{
"type": "URL",
"indicator": "https://this.z.call",
"general": {
"sections": [
"general",
"url_list",
"http_scans",
"screenshot"
],
"indicator": "https://this.z.call",
"type": "url",
"type_title": "URL",
"validation": [],
"base_indicator": {
"id": 3187907732,
"indicator": "https://this.z.call",
"type": "URL",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 50,
"pulses": [
{
"id": "68abf75bf3b03b94a6762409",
"name": "(Repost) How to connect listeners to e.intercom | serverhub.com eonix.net",
"description": "",
"modified": "2025-08-25T05:40:43.552000",
"created": "2025-08-25T05:40:43.552000",
"tags": [
"context",
"error",
"ajaxupdate",
"request",
"requestdata",
"name",
"xoctoberassets",
"datarequest",
"typesubmit",
"typetext",
"click",
"function",
"typeof c",
"bootstrap",
"javascript",
"azaz",
"popover",
"typeof f",
"typeof g",
"typeof h",
"vui",
"anda",
"tente",
"outubro",
"trackingclient",
"srpanj",
"rabu",
"vasaris",
"image",
"typeof atrkopts",
"800px",
"40px",
"i18n",
"blockedemail",
"typeof i18n",
"hubspot",
"captcha",
"date",
"please",
"april",
"august",
"close",
"february",
"june",
"form",
"klik",
"download",
"window",
"this",
"next",
"null",
"blank",
"este",
"anna",
"rserver",
"mais",
"void",
"object",
"typeerror",
"array",
"symbol",
"bound",
"typeof window",
"typeof t",
"invalid path",
"unknown method",
"phonenumber",
"ninja",
"typeof e",
"edge",
"dataname",
"intercom",
"typeof symbol",
"apple",
"webkiti",
"criosi",
"trident"
],
"references": [
"xfe-URL-Eonix.net-stix2-2.1-export.json",
"xfe-URL-Serverhub.com-stix2-2.1-export.json",
"xfe-URL-Enom.com-stix2-2.1-export 2.json",
"https://widget.intercom.io/widget/rbc8ok9w",
"https://js.hscollectedforms.net/collectedforms.js",
"https://js.hsleadflows.net/leadflows.js",
"https://d31qbv1cthcecs.cloudfront.net/atrk.js",
"https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688",
"https://serverhub.com/modules/system/assets/js/framework.js",
"https://js.hs-scripts.com/3844463.js",
"xfe-URL-Cloudfront.net-stix2-2.1-export.json",
"xfe-URL-Intercom.io-stix2-2.1-export.json"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Vui",
"display_name": "Vui",
"target": null
},
{
"id": "Outubro",
"display_name": "Outubro",
"target": null
},
{
"id": "Tente",
"display_name": "Tente",
"target": null
},
{
"id": "Anda",
"display_name": "Anda",
"target": null
},
{
"id": "Vasaris",
"display_name": "Vasaris",
"target": null
},
{
"id": "Rabu",
"display_name": "Rabu",
"target": null
},
{
"id": "Srpanj",
"display_name": "Srpanj",
"target": null
},
{
"id": "TrackingClient",
"display_name": "TrackingClient",
"target": null
}
],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": "62719a4dec6d0aa4631b9b2f",
"export_count": 14,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 5708,
"hostname": 1541,
"FileHash-SHA256": 876,
"domain": 915,
"CVE": 1,
"FileHash-MD5": 1
},
"indicator_count": 9042,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "237 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "67f33233092ab19b74879403",
"name": "MacOS M2 Chip Infiltration: Game Center & XBOX Pod Game & Chat Server",
"description": "pulse explores a variety of files, objects, and functions that could be associated with different system components, libraries, and protocols. It highlights a wide range of potential vulnerabilities that may exist in software related to system functions, APIs, data handling, and device interactions, including issues in devices like game controllers, HID devices, and platform-specific services (such as Apple and Android). The pulse references several components across different platforms (macOS, iOS, ARM architectures, and others), with a focus on low-level code, encryption libraries, system utilities, and network protocols like TCP, IP, and Bluetooth. The identified vulnerabilities could involve buffer overflows, deprecated functions, improper memory handling, and potential exploit vectors related to system security, performance, and integrity.",
"modified": "2025-05-07T02:03:20.735000",
"created": "2025-04-07T02:02:27.322000",
"tags": [
"helper macro",
"param",
"param inccache",
"kerberos",
"ccache",
"api function",
"ccapi",
"api version",
"param ioccache",
"ccacheserver",
"win32",
"null",
"code",
"win64",
"error",
"union",
"ccapideprecated",
"ccacheapi",
"ccapiv2h",
"apple",
"export",
"united",
"ccache api",
"cplusplus",
"x8664",
"typedef",
"patheq",
"none",
"popen",
"terminate",
"false",
"winenv",
"winexe",
"frozen",
"winservice",
"python",
"posixthreads",
"pyhavecondvar",
"ntthreads",
"vista",
"pyemulatedwincv",
"ntddivista",
"semaphore",
"pycondt",
"win7",
"pybuildcore",
"fall",
"copyright",
"technology",
"all rights",
"reserved",
"america",
"government",
"within that",
"klprincipal",
"klloginoptions",
"inpassword",
"klboolean",
"klindex inindex",
"login",
"klstatus",
"kerberos login",
"inst",
"regexp",
"typeof e",
"function",
"typeof t",
"typeof o",
"width",
"typeof",
"pseudo",
"body",
"sticky",
"date",
"class",
"this",
"void",
"accept",
"span",
"krb5callconv",
"apoptsreserved",
"tktflgreserved",
"kdcoptreserved",
"krb5data",
"eblock",
"krb5address",
"krb5keyblock",
"service",
"realm",
"format",
"general",
"internal",
"entropy",
"mask",
"mcpeerid",
"mcsession",
"property",
"protocol",
"create",
"nsuinteger",
"notifies",
"mcsession api",
"interface",
"bonjour",
"ascii lowercase",
"abc company",
"section",
"bonjour txt",
"mcextern",
"attribute",
"mcextern extern",
"mcexternweak",
"nsenum",
"nsinteger",
"mcerrorcode",
"mcerrorunknown",
"mcerrortimedout",
"bonjour apis",
"stop",
"peer",
"example",
"tags",
"session",
"nsprogress",
"nserror",
"nsstring",
"nsurl",
"nsarray",
"note",
"ui element",
"utf8 encoding",
"nscopying",
"nsdictionary",
"webpackrequire",
"webpackexports",
"object",
"adobe systems",
"adobe",
"incorporated",
"dissemination",
"touchmove",
"window",
"launch",
"close",
"core",
"webview",
"nwebpackrequire",
"arraybuffer",
"name",
"typedarray",
"prototype",
"string",
"number",
"nvar",
"meta",
"infinity",
"generator",
"zero",
"epsilon",
"observer",
"android",
"freeze",
"trim",
"canvas",
"simple",
"bind",
"fast",
"next",
"patch",
"rest",
"middle",
"find",
"enumerate",
"facebook",
"executor",
"apiunavailable",
"gamecontroller",
"gcbuttoninput",
"gcswitchinput",
"nsobject",
"apiavailable",
"hid device",
"cfstr",
"iohiddeviceref",
"boolean value",
"c iohidmanager",
"iohidmanager",
"c iohiddevice",
"issequential",
"bool sequential",
"bool canwrap",
"nsset",
"nsunavailable",
"gcswitchelement",
"bool",
"share button",
"xbox controller",
"xbox elite",
"xbox series",
"gcxboxgamepad",
"gcpoint2",
"gcpoint2make",
"gcpoint2 p",
"cfinline bool",
"gcpoint2equal",
"gcpoint2 point1",
"gcpoint2 point2",
"gcrelativeinput",
"isanalog",
"bool analog",
"hasinclude",
"gcaxis2dinput",
"gcpoint2 value",
"gcaxiselement",
"certain",
"gcaxisinput",
"gcbuttonelement",
"gccontroller",
"nsnotification",
"chhapticengine",
"gcmicrogamepad",
"input",
"menu button",
"gcdevicelight",
"gccolor",
"x axis",
"xvalue",
