurecoding", "input", "output", "initialize", "nsinteger rank", "json", "inputs", "hash", "nsstring origin", "settings app", "extension", "https urls", "safari", "cancel", "nsuuid uuid", "r uftpexu", "nsmutabledata", "vnsdate", "mprcjy", "postfix", "domain", "canonical", "tables", "ldap", "post", "replace user", "address", "wietse venema", "bugs", "mail", "aliases", "postfix version", "restrict", "sample", "person", "basic system", "general", "reject empty", "postfix smtp", "ipv6 host", "reject", "reply", "access", "prior", "hold", "info", "mail delivery", "charset", "system", "report", "postfix dsn", "mail returned", "this", "generic", "smtp", "isp mail", "mime", "headerchecks", "readme files", "filters while", "posix", "empty", "body", "write", "date", "smtp server", "specify", "mx host", "unix password", "user unknown", "pathbin", "postfix queue", "unix", "cyrus", "path", "uucp", "shell", "local", "program", "agreement", "contributor", "recipient", "contribution", "the program", "corporation", "contributors", "product x", "as expressly", "arch", "arch x8664", "pipe wall", "wimplicit", "ranlib", "warn", "switch", "start", "systype", "outlook", "postfix master", "begin", "server admin", "mail backend", "modern smtp", "iana", "many", "postfix pipe", "recent cyrus", "amos gouaux", "old example", "or even", "lutz jaenicke", "technology", "cottbus", "germany", "openssl package", "openssl project", "europe", "remember that", "use of", "file", "update", "usrsbin", "file format", "no group", "daemondirectory", "deliver mail", "transport", "description", "result format", "virtual", "virtual alias", "redirect mail", "relocated", "matches user", "synopsis", "lastname", "firstname", "apple computer", "tcpip", "supported", "quantum", "facility", "level", "level info", "broadcast", "ignore", "rules", "sender", "automounter map", "use directory", "get home", "home autohome", "true", "t option", "mount", "force", "environment", "automountdenv", "promptcommand", "shellsessiondir", "histfile", "histfilesize", "myvar", "histtimeformat", "arrange", "bashrematch", "tell", "ps1h", "make bash", "s checkwinsize", "etcbashrc", "termprogram", "inpck", "nnnbaud", "berkeley", "parity", "pc entry", "pass8", "parenb istrip", "fixed speed", "entry", "clocal mode", "maxhistsize", "promptmode", "verbose end", "etcirbrcloaded", "default", "setup", "history file", "kernel", "readline", "jabber", "group database", "dovecot", "postfix scsd", "networkd", "searchpaths", "freebsd", "tmpdir", "fcodes", "prunepaths", "vartmp", "prunedirs", "filesystems", "nroff", "manpath", "uncomment", "manpager", "whatispager", "manlocale", "every", "manpath optman", "maybe", "troff", "status mailfrom", "returnpath via", "pidfile", "flags", "bcgjnuwz", "bin usrsbin", "sbin", "default pf", "care", "audio", "user database", "unix copy", "gate daemon", "bashno", "r etcbashrc", "rfc1323", "m1460", "macos x", "signature", "linux", "opera", "xp sp1", "windows sp1", "nmap syn", "m265", "synack", "mind", "macos", "warp", "ipv6", "internet", "icmp", "cisco", "monitoring", "argus", "chaos", "rsvp", "encapsulation", "aris", "isis", "netbootmount", "netbootshadow", "computername", "localonly", "localnetbootdir", "netboot", "define", "purpose", "networkonly", "waiting", "networkup", "term", "devnull", "common setup", "configure", "set command", "dns hostname", "dns query", "see also", "kame", "sunnet manager", "rpcsrc", "netlicense", "ftpd", "bindash binksh", "binsh bintcsh", "jumpcloud ldap", "smb2", "security", "workgroup", "standalone", "samba server", "enforce", "smb3", "example share", "improper use", "ctrlc", "none", "fax reception", "hardwired", "0007", "must", "visudo", "blocksize", "charset lang", "language lcall", "lines columns", "lscolors", "sshauthsock", "orion", "setup user", "home", "zdotdir", "delete", "beep", "vendor", "kf10", "kf11", "kf12", "kf13", "backspace", "insert", "resume", "termsessionid", "savehist", "sharehistory", "h do", "volume", "de l", "l uuid", "m tra", "n est", "suuid", "prfen", "fusion", "syst", "look", "executant", "alla", "over", "test", "overie", "zapis", "rapid", "disco usa", "de macos", "nie s", "i denne", "adgjmpsvx", "diskgthis disk", "01k8x j", "34disk", "levy kytt", "dict", "array", "plist", "apple root", "code signing", "inode64r", "xofkoxzh", "integer", "doctype", "brain", "abcd", "ogwo", "boaw", "cobwa", "uhawavauatsh", "ip bitmap", "foewdc", "could", "ip block", "funcs", "cogwo", "trash", "double", "hunt", "affa", "carr", "crypto", "docwbac", "q1b0", "q1 0", "h h5", "docwbag", "slice", "format", "zero", "alfa", "hera", "lelei", "hehe", "hisp", "fail", "katy", "zakk", "eodwcbgao", "hhk8di", "alma", "topo", "open", "huhk", "piper", "hehx", "eh ui", "h20hph", "hif h", "hmhhihqhyla hq", "r11b0", "target", "uus10u", "hifh", "loghookfailed", "loghook", "hell", "q1b 0", "f duh", "aqw1", "1160" ], "references": [ "index.html.en", "bind.html", "caching.html", "BUILDING", "configuring.html", "content-negotiation.html", "custom-error.html", "convenience.map", "LDAP.tbd", "lber.h", "ldap.h", "LocalAuthentication.tbd", "arm64e-apple-macos.swiftinterface", "x86_64-apple-ios-macabi.swiftinterface", "arm64e-apple-ios-macabi.swiftinterface", "x86_64-apple-macos.swiftinterface", "MultipeerConnectivity.tbd", "module.modulemap", "MCNearbyServiceAdvertiser.h", "MCPeerID.h", "MCError.h", "MCNearbyServiceBrowser.h", "MCAdvertiserAssistant.h", "MultipeerConnectivity.apinotes", "MultipeerConnectivity.h", "MCSession.h", "MCBrowserViewController.h", "dbivport.h", "dbi_sql.h", "dbd_xsh.h", "dbixs_rev.h", "Driver_xst.h", "DBIXS.h", "hook_op_check.h", "Admin.tbd", "AirPlayReceiver.tbd", "apfs_boot_mount.tbd", "AOSKit.tbd", "APConfigurationSystem.tbd", "AppleFirmwareUpdate.tbd", "launchdaemons.txt", "preboot_archive_errors.log", "mounts.txt", "launchagents.txt", "disk_structure.txt", "user_launchagents.txt", "security_status.txt", "kexts.txt", "process_list.txt", "battery.csv", "diskEncryption.csv", "chromeExtensions.csv", "crashes.csv", "interfaceAddrs.csv", "kernel.csv", "interfaceDetails.csv", "etcHosts.csv", "applications.csv", "mounts.csv", "sharedFolders.csv", "certificates.csv", "sharingPreferences.csv", "launchD.csv", "usbDevices.csv", "managedPolicies.csv", "systemInfo.csv", "users.csv", "sipConfig.csv", "systemControls.csv", "canonical", "aliases", "custom_header_checks", "access", "bounce.cf.default", "generic", "header_checks", "main.cf.default", "LICENSE", "makedefs.out", "main.cf", "master.cf.default", "main.cf.proto", "master.cf.proto", "master.cf", "TLS_LICENSE", "postfix-files", "transport", "virtual", "relocated", "afpovertcp.cfg", "asl.conf", "auto_home", "auto_master", "autofs.conf", "bashrc_Apple_Terminal", "com.apple.screensharing.agent.launchd", "bashrc", "command_args.json", "csh.cshrc", "csh.login", "find.codes", "csh.logout", "ftpusers", "gettytab", "irbrc", "kern_loader.conf", "group", "locate.rc", "man.conf", "mail.rc", "manpaths", "networks", "nfs.conf", "newsyslog.conf", "ntp_opendirectory.conf", "ntp.conf", "notify.conf", "paths", "pf.conf", "passwd", "profile", "pf.os", "protocols", "rc.netboot", "rc.common", "rmtab", "resolv.conf", "rtadvd.conf", "rpc", "shells", "smb.conf", "sudo_lecture", "ttys", "syslog.conf", "xtab", "sudoers", "zprofile", "zshrc", "zshrc_Apple_Terminal", "CodeResources", "version.plist", "Info.plist" ], "public": 1, "adversary": "DragonForce Malaysia Hacker Group", "targeted_countries": [], "malware_families": [ { "id": "Lastname", "display_name": "Lastname", "target": null }, { "id": "Firstname", "display_name": "Firstname", "target": null } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 66, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ilyailya", "id": "298851", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4449, "domain": 3847, "URL": 14263, "FileHash-SHA256": 2356, "FileHash-MD5": 223, "FileHash-SHA1": 523, "email": 223, "CVE": 40, "CIDR": 12, "SSLCertFingerprint": 302 }, "indicator_count": 26238, "is_author": false, "is_subscribing": null, "subscriber_count": 37, "modified_text": "384 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657098ff4c59f8ac3f86f613", "name": "v2 of web.basemark.com plus all suggested ioc,s dont forget about the dropped js files from the 2nd hybrid link", "description": "", "modified": "2023-12-06T15:53:35.032000", "created": "2023-12-06T15:53:35.032000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1168, "hostname": 1366, "domain": 412, "URL": 3576, "email": 2, "FileHash-MD5": 61, "FileHash-SHA1": 54 }, "indicator_count": 6639, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708d2dc7aa57db55aab29c", "name": "serverhub.com eonix.net", "description": "", "modified": "2023-12-06T15:03:09.373000", "created": "2023-12-06T15:03:09.373000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 876, "URL": 5708, "hostname": 1541, "domain": 915, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708cdd2f63f24552fa3e39", "name": "BLNWX.COM", "description": "", "modified": "2023-12-06T15:01:49.772000", "created": "2023-12-06T15:01:49.772000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 400, "URL": 1905, "domain": 494, "hostname": 707 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c5b24dc4c51811f6de7", "name": "nocix malware Qe", "description": "", "modified": "2023-12-06T14:59:39.528000", "created": "2023-12-06T14:59:39.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 125, "hostname": 507, "URL": 1232, "domain": 170, "FileHash-MD5": 1 }, "indicator_count": 2035, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c534aadf7adf4f27d77", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "", "modified": "2023-12-06T14:59:31.122000", "created": "2023-12-06T14:59:31.122000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 302, "domain": 634, "URL": 2988, "hostname": 1208 }, "indicator_count": 5132, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c37c54dd9e78f85c0fa", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "", "modified": "2023-12-06T14:59:03.859000", "created": "2023-12-06T14:59:03.859000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "hostname": 2218, "URL": 5740, "domain": 901, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708bbc4c8bf557c17688e1", "name": "\u9ad8\u5c71tv,\u9ad8\u5c71tv,\u9ad8\u5c71tv\u5f71\u9662,\u9ad8\u5c71tv\u770b\u7247\u7f51", "description": "", "modified": "2023-12-06T14:57:00.280000", "created": "2023-12-06T14:57:00.280000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 233, "domain": 361, "hostname": 563, "URL": 1374, "FileHash-SHA1": 1, "FileHash-MD5": 1 }, "indicator_count": 2534, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708bae2f0c59d34f050b9e", "name": "Malware and bots", "description": "", "modified": "2023-12-06T14:56:46.779000", "created": "2023-12-06T14:56:46.779000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 168, "hostname": 427, "domain": 214, "URL": 1188, "FileHash-MD5": 1, "FileHash-SHA1": 1, "email": 1 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708b77797823dea739cc25", "name": "ReduceRight malware-", "description": "", "modified": "2023-12-06T14:55:51.023000", "created": "2023-12-06T14:55:51.023000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 110, "domain": 541, "URL": 2043, "hostname": 1106 }, "indicator_count": 3800, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708a8b61abf1b451f2aebc", "name": "Botnet", "description": "", "modified": "2023-12-06T14:51:55.086000", "created": "2023-12-06T14:51:55.086000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "hostname": 619, "URL": 1547, "domain": 246, "FileHash-SHA256": 124 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708a87eeed875a212dff0a", "name": "Botnet", "description": "", "modified": "2023-12-06T14:51:51.546000", "created": "2023-12-06T14:51:51.546000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "hostname": 619, "URL": 1547, "domain": 246, "FileHash-SHA256": 124 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657080d20f7e10c1e37fcf89", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:10:26.301000", "created": "2023-12-06T14:10:26.