"developers",
"functionality",
"options button",
"sf symbols",
"elements",
"gcdevice",
"gctouchstate",
"gctouchstateup",
"apideprecated",
"gckeyboard",
"gcmouse",
"nsswiftname",
"gcdevicebattery",
"battery level",
"direction pad",
"directionapad",
"thumbstick",
"gcdevicecursor",
"a controller",
"gccolor color",
"gcinputbuttona",
"gcinputbuttonb",
"button b",
"check",
"a element",
"c nil",
"nsenumerator",
"siri remote",
"equivalent",
"down",
"left",
"right",
"kindof",
"handle button",
"c device",
"immediate input",
"dualsense",
"positional",
"sony dualsense",
"gcmotion",
"dualshock",
"uievent",
"controllers",
"uikit user",
"uiview",
"method",
"nsdata",
"axes",
"nsdata source",
"return",
"nullable",
"nsdata object",
"button",
"shoulder",
"extended",
"gamepad profile",
"nsdata api",
"gcgamepad",
"sizeof",
"standard",
"gckeyboardinput",
"keyboard",
"nsstring const",
"controller",
"back buttons",
"game controller",
"back",
"keypad",
"delete",
"insert",
"home",
"right arrow",
"left arrow",
"down arrow",
"up arrow",
"korean",
"backspace",
"alongside",
"gckeyuparrow",
"gckeycode const",
"lang1",
"gclinearinput",
"gcquaternion",
"gcacceleration",
"y axis",
"z axis",
"gcmouse mouse",
"gcmouse class",
"mice",
"gcmouseinput",
"mouse profile",
"scroll",
"nsdata instance",
"a alias",
"press",
"micro profile",
"siri remotes",
"b button",
"a gcinput",
"button a",
"nsoptions",
"examining",
"c sfsymbolsname",
"apple tv",
"remote",
"control center",
"a set",
"game",
"gcracingwheel",
"gcbundlewithpid",
"gcinputbuttonx",
"gcinputbuttony",
"gcinputshifter",
"gckeya",
"gckeyb",
"gckeybackslash",
"rawvalue",
"apple swift",
"o librarylevel",
"swift import",
"element",
"indices",
"iterator",
"subsequence",
"kerberoscomerr",
"const",
"permission",
"mit software",
"suitability",
"athena",
"openvision",
"gssdllimp",
"gssapigenerich",
"this software",
"purpose",
"disclaims all",
"warranties with",
"regard to",
"constraint",
"kerberosprofile",
"krb5profileh",
"const names",
"newvalue",
"1429577728l",
"gnuc",
"mach",
"omuint32",
"gssapikrb5h",
"form",
"uid form",
"client function",
"asrep",
"including",
"preauth",
"db entry",
"free",
"pointer",
"rock",
"neither",
"direct",
"damage",
"minorstatus",
"gssbuffert",
"gssctxidt",
"gssoid",
"gssnamet",
"gsscredidt",
"gssoidset",
"gssapi",
"first",
"alcapi",
"alcapientry",
"alcboolean",
"targetosmac",
"alcdevice",
"alcenum param",
"alalch",
"alcchar",
"alcsizei",
"capture",
"but not",
"limited",
"openal cross",
"apple computer",
"redistribution",
"is provided",
"type",
"alvoid",
"alint",
"openal",
"aluint sid",
"alenum",
"alint value",
"aluint property",
"alvoid nonnull",
"alfloat",
"write",
"openalopenalh",
"umbrella header",
"alenum param",
"alapi",
"aluint bid",
"alsizei",
"alfloat value",
"alapientry",
"aluint",
"verify",
"play",
"speed",
"bits",
"albuffer3i",
"albufferdata",
"albufferf",
"albufferfv",
"albufferi",
"albufferiv",
"aldistancemodel",
"aldopplerfactor",
"algetbooleanv",
"algetbuffer3f",
"iousbhostdevice",
"iousbhostobject",
"iousbhostpipe",
"iousbhoststream",
"iousbhost",
"brief",
"usb host",
"bool yes",
"bool no",
"advance",
"iousbhostfamily",
"kernel",
"ioreturn status",
"nsnumber",
"ioreturn error",
"usb device",
"select",
"commands",
"enqueue",
"nsmutabledata",
"field",
"enum",
"options",
"retrieve",
"iosource",
"current address",
"bos descriptor",
"extract",
"a descriptor",
"license",
"io request",
"abort",
"discussion",
"stream",
"please",
"swift api",
"iousbbitrange",
"iousbbitrange64",
"iousbbit",
"client",
"usb controller",
"usb descriptor",
"unknown",
"critical",
"refer",
"link",
"send",
"same",
"common ui",
"bluetooth",
"service browser",
"option",
"1001",
"cfstringref",
"deprecated",
"macos",
"returns",
"abstract",
"nswindow",
"creates",
"mac os",
"uuids",
"uuid",
"sdp service",
"nsimage",
"nsview",
"mpasskeystring",
"nsmutablearray",
"uuid array",
"ioreturn",
"runmodal",
"group",
"command",
"byte",
"masks",
"pduid",
"l2cap",
"range",
"opcode",
"packet",
"major",
"local",
"profiles",
"iobluetooth",
"framework",
"support",
"host controller",
"rfcomm",
"minor class",
"pseudoclass",
"specific device",
"headset",
"peripheral",
"desktop",
"glasses",
"device reset",
"no hci",
"hci controller",
"returns number",
"variable number",
"packdata",
"cstring",
"pass",
"path",
"deprecated in",
"obex session",
"obexsessionref",
"rfcomm channel",
"obex",
"does not",
"l2cap channel",
"inrefcon",
"device",
"length",
"obex spec",
"error code",
"make",
"headerid",
"april",
"alarm",
"avrcplog",
"audiolog",
"bccmd16touint16",
"bccmd16touint8",
"bccmd32touint32",
"hfplog",
"obexcreatevcard",
"obexsessionget",
"uint16tobccmd16",
"intents",
"created",
"andrea gottardo",
"inimage",
"intentsui",
"project version",
"inshortcut",
"ibdesignable",
"invoiceshortcut",
"nsbundle",
"siri",
"beralloct",
"berbvarrayadd",
"berbvarrayfree",
"berbvdup",
"berbvecadd",
"berbvecfree",
"berbvfree",
"berdump",
"berdup",
"berdupbv",
"ldap",
"vdspinput1",
"vectorsize",
"iirchannel",
"osvkerndsplib",
"pragmaonce",
"paul chang",
"fri mar",
"original code",
"apple operating",
"modifications",
"apple public",
"source license",
"version",
"lframesize",
"i386",
"picify",
"callmcount",
"nonlazystub",
"align",
"roundtostack",
"leaf",
"import",
"carnegie mellon",
"carnegie",
"inline void",
"software",
"school",
"august",
"xnuarchi386selh",
"next computer",
"mike demoney",
"bruce martin",
"state segment",
"nxswappedfloat",
"osswapint32",
"inline float",
"inline double",
"osswapint64",
"armlimitsh",
"arm64",
"useclangtypes",
"bsdarmtypesh",
"int8t",
"gnuc typedef",
"uint8t",
"ansi c",
"ansi",
"use wchart",
"armmcontexth",
"mcontextt",
"armparamh",
"round",
"darwinsizet",
"darwinalign",
"uint32t",
"darwinalign32",
"warranties",
"a particular",
"university",
"armarch6zk",
"armarch6k",
"armarch4t",
"armarch4",
"http",
"capbitnb",
"legacy",
"armfeatureflag",
"california",
"notice",
"berkeley",
"limited to",
"define",
"useclanglimits",
"lp64",
"ansisource",
"darwincsource",
"longmin",
"ulongmax",
"parameter",
"vmmemcoherent",
"vmmemearlyack",
"vmmeminner",
"vmmemrt",
"vmmemguarded",
"armmemorytypesh",
"armpalroutinesh",
"read",
"struct",
"booleant",
"cluster",
"devbsize",
"mclbytes",
"unix system",
"laboratories",
"devbshift",
"thumb",
"armv5",
"armv7",
"cache",
"neon",
"swift",
"bsdarmprofileh",
"xxx todo",
"block",
"mcount",
"mcountinit",
"mcountenter",
"splhigh",
"armthreadh",
"armtraph",
"dflssiz",
"targetososx",
"maxssiz",
"rliminfinity",
"maxcsiz",
"bsdarmvmparamh",
"dfldsiz",
"maxdsiz",
"xxx stack",
"armsignal",
"int64t",
"armmachtypesh",
"int32t",
"methods",
"thread",
"hasapplepac",
"atmatmtypesh",
"libkernlocksh",
"fortifysource",
"libkerncopyioh",
"sizedby",
"darwinosinline",
"stdcversion",
"osswapint16",
"libkerncrch",
"blockexport",
"vaargs",
"blockrelease",
"blockh",
"collection",
"blockcopy",
"ososbaseh",
"base",
"byteoffset",
"host endianess",
"generic host",
"generic",
"osmalloc",
"osmalloctag tag",
"osmalloctag",
"pci device",
"uint32",
"uint32 mask",
"safecastptr",
"sint32",
"osaddatomic64",
"uint8",
"libkern c",
"internal error",
"core osreturn",
"libkern",
"values",
"pragmamark",
"kexts",
"kext",
"c string",
"grab",
"osostypesh",
"boolean",
"unsignedwide",
"uint32 hi",
"buildtime value",
"libkernversionh",
"versionmajor",
"versionminor",
"versionvariant",
"versionrevision",
"ostype",
"osrelease",
"libkernsysctlh",
"instructions",
"data cache",
"future",
"rbleft",
"rbright",
"rbgetparent",
"splayright",
"splayleft",
"rbsetcolor",
"rbblack",
"rbgetcolor",
"comp",
"main",
"stdc",
"msdos",
"windows",
"sys16bit",
"zlibdll",
"zextern",
"zconfh",
"model",
"zextern int",
"zstreamerror",
"znull",
"zbuferror",
"zmemerror",
"zstreamend",
"zdataerror",
"zfinish",
"enough",
"possible",
"trailer",
"compiler",
"countedby",
"sparta",
"osatomic",
"ipcipctypesh",
"ipcobjectnull",
"ipcobjectdead",
"osreturn",
"nfskrpch",
"xdrbuf",
"xdrbuf xbp",
"xbptr",
"xbleft",
"tlen",
"lval",
"xbcleanup",
"xbtype",
"xbflags",
"nfsargsversion",
"file",
"packed",
"nfshz",
"mount",
"term",
"restrict",
"stats",
"nfsbitmapset",
"nfsver3",
"nfsxunsigned",
"attr",
"nfsprogram",
"nfssmallfh",
"which",
"from",
"mark",
"obsolete",
"ip address",
"iaddrt",
"netinetbootph",
"nvmaxtext",
"magic",
"etheraddrlen",
"target",
"byteorder",
"bigendian",
"littleendian",
"dest",
"igmp",
"ushort",
"inpcbptr",
"inpcblistentry",
"ipsec",
"pcbs",
"cookie",
"netinetinstath",
"minimal",
"result",
"arp packet",
"icmpparamprob",
"icmpredirect",
"address",
"ditto",
"ip filter",
"ipv4",
"ip packet",
"inject",
"wifi",
"server",
"tcpmaxnotifyack",
"wired",
"ecn setup",
"notify",
"slow",
"definitions",
"tcptmax",
"retransmit",
"mptcp",
"tcpsclosewait",
"tcpsestablished",
"tcpstimewait",
"tcpseq",
"timer drift",
"sack",
"char",
"icmp",
"synack",
"tcpoptnop",
"syndata",
"ver",
"internet",
"iopcidevice",
"constant",
"perst",
"localonly",
"iooptionbits",
"optional access",
"ioservice",
"open",
"pcidriverkith",
"osmetaclassbase",
"iorpc rpc",
"auditpipeiobase",
"auditsdeviobase",
"ioctls",
"data",
"the software",
"stdargh",
"hasincludenext",
"eli friedman",
"as is",
"hack",
"atomic",
"atomicseqcst",
"clangstdatomich",
"stdchosted",
"stdboolh",
"needwintt",
"stddefh",
"hasbuiltin",
"const src",
"xnumembersize",
"const dst",
"wcharmax",
"wcharmin",
"limits",
"kernelstdinth",
"lp64 typedef",
"intmaxc",
"uintmaxc",
"ptrauth",
"olddata",
"value",
"declkey",
"abi pointer",
"c function",
"float16",
"fltevalmethod",
"legacy bsd",
"c standard",
"sincospi",
"cosp",
"x8664monotonich",
"staticifentry",
"hasmte",
"vmmemorytypesh",
"vmwimgdefault",
"wimg",
"extvectortype",
"utilfunction",
"aligned",
"srcptr",
"vmpmaph",
"vmdyldpagerh",
"vmvmfaulth",
"vmvmmaph",
"development",
"debug",
"vmvmoptionsh",
"vmvmpageouth",
"kasantbi",
"machvmmemtagh",
"given",
"vmmemtagptrsize",
"vmmemtagtagsize",
"copy",
"vmsharedregionh",
"vfsvfssupporth",
"veclib",
"master",
"world wide",
"various",
"veclibtypes",
"carbonlib",
"availability",
"carbon",
"noncarbon cfm",
"vbasicops",
"shift",
"vforceh",
"vdsplength n",
"realp",
"nonnull",
"vector",
"dspsplitcomplex",
"ieee",
"dspcomplex",
"uuiduuidh",
"uuiddefine",
"public",
"uuid library",
"kernelserver",
"simpleroutine",
"undkey",
"execution",
"strings array",
"user",
"title string",
"info",
"1024",
"xmldatat",
"undreplyref",
"kernsuccess",
"osaction",
"targetosiphone",
"istargetvendor",
"targetcpux8664",
"targetosunix",
"targetcpuppc",
"targetcpuppc64",
"targetcpux86",
"targetrtmaccfm",
"bridge",
"svflags",
"svpavreal",
"svpavreify",
"xpvav",
"svany",
"avfillp",
"for apidoc",
"mutableav",
"avrealoff",
"pltopenv",
"stmtstart",
"stmtend",
"copfile",
"plcurstackinfo",
"copfilegv",
"cophinthashget",
"loop",
"stack",
"beware",
"orig",
"loops",
"this file",
"the build",
"plbitcount",
"u8 value",
"cvflags",
"xpvcv",
"mutableptr",
"perlcore",
"cvgv",
"cvfile",
"cvfmethod",
"cvflvalue",
"cvfconst",
"anon",
"doinit extconst",
"ebcdic",
"extconst u8",
"index",
"ascii platform",
"confusingly",
"u8 pla2e",
"pla2e",
"u8 ple2a",
"guard",
"declspec",
"extconst",
"ext externc",
"init",
"larry wall",
"gnu general",
"readme file",
"multiplicity",
"plsawampersand",
"do not",
"perliogetc",
"perlioputc",
"perliostdoutf",
"perlio",
"perlfeatureh",
"featuresubbit",
"featuremyrefbit",
"featurefcbit",
"featureisabit",
"featuresaybit",
"featurestatebit",
"featuretrybit",
"hintfeaturemask",
"ffspace",
"process",
"ffdecimal",
"ffend",
"gvgp",
"gvflags",
"gvnamehek",
"svtype",
"gvegv",
"gvstash",
"gvxpvgv",
"svtpvgv",
"svtpvlv",
"super",
"edit directly",
"djgpp",
"bitbucket",
"perlsysinitbody",
"perlioinit",
"perlsystermbody",
"w macros",
"wexitstatus",
"shpath",
"mkdir",
"rotl64",
"rotl32",
"rotate x",
"rotr32",
"can64bithash",
"rotr64",
"ivsize",
"u8to16le",
"rotluv",
"rotruv",
"sbox32maxlen",
"plhashstate",
"perlhash",
"perl",
"usehashseed",
"perlseenhvfunch",
"perlhashseed",
"siphash24",
"siphash13",
"seed",
"c program",
"c type",
"c compiler",
"gcc attribute",
"longsize",
"c preprocessor",
"install",
"kill",
"cont",
"thus",
"ext declspec",
"dext",
"for apidocitem",
"utf8",
"ascii",
"fitsin8bits",
"nativetolatin1",
"strwithlen",
"u8 end",
"test",
"poison",
"february",
"cray",
"prior",
"behaviour",
"except",
"alpha",
"perlvar",
"perlvari",
"perlvara",
"padoffset",
"true",
"pmop",
"hooks",
"hook",
"sv invlist",
"perlinregcompc",
"svcur",
"perlinopc",
"tointernalsize",
"svtinvlist",
"invlistlen",
"strlen",
"hvaux",
"heklen",
"svook",
"hekutf8",
"hekkey",
"hekflags",
"mutablehv",
"hvnameheknn",
"gosh",
"leave",
"iperlsock",
"plsock",
"iperlstdio",
"plstdio",
"iperlproc",
"plproc",
"iperllio",
"pllio",
"perlimplicitsys",
"plink",
"keypackage",
"keyend",
"keysub",
"keydump",
"keylog",
"keysend",
"keystate",
"perlioclose",
"perlmemcollxfrm",
"nativetoneed",
"plclocaleobj",
"plno",
"plwarnall",
"plwarnnone",
"plyes",
"plzero",
"plc9utf8dfatab",
"nomathoms",
"perlintokec",
"perlinutf8c",
"perlinsvc",
"perlinregexecc",
"debugging",
"perlinlocalec",
"pfinet",
"snoop",
"ccprint",
"ccgraph",
"cccharnamecont",
"ccascii",
"ccwordchar",
"ccalphanumeric",
"ccidfirst",
"ccquotemeta",
"ccalpha",
"cccased",
"ordinal",
"magicvtablemax",
"extra",
"regex match",
"env hash",
"isa array",
"debugger",
"sig hash",
"available",
"shadow",
"array length",
"magic mg",
"sv sv",
"mgftainteddir",
"hefsvkey",
"mutablesv",
"ssizet",
"mgvtbl entry",
"mgfbytes",
"perlmagicsv 0",
"special",
"perlmagicarylen",
"perlmagicrhash",
"extra data",
"perlmagicpos",
"perlmagicsymtab",
"provides",
"dtrace probes",
"stdioh",
"stdioincluded",
"sfioversion",
"rxfpmfcharset",
"rxfpmfmultiline",
"rxfpmffold",
"rxfpmfextended",
"rxfpmfnocapture",
"rxfpmfkeepcopy",
"flags",
"rxfpmfstrict",
"ocshift",
"plop",
"perlbitfield16",
"baseop op",
"useithreads",
"pmfonce",
"padop",
"perlcknull",
"perlckfun",
"opparg1mask",
"opparg4mask",
"opparg2mask",
"perlckftst",
"perlppftrowned",
"perlckbitop",
"perlckcmp",
"perlcklfun",
"dump",
"chroot",
"syscall",
"flip",
"undef",
"crypt",
"push",
"stub",
"trans",
"predec",
"flop",
"prtf",
"shutdown",
"perlcontext cx",