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1078, "domain": 838, "hostname": 1607, "URL": 4134, "email": 3, "FileHash-SHA1": 2, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6425a2f9c155fd53b9922bcd", "name": "v2 of web.basemark.com plus all suggested ioc,s dont forget about the dropped js files from the 2nd hybrid link", "description": "hope peeps are gona learn from 3cx that false positives are in fact often not false", "modified": "2023-04-29T13:05:05.409000", "created": "2023-03-30T14:55:53.652000", "tags": [ "trojan", "apt", "ansi", "dropped file", "runtime data", "chromeua", "optout", "programfiles", "typeof e", "localappdata", "error", "date", "generator", "path", "null", "void", "win64", "twitter", "this", "critical", "desktop", "dark", "light", "meta", "roboto", "span", "class", "template", "blink", "suspicious", "facebook", "mexico", "malicious", "mozilla", "strings", "qakbot", "://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00" ], "references": [ "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9", "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9/641e30763dcad56bc2075661", "http://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 412, "FileHash-SHA256": 1168, "URL": 3576, "hostname": 1366, "email": 2, "FileHash-MD5": 61, "FileHash-SHA1": 54 }, "indicator_count": 6639, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1128 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62ea8bf5508d5839c2e68b66", "name": "This what you dont see your browser doing in the background", "description": "", "modified": "2022-08-03T14:53:41.744000", "created": "2022-08-03T14:53:41.744000", "tags": [ "regexp", "array", "attr", "class", "css1compat", "null", "string", "error", "function", "invalid json", "text", "date", "activexobject", "number", "utmb", "firefox", "shockwave flash", "utma", "utmz", "iframe", "classspan", "span", "typecheckbox", "gradienttype0", "typeradio", "classicon", "typesearch", "typesubmit", "href", "typebutton", "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://www.virustotal.com/static/js/bootmin-2013092601.js" ], "references": [ "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "https://www.virustotal.com/static/js/bootmin-2013092601.js", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://www.virustotal.com/en/file/undefined/analysis/", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "bootstrap.min.css", "ga.js", "bootmin-2013092601 2.js", "bootmin-2013092601.js", "jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 193, "hostname": 384, "domain": 146, "URL": 972 }, "indicator_count": 1695, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1397 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628ce74526894454664e1bab", "name": "cloudron.io", "description": "function ar(aw,av,au,at) is a new version of the Matomo tracker, which allows users to track where a tracker has been located, and when it is activated.", "modified": "2022-06-23T00:03:28.624000", "created": "2022-05-24T14:10:13.562000", "tags": [ "span", "type", "href", "tbody", "tfoot", "thead", "input", "helvetica neue", "helvetica", "arial", "twitter", "date", "docviewtop", "shadow", "rocketchat", "sogo", "gitlab", "wordpress", "matomo", "kanboard", "taiga", "ninja", "slow", "scroll", "dom exception", "google", "regexp", "mmm d", "mmmm d", "null", "this", "number", "destroy", "controller", "array", "error", "android", "false", "function", "index", "slickcenter", "slick", "object", "translate", "translate3d", "jquery", "typeof c", "copyright", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept", "string", "please", "blob", "post", "link", "license" ], "references": [ "https://analytics.cloudron.io/piwik.js", "https://www.cloudron.io/3rdparty/jquery-1.11.0.js", "https://www.cloudron.io/3rdparty/bootstrap.min.js", "https://www.cloudron.io/3rdparty/slick.js", "https://www.cloudron.io/3rdparty/angular.min.js", "https://www.cloudron.io/3rdparty/angular-loader.min.js", "https://www.cloudron.io/3rdparty/angular-route.min.js", "https://www.cloudron.io/3rdparty/angular-base64.min.js", "https://www.cloudron.io/index.js", "https://www.cloudron.io/3rdparty/bootstrap.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 541, "URL": 1300, "domain": 180, "FileHash-SHA256": 72, "FileHash-SHA1": 1 }, "indicator_count": 2094, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62756a0d14664003affb0555", "name": "hush.com 301 to hushmail.com", "description": "var b[f, gw.b, \"dust\" - a.g - has been added to an Array by the end of the year, if there is any chance of it being added.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T18:33:49.161000", "tags": [ "widget", "null", "regexp", "array", "copyright", "license", "calltrkswap", "date", "typeof s", "xmlhttprequest", "typeof r", "script", "vd", "number", "string", "ienew ca", "closure library", "error", "quota", "aafunction", "dafunction", "function", "typeof o", "reduceright", "aw1070742489", "uint8array", "void", "code", "typeof symbol", "wickedclientid", "wickedemail", "wickedurl", "wickednullurl", "typeof e", "direct", "typeof require", "modulenotfound", "mini", "cnull", "anull", "nl50", "pnull", "okcancel", "compiled", "true", "android", "trident", "form", "window", "false", "acronym", "body", "canvas", "embed", "footer", "iframe", "keygen", "legend", "mark", "meta", "ruby", "small", "span", "template", "blank", "twitter", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "typeof module", "width", "object", "this", "accept", "fnumber", "gtmmf25krh", "host", "path" ], "references": [ "xfe-URL-Hush.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-MF25KRH", "https://www.hushmail.com/shared/javascript/jquery-3.5.1.min.js", "https://www.hushmail.com/javascriptinclude/eNrLKC3OyE3MzIkvT00qzixJtSpITE_V98lPz8xzyy_K1csqtjI0MzK2MDcwsbS0ysCq2qkov7w4tSi4JLGkGFUDAF_tIM0,.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://www.hushmail.com/javascriptinclude/eNpNzEEOQDAQQNEbtVoM7Sks7GXopB0pkQ5xfWJl-5P3JWGh4AvukSRzoKKtqlWlf0Wt4k3rnG2g641Pl6QNOU83zcIn-QMj6ZHpHQ2FF97jiHOmj0ED4FxfwQOf9yPU.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "https://widget.wickedreports.com/widget.js", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489", "https://www.hushmail.com/status/", "https://script.tapfiliate.com/tapfiliate.js", "https://www.googletagmanager.com/gtag/js?id=UA-1837381-13", "https://widget.wickedreports.com/v2/3469/wr-dafa9fae816c2f65d24d1eb593b58626.js", "https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861725881&ids%5B%5D=431115301", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861793229&ids%5B%5D=431115301", "https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=4bdc496b000064000505a89d#locale=en-US&styleHeight=28px&styleWidth=100%25&theme=light" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "OkCancel", "display_name": "OkCancel", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1917, "hostname": 698, "FileHash-SHA256": 116, "domain": 263 }, "indicator_count": 2994, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62750795ebc8c475f4a3033a", "name": "aquanx.com (PegTech botnet hosting)", "description": "var b[f, g.g, is a new addition to the list of characters that can be added to a singleElement, as well as a set of numbers, if they are new.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T11:33:41.174000", "tags": [ "function", "eu cookie", "version", "tamas schalk", "element", "lang", "datadelay", "dataexpire", "dataclass", "name", "date", "path", "null", "cookie", "regexp", "typeof e", "please", "typeof t", "pseudo", "child", "array", "error", "class", "void", "this", "extendedvps", "login register", "product group", "svssdlinux", "svssdwindows", "password", "client area", "aquanx english", "azerbaijani", "catal", "colocation\uff0ccustomized service\uff0cone-stop service\uff0caffordable cloud ", "aquanx", "metal cloud", "chat", "ddos migration", "network", "colocation", "cloud", "colocation bare", "cloud hosting", "private cloud", "bare", "service", "custom build", "https", "bootstrap", "bootstrap hover", "dropdown", "author", "cameron spear", "mattia larentis", "dropdown plugin", "http", "plugin", "copyright", "twitter", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "type", "expando", "typeof selector", "sizzle", "elem", "match", "data", "seed", "vd", "number", "string", "ienew ca", "closure library", "quota", "aafunction", "dafunction" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "https://aquanx.com/js/jquery-1.12.4.min.js", "https://aquanx.com/js/bootstrap.js", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://aquanx.com/js/modernizr-custom.js", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://aquanx.com/", "https://user.aquanx.com/clientarea.php", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "xfe-URL-raksmart.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 560, "URL": 1236, "domain": 184, "FileHash-SHA256": 79 }, "indicator_count": 2059, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62719a4dec6d0aa4631b9b2f", "name": "serverhub.com eonix.net", "description": "If you want to know what to do with your intercoms, spare a thought for e.intercom and add a new listener to your browser.. and use it to make the call.", "modified": "2022-06-02T00:03:59.540000", "created": "2022-05-03T21:10:37.722000", "tags": [ "context", "error", "ajaxupdate", "request", "requestdata", "name", "xoctoberassets", "datarequest", "typesubmit", "typetext", "click", "function", "typeof c", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof g", "typeof h", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "image", "typeof atrkopts", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "date", "please", "april", "august", "close", "february", "june", "form", "klik", "download", "window", "this", "next", "null", "blank", "este", "anna", "rserver", "mais", "void", "object", "typeerror", "array", "symbol", "bound", "typeof window", "typeof t", "invalid path", "unknown method", "phonenumber", "ninja", "typeof e", "edge", "dataname", "intercom", "typeof symbol", "apple", "webkiti", "criosi", "trident" ], "references": [ "xfe-URL-Eonix.net-stix2-2.1-export.json", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "https://widget.intercom.io/widget/rbc8ok9w", "https://js.hscollectedforms.net/collectedforms.js", "https://js.hsleadflows.net/leadflows.js", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "https://serverhub.com/modules/system/assets/js/framework.js", "https://js.hs-scripts.com/3844463.js", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "xfe-URL-Intercom.io-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5708, "hostname": 1541, "FileHash-SHA256": 876, "domain": 915, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "1459 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6271740be1d2d55007677274", "name": "Fiberhub.com and versaweb.com", "description": "The following is the full text of the code used to create Twitter's new web-based \"bootstrap\" - a guide to what to do if you want to use it in your browser.", "modified": "2022-06-02T00:03:59.540000", "created": "2022-05-03T18:27:23.636000", "tags": [ "html5 shiv", "jdalton", "jonneal", "mitgpl2", "typeof c", "typeof module", "null", "plugin", "function", "copyright", "twitter", "bootstrap", "http", "conflict", "focus", "object", "error", "click", "open", "next", "target", "trigger", "config", "checkbox", "delta", "false", "scroll", "vd", "number", "string", "ienew ca", "date", "closure library", "quota", "aafunction", "dafunction", "fbcd", "328373057580084", "prop", "init", "autoconfig", "protocol", "adnxsdomain", "aoldomain", "adrolltpc", "regexp", "typeof b", "pseudo", "child", "array", "width", "sufeffxa0", "class", "accept", "please", "chat", "search", "language", "feel", "file", "call", "strongstart", "address", "again" ], "references": [ "xfe-IP-76.164.203.68-stix2-2.1-export.json", "http://www.versaweb.com/js/bootstrap.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/languages/en.js", "http://www.versaweb.com/css/1024.css", "https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js", "https://d.adroll.com/pixel/LZLVHVDGLRC6BEJRRIQDVW/HBKRUDDSQJCU7GD5KH3RWC?adroll_fpc=fd1d5ad32fd771b6d89af530ec6ca1cf-1651601137287&arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&pv=14491019928.1296&cookie=&adroll_s_ref=&keyw=", "https://d.adroll.com/consent/check/LZLVHVDGLRC6BEJRRIQDVW?arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&_s=1b87c8c5132a03372125d888e43b0a86&_b=2", "https://s.adroll.com/j/exp/LZLVHVDGLRC6BEJRRIQDVW/index.js", "xfe-URL-versaweb.com-stix2-2.1-export.json", "xfe-URL-fiberhub.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=UA-33008870-1", "https://www.fiberhub.com/js/bootstrap.js", "https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 590, "URL": 1312, "domain": 376, "FileHash-SHA256": 203 }, "indicator_count": 2481, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1459 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626acbf5b18bf4679059431e", "name": "BLNWX.COM", "description": "Users of the Internet Archive are being asked to login to the service to access the archive's archive, or PURL, and to view the Archive's collection of archived material. \u00c2\u00a31.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T17:16:37.507000", "tags": [ "error", "modulenotfound", "knew promise", "parseint", "date", "fsettimeout", "typeof module", "null", "plugin", "function", "copyright", "twitter", "bootstrap", "http", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "regexp", "pseudo", "child", "sufeffxa0", "class", "attr", "foundation", "close", "user login", "cancel", "close user", "complete", "come", "sign", "cancel toggle", "purl", "administration" ], "references": [ "xfe-IP-193.149.176.62-stix2-2.1-export.json", "xfe-URL-Purl.com-stix2-2.1-export.json", "xfe-URL-Easydns.com-stix2-2.1-export.json", "xfe-URL-creativecommons.org-stix2-2.1-export.json", "https://purl.archive.org/", "https://purl.archive.org/static/jquery/jquery.js", "https://purl.archive.org/static/bootstrap/js/bootstrap.js", "https://purl.archive.org/static/app.js", "xfe-URL-modernizr.com-stix2-2.1-export.json", "https://modernizr.com/js/build.