"perlmemlog",
"c pointer",
"cxtype",
"logic",
"toavamg",
"tohvamg",
"opftrread",
"oplt",
"opincmp",
"opbitand",
"opsbitor",
"opsend",
"opgetpeername",
"opfteexec",
"opftbinary",
"opclose",
"plparser",
"yylex",
"lexshared",
"position",
"repl",
"memsize",
"malloct",
"perlmallocctlh",
"uv nfree",
"uv ntotal",
"iv topbucket",
"iv totalsbrk",
"iv minbucket",
"level",
"plcomppad",
"plcurpad",
"uvxf",
"ptr2uv",
"avarray",
"padnameflags",
"plcopseqmax",
"padlistarray",
"c array",
"padnametype",
"incpushperl5lib",
"appllibexp",
"privlibexp",
"defineincmacros",
"perlfsversion",
"perl5lib",
"sitearchexp",
"perllanginfoh",
"hasnllanginfo",
"ilanginfo",
"codeset",
"codeset 1",
"dtfmt",
"dtfmt 2",
"dfmt",
"dfmt 3",
"sipround",
"u8to64le",
"fallthrough",
"uint64c",
"perlsiphashfnc",
"siprounds",
"strlen inlen",
"sipfinalrounds",
"could",
"configure",
"plout",
"mine001",
"argv",
"plin",
"localpatchcount",
"perlapih",
"xs code",
"portingglossary",
"first version",
"brand",
"symbols",
"haswcrtomb",
"perlionotstdio",
"perlcallconv",
"perlio f",
"perlioh",
"usestdio",
"case",
"bufsiz",
"sizet",
"perlstability",
"perltypedefs",
"perldtracehin",
"perlloadedfile",
"perlloadingfile",
"perlopentry",
"perlphasechange",
"perlsubentry",
"perlsubreturn",
"generated",
"perlcallconv iv",
"sizet count",
"sv arg",
"mode",
"perliofuncs tab",
"stdchar",
"perliolistt",
"sv args",
"mutex",
"perlinterpreter",
"sigsize",
"perlioisstdio",
"perlcallconv op",
"perldokv",
"perlppaassign",
"perlppabs",
"perlppaccept",
"perlppadd",
"perlppaeach",
"perlppaelem",
"public license",
"free software",
"foundation",
"yydebug",
"bison",
"bareword",
"funcmeth",
"arrow",
"targ",
"pushs",
"tops",
"does",
"xsub",
"pops",
"xpushs",
"erange",
"perlreentrapi",
"perlreentrapi0",
"hostentsize",
"getgrentrproto",
"getpwentrproto",
"getnetentrproto",
"grentbuffer",
"grentsize",
"hostenterrno",
"redebugflag",
"debugvtest",
"debugr",
"u16 nextoff",
"argset",
"u8 type",
"nextoff",
"strings",
"problem",
"june",
"invert",
"perlfpclass",
"longdoublekind",
"plstatusvalue",
"pldebug",
"numclasses",
"locale",
"grok",
"pragma",
"dword",
"attack",
"little",
"lynx",
"done",
"reany",
"rxpextflags",
"rxextflags",
"checkpoint cp",
"rxftaintedseen",
"rxfcopydone",
"plsavestackix",
"plsavestack",
"plsavestackmax",
"ssmaxpush",
"enter",
"debugscope",
"state",
"u32 state",
"debugsbox32hash",
"sbox32warn5",
"line",
"mutexunlock",
"mutexinit",
"noop",
"mutexlock",
"condinit",
"detach",
"panic",
"usetm64",
"should",
"bsd extension",
"configuration",
"time64debug",
"int64t nv",
"gnu extension",
"perltime64h",
"time64t",
"int64t int64",
"int64 time64t",
"i32 year",
"tm64",
"hastmtmgmtoff",
"decide",
"svpvx",
"svgmagic",
"bonk",
"anything",
"turn",
"crash",
"fstat",
"perlmicro",
"hasioctl",
"hasutime",
"hasgroup",
"haspasswd",
"usemybinmode",
"idirent",
"likely",
"generated code",
"utfebcdic",
"unicode",
"step",
"ufeff",
"u00a0",
"u00df",
"u00b5",
"ufffd",
"u017f",
"u0300",
"unlikely",
"nativeutf8toi8",
"utf8skip",
"nativetouni",
"lazy",
"extrasize",
"regnodemax",
"exact",
"match",
"whilem",
"anyof",
"curly",
"trie",
"curlym",
"eval",
"star",
"perlutilh",
"hsmapiverlen",
"hsxsverlenmax",
"hskeyp",
"tools",
"sv vs",
"perlversionlt",
"svpvxnolenconst",
"perlckwarner",
"u32 err",
"scroakxsusage",
"pluumap",
"warnings",
"categories",
"plcurcop",
"perlckwarn",
"perlckwarnd",
"perlwarnisset",
"perlwarnoff",
"perlwarnbit",
"xsversion",
"xsreturn",
"perlxshandshake",
"plstackbase",
"hskey",
"zaphod32mix",
"u8to32le",
"zaphod32warn4",
"zaphod32warn3",
"zaphod32warn6",
"perlform",
"i8tonativeutf8",
"warnutf8",
"myshift",
"c extension",
"libs",
"cflags",
"afkuserlog",
"kafkeventcancel",
"kafkeventerror",
"adamsbagmanager",
"adjinglerequest",
"isinternalbuild",
"kickmcxdforuid",
"loadappkit",
"ardconfig",
"authenticator",
"dsauthenticator",
"dsnode",
"dsrecord",
"hostconfig",
"addtofront",
"calcslope",
"copyarray",
"createcachenode",
"defaultebecurve",
"deletecache",
"disablehcucache",
"dumpcache",
"dumpoutputhcu",
"enablet1sim",
"ascagent",
"ascagentproxy",
"asdevice",
"ddrangecompare",
"wdosloglauncher",
"wdoslogprotocol",
"findchar",
"ddasllogger",
"ddfilelogger",
"ddlog",
"ddlogfileinfo",
"ddlogmessage",
"ddloggernode",
"mkurlparser",
"mkerrordomain",
"mkintegerhash",
"mklonghash",
"mkmaprectinset",
"mkmaprectnull",
"mkmaprectoffset",
"mkmaprectworld",
"mkmapsizeworld",
"kextensionnonui",
"wkarraycreate",
"wkbooleancreate",
"wkcontextcreate",
"wkdatacreate",
"wkdatagettypeid",
"wkdoublecreate",
"wkframecopyurl",
"wkgettypeid",
"wkimagecreate",
"wkpagecandelete",
"webkit",
"methodkind",
"wkerrordomain",
"by apple",
"document",
"a block",
"wkcontentworld",
"wkwebview",
"javascript",
"wkerrorcode",
"wkerrorunknown",
"nsswiftasync",
"wkswiftasync",
"wkcookiepolicy",
"nshttpcookie",
"whether",
"wknavigation",
"wkdownload",
"decides",
"mime type",
"wkscriptmessage",
"wkframeinfo",
"information",
"url scheme",
"wkcontentmode",
"wkuserscript",
"wkextern",
"media",
"promise",
"fulfill",
"cgfloat",
"targetoswatch",
"sign",
"password",
"provider",
"uicontrol",
"nscontrol",
"opaque user",
"apple id",
"nsstring user",
"asuseragerange",
"initiate",
"asauthorization",
"confirms",
"apple upgrade",
"nserrorenum",
"operation",
"relying party",
"targetosvision",
"a byte",
"nsdata userid",
"relying",
"a string",
"asapiavailable",
"http response",
"authorization",
"oauth",
"saml",
"nsdata readdata",
"bool didwrite",
"a cose",
"nsstring name",
"bool appid",
"targetosxr",
"a state",
"a json",
"web token",
"private seckeys",
"nsstring appid",
"mdm profile",
"nsurl url",
"returns yes",
"lacontext",
"asswiftsendable",
"keychain",
"cose algorithm",
"ecdsa",
"sha256",
"cose curve",
"p256",
"nsinteger rank",
"enables",
"bool success",
"remove",
"call",
"complete",
"prepare",
"attempt",
"list",
"nsextension",
"settings",
"initializes",
"a key",
"extensions",
"hash",
"json",
"initialize",
"nsstring origin",
"settings app",
"urls",
"https urls",
"safari",
"cancel",
"nsuuid uuid",
"asextern extern",
"asextern",
"nsswiftsendable",
"uiwindow",
"propertykind",
"gkplayer",
"n tags",
"gkerrordomain",
"gamecenter",
"targetosios",
"targetostv",
"nsavailable",
"gkachievement",
"local player",
"view",
"present",
"optional",
"gkbaseplayer",
"game center",
"uiimage",
"app store",
"gkchallenge",
"gklocalplayer",
"nsdeprecated",
"a singleton",
"gkcloudplayer",
"returns nil",
"nsdeprecatedmac",
"internal2",
"internal3",
"internal4",
"gkscore",
"gkextern",
"gkextern extern",
"gkexternweak",
"gkerrorcode",
"gkerrorunknown",
"gkerrorunderage",
"friendplayer",
"standard view",
"nsresponder",
"parentwindow",
"ibaction",
"gkgamesession",
"apis",
"gkplayer player",
"nsinteger score",
"nsdate date",
"gkleaderboard",
"connect",
"nsinteger value",
"load",
"gktransporttype",
"nsstring title",
"loads array",
"localized",
"gkmatch",
"gkmatchrequest",
"gkinvite",
"gksession",
"gksession api",
"gamekit",
"asynchronously",
"welcome",
"nstimeinterval",
"delegate",
"delivery",
"gksenddatamode",
"gksessionmode",
"gkphotosize",
"callbacks",
"gkmatchdelegate",
"gksavedgame",
"default value",
"gksessionerror",
"gkvoicechat",
"participant",
"voice chat",
"clienta"
],
"references": [
"CredentialsCache.h",
"CredentialsCache2.h",
"config.xml",
"popen_spawn_win32.py",
"pycore_condvar.h",
"Kerberos.h",
"KerberosLogin.h",
"plugin.js",
"krb5.h",
"MultipeerConnectivity.tbd",
"MCBrowserViewController.h",
"MCNearbyServiceAdvertiser.h",
"MCError.h",
"MCAdvertiserAssistant.h",
"MCNearbyServiceBrowser.h",
"MultipeerConnectivity.apinotes",
"MultipeerConnectivity.h",
"MCSession.h",
"MCPeerID.h",
"canvas.html",
"capture_0.bundle.js",
"capture_resize.js",
"GCRacingWheelInput.h",
"GCSyntheticDeviceKeys.h",
"GCSwitchPositionInput.h",
"GCSteeringWheelElement.h",
"GCSwitchElement.h",
"GCTouchedStateInput.h",
"GCXboxGamepad.h",
"GCTypes.h",
"GCRelativeInput.h",
"GameController.h",
"GCAxis2DInput.h",
"GCAxisElement.h",
"GCAxisInput.h",
"GCButtonElement.h",
"GCController.h",
"GCColor.h",
"GCControllerAxisInput.h",
"GCControllerDirectionPad.h",
"GCControllerInput.h",
"GCControllerElement.h",
"GCControllerTouchpad.h",
"GCDevice.h",
"GCDeviceBattery.h",
"GCDeviceCursor.h",
"GCDeviceHaptics.h",
"GCDeviceLight.h",
"GCDevicePhysicalInputState.h",
"GCDevicePhysicalInputStateDiff.h",
"GCDirectionalGamepad.h",
"GCDirectionPadElement.h",
"GCDevicePhysicalInput.h",
"GCDualSenseAdaptiveTrigger.h",
"GCDualSenseGamepad.h",
"GCDualShockGamepad.h",
"GCEventViewController.h",
"GCExtendedGamepadSnapshot.h",
"GCExtern.h",
"GCExtendedGamepad.h",
"GCGamepadSnapshot.h",
"GCGearShifterElement.h",
"GCGamepad.h",
"GCKeyboard.h",
"GCInputNames.h",
"GCControllerButtonInput.h",
"GCKeyNames.h",
"GCKeyboardInput.h",
"GCKeyCodes.h",
"GCLinearInput.h",
"GCMotion.h",
"GCMouse.h",
"GCMouseInput.h",
"GCMicroGamepadSnapshot.h",
"GCPhysicalInputElement.h",
"GCMicroGamepad.h",
"GCPhysicalInputProfile.h",
"GCPhysicalInputSource.h",
"GCPressedStateInput.h",
"GCProductCategories.h",
"GCRacingWheel.h",
"GameController.tbd",
"arm64e-apple-macos.swiftinterface",
"x86_64-apple-macos.swiftinterface",
"module.modulemap",
"com_err.h",
"gssapi_generic.h",
"locate_plugin.h",
"profile.h",
"gssapi_krb5.h",
"preauth_plugin.h",
"gssapi.h",
"alc.h",
"oalStaticBufferExtension.h",
"oalMacOSX_OALExtensions.h",
"OpenAL.h",
"al.h",
"OpenAL.tbd",
"IOUSBHost.tbd",
"IOUSBHostCIEndpointStateMachine.h",
"IOUSBHostCIControllerStateMachine.h",
"IOUSBHost.h",
"IOUSBHostCIPortStateMachine.h",
"IOUSBHostCIDeviceStateMachine.h",
"IOUSBHostControllerInterfaceHelpers.h",
"IOUSBHostDevice.h",
"IOUSBHostControllerInterface.h",
"IOUSBHostDefinitions.h",
"IOUSBHostInterface.h",
"IOUSBHostIOSource.h",
"AppleUSBDescriptorParsing.h",
"IOUSBHostStream.h",
"IOUSBHostObject.h",
"IOUSBHostControllerInterfaceDefinitions.h",
"IOUSBHostPipe.h",
"IOBluetoothUIUserLib.h",
"IOBluetoothUI.h",
"IOBluetoothObjectPushUIController.h",
"IOBluetoothDeviceSelectorController.h",
"IOBluetoothPasskeyDisplay.h",
"IOBluetoothPairingController.h",
"IOBluetoothServiceBrowserController.h",
"IOBluetoothUI.tbd",
"Bluetooth.h",
"IOBluetooth.h",
"BluetoothAssignedNumbers.h",
"IOBluetoothTypes.h",
"IOBluetoothUtilities.h",
"OBEXBluetooth.h",
"IOBluetoothUserLib.h",
"OBEX.h",
"IOBluetooth.tbd",
"INImage+IntentsUI.h",
"IntentsUI.h",
"INUIAddVoiceShortcutButton.h",
"IntentsUI.apinotes",
"INUIEditVoiceShortcutViewController.h",
"INUIAddVoiceShortcutViewController.h",
"LDAP.tbd",
"OSvKernDSPLib.h",
"cpu.h",
"asm_help.h",
"desc.h",
"pio.h",
"io.h",
"sel.h",
"reg_help.h",
"tss.h",
"table.h",
"byte_order.h",
"_limits.h",
"_types.h",
"_mcontext.h",
"_param.h",
"_endian.h",
"arch.h",
"cpuid_internal.h",
"cpu_capabilities_public.h",
"arm_features.inc",
"endian.h",
"locks.h",
"limits.h",
"atomic.h",
"machine_cpuid.h",
"memory_types.h",
"pal_routines.h",
"machine_routines.h",
"param.h",
"cpuid.h",
"thread.h",
"trap.h",
"vmparam.h",
"signal.h",
"types.h",
"AFKMemoryDescriptorOptions.h",
"machine_machdep.h",
"atm_types.h",
"copyio.h",
"_OSByteOrder.h",
"crc.h",
"Block.h",
"OSBase.h",
"OSByteOrder.h",
"OSDebug.h",
"OSMalloc.h",
"OSAtomic.h",
"OSReturn.h",
"OSKextLib.h",
"OSTypes.h",
"version.h",
"sysctl.h",
"tree.h",
"zconf.h",
"zlib.h",
"libkern.h",
"kdp_callout.h",
"kdp_en_debugger.h",
"ipc_types.h",
"krpc.h",
"rpcv2.h",
"xdr_subs.h",
"nfs.h",
"nfsproto.h",
"bootp.h",
"if_ether.h",
"icmp6.h",
"icmp_var.h",
"igmp_var.h",
"igmp.h",
"in_pcb.h",
"in_stat.h",
"in_private.h",
"in_arp.h",
"in_var.h",
"in_systm.h",
"ip_var.h",
"ip_icmp.h",
"kpi_ipfilter.h",
"ip6.h",
"tcp_private.h",
"ip.h",
"tcp_timer.h",
"tcp_fsm.h",
"udp_var.h",
"tcp_seq.h",
"tcpip.h",
"udp.h",
"tcp_var.h",
"tcp.h",
"IOPCIFamilyDefinitions.h",
"IOPCIDevice.iig",
"PCIDriverKit.h",
"IOPCIDevice.h",
"audit_ioctl.h",
"stdarg.h",
"stdatomic.h",
"stdbool.h",
"stddef.h",
"string.h",
"stdint.h",
"ptrauth.h",
"math.h",
"monotonic.h",
"static_if.h",
"machine_kpc.h",
"machine_remote_time.h",
"ipc_pthread_priority_types.h",
"lz4_assembly_select.h",
"vm_compressor_algorithms.h",
"lz4.h",
"pmap.h",
"vm_dyld_pager.h",
"vm_far.h",
"vm_fault.h",
"vm_map.h",
"lz4_constants.h",
"vm_options.h",
"vm_pageout.h",
"vm_memtag.h",
"vm_shared_region.h",
"vm_kern.h",
"vfs_support.h",
"vecLib.h",
"vecLibTypes.h",
"vBasicOps.h",
"vForce.h",
"vDSP.h",
"uuid.h",
"UNDReply.defs",
"UNDRequest.defs",
"KUNCUserNotifications.h",
"UNDTypes.defs",
"UNDTypes.h",
"TargetConditionals.h",
"apfs_boot_mount.tbd",
"av.h",
"cop.h",
"bitcount.h",
"cv.h",
"ebcdic_tables.h",
"EXTERN.h",
"embedvar.h",
"fakesdio.h",
"feature.h",
"form.h",
"gv.h",
"git_version.h",
"dosish.h",
"hv_macro.h",
"hv_func.h",
"config.h",
"INTERN.h",
"handy.h",
"intrpvar.h",
"invlist_inline.h",
"hv.h",
"iperlsys.h",
"keywords.h",
"libperl.tbd",
"embed.h",
"l1_char_class_tab.h",
"mg_data.h",
"mg_raw.h",
"mg.h",
"mg_vtable.h",
"mydtrace.h",
"nostdio.h",
"op_reg_common.h",
"op.h",
"opcode.h",
"inline.h",
"overload.h",
"opnames.h",
"parser.h",
"malloc_ctl.h",
"pad.h",
"perl_inc_macro.h",
"perl_langinfo.h",
"perl_siphash.h",
"patchlevel.h",
"perlapi.h",
"metaconfig.h",
"perlio.h",
"perldtrace.h",
"perliol.h",
"perlvars.h",
"perlsdio.h",
"pp_proto.h",
"perly.h",
"pp.h",
"reentr.h",
"regcomp.h",
"perl.h",
"regexp.h",
"scope.h",
"sbox32_hash.h",
"time64_config.h",
"time64.h",
"sv.h",
"unixish.h",
"uconfig.h",
"utfebcdic.h",
"unicode_constants.h",
"utf8.h",
"regnodes.h",
"util.h",
"vutil.h",
"uudmap.h",
"warnings.h",
"XSUB.h",
"zaphod32_hash.h",
"encode.h",
"python-3.9.pc",
"python-3.9-embed.pc",
"python3-embed.pc",
"python3.pc",
"AFKUser.tbd",
"AdID.tbd",
"Admin.tbd",
"AirPlayReceiver.tbd",
"AppSandbox.tbd",
"ASEProcessing.tbd",
"AuthenticationServicesCore.tbd",
"WebGPU.tbd",
"WebDriver.tbd",
"MapKit.tbd",
"SwiftUI.swiftoverlay",
"WebKit.tbd",
"WebKit.apinotes",
"WKBackForwardList.h",
"NSAttributedString.h",
"WebKit.h",
"WKBackForwardListItem.h",
"WKContentRuleList.h",
"WKContentRuleListStore.h",
"WKContextMenuElementInfo.h",
"WKDataDetectorTypes.h",
"WKContentWorld.h",
"WKError.h",
"WKFoundation.h",
"WKFindResult.h",
"WKHTTPCookieStore.h",