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1905, "hostname": 707, "domain": 494, "FileHash-SHA256": 400 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1464 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626a8a564da0d5b27dc02619", "name": "App By Web", "description": "Israeli malware hosting", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T12:36:38.103000", "tags": [ "hebrew", "truetype", "woff2", "woff", "body", "fh5cooffcanvas", "function", "click", "main menu", "superfish var", "parallax", "offcanvas", "mobile menu", "animations var", "mstouchaction", "superfish menu", "plugin", "copyright", "joel birch", "dual", "fill", "touchaction", "y position", "hoverintent", "brian cherne", "param", "threshold", "mit license", "or selector", "author", "1parseint", "mark dalgleish", "http", "webkitopacity", "webkit", "khtmlopacity", "khtml", "typeof d", "error", "this", "caleb troughton", "typeof f", "adapter", "bootstrap", "javascript", "typeof c", "twitter", "focus", "azaz", "including", "this software", "but not", "limited to", "terms of", "open", "bsd license", "redistribution", "redistributions", "neither", "direct", "gc", "regexp", "typeof b", "pseudo", "child", "array", "width", "sufeffxa0", "class", "null", "date", "accept", "boolean", "modernizr", "custom build", "build", "afunction", "cfunction", "typeerror", "object", "documenttouch", "websocket", "string", "silk", "script", "arial", "edge", "iframe", "promise", "void", "android", "trident", "embed", "meta", "roboto", "term", "\u05d4\u05d6\u05de\u05e0\u05ea \u05de\u05d5\u05e0\u05d9\u05ea", "wtaxi", "wapp", "app by web ltd", "03-5115656", "03-5109109", "+97235115656", "\u05de\u05e2\u05e8\u05db\u05d5\u05ea \u05d4\u05e1\u05e2\u05d9\u05dd", "\u05db\u05e8\u05d8\u05d9\u05e1 \u05d0\u05e9\u05e8\u05d0\u05d9 \u05d1\u05de\u05d5\u05e0\u05d9\u05ea", "web ltd", "reserved" ], "references": [ "xfe-URL-appbyweb.net-stix2-2.1-export.json", "http://appbyweb.net/AppByWeb", "https://partner.googleadservices.com/gampad/cookie.js?domain=appbyweb.net&callback=_gfp_s_&client=ca-pub-2581829468247892", "https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/show_ads_impl_fy2019.js", "http://appbyweb.net/AppByWeb/js/modernizr-2.6.2.min.js", "http://appbyweb.net/AppByWeb/js/jquery.min.js", "http://appbyweb.net/AppByWeb/js/jquery.easing.1.3.js", "http://appbyweb.net/AppByWeb/js/bootstrap.min.js", "http://appbyweb.net/AppByWeb/js/jquery.waypoints.min.js", "http://appbyweb.net/AppByWeb/js/jquery.stellar.min.js", "http://appbyweb.net/AppByWeb/js/hoverIntent.js", "http://appbyweb.net/AppByWeb/js/superfish.js", "http://appbyweb.net/AppByWeb/js/main.js", "https://files.appbyweb.net/Fonts/OpenSansHebrew/font.css", "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2581829468247892&output=html&adk=1812271804&adf=3025194257&lmt=1651149220&plat=16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C32%3A32&format=0x0&url=http%3A%2F%2Fappbyweb.net%2FAppByWeb%2F&ea=0&pra=5&wgl=1&dt=1651149220376&bpp=1&bdt=121&idt=18&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De83d6067a4dac5b6-229192c549d200d1%3AT%3D1651148802%3ART%3D1651148802%3AS%3DALNI_MZSt9utXhYBHAIH9xwQp72WuxQxTw&nras=1&correlator=1655793633284&" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1554, "hostname": 533, "domain": 211, "FileHash-SHA256": 199 }, "indicator_count": 2497, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1464 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628e33df0169fe33f79b766b", "name": "Seems to be coming from space . Space malware? \u4e91\u9002\u914d(AllMobilize Inc.) --\u4f01\u4e1a\u6d4f\u89c8\u5668\u53ca\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u4f9b\u5e94\u5546 | \u4e91\u9002\u914d", "description": "AllMobilize, Amaze, and all its partners - all of them with the same name - are now available to use on Facebook, Twitter, Instagram and other social media platforms, including Facebook.", "modified": "2022-05-25T13:49:19.876000", "created": "2022-05-25T13:49:19.876000", "tags": [ "ebeef5", "dcdfe6", "e64552", "helvetica", "ffffff", "pingfang sc", "helveticaneue", "arial", "microsoft yahei", "45deg", "post", "sqdl", "sqhz", "eptyzj", "zjxcys", "doform", "modernizr", "typeradio", "tagnames", "boolean", "date", "array", "error", "typeof t", "dtft", "amaze ui", "function", "regexp", "d1dd2", "mstransitionend", "team", "android", "february", "april", "june", "august", "void", "null", "type", "elem", "index", "handle", "sizzle", "check", "target", "hooks", "prop", "copy", "class", "mark", "internal", "stack", "false", "code", "accept", "seed", "first", "body", "jquery", "pass", "bind", "core", "local", "verify", "done", "find", "inject", "possible", "hold", "trigger", "camel", "bubble", "window", "middle", "capture", "iframe", "fall", "stop", "panic", "back", "speed", "grab", "install", "open", "invalid request", "button", "input", "cpu os", "span", "label", "this", "trident", "pykey", "eventparams", "object", "event", "infinity", "pykeye", "string", "typeof", "typeof e", "typeof r", "typeof s", "typeof console", "contenttype", "number", "\u4e91\u9002\u914d\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u4e91\u9002\u914d\u8de8\u5c4f", "\u4e91\u9002\u914d\u7f51\u7ad9\u9002\u914d", "\u4e91\u9002\u914d\u8de8\u5c4f\u4e91", "\u4e91\u9002\u914d\u8de8\u5c4f\u5e94\u7528", "\u4f01\u4e1aoa\u79fb\u52a8\u5316\u3001\u4f01\u4e1a\u79fb\u52a8\u95e8\u6237\u3001\u79fb\u52a8\u5e94\u7528\u7ba1\u7406\u3001\u79fb\u52a8\u5e94\u7528\u5e73\u53f0", "xcloud", "amaze", "sdp enterplorer", "siebel domino", "siebel", "domino", "allmobilize", "apipc", "ui amaze" ], "references": [ "https://www.yunshipei.com/", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "https://fm.ipinyou.com/j/a.js", "https://www.yunshipei.com/assets/js/jquery.js", "https://www.yunshipei.com/assets/js/amazeui.min.js", "https://www.yunshipei.com/assets/js/app.min.js", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 652, "URL": 1482, "domain": 242, "FileHash-SHA256": 142, "FileHash-MD5": 3 }, "indicator_count": 2521, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1467 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62616627ee302d24b23523c3", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T14:11:51.629000", "tags": [ "tbody", "span", "thead", "tfoot", "multiple", "type", "href", "input", "halflings", "gradienttype1", "twitter", "false", "fontface", "fatface", "woff2", "u0259", "u1e001eff", "u2020", "u20a020ab", "u20ad20cf", "u2113", "u2c602c7f", "typesubmit", "function", "typeof c", "formdata", "this", "typeof define", "null", "typeof f", "object", "boolean", "typeof module", "error", "reflect", "math", "regexp", "number", "array", "typeerror", "string", "symbol", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "account", "open", "navitem", "text", "mainnav", "click", "blank", "copyright", "u0027", "value", "body", "firefox", "enum", "html", "msie", "applewebkit", "traceconsole", "form", "iframe", "legend", "nonmsdombrowser", "callbackindex", "callbackframeid", "eventtarget", "eventargument", "validation", "explorer", "target", "plugin", "bootstrap", "https", "conflict", "focus", "next", "trigger", "checkbox", "delta", "scroll", "sourceid", "date", "sessiontoken", "sessionexpires", "void", "rangeerror", "utf16", "illegal input", "global", "chrome", "opredge", "opera", "safari", "version", "sxa0", "browser", "typeof require", "dom node", "typeof d", "component", "typeof h", "bubble", "reduceright", "script", "typeof n", "jhnew ia", "gtm5sn6brv", "path", "host", "trackpageview", "gw8yd4p2eny", "select", "strong", "uint8array", "android", "verify", "stop", "enterprise", "widget", "window", "generator", "reload", "r300", "caca", "closure library", "xdfunction", "adfunction", "cdfunction", "ddfunction", "bded", "please", "typeemail", "email", "jarallaxinner", "webkit", "property", "transform", "trident", "edge", "ipodi", "ipadi", "androidi", "blackberryi", "windows phonei", "xfunction", "pfunction", "wfunction", "show navigation", "mjquery", "typeof", "defaulttype", "hidden", "show", "shown", "startr", "endr", "federico zivolo", "distributed", "mit license", "statict", "flip" ], "references": [ "xfe-IP-78.142.35.163-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export.json", "xfe-URL-4vendeta.com-stix2-2.1-export.json", "https://4vendeta.com/assets/js/jquery.min.js", "https://4vendeta.com/assets/js/popper.min.js", "https://4vendeta.com/assets/js/bootstrap.min.js", "https://4vendeta.com/assets/js/meanmenu.min.js", "https://4vendeta.com/assets/js/parallax.min.js", "https://4vendeta.com/assets/js/ajaxchimp.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-92521958-1", "https://www.googletagmanager.com/gtag/js?id=G-W8YD4P2ENY&l=dataLayer&cx=c", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5SN6BRV", "https://static.zdassets.com/ekr/snippet.js?key=7342b695-e394-4f25-89a0-da9d262a48da", "https://cp.enom.com/js/jquery-3.5.1.min.js", "https://cp.enom.com/responsive/_js/knockout-3.3.0.min.js", "https://cp.enom.com/js/global-functions.js", "https://cp.enom.com/js/punycode.min.js", "https://cp.enom.com/js/jquery.disableonsubmit.min.js", "https://cp.enom.com/js/jquery.cookie.min.js", "https://cp.enom.com/js/cart.minicart.min.js", "https://cp.enom.com/js/openWin.min.js", "https://cp.enom.com/js/jquery.jgrowl.min.js", "https://cp.enom.com/scripts/Session.min.js", "https://cp.enom.com/responsive/_js/init.min.js", "https://cp.enom.com/responsive/_js/bootstrap.js", "https://cp.enom.com/WebResource.axd?d=6rtXrDcnyiYD-9dFDFOkxTRcPVSrAN8fR-cHKzNqPTy7bHic-2LLMHDnielTzEI-sd1KplHrRBudcZJOm0-lxubO7k41&t=637453818340000000", "https://cp.enom.com/ScriptResource.axd?d=fVjQa-0YyNqO6JmV36bw6eBJdTjE2YSdtcunOWcKYcBNn73MOJKQA_rxX3YMhcxLTgyDsGTKy0p9NEPvxzpqEpBKtm3GLb2GgI1LFYMC0Xr2lh71ZCttzgNGFnc5mS_Fc_DY5UH0M19Mr958h1jvmK4kzAM1&t=363be08", "https://cp.enom.com/ScriptResource.axd?d=lDjPFfAIWSrEAVNgTHTrISQmLEFmHAaibvNJQuGRZDbWpGFPLrFwaGVpjCUsI6HkqzbpwmaAa0cJCrq8f0eqEvIsQM8lvN_dVYVyESnohON4oTvdMZHDmwG83uJA4m2oqykP8TTTSIeV2oaNrlIXaX8cOxC5Cv6aGmjpdB2u-227wdn30&t=363be08", "https://cdn.optimizely.com/js/26241557.js", "https://cp.enom.com/verisign-seal.htm", "https://cp.enom.com/global/TopMenu.ascx.js", "http://alp-vision.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "http://alp-vision.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "http://alp-vision.com/wp-content/cache/autoptimize/js/autoptimize_78b4f9b28399aa3c8a405e45931ad058.js", "http://alp-vision.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.6", "http://fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&subset=latin%2Ccyrillic&ver=5.7.6", "http://alp-vision.com/wp-content/themes/alp-vision/css/bootstrap.css?ver=1.0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2989, "hostname": 1208, "domain": 634, "FileHash-SHA256": 302 }, "indicator_count": 5133, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1471 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62618afdab12239895b96788", "name": "nocix malware Qe", "description": "\u00c2\u00a31.5m, \u00e2\u201a\u00ac2.4m \u00c3\u20ac\u00a6, is the source of a new version of the JavaScript code, which is being developed by the Apache web browser.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T16:49:01.885000", "tags": [ "font awesome", "license", "font", "sil ofl", "mit license", "woff2", "woff", "truetype", "fontawesome", "typeof e", "typeof symbol", "regexp", "hotjar", "typeof hj", "surveyv2", "surveyisolated", "heatmapviewer", "notification", "sentry", "number", "aa6060", "ui function", "e0e0e0", "eeeeee", "code for", "gauges function", "ui code", "abort", "worker", "allow", "body", "oldvalue", "transtion type", "datafield", "name", "minus", "plus", "ctrla", "click", "function", "error", "bootstrap", "javascript", "typeof c", "copyright", "twitter", "focus", "azaz", "typeof b", "width", "pseudo", "child", "null", "array", "sufeffxa0", "date", "class", "accept", "qe", "string", "uint8array", "fnumber", "xhfunction", "yhfunction", "aw701859743", "code", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "script", "typeerror", "symbol", "array int8array", "caregexp", "legacy" ], "references": [ "xfe-URL-Nocix.net-stix2-2.1-export.json", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.google-analytics.com/analytics.js", "https://www.googletagmanager.com/gtag/js?id=AW-701859743", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js", "https://www.nocix.net/js/bootstrap.min.js", "https://www.nocix.net/js/nocix.js", "https://www.nocix.net/speedtest/speedtest.js?r=4343", "https://static.hotjar.com/c/hotjar-596666.js?sv=5", "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qe", "display_name": "Qe", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 507, "URL": 1232, "domain": 170, "FileHash-SHA256": 125, "FileHash-MD5": 1 }, "indicator_count": 2035, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1471 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62606584633e2b9a3bc935b9", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "function s(t,e), o, is a new type of function, which throws new TypeError when it comes to trying to make a function out of its own language or its form.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T19:56:52.162000", "tags": [ "typeof t", "typeof define", "moztransform", "success", "error", "make sure", "stop", "ajax", "action", "click", "open", "active", "button", "toggle btn", "body", "scroll", "isotope", "preloader", "function", "javascript", "mit license", "typeof module", "gplv3", "license", "copyright", "metafizzy", "math", "typeof", "typeerror", "hidden", "show", "typeof n", "version", "hide", "focusin", "focusout", "shown", "startr", "endr", "federico zivolo", "distributed", "html", "statict", "flip", "regexp", "null", "void", "width", "object", "pseudo", "child", "class", "date", "accept", "webpackrequire", "name", "number", "arraybuffer", "iterator", "typedarray", "prototype", "string", "index", "meta", "target", "infinity", "zero", "epsilon", "observer", "android", "trim", "enumerate", "freeze", "internal", "bind", "window", "next", "find", "this", "rest", "middle", "canvas", "slidercaptcha", "createelement", "textdanger", "plugin", "rgba", "imagedata", "false", "touchstart", "trident", "applewebkit", "safari", "base", "presto", "gecko", "khtml", "micromessenger", "typeof e", "swiper", "most", "september", "customevent", "image", "typeof c", "twitter", "bootstrap", "rolemenu", "typeof f", "typeof g", "cookie plugin", "https", "klaus hartl", "register", "nodecommonjs", "factory", "jquery", "write", "typeof b", "array", "sufeffxa0", "attr", "\u706b\u7bad\u5185\u6d4b\u7b7e\u540d", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "push", "shift", "tencent", "barrio", "slice", "symbol", "typeof window", "maximum", "typeof symbol", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "ufe0fg", "ud83dudc6cud83c", "ud83dudc6dud83c", "welcome", "datav66d78640", "datav2f8052f5", "90deg", "datav5f1e575c", "datave97d7462", "helvetica neue", "helvetica", "10px", "pingfang sc", "arial", "45deg", "typenumber", "opacity0", "mozopacity0", "khtmlopacity0", "opacity100", "event", "boolean", "uint8array", "errordetails", "info", "checker", "generator", "blink", "keepalive", "4096", "unknown", "meteor", "rhino", "mini", "comment", "verify", "yeke", "codec", "media", "live", "speed", "headname", "axiostimeout", "apiurl", "bmi86hjtsk", "root", "length", "indexof", "x0ax20x20x20x20", "location", "0x10", "0x18", "history", "config", "cookie", "onload", "video", "afunction", "indexnotice", "sitehome", "x20trnf", "please", "strong" ], "references": [ "xfe-URL-sys95.com-stix2-2.1-export.json", "https://2001.habyc.com/?channelNo=2001#/home", "https://sdk.51.la/event/js-sdk-event.min.js?u=JdoUNv3VSW0GHUpw", "https://2001.habyc.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://sdk.51.la/js-sdk-pro.min.js", "https://2001.habyc.com/js/config.js", "xfe-URL-2001.habyc.com-stix2-2.1-export.json", "https://2001.habyc.com/static/js/chunk-vendors.9d7684f4.js", "xfe-URL-habyc.com-stix2-2.1-export.json", "https://2001.habyc.com/static/css/chunk-vendors.6a41b67e.css", "https://2001.habyc.com/static/css/app.88afcfd8.css", "https://2001.habyc.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://2001.dwlww.com/?channelNo=2001#/home", "https://2001.dwlww.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://2001.dwlww.com/js/config.js", "https://2001.dwlww.com/static/js/chunk-vendors.9d7684f4.js", "https://2001.dwlww.com/static/js/app.9d5d18d7.js", "https://2001.dwlww.com/static/css/chunk-vendors.6a41b67e.css", "https://2001.dwlww.com/static/css/app.88afcfd8.css", "https://2001.dwlww.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://www.tidio.com/talk/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://chatting.page/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://widget-v4.tidiochat.com/code/kv6vcosd7tmhsetmarsoawzaglejnny4.js", "https://m4244.com:35003/", "https://www.8098.app:21568/?agent=7691755704", "https://www.8098.app:21568/js/jquery-1.11.3.min.js", "https://www.8098.app:21568/js/xinstall_inner_e.min.js?v=1004", "https://app.ynsdty.cn//package/GmCC6WISh", "https://app.ynsdty.cn/dist/js/jquery.min.js", "https://app.ynsdty.cn/dist/js/jquery.cookie.js", "https://app.ynsdty.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://app.ynsdty.cn/dist/vendors/swiper/swiper.min.js", "https://app.ynsdty.cn/dist/js/app.base.js", "https://app.ynsdty.cn/dist/js/longbow.slidercaptcha.js", "https://app.ynsdty.cn/dist/vendors/core-js/core.js", "xfe-URL-sun.net.hk-stix2-2.1-export.json", "https://www.sunnetwork.com.sg/sun_21/js/vendor/jquery-3.5.0.min.js", "https://www.sunnetwork.com.sg/sun_21/js/popper.min.js", "https://www.sunnetwork.com.sg/sun_21/js/bootstrap.min.js", "https://www.sunnetwork.com.sg/sun_21/js/isotope.pkgd.min.js", "https://www.sunnetwork.com.sg/sun_21/js/imagesloaded.pkgd.min.js", "https://www.sunnetwork.com.sg/sun_21/js/main.js", "https://www.sunnetwork.com.sg/sun_21/js/ajax-form.js", "https://www.sunnetwork.com.sg/sun_21/js/slick.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 901, "URL": 5740, "hostname": 2218, "FileHash-SHA256": 1686, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625f86049cb1c945f7701075", "name": "Hetzner - malware hosting", "description": "function ar(aw,av,au,at) is a new type of tracking, which uses the same code as the Matomo tracking tool and its built-up functionality to track where a tracker is located.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T04:03:16.817000", "tags": [ "param", "locale", "return", "stripped", "regexp", "html", "lang", "lightweight", "dual", "javascript i18n", "entity", "body", "meta", "typeradio", "ttav", "width", "ttaelt", "shadowwidth", "tagtotip", "html element", "shadow", "closebtncolors", "fadein", "null", "sticky", "close", "false", "path", "config", "span", "iframe", "kill", "inside", "first", "typetext", "typepassword", "input", "typeof define", "typeof module", "html tags", "px20trnf", "dom element", "date", "this", "typeof e", "function", "left", "bottom", "nullt", "right", "next", "february", "april", "june", "august", "atom", "cookie", "back", "bounce", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "error", "captcha", "access site", "click", "strong", "ddos", "hetzner online", "gmbh element", "lztextlink", "script", "lzrscr", "scrb64d", "livezilladata", "ovlcwm", "activedocument", "lzsds", "lzsde", "lzsdeg", "cant load", "gv1023", "typecheckbox", "5deg", "20deg", "45deg", "2000px00", "2000px0", "10px00", "60px0", "mintime", "await", "number", "typeof n", "typeof symbol", "cookieconsent", "showcookiemodal", "cookie banner", "agree", "agreed", "expiresthu", "anchorregex", "typeerror", "swiper", "hammer", "bnm", "software", "azaz", "form", "void", "zert", "accept", "android", "trace", "import", "string", "please", "blob", "matomo", "post", "javascript", "link", "license" ], "references": [ "xfe-IP-136.243.64.87-stix2-2.1-export.json", "https://matomo.hetzner.com/matomo.js", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://accounts.hetzner.com/login", "https://accounts.hetzner.com/build/runtime.188fa053.js", "https://accounts.hetzner.com/build/755.5a8586e9.js", "https://accounts.hetzner.com/build/app.dc073715.js", "https://accounts.hetzner.com/build/802.3a7546ef.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ActiveDocument", "display_name": "ActiveDocument", "target": null }, { "id": "OVLCWM", "display_name": "OVLCWM", "target": null }, { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "BNM", "display_name": "BNM", "target": null } ], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2308, "hostname": 949, "FileHash-SHA256": 125, "domain": 372, "FileHash-SHA1": 3, "FileHash-MD5": 256 }, "indicator_count": 4013, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6256f92778c2f2177bdd4de9", "name": "\u9ad8\u5c71tv,\u9ad8\u5c71tv,\u9ad8\u5c71tv\u5f71\u9662,\u9ad8\u5c71tv\u770b\u7247\u7f51", "description": "Here is a full list of highlights from the Chinese TV series, which began in 2011 and has now been broadcast on Chinese television, online and mobile devices, and is now available to watch online.", "modified": "2022-05-13T00:03:35.765000", "created": "2022-04-13T16:24:07.391000", "tags": [ "date", "cnzzdata", "czuuid", "umdistinctid", "typeof symbol", "https", "zeno rocha", "typeof", "typeof define", "error", "array", "12863", "qrcode", "2g2g2h2h0g", "dhdh", "exptable", "logtable", "string", "typeof j", "regexp", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "function", "typeof module", "ahgr", "0x40", "h0x1", "mm32", "indexof", "length", "h0x0", "0x248", "h0x2", "0x17b", "webpackrequire", "webpackexports", "object", "default", "hn return", "importsnvar", "truennnn", "iostf", "android", "nvar", "clickdownload", "this", "path", "service", "roboto", "boolean", "number", "createnamespace", "n default", "nn return", "null", "click", "void", "istanbul", "false", "close", "window", "info", "target", "find", "footer", "delta", "generator", "cascade", "code", "trigger", "next", "arrow", "slice", "checkbox", "body", "green", "phase", "copy", "infinity", "middle", "open", "calendar", "flex", "fail", "shift", "super", "internal", "form", "locale", "spinner", "spin", "multi", "mask", "write", "flip", "logic", "patch", "abcd", "skew", "main", "rest", "trim", "dark", "canvas", "facebook", "executor", "span", "tips", "sticky", "uploader", "bind", "config", "startpage", "speed", "toolbar", "refresh", "done", "format", "cardinal", "outside", "install", "public", "github", "vuejs", "jump", "browser", "sign", "view", "sponsor", "github sponsors", "mit license", "contact", "star", "stars", "javascript", "please", "strong", "\u9ad8\u5c71tv", "\u9ad8\u5c71tv\u5f71\u9662", "\u9ad8\u5c71tv\u770b\u7247\u7f51", "hd 20210830", "hd mu", "hd heydouga", "poro", "tv tv", "hd ok", "hd fol", "hd nanami2", "hd \uff13", "hd 20210927" ], "references": [ "http://www.bbbbop13.com:1313/", "xfe-URL-hyqxsnjj.com-stix2-2.1-export.json", "https://web.op39v.xyz/?channelCode=pingguo", "https://github.com/vuejs/vue-devtools", "https://web.op39v.xyz/js/chunk-vendors.js", "https://web.op39v.xyz/js/chunk-common.js", "https://res-1257422681.file.myqcloud.com/assets/yeyue/boinstall.js", "https://cdn.staticfile.org/jquery/3.6.0/jquery.min.js", "https://cdn.staticfile.org/qrcodejs/1.0.0/qrcode.min.js", "https://cdn.staticfile.org/clipboard.js/2.0.8/clipboard.min.js", "https://s9.cnzz.com/z_stat.php?id=1280740152&web_id=1280740152", "https://c.cnzz.com/core.php?web_id=1280740152&t=z" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1374, "hostname": 563, "CVE": 1, "domain": 361, "FileHash-SHA256": 233, "FileHash-SHA1": 1, "FileHash-MD5": 1 }, "indicator_count": 2534, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1479 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625614852d13a468fd3f7ef9", "name": "Malware and bots", "description": "function se(t,e,n, r, n; if you want to know what type of document you are, you can use the new RegExp(M) to set it.", "modified": "2022-05-12T00:04:24.089000", "created": "2022-04-13T00:08:37.870000", "tags": [ "bygmo", "gmohd", "dx gmo", "nftadam", "iosandroid gmo", "csr sdgs", "english", "4444 gmo2020417", "developers gmo", "devsecopsthon", "tech", "font awesome", "free", "license", "cc by", "sil ofl", "code", "mit license", "brands", "fliph", "google", "import", "acbac1", "typeemail", "2deg", "1deg", "4deg", "css3", "animation cheat", "sheet", "justin aguilar", "questions", "slideexpandup", "expandup", "gradienttype0", "false", "copyright", "twitter", "f56505", "font", "font path", "woff", "truetype", "fontawesome", "unicode private", "tbody", "tfoot", "thead", "span", "multiple", "type", "href", "input", "halflings", "gradienttype1", "please", "function", "param", "method", "value", "target", "null", "array", "validator", "select", "checkbox", "date", "body", "error", "form", "meta", "class", "regexp", "typeof b", "width", "pseudo", "child", "sufeffxa0", "accept", "20px", "24px", "45deg", "typesubmit", "typenumber", "helvetica", "timelimit", "dialog", "content", "callback", "bodynoscroll", "click", "html", "confirm", "notice", "typeof e", "typeof t", "attr", "js foundation", "typeof module" ], "references": [ "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/jquery.min.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/dialog.min.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/common.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/css/public.css", "xfe-URL-c81e728d9d4c2f636f067f89cc14862c.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "http://downloads.mailchimp.com/js/jquery.form-n-validate.js", "http://imhrzluowdso.gq/i/css/bootstrap.css", "http://imhrzluowdso.gq/i/css/font-awesome.css", "http://imhrzluowdso.gq/i/css/bootstrap-theme.css", "http://imhrzluowdso.gq/i/css/animations.css", "http://imhrzluowdso.gq/i/css/style.css", "xfe-URL-imhrzluowdso.gq-stix2-2.1-export.json", "https://use.fontawesome.com/releases/v5.0.6/css/all.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1188, "domain": 214, "hostname": 427, "FileHash-SHA256": 168, "FileHash-MD5": 1, "FileHash-SHA1": 1, "email": 1 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1480 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6252f5fd2d3d29e0ac449f15", "name": "ReduceRight malware-", "description": "In e, a new RegExp, has been added to the list of properties that can be used to store information in a single place, as well as a \"sizzle\" on the side of the page.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-10T15:21:33.873000", "tags": [ "post", "regexp", "error parsing", "adresponse", "body", "typeof t", "ads returned", "bingapistraceid", "accept", "error", "azaz09", "date", "typeof e", "uint8array", "typeof module", "typeof define", "notset", "genericdata", "ipv4address", "ipv6address", "phonenumber", "reduceright", "number", "string", "g34x541384l", "r300", "copyright", "dafunction", "gafunction", "void", "function", "bootstrap", "javascript", "typeof c", "twitter", "mit license", "focus", "azaz", "this", "nullt", "bottom", "left", "html", "right", "width", "next", "february", "april", "june", "august", "null", "back", "bounce", "atom", "cookie", "close", "pseudo", "child", "sufeffxa0", "class", "attr" ], "references": [ "xfe-URL-tvsqpjwdni.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js", "https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js", "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js", "https://www.googletagmanager.com/gtag/js?id=G-34X541384L", "https://h6.msn.com/bingna/lib/aria-webjs-compact-sdk/aria-webjs-compact-sdk-1.2.1.min.js", "https://h6.msn.com/nativeads/ms-nativeads-airfind.min.js?date=2022310" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1106, "URL": 2043, "domain": 541, "FileHash-SHA256": 110 }, "indicator_count": 3800, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1482 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625088e80292028d4e82311c", "name": "Botnet-malware -lgmhgjm.com", "description": "The full list of names and names of people who have taken part in the 2016 Olympics and Paralympics in Rio de Janeiro, Brazil, as part of the Rio Games, and as well as the 2017 Olympics in Brazil.", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T19:11:36.165000", "tags": [ "function", "param", "object", "return", "webpackrequire", "constructor", "clipboard", "typeof", "symbol", "typeerror", "error", "click", "null", "copy", "factory", "super", "date", "target", "mustflag", "html", "applewebkit", "ipad", "mqqbrowser", "base", "trident", "presto", "gecko", "khtml", "ios android", "android", "array", "2f2f2i2i0f", "eh0g", "exptable", "logtable", "typeof h", "typeof e", "regexp", "typeof n", "typeof t", "width", "typeof r", "pseudo", "class", "this", "accept", "false", "https", "zeno rocha", "typeof define", "select", "input", "textarea", "0x455d", "0x34260b", "0x4ce9d1", "avge", "tung", "3ctz", "n33m", "0x514351", "hn4d", "0x70c2f4", "push", "shift", "baidu", "instanceof", "adjust", "body", "nulli", "windowi", "typeof jquery", "tthis", "mspointerdown", "child", "sfunction", "microsoft yahei", "arial", "x20trnf", "version", "swiper", "most", "copyright", "mit license", "october", "win32", "meta", "parsefloat", "androidgi", "iphonegi", "\u77ed\u89c6\u9891", "\u641e\u7b11\u89c6\u9891", "\u89c6\u9891\u5206\u4eab", "\u514d\u8d39\u89c6\u9891", "\u5728\u7ebf\u89c6\u9891", "\u9884\u544a\u7247", "wifi", "saol", "fc2ppv12518005", "oretd633riana01", "hodv sex", "orec37502", "06inn01", "siro2661ol2401", "garea742kou01", "175cm9av", "attr", "typeof symbol", "root", "length", "indexof", "x0ax20x20x20x20", "location", "math", "0x10", "0x18", "history", "config", "slice", "cookie", "open", "onload", "adunit", "refresh", "style", "position", "creativetplid", "show", "tcmod", "tcheight", "height", "yahei", "truetype", "f8f8f8", "typeof module", "reserved", "18hdxxxx\u4e2d\u56fd", "\u5973\u4e3b\u7a7f\u8d8a\u88ab\u8089\u6765\u8089\u53bbnp", "\u7537\u753718\u7981\u6c61\u8089\u56fe\u65e0\u7801", "\u65e0\u7801\u4e9a\u6d32\u6210a\u4eba\u7247\u5728\u7ebf\u89c2\u770b", "ore572s04", "ore572s03", "ore572s02", "ore572s01", "fc2ppv117430501", "cmi1513707", "cmi1513706", "cmi1513705", "cmi1513704", "cmi1513703", "\u514d\u8d39\u89c6\u9891\u7231\u7231\u592a\u723d\u4e86\u7f51\u7ad9_\u8001\u8272\u9b3c\u5728\u7ebf\u7cbe\u54c1\u89c6\u9891\u5728\u7ebf\u89c2\u770b_\u767d\u6d01\u4e00\u591c\u88ab\u723d\u4e86\u4e03\u6b21_\u5fd8\u4e86\u6234\u80f8\u7f69\u88ab\u540c\u5b66\u6478\u4e86\u4e00\u8282\u8bfe", "viewport" ], "references": [ "xfe-URL-lgmhgjm.com-stix2-2.0-export.json", "http://www.lgmhgjm.com/common.js", "http://www.lgmhgjm.com/tj.js", "http://www.sp385.com/", "http://avtv10.com", "http://9766.tv", "https://xc.6xc.tv/?channelCode=xiaosu03_8", "https://app.okoockec.xyz:8443/apps/v2/index1/0c1d6cd4e9634a3d?m=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiZzByUjNpMUczaEt0Sk5sZmVNSE44NEhjVDlDOVFTM2xEcm5pM1dIWG9UM1FBSklpR1phN01teTZOcjFxVVJIWVlhZnJPQkE9IiwiZXhwIjoxNjQ5NDQ0NDcyfQ.utSNnRI7C9FuWMUxhY4cufCJBIuHUk5vdk8Dj6WnXYs", "https://xc.6xc.tv/js/jquery-3.6.0.min.js", "https://xc.6xc.tv/css/index.css", "https://xctg07.cc/?channelCode=xiaosu03_8", "https://ad.abilm.info/bid?url=http%3A%2F%2Fkniveb.info%2F&frm=0&ref=http%3A%2F%2Fwww.sp385.com%2F&ic=1&pl=0&ml=0&sid=105:80:104:111:110:101:58:50:53:48:50:50:51:49:53:54:58:51:58:51:57:48:46:56:52:52&ps=20030107&lgs=0&zo=240&ws=390x844&gdm=0&iw=1&cpn=0&fid=5d80d32079e9fdb035e4886c32c6612e&hl=2&ihn=0&md=1&ns=undefined&np=undefined&pj=0&top=650&left=0&id=47&rid=ec5a07ef8f3e3f2c25ba75c7da106dcc&dcc=&dcl=&gvd=Apple%20Inc.