"WKFrameInfo.h",
"WKNavigation.h",
"WKFindConfiguration.h",
"WKNavigationDelegate.h",
"WKNavigationResponse.h",
"WKOpenPanelParameters.h",
"WebKitLegacy.h",
"WKPreviewActionItem.h",
"WKNavigationAction.h",
"WKPreferences.h",
"WKPreviewActionItemIdentifiers.h",
"WKPreviewElementInfo.h",
"WKProcessPool.h",
"WKDownload.h",
"WKPDFConfiguration.h",
"WKScriptMessage.h",
"WKSecurityOrigin.h",
"WKScriptMessageHandler.h",
"WKSnapshotConfiguration.h",
"WKUIDelegate.h",
"WKURLSchemeTask.h",
"WKWebpagePreferences.h",
"WKUserContentController.h",
"WKWebsiteDataStore.h",
"WKWebsiteDataRecord.h",
"WKUserScript.h",
"WKURLSchemeHandler.h",
"WKWebViewConfiguration.h",
"WKWebView.h",
"WKScriptMessageHandlerWithReply.h",
"WKWindowFeatures.h",
"WKDownloadDelegate.h",
"ASAccountAuthenticationModificationController.h",
"ASAccountAuthenticationModificationViewController.h",
"ASAuthorization.h",
"ASAuthorizationAppleIDButton.h",
"ASAccountAuthenticationModificationRequest.h",
"ASAuthorizationAppleIDProvider.h",
"ASAuthorizationAppleIDRequest.h",
"ASAuthorizationAppleIDCredential.h",
"ASAuthorizationController.h",
"ASAuthorizationCredential.h",
"ASAccountAuthenticationModificationExtensionContext.h",
"ASAuthorizationError.h",
"ASAuthorizationCustomMethod.h",
"ASAuthorizationPasswordRequest.h",
"ASAuthorizationOpenIDRequest.h",
"ASAuthorizationPlatformPublicKeyCredentialDescriptor.h",
"ASAuthorizationPlatformPublicKeyCredentialProvider.h",
"ASAccountAuthenticationModificationReplacePasswordWithSignInWithAppleRequest.h",
"ASAccountAuthenticationModificationUpgradePasswordToStrongPasswordRequest.h",
"ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest.h",
"ASAuthorizationPlatformPublicKeyCredentialRegistration.h",
"ASAuthorizationProvider.h",
"ASAuthorizationPlatformPublicKeyCredentialAssertion.h",
"ASAuthorizationPublicKeyCredentialAssertion.h",
"ASAuthorizationPublicKeyCredentialAssertionRequest.h",
"ASAuthorizationPublicKeyCredentialConstants.h",
"ASAuthorizationProviderExtensionAuthorizationResult.h",
"ASAuthorizationPublicKeyCredentialDescriptor.h",
"ASAuthorizationPublicKeyCredentialLargeBlobAssertionOutput.h",
"ASAuthorizationPasswordProvider.h",
"ASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput.h",
"ASAuthorizationPublicKeyCredentialParameters.h",
"ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput.h",
"ASAuthorizationPublicKeyCredentialRegistration.h",
"ASAuthorizationPublicKeyCredentialRegistrationRequest.h",
"ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialAssertion.h",
"ASAuthorizationRequest.h",
"ASAuthorizationPlatformPublicKeyCredentialAssertionRequest.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialProvider.h",
"ASAuthorizationSingleSignOnCredential.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialDescriptor.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialAssertionRequest.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialRegistration.h",
"ASAuthorizationSingleSignOnProvider.h",
"ASAuthorizationWebBrowserExternallyAuthenticatableRequest.h",
"ASAuthorizationWebBrowserPlatformPublicKeyCredentialAssertionRequest.h",
"ASAuthorizationWebBrowserPlatformPublicKeyCredentialRegistrationRequest.h",
"ASAuthorizationWebBrowserPublicKeyCredentialManager.h",
"ASAuthorizationWebBrowserPlatformPublicKeyCredential.h",
"ASAuthorizationWebBrowserSecurityKeyPublicKeyCredentialAssertionRequest.h",
"ASAuthorizationWebBrowserSecurityKeyPublicKeyCredentialRegistrationRequest.h",
"ASCOSEConstants.h",
"ASCredentialIdentity.h",
"ASAuthorizationSingleSignOnRequest.h",
"ASCredentialIdentityStore.h",
"ASAuthorizationWebBrowserSecurityKeyPublicKeyCredentialProvider.h",
"ASCredentialProviderExtensionContext.h",
"ASCredentialProviderViewController.h",
"ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequest.h",
"ASCredentialServiceIdentifier.h",
"ASExtensionErrors.h",
"ASAuthorizationProviderExtensionAuthorizationRequest.h",
"ASCredentialRequest.h",
"ASAuthorizationWebBrowserPlatformPublicKeyCredentialProvider.h",
"ASPasskeyAssertionCredential.h",
"ASPasskeyCredentialRequest.h",
"ASPasskeyCredentialRequestParameters.h",
"ASCredentialIdentityStoreState.h",
"ASPasskeyRegistrationCredential.h",
"ASPasswordCredential.h",
"ASPublicKeyCredential.h",
"ASPasskeyCredentialIdentity.h",
"ASPublicKeyCredentialClientData.h",
"ASSettingsHelper.h",
"ASWebAuthenticationSessionCallback.h",
"ASWebAuthenticationSession.h",
"ASWebAuthenticationSessionRequest.h",
"ASWebAuthenticationSessionWebBrowserSessionManager.h",
"AuthenticationServices.h",
"ASFoundation.h",
"AuthenticationServices.apinotes",
"ASWebAuthenticationSessionWebBrowserSessionHandling.h",
"ASPasswordCredentialIdentity.h",
"ASPasswordCredentialRequest.h",
"GameKit.apinotes",
"GKAccessPoint.h",
"GameKit.h",
"GKAchievement.h",
"GKAchievementViewController.h",
"GKBasePlayer.h",
"GKAchievementDescription.h",
"GKChallengeEventHandler.h",
"GKCloudPlayer.h",
"GKChallengesViewController.h",
"GKChallenge.h",
"GKDefines.h",
"GKError.h",
"GKEventListener.h",
"GKFriendRequestComposeViewController.h",
"GKDialogController.h",
"GKGameSessionEventListener.h",
"GKGameSessionError.h",
"GKGameCenterViewController.h",
"GKGameSessionSharingViewController.h",
"GKLeaderboardEntry.h",
"GKLeaderboard.h",
"GKLeaderboardScore.h",
"GKGameSession.h",
"GKLeaderboardSet.h",
"GKLocalPlayer.h",
"GKLeaderboardViewController.h",
"GKMatch.h",
"GKMatchmaker.h",
"GKMatchmakerViewController.h",
"GKPeerPickerController.h",
"GKNotificationBanner.h",
"GKPublicConstants.h",
"GKPlayer.h",
"GKPublicProtocols.h",
"GKSavedGameListener.h",
"GKScore.h",
"GKSessionError.h",
"GKVoiceChat.h",
"GKTurnBasedMatchmakerViewController.h",
"GKSession.h",
"GKTurnBasedMatch.h",
"GKSavedGame.h",
"GKVoiceChatService.h"
],
"public": 1,
"adversary": "Turla Group, FIN7, APT34, APT28, DragonForce Malaysia Hacker Group, Indonesia Islamic Warriors Counc",
"targeted_countries": [
"United States of America",
"India",
"Australia"
],
"malware_families": [
{
"id": "OSAtomic",
"display_name": "OSAtomic",
"target": null
},
{
"id": "OSReturn",
"display_name": "OSReturn",
"target": null
},
{
"id": "Ver",
"display_name": "Ver",
"target": null
},
{
"id": "Internet",
"display_name": "Internet",
"target": null
}
],
"attack_ids": [
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1123",
"name": "Audio Capture",
"display_name": "T1123 - Audio Capture"
},
{
"id": "T1070",
"name": "Indicator Removal on Host",
"display_name": "T1070 - Indicator Removal on Host"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1095",
"name": "Non-Application Layer Protocol",
"display_name": "T1095 - Non-Application Layer Protocol"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1119",
"name": "Automated Collection",
"display_name": "T1119 - Automated Collection"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1016",
"name": "System Network Configuration Discovery",
"display_name": "T1016 - System Network Configuration Discovery"
},
{
"id": "T1574",
"name": "Hijack Execution Flow",