&grr=Apple%20GPU&ct=unknown&diit=&dit=&cmn=", "http://sdk.51.la/js-sdk-pro.min.js", "http://sdk.51.la/event/js-sdk-event.min.js?u=JYWHYgTN1B6iZ5P2", "http://kniveb.info/template/9c/ads/gonggao.js", "http://kniveb.info/", "https://koban360.com/ky/?shareName=1736.com", "https://koban360.com/ky/js/flexible.js", "https://koban360.com/ky/js/swiper.min.js", "https://koban360.com/ky/js/jquery.min.js", "https://koban360.com/ky/css/m.css?vs=1.7", "https://libs.baidu.com/jquery/2.0.0/jquery.min.js", "https://xbt.0lunwen.com/3/js/flexible.js", "https://xbt.0lunwen.com/boinstall.js", "https://miaouuuc.com/?channelCode=852890&aid=852890", "https://miaouuuc.com/template/static/js/clipborad.min.js", "https://am96.vip/", "https://unpkg.com/jquery-1.10.2@1.10.2/jquery-1.10.2.min.js", "https://unpkg.com/jquery.qrcode@1.0.3/jquery.qrcode.min.js", "https://www.gootft.com/js/app.base.js;jsessionid=20F7490B81FBD25B0DE24EE1076D230D", "https://www.gootft.com/js/poplayer.js;jsessionid=20F7490B81FBD25B0DE24EE1076D230D", "https://unpkg.com/clipboard@2.0.8/dist/clipboard.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 482, "URL": 1383, "FileHash-SHA256": 104, "domain": 199, "FileHash-MD5": 2, "FileHash-SHA1": 1 }, "indicator_count": 2171, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1484 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6249814713d29e4f994fc037", "name": "Botnet", "description": "function ra(a,b,c,d,e,f, a new type of node, which can only be defined by its own type, is the same as its current type.", "modified": "2022-05-03T00:01:26.398000", "created": "2022-04-03T11:13:11.584000", "tags": [ "hide", "regexp", "enter", "date", "arrowup", "down", "arrowdown", "left", "arrowleft", "right", "blank", "typeof e", "function", "arraybuffer", "promise", "matt zabriskie", "typeof", "typeof define", "array", "typeof formdata", "error", "null", "typeof console", "mit license", "object", "tfunction", "knew t", "qfunction", "typeof window", "typeof r", "string", "azaz", "button", "vnode", "number", "backspace", "uint8array", "typeof t", "typeof location", "blob", "typeof symbol", "typeof n", "javascript", "please", "strong", "tbody", "span", "thead", "tfoot", "typecheckbox", "typeradio", "href", "typesearch", "typedate", "typetime", "twitter", "applewebkit", "gecko", "khtml", "safari", "mac os", "alert", "base", "trident", "presto", "android", "webpackrequire", "name", "iterator", "typedarray", "prototype", "index", "meta", "target", "infinity", "zero", "epsilon", "observer", "trim", "enumerate", "freeze", "internal", "bind", "window", "next", "find", "this", "rest", "middle", "sweetalert2", "yfunction", "boolean", "cancel", "typeof document", "n okn", "canceln n", "cfunction", "typeof c", "copyright", "bootstrap", "rolemenu", "typeof f", "typeof g", "cookie plugin", "https", "klaus hartl", "register", "nodecommonjs", "factory", "jquery", "write", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr" ], "references": [ "https://app.fanzhi.xyz/dist/js/jquery.min.js", "https://app.fanzhi.xyz/dist/js/jquery.cookie.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/js/bootstrap.min.js", "https://pv.sohu.com/cityjson?ie=utf-8", "https://app.fanzhi.xyz/dist/vendors/sweetalert2/sweetalert2.min.js", "https://app.fanzhi.xyz/dist/vendors/core-js/core.js", "https://app.fanzhi.xyz/dist/js/app.base.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/css/bootstrap.min.css", "https://app.fanzhi.xyz/dist/css/vip.css", "https://fengweics.com/", "https://kf.cdsanheli.com/online.html?cid=e3e6922f27c54ad485cf59aee1204615", "https://kf.cdsanheli.com/js/socket.io.min.js", "https://kf.cdsanheli.com/js/vue.min.js", "https://kf.cdsanheli.com/js/vue-i18n.min.js", "https://kf.cdsanheli.com/js/axios.min.js", "https://kf.cdsanheli.com/js/online.3de8ba00.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1547, "domain": 246, "hostname": 619, "FileHash-SHA256": 124, "CVE": 2 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1489 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6249814433d08ebcfc2b6e2a", "name": "Botnet", "description": "function ra(a,b,c,d,e,f, a new type of node, which can only be defined by its own type, is the same as its current type.", "modified": "2022-05-03T00:01:26.398000", "created": "2022-04-03T11:13:08.540000", "tags": [ "hide", "regexp", "enter", "date", "arrowup", "down", "arrowdown", "left", "arrowleft", "right", "blank", "typeof e", "function", "arraybuffer", "promise", "matt zabriskie", "typeof", "typeof define", "array", "typeof formdata", "error", "null", "typeof console", "mit license", "object", "tfunction", "knew t", "qfunction", "typeof window", "typeof r", "string", "azaz", "button", "vnode", "number", "backspace", "uint8array", "typeof t", "typeof location", "blob", "typeof symbol", "typeof n", "javascript", "please", "strong", "tbody", "span", "thead", "tfoot", "typecheckbox", "typeradio", "href", "typesearch", "typedate", "typetime", "twitter", "applewebkit", "gecko", "khtml", "safari", "mac os", "alert", "base", "trident", "presto", "android", "webpackrequire", "name", "iterator", "typedarray", "prototype", "index", "meta", "target", "infinity", "zero", "epsilon", "observer", "trim", "enumerate", "freeze", "internal", "bind", "window", "next", "find", "this", "rest", "middle", "sweetalert2", "yfunction", "boolean", "cancel", "typeof document", "n okn", "canceln n", "cfunction", "typeof c", "copyright", "bootstrap", "rolemenu", "typeof f", "typeof g", "cookie plugin", "https", "klaus hartl", "register", "nodecommonjs", "factory", "jquery", "write", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr" ], "references": [ "https://app.fanzhi.xyz/dist/js/jquery.min.js", "https://app.fanzhi.xyz/dist/js/jquery.cookie.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/js/bootstrap.min.js", "https://pv.sohu.com/cityjson?ie=utf-8", "https://app.fanzhi.xyz/dist/vendors/sweetalert2/sweetalert2.min.js", "https://app.fanzhi.xyz/dist/vendors/core-js/core.js", "https://app.fanzhi.xyz/dist/js/app.base.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/css/bootstrap.min.css", "https://app.fanzhi.xyz/dist/css/vip.css", "https://fengweics.com/", "https://kf.cdsanheli.com/online.html?cid=e3e6922f27c54ad485cf59aee1204615", "https://kf.cdsanheli.com/js/socket.io.min.js", "https://kf.cdsanheli.com/js/vue.min.js", "https://kf.cdsanheli.com/js/vue-i18n.min.js", "https://kf.cdsanheli.com/js/axios.min.js", "https://kf.cdsanheli.com/js/online.3de8ba00.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1547, "domain": 246, "hostname": 619, "FileHash-SHA256": 124, "CVE": 2 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1489 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62276abfaa65cd33f64331f8", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-08T14:39:59.235000", "tags": [ "march", "lookup go", "rescan add", "verdict report", "de summary", "http", "redirects links", "behaviour", "similar dom", "content api", "value", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "motor vehicle", "aqb1", "eventsevent10", "meta", "show", "download go", "full url", "reverse dns", "resource", "windows nt", "win64", "khtml", "gecko", "response", "main", "milan", "apache", "paris", "accept" ], "references": [ "TarrantCounty3df.pdf", "TarantCounty2df.pdf", "TarrantCounty4df.pdf", "TarrantCounty5df.pdf", "tarrant23df.pdf", "TarrantCounty1df.pdf", "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "TarrantCounty6df.pdf", "TarrantCounty7df.pdf", "TarrantCounty10df.pdf", "TarrantCounty9df.pdf", "TarrantCounty17df.pdf", "TarrantCounty15df.pdf", "TarrantCounty12df.pdf", "TarrantCounty14df.pdf", "tarrantcounty8df.pdf", "TarrantCounty18df.pdf", "TarrantCounty19df.pdf", "TarrantCounty21df.pdf", "tarrantcounty22df.pdf", "TarrantCounty20df.pdf", "tarrantcountydf.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4134, "hostname": 1607, "domain": 838, "FileHash-SHA256": 1078, "FileHash-SHA1": 2, "email": 3, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62497a9c72edc277fb20e52f", "name": "'+titlestr+'", "description": "If you want to see what is going on at this time of year, spare a thought for T.t.m.T.g.ts.com; T-t=t,", "modified": "2022-04-03T10:44:44.074000", "created": "2022-04-03T10:44:44.074000", "tags": [ "typeof t", "typeof symbol", "nthis", "msger", "typeof e", "image", "error", "typeerror", "new date", "codeverify", "0xa60881", "0x1e0610", "0x489cca", "0x4d5bd1", "0x1a7a9a", "0x3145fc", "0x2d9acb", "0xbf1b3e", "0x47699d", "push", "shift", "date", "cookie", "slice", "open", "code", "path", "info", "null", "this", "webpackrequire", "othis", "object", "array", "executor", "canvas", "function", "slidercaptcha", "createelement", "textdanger", "plugin", "rgba", "imagedata", "false", "touchstart", "trident", "click", "typeof", "typeof define", "typeof c", "copyright", "twitter", "bootstrap", "rolemenu", "typeof f", "typeof g", "james levine", "udid", "x61x70x70x6cx79", "azaz", "0x5372", "0x19", "0x3de55b", "0x24a5d4", "0x5c", "0x19c89f", "0x2f1b4a", "0x4d1e1f", "0x1a", "0x29", "window", "honor", "root", "length", "indexof", "x0ax20x20x20x20", "location", "math", "0x10", "0x18", "history", "config", "onload", "android", "regexp", "x20trnf", "class", "attr", "pseudo", "child", "swiper", "most", "mit license", "january", "typeof b", "sufeffxa0", "void", "typeof n", "appappapp", "next", "toh5", "channelcode", "androidos", "linux", "ipad", "macintosh", "promise", "xmlhttprequest", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "tencent", "barrio", "width", "accept", "cnzzdata", "czuuid", "umdistinctid", "version", "october", "win32", "name", "html", "meta", "viewport" ], "references": [ "http://www.laijcm.com/common.js", "http://www.laijcm.com/tj.js", "http://kk164.xyz/", "https://x4707.com:5443/?register=1", "https://6112.hnsstjc.com/a002/xpjtz.php", "https://6112.hnsstjc.com/a002/js/fontSize.js", "https://6112.hnsstjc.com/a002/js/jquery-1.8.3.min.js", "https://6112.hnsstjc.com/a002/js/swiper.min.js", "https://6112.hnsstjc.com/a002/xpj.php", "https://www.xvsgwa.com/qz1IJUpc.html", "https://c.cnzz.com/core.php?web_id=1280875449&t=z", "https://s9.cnzz.com/z_stat.php?id=1280875449&web_id=1280875449", "https://www.bibo14.app:2611/js/jquery-1.11.3.min.js", "https://www.bibo14.app:2611/js/cncc.js", "https://www.bibo14.app:2611/js/xinstall_inner_e.min.js?v=1004", "https://www.bibo14.app:2611/js/down.js?v=1022", "https://www.bibo14.app:2611/css/h5/reset.css", "https://www.dongtiankuangye.com/a002/config.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.js", "https://www.dongtiankuangye.com/a002/js/libs/jquery-1.12.4/jquery-1.12.4.min.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.css", "https://pojd783.cc:8443/index.html?shareName=pojd783.cc", "https://sdk.51.la/event/js-sdk-event.min.js?u=Je0ztO5GuwfJ6eip", "https://sdk.51.la/js-sdk-pro.min.js", "https://pojd783.cc:8443/js/sharetrace.min.js", "https://js112.oss-accelerate.aliyuncs.com/os.js", "https://ty66as.jxdysw.cn/1whpv", "https://ty66as.jxdysw.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://ty66as.jxdysw.cn/dist/vendors/clipboard/clipboard.min.js", "https://ty66as.jxdysw.cn/dist/captcha/disk/slidercaptcha.js", "https://ssl.captcha.qq.com/TCaptcha.js", "https://cstaticdun.126.net/load.min.js?t=202007291602", "https://t.captcha.qq.com/template/drag_ele.html?t=1648982190651", "https://captcha.gtimg.com/1/tcaptcha-frame.db8b9289.