"display_name": "T1574 - Hijack Execution Flow"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1049",
"name": "System Network Connections Discovery",
"display_name": "T1049 - System Network Connections Discovery"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1553",
"name": "Subvert Trust Controls",
"display_name": "T1553 - Subvert Trust Controls"
},
{
"id": "T1010",
"name": "Application Window Discovery",
"display_name": "T1010 - Application Window Discovery"
},
{
"id": "T1112",
"name": "Modify Registry",
"display_name": "T1112 - Modify Registry"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 39,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "ilyailya",
"id": "298851",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1968,
"domain": 526,
"FileHash-SHA256": 207,
"hostname": 972,
"email": 55,
"FileHash-SHA1": 9,
"FileHash-MD5": 4,
"CVE": 2,
"CIDR": 10
},
"indicator_count": 3753,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 34,
"modified_text": "347 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "663d2869e0f3a42bbddc42ff",
"name": "UPX executable packer.",
"description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"",
"modified": "2024-10-14T00:01:17.069000",
"created": "2024-05-09T19:47:53.786000",
"tags": [
"cioch adrian",
"centrum usug",
"sieciowych",
"elf binary",
"upx compression",
"roth",
"nextron",
"info",
"javascript",
"html",
"office open",
"xml document",
"network capture",
"win32 exe",
"xml pakietu",
"pdf zestawy",
"przechwytywanie",
"office",
"filehashsha1",
"url https",
"cve cve20201070",
"cve cve20203153",
"cve cve20201048",
"cve cve20211732",
"cve20201048 apr",
"filehashmd5",
"cve cve20010901",
"cve cve20021841",
"cve20153202 apr",
"cve cve20160728",
"cve cve20161807",
"cve cve20175123",
"cve20185407 apr",
"cve cve20054605",
"cve cve20060745",
"cve cve20070452",
"cve cve20070453",
"cve cve20070454",
"cve cve20071355",
"cve cve20071358",
"cve cve20071871",
"cve20149614 apr",
"cve cve20151503",
"cve cve20152080",
"cve cve20157377",
"cve cve20170131",
"cve20200796 may",
"cve cve20113403"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 6861,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Arek-BTC",
"id": "212764",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 5771,
"domain": 3139,
"URL": 14525,
"FileHash-SHA1": 2610,
"IPv4": 108,
"CIDR": 40,
"FileHash-SHA256": 10705,
"FileHash-MD5": 3373,
"YARA": 2,
"CVE": 148,
"Mutex": 7,
"FilePath": 3,
"SSLCertFingerprint": 3,
"email": 23,
"JA3": 1,
"IPv6": 2
},
"indicator_count": 40460,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 137,
"modified_text": "552 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6570a958f96f9b29641ea020",
"name": "Fitbit app link IoC's",
"description": "",
"modified": "2023-12-06T17:03:20.219000",
"created": "2023-12-06T17:03:20.219000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 17,
"FileHash-SHA256": 3730,
"hostname": 1052,
"domain": 446,
"URL": 2806,
"FileHash-MD5": 173,
"FileHash-SHA1": 168,
"email": 1
},
"indicator_count": 8393,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 111,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6570a927b24b94cdd5d344d1",
"name": "Fitbit app link IoC's",
"description": "",
"modified": "2023-12-06T17:02:31.854000",
"created": "2023-12-06T17:02:31.854000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 17,
"FileHash-SHA256": 3730,
"hostname": 1052,
"domain": 446,
"URL": 2806,
"FileHash-MD5": 173,
"FileHash-SHA1": 168,
"email": 1
},
"indicator_count": 8393,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 111,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "657098ff4c59f8ac3f86f613",
"name": "v2 of web.basemark.com plus all suggested ioc,s dont forget about the dropped js files from the 2nd hybrid link",
"description": "",
"modified": "2023-12-06T15:53:35.032000",
"created": "2023-12-06T15:53:35.032000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1168,
"hostname": 1366,
"domain": 412,
"URL": 3576,
"email": 2,
"FileHash-MD5": 61,
"FileHash-SHA1": 54
},
"indicator_count": 6639,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708ed8f7d4b5483117bb66",
"name": "abuse.ch",
"description": "",
"modified": "2023-12-06T15:10:16.397000",
"created": "2023-12-06T15:10:16.397000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 223,
"domain": 383,
"URL": 1639,
"hostname": 560,
"email": 1,
"FileHash-MD5": 2
},
"indicator_count": 2808,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 114,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708e2d7cb4228401888b63",
"name": "possibly a central bank",
"description": "",
"modified": "2023-12-06T15:07:25.990000",
"created": "2023-12-06T15:07:25.990000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 622,
"domain": 2558,
"URL": 4203,
"hostname": 1221,
"CVE": 1
},
"indicator_count": 8605,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708e0d95a8c74cc715f7a2",
"name": "West.cn",
"description": "",
"modified": "2023-12-06T15:06:53.350000",
"created": "2023-12-06T15:06:53.350000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 208,
"domain": 533,
"hostname": 757,
"URL": 1861,
"FileHash-MD5": 1
},
"indicator_count": 3360,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708d657f0895a860febf8f",
"name": "SafeFrame Container",
"description": "",
"modified": "2023-12-06T15:04:05.932000",
"created": "2023-12-06T15:04:05.932000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1416,
"domain": 2979,
"URL": 8250,
"hostname": 2262
},
"indicator_count": 14907,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708d2dc7aa57db55aab29c",
"name": "serverhub.com eonix.net",
"description": "",
"modified": "2023-12-06T15:03:09.373000",
"created": "2023-12-06T15:03:09.373000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"FileHash-SHA256": 876,
"URL": 5708,
"hostname": 1541,
"domain": 915,
"FileHash-MD5": 1
},
"indicator_count": 9042,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c8a9635f156e79238f1",
"name": "intel gained from a spam text",
"description": "",
"modified": "2023-12-06T15:00:26.727000",
"created": "2023-12-06T15:00:26.727000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"FileHash-SHA256": 823,
"domain": 717,
"URL": 2245,
"hostname": 615,
"email": 4,
"FileHash-MD5": 5,
"FileHash-SHA1": 1
},
"indicator_count": 4411,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c712f63f24552fa3e38",
"name": "bgp.net malicious hosting",
"description": "",
"modified": "2023-12-06T15:00:01.600000",
"created": "2023-12-06T15:00:01.600000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 173,
"hostname": 417,
"URL": 1208,
"domain": 267,
"CVE": 1
},
"indicator_count": 2066,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c534aadf7adf4f27d77",
"name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation",
"description": "",
"modified": "2023-12-06T14:59:31.122000",
"created": "2023-12-06T14:59:31.122000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 302,
"domain": 634,