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1528, "hostname": 543, "domain": 209, "FileHash-SHA256": 127, "email": 1, "FileHash-MD5": 4 }, "indicator_count": 2412, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1519 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://www.sunnetwork.com.sg/sun_21/js/isotope.pkgd.min.js", "xfe-URL-Eonix.net-stix2-2.1-export.json", "https://sdk.51.la/event/js-sdk-event.min.js?u=JdoUNv3VSW0GHUpw", "process_list.txt", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "https://purl.archive.org/static/bootstrap/js/bootstrap.js", "http://alp-vision.com/wp-content/themes/alp-vision/css/bootstrap.css?ver=1.0", "https://web.op39v.xyz/?channelCode=pingguo", "https://app.fanzhi.xyz/dist/vendors/sweetalert2/sweetalert2.min.js", "https://2001.habyc.com/js/config.js", "https://widget.intercom.io/widget/rbc8ok9w", "https://static.zdassets.com/ekr/snippet.js?key=7342b695-e394-4f25-89a0-da9d262a48da", "https://app.okoockec.xyz:8443/apps/v2/index1/0c1d6cd4e9634a3d?m=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiZzByUjNpMUczaEt0Sk5sZmVNSE44NEhjVDlDOVFTM2xEcm5pM1dIWG9UM1FBSklpR1phN01teTZOcjFxVVJIWVlhZnJPQkE9IiwiZXhwIjoxNjQ5NDQ0NDcyfQ.utSNnRI7C9FuWMUxhY4cufCJBIuHUk5vdk8Dj6WnXYs", "auto_home", "https://www.fiberhub.com/js/bootstrap.js", "https://chatting.page/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://cp.enom.com/responsive/_js/bootstrap.js", "https://cp.enom.com/ScriptResource.axd?d=lDjPFfAIWSrEAVNgTHTrISQmLEFmHAaibvNJQuGRZDbWpGFPLrFwaGVpjCUsI6HkqzbpwmaAa0cJCrq8f0eqEvIsQM8lvN_dVYVyESnohON4oTvdMZHDmwG83uJA4m2oqykP8TTTSIeV2oaNrlIXaX8cOxC5Cv6aGmjpdB2u-227wdn30&t=363be08", "https://2001.habyc.com/static/js/chunk-vendors.9d7684f4.js", "http://imhrzluowdso.gq/i/css/font-awesome.css", "TarrantCounty7df.pdf", "https://www.bibo14.app:2611/js/cncc.js", "xfe-URL-Hush.com-stix2-2.1-export.json", "https://www.hushmail.com/shared/javascript/jquery-3.5.1.min.js", "https://2001.habyc.com/static/css/app.88afcfd8.css", "LDAP.tbd", "http://appbyweb.net/AppByWeb/js/modernizr-2.6.2.min.js", "usbDevices.csv", "https://www.nocix.net/js/nocix.js", "bootmin-2013092601 2.js", "https://d.adroll.com/pixel/LZLVHVDGLRC6BEJRRIQDVW/HBKRUDDSQJCU7GD5KH3RWC?adroll_fpc=fd1d5ad32fd771b6d89af530ec6ca1cf-1651601137287&arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&pv=14491019928.1296&cookie=&adroll_s_ref=&keyw=", "https://2001.dwlww.com/?channelNo=2001#/home", "https://www.8098.app:21568/js/xinstall_inner_e.min.js?v=1004", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/css/public.css", "TarrantCounty14df.pdf", "https://2001.dwlww.com/js/config.js", "protocols", "https://www.sunnetwork.com.sg/sun_21/js/bootstrap.min.js", "ntp_opendirectory.conf", "https://2001.habyc.com/?channelNo=2001#/home", "rc.netboot", "https://cp.enom.com/js/openWin.min.js", "https://www.virustotal.com/static/js/base.min-2013121902.js", "x86_64-apple-ios-macabi.swiftinterface", "networks", "https://koban360.com/ky/?shareName=1736.com", "https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js", "http://fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&subset=latin%2Ccyrillic&ver=5.7.6", "https://accounts.hetzner.com/build/runtime.188fa053.js", "sudoers", "https://sdk.51.la/js-sdk-pro.min.js", "MCSession.h", "rmtab", "xfe-URL-2001.habyc.com-stix2-2.1-export.json", "http://kniveb.info/", "main.cf.default", "TarantCounty2df.pdf", "https://h6.msn.com/bingna/lib/aria-webjs-compact-sdk/aria-webjs-compact-sdk-1.2.1.min.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.js", "xfe-URL-versaweb.com-stix2-2.1-export.json", "https://user.aquanx.com/clientarea.php", "https://app.ynsdty.cn/dist/vendors/swiper/swiper.min.js", "xfe-URL-hyqxsnjj.com-stix2-2.1-export.json", "users.csv", "csh.cshrc", "https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js", "http://www.bbbbop13.com:1313/", "TarrantCounty3df.pdf", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/jquery.min.js", "https://app.fanzhi.xyz/dist/vendors/core-js/core.js", "http://alp-vision.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.6", "https://use.fontawesome.com/releases/v5.0.6/css/all.css", "http://sdk.51.la/event/js-sdk-event.min.js?u=JYWHYgTN1B6iZ5P2", "TarrantCounty15df.pdf", "tarrantcountydf.pdf", "https://xbt.0lunwen.com/3/js/flexible.js", "https://cp.enom.com/js/punycode.min.js", "https://widget.wickedreports.com/widget.js", "resolv.conf", "https://www.google-analytics.com/analytics.js", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://ty66as.jxdysw.cn/dist/vendors/clipboard/clipboard.min.js", "MCError.h", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "https://m4244.com:35003/", "security_status.txt", "https://cp.enom.com/js/jquery-3.5.1.min.js", "arm64e-apple-ios-macabi.swiftinterface", "kexts.txt", "https://s9.cnzz.com/z_stat.php?id=1280740152&web_id=1280740152", "https://accounts.hetzner.com/login", "http://www.sp385.com/", "https://am96.vip/", "command_args.json", "https://cp.enom.com/responsive/_js/init.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-1837381-13", "http://appbyweb.net/AppByWeb/js/jquery.stellar.min.js", "https://www.cloudron.io/3rdparty/jquery-1.11.0.js", "nfs.conf", "https://www.bibo14.app:2611/js/jquery-1.11.3.min.js", "https://cp.enom.com/js/jquery.disableonsubmit.min.js", "smb.conf", "https://koban360.com/ky/js/flexible.js", "ldap.h", "hook_op_check.h", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "https://www.xvsgwa.com/qz1IJUpc.html", "xfe-URL-Purl.com-stix2-2.1-export.json", "https://unpkg.com/jquery-1.10.2@1.10.2/jquery-1.10.2.min.js", "https://app.fanzhi.xyz/dist/js/jquery.cookie.js", "http://www.laijcm.com/tj.js", "xfe-URL-4vendeta.com-stix2-2.1-export.json", "https://www.gootft.com/js/app.base.js;jsessionid=20F7490B81FBD25B0DE24EE1076D230D", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js", "manpaths", "dbd_xsh.h", "bashrc", "Info.plist", "https://unpkg.com/clipboard@2.0.8/dist/clipboard.js", "https://2001.dwlww.com/static/css/chunk-vendors.6a41b67e.css", "kern_loader.conf", "https://cstaticdun.126.net/load.min.js?t=202007291602", "https://6112.hnsstjc.com/a002/js/jquery-1.8.3.min.js", "https://2001.habyc.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://4vendeta.com/assets/js/popper.min.js", "https://6112.hnsstjc.com/a002/xpj.php", "http://kk164.xyz/", "APConfigurationSystem.tbd", "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js", "https://js.hscollectedforms.net/collectedforms.js", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "afpovertcp.cfg", "https://accounts.hetzner.com/build/802.3a7546ef.js", "https://app.ynsdty.cn/dist/js/longbow.slidercaptcha.js", "TarrantCounty12df.pdf", "http://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k", "Admin.tbd", "https://4vendeta.com/assets/js/jquery.min.js", "virtual", "https://4vendeta.com/assets/js/bootstrap.min.js", "launchdaemons.txt", "ga.js", "Driver_xst.h", "https://cdn.staticfile.org/qrcodejs/1.0.0/qrcode.min.js", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://www.virustotal.com/static/js/bootmin-2013092601.js", "https://www.googleadservices.com/pagead/conversion_async.js", "xfe-URL-Intercom.io-stix2-2.1-export.json", "https://www.yunshipei.com/", "systemControls.csv", "xtab", "https://www.cloudron.io/3rdparty/angular-base64.min.js", "https://ssl.captcha.qq.com/TCaptcha.js", "https://2001.habyc.com/static/css/chunk-vendors.6a41b67e.css", "https://koban360.com/ky/js/swiper.min.js", "launchD.csv", "https://4vendeta.com/assets/js/parallax.min.js", "http://alp-vision.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "xfe-URL-modernizr.com-stix2-2.1-export.json", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861725881&ids%5B%5D=431115301", "https://www.bibo14.app:2611/css/h5/reset.css", "x86_64-apple-macos.swiftinterface", "transport", "https://analytics.cloudron.io/piwik.js", "xfe-URL-sys95.com-stix2-2.1-export.json", "TarrantCounty10df.pdf", "https://cp.enom.com/js/jquery.cookie.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-33008870-1", "xfe-IP-193.149.176.62-stix2-2.1-export.json", "https://t.captcha.qq.com/template/drag_ele.html?t=1648982190651", "module.modulemap", "irbrc", "main.cf", "https://www.yunshipei.com/assets/js/amazeui.min.js", "https://4vendeta.com/assets/js/ajaxchimp.min.js", "https://2001.habyc.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://www.sunnetwork.com.sg/sun_21/js/slick.min.js", "xfe-IP-78.142.35.163-stix2-2.1-export.json", "xfe-URL-sun.net.hk-stix2-2.1-export.json", "notify.conf", "AOSKit.tbd", "https://6112.hnsstjc.com/a002/js/fontSize.js", "https://unpkg.com/jquery.qrcode@1.0.3/jquery.qrcode.min.js", "https://2001.dwlww.com/static/js/chunk-vendors.9d7684f4.js", "http://imhrzluowdso.gq/i/css/animations.css", "https://pojd783.cc:8443/js/sharetrace.min.js", "https://www.cloudron.io/3rdparty/angular-route.min.js", "pf.os", "http://imhrzluowdso.gq/i/css/bootstrap.css", "custom-error.html", "dbixs_rev.h", "bounce.cf.default", "https://static.hotjar.com/c/hotjar-596666.js?sv=5", "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "diskEncryption.csv", "https://fm.ipinyou.com/j/a.js", "ttys", "https://www.8098.app:21568/js/jquery-1.11.3.min.js", "https://web.op39v.xyz/js/chunk-vendors.js", "MultipeerConnectivity.tbd", "https://koban360.com/ky/css/m.css?vs=1.7", "https://cp.enom.com/WebResource.axd?d=6rtXrDcnyiYD-9dFDFOkxTRcPVSrAN8fR-cHKzNqPTy7bHic-2LLMHDnielTzEI-sd1KplHrRBudcZJOm0-lxubO7k41&t=637453818340000000", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "version.plist", "tarrant23df.pdf", "https://pv.sohu.com/cityjson?ie=utf-8", "https://script.tapfiliate.com/tapfiliate.js", "DBIXS.h", "https://app.ynsdty.cn/dist/js/app.base.js", "dbi_sql.h", "TarrantCounty6df.pdf", "MCNearbyServiceAdvertiser.h", "bootstrap.min.css", "https://www.hushmail.com/javascriptinclude/eNpNzEEOQDAQQNEbtVoM7Sks7GXopB0pkQ5xfWJl-5P3JWGh4AvukSRzoKKtqlWlf0Wt4k3rnG2g641Pl6QNOU83zcIn-QMj6ZHpHQ2FF97jiHOmj0ED4FxfwQOf9yPU.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://cdn.staticfile.org/jquery/3.6.0/jquery.min.js", "http://alp-vision.com/wp-content/cache/autoptimize/js/autoptimize_78b4f9b28399aa3c8a405e45931ad058.js", "http://kniveb.info/template/9c/ads/gonggao.js", "https://cp.enom.com/js/cart.minicart.min.js", "https://x4707.com:5443/?register=1", "bootmin-2013092601.js", "http://www.lgmhgjm.com/tj.js", "http://www.laijcm.com/common.js", "https://serverhub.com/modules/system/assets/js/framework.js", "https://www.cloudron.io/index.js", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://widget-v4.tidiochat.com/code/kv6vcosd7tmhsetmarsoawzaglejnny4.js", "http://www.lgmhgjm.com/common.js", "https://cp.enom.com/responsive/_js/knockout-3.3.0.min.js", "mail.rc", "mounts.txt", "https://4vendeta.com/assets/js/meanmenu.min.js", "csh.logout", "http://downloads.mailchimp.com/js/jquery.form-n-validate.js", "https://www.cloudron.io/3rdparty/angular-loader.min.js", "https://2001.dwlww.com/static/css/app.88afcfd8.css", "https://www.bibo14.app:2611/js/down.js?v=1022", "xfe-IP-76.164.203.68-stix2-2.1-export.json", "https://xbt.0lunwen.com/boinstall.js", "MultipeerConnectivity.apinotes", "https://js.hsleadflows.net/leadflows.js", "sudo_lecture", "https://pojd783.cc:8443/index.html?shareName=pojd783.cc", "https://c.cnzz.com/core.php?web_id=1280875449&t=z", "http://appbyweb.net/AppByWeb/js/main.js", "xfe-URL-habyc.com-stix2-2.1-export.json", "xfe-URL-raksmart.com-stix2-2.1-export.json", "generic", "https://www.sunnetwork.com.sg/sun_21/js/imagesloaded.pkgd.min.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "https://www.nocix.net/js/bootstrap.min.js", "https://www.hushmail.com/javascriptinclude/eNrLKC3OyE3MzIkvT00qzixJtSpITE_V98lPz8xzyy_K1csqtjI0MzK2MDcwsbS0ysCq2qkov7w4tSi4JLGkGFUDAF_tIM0,.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://app.fanzhi.xyz/dist/js/app.base.js", "https://2001.dwlww.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://accounts.hetzner.com/build/755.5a8586e9.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://kf.cdsanheli.com/js/vue-i18n.min.js", "https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=4bdc496b000064000505a89d#locale=en-US&styleHeight=28px&styleWidth=100%25&theme=light", "csh.login", "rpc", "group", "https://www.sunnetwork.com.sg/sun_21/js/vendor/jquery-3.5.0.min.js", "xfe-URL-Enom.com-stix2-2.1-export.json", "https://cp.enom.com/global/TopMenu.ascx.js", "rtadvd.conf", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "AppleFirmwareUpdate.tbd", "battery.csv", "http://9766.tv", "https://www.virustotal.com/en/file/undefined/analysis/", "https://kf.cdsanheli.com/js/socket.io.min.js", "https://www.cloudron.io/3rdparty/slick.js", "chromeExtensions.csv", "MCAdvertiserAssistant.h", "launchagents.txt", "sipConfig.csv", "interfaceAddrs.csv", "xfe-URL-c81e728d9d4c2f636f067f89cc14862c.com-stix2-2.1-export.json", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "https://purl.archive.org/", "https://www.sunnetwork.com.sg/sun_21/js/ajax-form.js", "https://www.sunnetwork.com.sg/sun_21/js/main.js", "AirPlayReceiver.tbd", "http://imhrzluowdso.gq/i/css/style.css", "TarrantCounty4df.pdf", "auto_master", "https://www.googletagmanager.com/gtag/js?id=AW-701859743", "http://www.versaweb.com/css/1024.css", "MCBrowserViewController.h", "https://kf.cdsanheli.com/online.html?cid=e3e6922f27c54ad485cf59aee1204615", "https://accounts.hetzner.com/build/app.dc073715.js", "https://www.cloudron.io/3rdparty/angular.min.js", "https://6112.hnsstjc.com/a002/xpjtz.php", "https://cp.enom.com/js/global-functions.js", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "https://app.ynsdty.cn//package/GmCC6WISh", "xfe-URL-fiberhub.com-stix2-2.1-export.json", "https://xc.6xc.tv/js/jquery-3.6.0.min.js", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "https://modernizr.com/js/build.js", "https://www.googletagmanager.com/gtag/js?id=G-34X541384L", "https://files.appbyweb.net/Fonts/OpenSansHebrew/font.css", "TarrantCounty18df.pdf", "http://appbyweb.net/AppByWeb/js/bootstrap.min.js", "xfe-URL-appbyweb.net-stix2-2.1-export.json", "TarrantCounty21df.pdf", "https://kf.cdsanheli.com/js/online.3de8ba00.js", "TarrantCounty9df.pdf", "https://www.dongtiankuangye.com/a002/js/libs/jquery-1.12.4/jquery-1.12.4.min.js", "https://kf.cdsanheli.com/js/vue.min.js", "https://app.ynsdty.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://s9.cnzz.com/z_stat.php?id=1280875449&web_id=1280875449", "https://www.yunshipei.com/assets/js/app.min.js", "https://www.cloudron.io/3rdparty/bootstrap.min.css", "https://captcha.gtimg.com/1/tcaptcha-frame.db8b9289.js", "ntp.conf", "find.codes", "user_launchagents.txt", "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css", "https://koban360.com/ky/js/jquery.min.js", "makedefs.out", "https://www.yunshipei.com/assets/js/jquery.js", "pf.conf", "https://aquanx.com/js/bootstrap.js", "asl.conf", "https://cp.enom.com/verisign-seal.htm", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json", "https://sdk.51.la/event/js-sdk-event.min.js?u=Je0ztO5GuwfJ6eip", "mounts.csv", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "index.html.en", "http://alp-vision.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "shells", "https://h6.msn.com/nativeads/ms-nativeads-airfind.min.js?date=2022310", "https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js", "https://6112.hnsstjc.com/a002/js/swiper.min.js", "xfe-URL-lgmhgjm.com-stix2-2.0-export.json", "https://ty66as.jxdysw.cn/1whpv", "https://c.cnzz.com/core.php?web_id=1280740152&t=z", "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9/641e30763dcad56bc2075661", "http://sdk.51.la/js-sdk-pro.min.js", "tarrantcounty22df.pdf", "https://app.ynsdty.cn/dist/js/jquery.min.js", "xfe-URL-Nocix.net-stix2-2.1-export.json", "disk_structure.txt", "https://widget.wickedreports.com/v2/3469/wr-dafa9fae816c2f65d24d1eb593b58626.js", "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "preboot_archive_errors.log", "man.conf", "apfs_boot_mount.tbd", "http://appbyweb.net/AppByWeb/js/jquery.easing.1.3.js", "master.cf.default", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-5SN6BRV", "jquery.min.js", "https://aquanx.com/js/jquery-1.12.4.min.js", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css", "https://cdn.staticfile.org/clipboard.js/2.0.8/clipboard.min.js", "https://fengweics.com/", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.css", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/common.js", "newsyslog.conf", "profile", "https://miaouuuc.com/template/static/js/clipborad.min.js", "https://s.adroll.com/j/exp/LZLVHVDGLRC6BEJRRIQDVW/index.js", "https://www.googletagmanager.com/gtm.js?id=GTM-MF25KRH", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://web.op39v.xyz/js/chunk-common.js", "http://avtv10.com", "https://www.googletagmanager.com/gtag/js?id=UA-92521958-1", "https://www.dongtiankuangye.com/a002/config.js", "custom_header_checks", "https://www.nocix.net/speedtest/speedtest.js?r=4343", "LICENSE", "ftpusers", "http://www.versaweb.com/js/bootstrap.js", "https://kf.cdsanheli.com/js/axios.min.js", "configuring.html", "lber.h", "https://app.fanzhi.xyz/dist/css/vip.css", "TarrantCounty19df.pdf", "https://www.hushmail.com/status/", "https://www.bibo14.app:2611/js/xinstall_inner_e.min.js?v=1004", "https://js.hs-scripts.com/3844463.js", "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9", "com.apple.screensharing.agent.launchd", "http://appbyweb.net/AppByWeb/js/jquery.min.js", "https://cdn.optimizely.com/js/26241557.js", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "https://purl.archive.org/static/app.js", "https://app.ynsdty.cn/dist/vendors/core-js/core.js", "xfe-URL-tvsqpjwdni.com-stix2-2.1-export.json", "https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js", "xfe-URL-creativecommons.org-stix2-2.1-export.json", "etcHosts.csv", "https://www.gootft.com/js/poplayer.js;jsessionid=20F7490B81FBD25B0DE24EE1076D230D", "master.cf.proto", "http://appbyweb.net/AppByWeb/js/superfish.js", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json", "https://embed.tawk.to/_s/v4/app/625d36b405c/languages/en.js", "https://d.adroll.com/consent/check/LZLVHVDGLRC6BEJRRIQDVW?arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&_s=1b87c8c5132a03372125d888e43b0a86&_b=2", "gettytab", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "postfix-files", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "TarrantCounty20df.pdf", "https://partner.googleadservices.com/gampad/cookie.js?domain=appbyweb.net&callback=_gfp_s_&client=ca-pub-2581829468247892", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "https://app.fanzhi.xyz/dist/js/jquery.min.js", "https://2001.dwlww.com/static/js/app.9d5d18d7.js", "crashes.csv", "https://js112.oss-accelerate.aliyuncs.com/os.js", "https://www.googletagmanager.com/gtag/js?id=G-W8YD4P2ENY&l=dataLayer&cx=c", "relocated", "https://aquanx.com/", "http://appbyweb.net/AppByWeb/js/jquery.waypoints.min.js", "master.cf", "sharingPreferences.csv", "https://cp.enom.com/ScriptResource.axd?d=fVjQa-0YyNqO6JmV36bw6eBJdTjE2YSdtcunOWcKYcBNn73MOJKQA_rxX3YMhcxLTgyDsGTKy0p9NEPvxzpqEpBKtm3GLb2GgI1LFYMC0Xr2lh71ZCttzgNGFnc5mS_Fc_DY5UH0M19Mr958h1jvmK4kzAM1&t=363be08", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js", "syslog.conf", "https://app.fanzhi.xyz/dist/vendors/bootstrap/css/bootstrap.min.css", "TLS_LICENSE", "rc.common", "https://xc.6xc.tv/?channelCode=xiaosu03_8", "xfe-URL-imhrzluowdso.gq-stix2-2.1-export.json", "bind.html", "https://ad.abilm.info/bid?url=http%3A%2F%2Fkniveb.info%2F&frm=0&ref=http%3A%2F%2Fwww.sp385.com%2F&ic=1&pl=0&ml=0&sid=105:80:104:111:110:101:58:50:53:48:50:50:51:49:53:54:58:51:58:51:57:48:46:56:52:52&ps=20030107&lgs=0&zo=240&ws=390x844&gdm=0&iw=1&cpn=0&fid=5d80d32079e9fdb035e4886c32c6612e&hl=2&ihn=0&md=1&ns=undefined&np=undefined&pj=0&top=650&left=0&id=47&rid=ec5a07ef8f3e3f2c25ba75c7da106dcc&dcc=&dcl=&gvd=Apple%20Inc.&grr=Apple%20GPU&ct=unknown&diit=&dit=&cmn=", "https://ty66as.jxdysw.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://cp.enom.com/js/jquery.jgrowl.min.js", "https://xctg07.cc/?channelCode=xiaosu03_8", "https://app.ynsdty.cn/dist/js/jquery.cookie.js", "aliases", "caching.html", "LocalAuthentication.tbd", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "locate.rc", "kernel.csv", "TarrantCounty5df.pdf", "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "TarrantCounty17df.pdf", "zprofile", "MCNearbyServiceBrowser.h", "http://appbyweb.net/AppByWeb/js/hoverIntent.js", "header_checks", "interfaceDetails.csv", "http://appbyweb.net/AppByWeb", "applications.csv", "http://imhrzluowdso.gq/i/css/bootstrap-theme.css", "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2581829468247892&output=html&adk=1812271804&adf=3025194257&lmt=1651149220&plat=16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C32%3A32&format=0x0&url=http%3A%2F%2Fappbyweb.net%2FAppByWeb%2F&ea=0&pra=5&wgl=1&dt=1651149220376&bpp=1&bdt=121&idt=18&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De83d6067a4dac5b6-229192c549d200d1%3AT%3D1651148802%3ART%3D1651148802%3AS%3DALNI_MZSt9utXhYBHAIH9xwQp72WuxQxTw&nras=1&correlator=1655793633284&", "sharedFolders.csv", "certificates.csv", "zshrc_Apple_Terminal", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "convenience.map", "https://matomo.hetzner.com/matomo.js", "managedPolicies.csv", "https://www.tidio.com/talk/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://app.fanzhi.xyz/dist/vendors/bootstrap/js/bootstrap.min.js", "passwd", "https://www.8098.app:21568/?agent=7691755704", "xfe-IP-136.243.64.87-stix2-2.1-export.json", "xfe-URL-Easydns.com-stix2-2.1-export.json", "systemInfo.csv", "dbivport.h", "https://aquanx.com/js/modernizr-custom.js", "https://miaouuuc.com/?channelCode=852890&aid=852890", "CodeResources", "bashrc_Apple_Terminal", "https://www.sunnetwork.com.sg/sun_21/js/popper.min.js", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861793229&ids%5B%5D=431115301", "paths", "MultipeerConnectivity.h", "content-negotiation.html", "arm64e-apple-macos.swiftinterface", "https://res-1257422681.file.myqcloud.com/assets/yeyue/boinstall.js", "canonical", "TarrantCounty1df.pdf", "https://xc.6xc.tv/css/index.css", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/dialog.min.js", "https://ty66as.jxdysw.cn/dist/captcha/disk/slidercaptcha.js", "https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/show_ads_impl_fy2019.js", "https://purl.archive.org/static/jquery/jquery.js", "autofs.conf", "https://www.cloudron.io/3rdparty/bootstrap.min.js", "zshrc", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489", "https://libs.baidu.com/jquery/2.0.0/jquery.min.js", "MCPeerID.h", "main.cf.proto", "https://cp.enom.com/scripts/Session.min.js", "tarrantcounty8df.pdf", "access", "https://github.com/vuejs/vue-devtools", "https://2001.dwlww.com/static/js/chunk-7d5d3bac.efb700c7.js", "BUILDING" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "DragonForce Malaysia Hacker Group" ], "malware_families": [ "Srpanj", "Ovlcwm", "Hammer", "Vui", "Activedocument", "Trackingclient", "Reduceright", "Anda", "Vasaris", "Firstname", "Vd", "Qe", "Bnm", "Gc", "Outubro", "Rabu", "Lastname", "Okcancel", "Tente" ], "industries": [ "Government" ], "unique_indicators": 67807 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/options.target", "whois": "http://whois.domaintools.com/options.target", "domain": "options.target", "hostname": "t.options.target" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 36, "pulses": [ { "id": "68abf75bf3b03b94a6762409", "name": "(Repost) How to connect listeners to e.intercom | serverhub.com eonix.net", "description": "", "modified": "2025-08-25T05:40:43.552000", "created": "2025-08-25T05:40:43.552000", "tags": [ "context", "error", "ajaxupdate", "request", "requestdata", "name", "xoctoberassets", "datarequest", "typesubmit", "typetext", "click", "function", "typeof c", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof g", "typeof h", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "image", "typeof atrkopts", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "date", "please", "april", "august", "close", "february", "june", "form", "klik", "download", "window", "this", "next", "null", "blank", "este", "anna", "rserver", "mais", "void", "object", "typeerror", "array", "symbol", "bound", "typeof window", "typeof t", "invalid path", "unknown method", "phonenumber", "ninja", "typeof e", "edge", "dataname", "intercom", "typeof symbol", "apple", "webkiti", "criosi", "trident" ], "references": [ "xfe-URL-Eonix.net-stix2-2.1-export.json", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "https://widget.intercom.io/widget/rbc8ok9w", "https://js.hscollectedforms.net/collectedforms.js", "https://js.hsleadflows.net/leadflows.js", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "https://serverhub.com/modules/system/assets/js/framework.js", "https://js.hs-scripts.com/3844463.js", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "xfe-URL-Intercom.io-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "62719a4dec6d0aa4631b9b2f", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5708, "hostname": 1541, "FileHash-SHA256": 876, "domain": 915, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "279 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67f5555b6ce863d998e83e26", "name": "macOS Threat Infrastructure Leveraging Remote Agents via remotewd.com and rtmsprod.net", "description": "This pulse identifies an actively observed macOS-focused remote access infrastructure abusing trusted native Apple agents (ARDAgent.app, SSMenuAgent.app) and communicating with a distributed network of C2-like endpoints under domains such as remotewd.com, idsremoteurlconnectionagent.app, and rtmsprod.net.\n\nThe infrastructure is composed of dynamically generated subdomains \u2014 many in the form of device-.remotewd.com \u2014 indicative of automated deployment, system tracking, or per-host remote access configurations.\n\nAdditional indicators include HTTP/S URLs pointing directly to embedded binary paths within macOS agents, suggesting possible delivery vectors, staging, or persistence techniques.\n\nThis campaign shows signs of structured, programmatic targeting and is highly likely to be pre-operational infrastructure for wide-scale surveillance or access operations. All listed indicators should be considered high-risk. If observed in your environment, initiate a full forensic and IR process immediately.", "modified": "2025-05-11T19:03:59.885000", "created": "2025-04-08T16:56:59.641000", "tags": [ "generated from", "do not", "edit uri", "urls", "edit", "rewriteengine", "rewritecond", "rewriterule", "r301", "xml2encalias", "beralloct", "berbvarrayadd", "berbvarrayfree", "berbvdup", "berbvecadd", "berbvecfree", "berbvfree", "berdump", "berdup", "berdupbv", "laerrordomain", "laerrornoncekey", "lamechanismtree", "lacontext", "ladomainstate", "laenvironment", "lanotification", "laprivatekey", "lapublickey", "laright", "apple swift", "o librarylevel", "combine import", "foundation", "swift import", "mcpeerid", "mcsession", "property", "copyright", "protocol", "class", "bonjour", "ascii lowercase", "abc company", "section", "bonjour txt", "note", "ui element", "utf8 encoding", "nscopying", "nsdictionary", "nsstring", "mcextern", "attribute", "mcextern extern", "mcexternweak", "nsenum", "nsinteger", "mcerrorcode", "mcerrorunknown", "mcerrortimedout", "peer", "example", "bonjour apis", "stop", "tags", "session", "nsprogress", "nserror", "nsurl", "nsarray", "create", "nsuinteger", "notifies", "mcsession api", "interface", "dbictrace", "dbivporth", "dbictracelevel", "dbdtffoo", "dbihseterrchar", "dbicstate", "dbictraceflags", "provides macros", "dbi release", "only", "sqlsuccess", "odbc", "sqlok", "tim bunce", "england", "sql cli", "sql datatype", "sqlguid", "sqlwlongvarchar", "main", "beware", "sv sth", "sv dbh", "impsth", "impdbh", "sv keysv", "sv params", "sv attr", "sv attribs", "sv drh", "void", "fri jul", "mixed", "dbixsrevision", "plsvundef", "license", "spagain", "perlioprintf", "dbiclogpio", "putback", "ireland", "gnu general", "super", "magic", "dbicflags", "dbis", "svrv", "null", "imp2com", "dbicactivekids", "dbicfiadestroy", "sv h", "dbicdbistate", "code", "copy", "refer", "trace", "error", "unknown", "hookopcheckh", "startexternc", "hookopcheckcb", "userdata", "endexternc", "isinternalbuild", "kickmcxdforuid", "loadappkit", "ardconfig", "authenticator", "dsauthenticator", "dsnode", "dsrecord", "group", "hostconfig", "apfsvolumelock", "apfsvolumerole", "aoskgetosinfo", "aoskgetuserinfo", "aosaddappleid", "aosdisablepcs", "aosenablepcs", "aoslog", "aoslogforce", "aosrelaycookie", "didfailcallback", "kaosaccountkey", "kapcsbundle", "kapcspath", "kjsonextension", "apcsbucketid", "apcsreports", "apconfiguration", "apversiondata", "apversionhelper", "systemvolumesvm", "name size", "identifier", "gb disk0s3", "devdisk3", "apfs container", "scheme", "physical store", "macintosh hd", "apfs snapshot", "preboot", "refs address", "size wired", "name", "version", "uuid", "linked against", "renderer", "helper", "chrome helper", "contains", "cloud ui", "macintosh", "khtml", "gecko", "ui helper", "plugin", "service", "good", "battery power", "apfs encryption", "jumpcloud go", "chrome web", "store", "privacy badger", "flowcrypt", "encrypt gmail", "simple", "google", "b2b phone", "number", "apollo", "future", "exccrash", "sigkill", "code signature", "invalid", "sigabrt", "protonvpn", "excguard", "excbreakpoint", "sigtrap", "excbadaccess", "appl", "english", "adobe crash", "adobe", "acrobat dcadobe", "processor", "uninstaller", "assistant", "install", "cloud", "dock", "calendar", "music", "terminal", "tips", "installer", "updater", "proton", "tools", "stub", "python", "clock", "powershell", "team", "rave scout", "cookies", "public folder", "key cert", "sign", "crl sign", "root ca", "authority", "public primary", "global root", "verisign", "academic", "premium", "adaptive", "interactive", "background", "standard", "launchd sandbox", "s mdworker", "agent", "command line", "progress", "yubico", "macos13action", "disableoverride", "disableairdrop", "denyactivation", "enable", "loginwindowtext", "jumpcloud", "autoupdate", "loggingoption", "enablefirewall", "arm64e", "apple m2", "mac142", "kjqqtw7pqt", "daemon", "server", "open directory", "user", "account", "kerberos admin", "kerberos change", "device daemon", "network", "desktop", "screensaver", "bridge", "aesxtsarm", "aesecbarm", "sha512vngarmhw", "sha384vngarmhw", "sha256vngarm", "sha1vngarm", "darwin kernel", "wed mar", "wkarraycreate", "wkbooleancreate", "wkcontextcreate", "wkdatacreate", "wkdatagettypeid", "wkdoublecreate", "wkframecopyurl", "wkgettypeid", "wkimagecreate", "wkpagecandelete", "webview", "notice", "this software", "including", "but not", "limited to", "redistribution", "is provided", "by apple", "direct", "damage", "apiavailable", "webkit", "nsswiftname", "document", "a block", "as is", "hasinclude", "wkdownload", "abstract", "wkerrorcode", "wkerrorunknown", "discussion", "bool", "whether", "wkcontentworld", "wkwebview", "javascript", "nsunavailable", "vaargs", "nsswiftasync", "wkswiftasync", "wkcookiepolicy", "wkswiftuiactor", "nshttpcookie", "targetosiphone", "wknavigation", "decides", "boolean value", "apideprecated", "methodkind", "wkerrordomain", "wkscriptmessage", "promise", "fulfill", "const", "url scheme", "mark", "wkuserscript", "targetosvision", "param", "wkframeinfo", "targetosios", "pass", "window", "mime type", "link", "nsimage", "returns", "nsset", "checks", "matches", "a boolean", "defaults", "wkwebextension", "cgsize", "uiimage", "apis", "nsdate", "wkcontentmode", "wkextern", "possible", "cgfloat", "media", "cgrect", "apiunavailable", "framework", "nsswiftuiactor", "targetoswatch", "confirms", "apple upgrade", "nsstring user", "nsobject", "provider", "apple", "password", "uicontrol", "nscontrol", "asuseragerange", "check", "opaque user", "apple id", "initiate", "asauthorization", "operation", "state", "nserrorenum", "nsdata", "relying party", "asapiavailable", "perform", "realm", "http response", "authorization", "http", "oauth", "saml", "a byte", "nsdata userid", "relying", "a string", "nsdata readdata", "bool didwrite", "a cose", "nsdata first", "nsdata second", "nsstring name", "bool appid", "targetosxr", "nsstring appid", "bluetooth", "mdm profile", "nsurl url", "returns yes", "a state", "a json", "web token", "private seckeys", "enables", "keychain", "asswiftsendable", "cose algorithm", "ecdsa", "sha256", "cose curve", "p256", "nullable", "bool success", "remove", "call", "complete", "initializes", "time code", "extensions", "asextern extern", "asextern", "nsswiftsendable", "prepare", "list", "nsextension", "attempt", "nsstring label", "creates", "nsstring code", "a key", "webauthn", "nssecurecoding", "input", "output", "initialize", "nsinteger rank", "json", "inputs", "hash", "nsstring origin", "settings app", "extension", "https urls", "safari", "cancel", "nsuuid uuid", "r uftpexu", "nsmutabledata", "vnsdate", "mprcjy", "postfix", "domain", "canonical", "tables", "ldap", "post", "replace user", "address", "wietse venema", "bugs", "mail", "aliases", "postfix version", "restrict", "sample", "person", "basic system", "general", "reject empty", "postfix smtp", "ipv6 host", "reject", "reply", "access", "prior", "hold", "info", "mail delivery", "charset", "system", "report", "postfix dsn", "mail returned", "this", "generic", "smtp", "isp mail", "mime", "headerchecks", "readme files", "filters while", "posix", "empty", "body", "write", "date", "smtp server", "specify", "mx host", "unix password", "user unknown", "pathbin", "postfix queue", "unix", "cyrus", "path", "uucp", "shell", "local", "program", "agreement", "contributor", "recipient", "contribution", "the program", "corporation", "contributors", "product x", "as expressly", "arch", "arch x8664", "pipe wall", "wimplicit", "ranlib", "warn", "switch", "start", "systype", "outlook", "postfix master", "begin", "server admin", "mail backend", "modern smtp", "iana", "many", "postfix pipe", "recent cyrus", "amos gouaux", "old example", "or even", "lutz jaenicke", "technology", "cottbus", "germany", "openssl package", "openssl project", "europe", "remember that", "use of", "file", "update", "usrsbin", "file format", "no group", "daemondirectory", "deliver mail", "transport", "description", "result format", "virtual", "virtual alias", "redirect mail", "relocated", "matches user", "synopsis", "lastname", "firstname", "apple computer", "tcpip", "supported", "quantum", "facility", "level", "level info", "broadcast", "ignore", "rules", "sender", "automounter map", "use directory", "get home", "home autohome", "true", "t option", "mount", "force", "environment", "automountdenv", "promptcommand", "shellsessiondir", "histfile", "histfilesize", "myvar", "histtimeformat", "arrange", "bashrematch", "tell", "ps1h", "make bash", "s checkwinsize", "etcbashrc", "termprogram", "inpck", "nnnbaud", "berkeley", "parity", "pc entry", "pass8", "parenb istrip", "fixed speed", "entry", "clocal mode", "maxhistsize", "promptmode", "verbose end", "etcirbrcloaded", "default", "setup", "history file", "kernel", "readline", "jabber", "group database", "dovecot", "postfix scsd", "networkd", "searchpaths", "freebsd", "tmpdir", "fcodes", "prunepaths", "vartmp", "prunedirs", "filesystems", "nroff", "manpath", "uncomment", "manpager", "whatispager", "manlocale", "every", "manpath optman", "maybe", "troff", "status mailfrom", "returnpath via", "pidfile", "flags", "bcgjnuwz", "bin usrsbin", "sbin", "default pf", "care", "audio", "user database", "unix copy", "gate daemon", "bashno", "r etcbashrc", "rfc1323", "m1460", "macos x", "signature", "linux", "opera", "xp sp1", "windows sp1", "nmap syn", "m265", "synack", "mind", "macos", "warp", "ipv6", "internet", "icmp", "cisco", "monitoring", "argus", "chaos", "rsvp", "encapsulation", "aris", "isis", "netbootmount", "netbootshadow", "computername", "localonly", "localnetbootdir", "netboot", "define", "purpose", "networkonly", "waiting", "networkup", "term", "devnull", "common setup", "configure", "set command", "dns hostname", "dns query", "see also", "kame", "sunnet manager", "rpcsrc", "netlicense", "ftpd", "bindash binksh", "binsh bintcsh", "jumpcloud ldap", "smb2", "security", "workgroup", "standalone", "samba server", "enforce", "smb3", "example share", "improper use", "ctrlc", "none", "fax reception", "hardwired", "0007", "must", "visudo", "blocksize", "charset lang", "language lcall", "lines columns", "lscolors", "sshauthsock", "orion", "setup user", "home", "zdotdir", "delete", "beep", "vendor", "kf10", "kf11", "kf12", "kf13", "backspace", "insert", "resume", "termsessionid", "savehist", "sharehistory", "h do", "volume", "de l", "l uuid", "m tra", "n est", "suuid", "prfen", "fusion", "syst", "look", "executant", "alla", "over", "test", "overie", "zapis", "rapid", "disco usa", "de macos", "nie s", "i denne", "adgjmpsvx", "diskgthis disk", "01k8x j", "34disk", "levy kytt", "dict", "array", "plist", "apple root", "code signing", "inode64r", "xofkoxzh", "integer", "doctype", "brain", "abcd", "ogwo", "boaw", "cobwa", "uhawavauatsh", "ip bitmap", "foewdc", "could", "ip block", "funcs", "cogwo", "trash", "double", "hunt", "affa", "carr", "crypto", "docwbac", "q1b0", "q1 0", "h h5", "docwbag", "slice", "format", "zero", "alfa", "hera", "lelei", "hehe", "hisp", "fail", "katy", "zakk", "eodwcbgao", "hhk8di", "alma", "topo", "open", "huhk", "piper", "hehx", "eh ui", "h20hph", "hif h", "hmhhihqhyla hq", "r11b0", "target", "uus10u", "hifh", "loghookfailed", "loghook", "hell", "q1b 0", "f duh", "aqw1", "1160" ], "references": [ "index.html.en", "bind.html", "caching.html", "BUILDING", "configuring.html", "content-negotiation.html", "custom-error.html", "convenience.map", "LDAP.tbd", "lber.h", "ldap.h", "LocalAuthentication.tbd", "arm64e-apple-macos.swiftinterface", "x86_64-apple-ios-macabi.swiftinterface", "arm64e-apple-ios-macabi.swiftinterface", "x86_64-apple-macos.swiftinterface", "MultipeerConnectivity.tbd", "module.modulemap", "MCNearbyServiceAdvertiser.h", "MCPeerID.h", "MCError.h", "MCNearbyServiceBrowser.h", "MCAdvertiserAssistant.h", "MultipeerConnectivity.apinotes", "MultipeerConnectivity.h", "MCSession.h", "MCBrowserViewController.h", "dbivport.h", "dbi_sql.h", "dbd_xsh.h", "dbixs_rev.h", "Driver_xst.h", "DBIXS.h", "hook_op_check.h", "Admin.tbd", "AirPlayReceiver.tbd", "apfs_boot_mount.tbd", "AOSKit.tbd", "APConfigurationSystem.tbd", "AppleFirmwareUpdate.tbd", "launchdaemons.txt", "preboot_archive_errors.log", "mounts.txt", "launchagents.txt", "disk_structure.txt", "user_launchagents.txt", "security_status.txt", "kexts.txt", "process_list.txt", "battery.csv", "diskEncryption.csv", "chromeExtensions.csv", "crashes.csv", "interfaceAddrs.csv", "kernel.csv", "interfaceDetails.csv", "etcHosts.csv", "applications.csv", "mounts.csv", "sharedFolders.csv", "certificates.csv", "sharingPreferences.csv", "launchD.csv", "usbDevices.csv", "managedPolicies.csv", "systemInfo.csv", "users.csv", "sipConfig.csv", "systemControls.csv", "canonical", "aliases", "custom_header_checks", "access", "bounce.cf.default", "generic", "header_checks", "main.cf.default", "LICENSE", "makedefs.out", "main.cf", "master.cf.default", "main.cf.proto", "master.cf.proto", "master.cf", "TLS_LICENSE", "postfix-files", "transport", "virtual", "relocated", "afpovertcp.cfg", "asl.conf", "auto_home", "auto_master", "autofs.conf", "bashrc_Apple_Terminal", "com.apple.screensharing.agent.launchd", "bashrc", "command_args.json", "csh.cshrc", "csh.login", "find.codes", "csh.logout", "ftpusers", "gettytab", "irbrc", "kern_loader.conf", "group", "locate.rc", "man.conf", "mail.rc", "manpaths", "networks", "nfs.conf", "newsyslog.conf", "ntp_opendirectory.conf", "ntp.conf", "notify.conf", "paths", "pf.conf", "passwd", "profile", "pf.os", "protocols", "rc.netboot", "rc.common", "rmtab", "resolv.conf", "rtadvd.conf", "rpc", "shells", "smb.conf", "sudo_lecture", "ttys", "syslog.conf", "xtab", "sudoers", "zprofile", "zshrc", "zshrc_Apple_Terminal", "CodeResources", "version.plist", "Info.plist" ], "public": 1, "adversary": "DragonForce Malaysia Hacker Group", "targeted_countries": [], "malware_families": [ { "id": "Lastname", "display_name": "Lastname", "target": null }, { "id": "Firstname", "display_name": "Firstname", "target": null } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 66, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ilyailya", "id": "298851", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4449, "domain": 3847, "URL": 14263, "FileHash-SHA256": 2356, "FileHash-MD5": 223, "FileHash-SHA1": 523, "email": 223, "CVE": 40, "CIDR": 12, "SSLCertFingerprint": 302 }, "indicator_count": 26238, "is_author": false, "is_subscribing": null, "subscriber_count": 37, "modified_text": "384 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657098ff4c59f8ac3f86f613", "name": "v2 of web.basemark.com plus all suggested ioc,s dont forget about the dropped js files from the 2nd hybrid link", "description": "", "modified": "2023-12-06T15:53:35.032000", "created": "2023-12-06T15:53:35.032000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1168, "hostname": 1366, "domain": 412, "URL": 3576, "email": 2, "FileHash-MD5": 61, "FileHash-SHA1": 54 }, "indicator_count": 6639, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708d2dc7aa57db55aab29c", "name": "serverhub.com eonix.net", "description": "", "modified": "2023-12-06T15:03:09.373000", "created": "2023-12-06T15:03:09.373000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 876, "URL": 5708, "hostname": 1541, "domain": 915, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708cdd2f63f24552fa3e39", "name": "BLNWX.COM", "description": "", "modified": "2023-12-06T15:01:49.772000", "created": "2023-12-06T15:01:49.772000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 400, "URL": 1905, "domain": 494, "hostname": 707 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c5b24dc4c51811f6de7", "name": "nocix malware Qe", "description": "", "modified": "2023-12-06T14:59:39.528000", "created": "2023-12-06T14:59:39.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 125, "hostname": 507, "URL": 1232, "domain": 170, "FileHash-MD5": 1 }, "indicator_count": 2035, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c534aadf7adf4f27d77", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "", "modified": "2023-12-06T14:59:31.122000", "created": "2023-12-06T14:59:31.122000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 302, "domain": 634, "URL": 2988, "hostname": 1208 }, "indicator_count": 5132, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c37c54dd9e78f85c0fa", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "", "modified": "2023-12-06T14:59:03.859000", "created": "2023-12-06T14:59:03.859000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "hostname": 2218, "URL": 5740, "domain": 901, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708bbc4c8bf557c17688e1", "name": "\u9ad8\u5c71tv,\u9ad8\u5c71tv,\u9ad8\u5c71tv\u5f71\u9662,\u9ad8\u5c71tv\u770b\u7247\u7f51", "description": "", "modified": "2023-12-06T14:57:00.280000", "created": "2023-12-06T14:57:00.280000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 233, "domain": 361, "hostname": 563, "URL": 1374, "FileHash-SHA1": 1, "FileHash-MD5": 1 }, "indicator_count": 2534, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708bae2f0c59d34f050b9e", "name": "Malware and bots", "description": "", "modified": "2023-12-06T14:56:46.779000", "created": "2023-12-06T14:56:46.779000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 168, "hostname": 427, "domain": 214, "URL": 1188, "FileHash-MD5": 1, "FileHash-SHA1": 1, "email": 1 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://t.options.target", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://t.options.target", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780243085.4831743 }