"URL": 2988,
"hostname": 1208
},
"indicator_count": 5132,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c13ee010f81d3f9b3af",
"name": "Malware hosting - hostrocket.com",
"description": "",
"modified": "2023-12-06T14:58:27.115000",
"created": "2023-12-06T14:58:27.115000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 232,
"hostname": 963,
"domain": 412,
"URL": 2337,
"email": 3,
"FileHash-MD5": 1,
"FileHash-SHA1": 1
},
"indicator_count": 3949,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c0791fece390b1a096e",
"name": "Choopa.com - vultr",
"description": "",
"modified": "2023-12-06T14:58:15.734000",
"created": "2023-12-06T14:58:15.734000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 453,
"hostname": 1241,
"domain": 430,
"URL": 3454
},
"indicator_count": 5578,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708c01dca4e6c505e4fca0",
"name": "Hostgator - whitelisted",
"description": "",
"modified": "2023-12-06T14:58:09.135000",
"created": "2023-12-06T14:58:09.135000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 692,
"hostname": 1339,
"domain": 1260,
"URL": 4622,
"FileHash-MD5": 3,
"FileHash-SHA1": 1
},
"indicator_count": 7917,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708aa1dca4e6c505e4fc9e",
"name": "Botnet c&c",
"description": "",
"modified": "2023-12-06T14:52:16.286000",
"created": "2023-12-06T14:52:16.286000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 214,
"hostname": 334,
"URL": 1182,
"FileHash-SHA256": 33
},
"indicator_count": 1763,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "657080d20f7e10c1e37fcf89",
"name": "TarrantCounty.com ~ 03.01.2022",
"description": "",
"modified": "2023-12-06T14:10:26.301000",
"created": "2023-12-06T14:10:26.301000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1078,
"domain": 838,
"hostname": 1607,
"URL": 4134,
"email": 3,
"FileHash-SHA1": 2,
"CIDR": 4,
"FileHash-MD5": 15
},
"indicator_count": 7681,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "657080735501c11ddbb7a988",
"name": "Dominionvoting.com 03.03.22",
"description": "",
"modified": "2023-12-06T14:08:51.329000",
"created": "2023-12-06T14:08:51.329000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 663,
"hostname": 588,
"domain": 413,
"URL": 2183,
"FileHash-MD5": 7
},
"indicator_count": 3854,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6570805953274b32ec1f981b",
"name": "Votebuilder.com",
"description": "",
"modified": "2023-12-06T14:08:25.588000",
"created": "2023-12-06T14:08:25.588000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 869,
"domain": 834,
"URL": 4755,
"hostname": 1559,
"CIDR": 2,
"FileHash-MD5": 10
},
"indicator_count": 8029,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65707e5b7df6f60133e8fb50",
"name": "Jeeng / Powerbox",
"description": "",
"modified": "2023-12-06T13:59:55.129000",
"created": "2023-12-06T13:59:55.129000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 3,
"FileHash-SHA256": 9072,
"domain": 2500,
"hostname": 3584,
"URL": 13548,
"FileHash-MD5": 197,
"FileHash-SHA1": 162,
"email": 19,
"CIDR": 20,
"SSLCertFingerprint": 2,
"BitcoinAddress": 1
},
"indicator_count": 29108,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "653f147a7e55dd916fe9e3e2",
"name": "Fitbit app link IoC's",
"description": "",
"modified": "2023-11-13T22:04:06.580000",
"created": "2023-10-30T02:27:06.140000",
"tags": [
"ssl certificate",
"contacted",
"contacted urls",
"referrer",
"march",
"historical ssl",
"whois sslcert",
"suspicious",
"execution",
"malware",
"core",
"name verdict",
"falco",
"pattern match",
"ascii text",
"file",
"png image",
"sdcwhb",
"windows nt",
"jpeg image",
"jfif",
"appdata",
"kg2exe",
"date",
"unknown",
"general",
"hybrid",
"this",
"click",
"strings",
"class",
"critical",
"error",
"zfaoz",
"falcon sandbox",
"exit",
"node tcp",
"traffic",
"et tor",
"known tor",
"relayrouter",
"tor known",
"tor relayrouter",
"detection list",
"ip address",
"cisco umbrella",
"heur",
"site",
"safe site",
"alexa top",
"million",
"maltiverse",
"malicious url",
"malicious site",
"unsafe",
"riskware",
"swrort",
"downldr",
"artemis",
"team",
"phishing",
"iframe",
"crack",
"xrat",
"installcore",
"facebook",
"bank",
"opencandy",
"nircmd",
"exploit",
"filetour",
"cleaner",
"wacatac",
"win64",
"unruy",
"blacknet rat",
"stealer",
"azorult",
"service",
"runescape",
"download",
"tiggre",
"presenoker",
"conduit",
"xtrat",
"agent",
"patcher",
"adload",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"adaptivebee",
"iobit",
"dropper",
"trojanx",
"webshell",
"adposhel",
"union",
"trojanspy",
"webtoolbar",
"blacklist https",
"blacklist",
"command_and_control",
"Fitbit",
"hidden tear",
"google",
"spyware",
"potentially unwanted progams",
"network",
"bundlers",
"aware"
],
"references": [
"https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile",
"https://www.hybrid-analysis.com/sample/1e5fe7747a445f340ed8db6bd946b6fb2cf2db123b08c3ac818cb8a1c2ae28d0"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "ZfAoz",
"display_name": "ZfAoz",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "MediaMagnet",
"display_name": "MediaMagnet",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "WisdomEyes.16070401.9500",
"display_name": "WisdomEyes.16070401.9500",
"target": null
},
{
"id": "Wacatac",
"display_name": "Wacatac",
"target": null
},
{
"id": "Trojan:Win32/Tiggre",
"display_name": "Trojan:Win32/Tiggre",
"target": "/malware/Trojan:Win32/Tiggre"
},
{
"id": "Unruy",
"display_name": "Unruy",
"target": null
},
{
"id": "BlackNET RAT",
"display_name": "BlackNET RAT",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1114",
"name": "Email Collection",
"display_name": "T1114 - Email Collection"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "652b2a8048e6a285461c4a5d",
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 1052,
"FileHash-MD5": 173,
"FileHash-SHA1": 168,
"FileHash-SHA256": 3730,
"URL": 2806,
"domain": 446,
"CVE": 17,
"email": 1
},
"indicator_count": 8393,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 218,
"modified_text": "888 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "652b2a8048e6a285461c4a5d",
"name": "Fitbit app link IoC's",
"description": "Critical. Fitbit download link found in Google search results.\n[https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile]\n\nBlackNET is a Remote Access Trojan (RAT) - Advanced Windows Botnet.\nCapabilities: stealing/grabbing files and passwords, keylogging, cryptojacking, loading files, executing commands, etc. \n\nOpenCandy , PUP\nCapabilities: Browser home page hijacker, installs unwanted toolbars, plug-ins, and extensions to web browsers, collects information, user\u2019s surfing habits, distribution to third parties without user consent.\n\nProcess Injection: Privilege escalation adversaries use to inject arbitrary code.",
"modified": "2023-11-13T22:04:06.580000",
"created": "2023-10-14T23:55:42.972000",
"tags": [
"ssl certificate",
"contacted",
"contacted urls",
"referrer",
"march",
"historical ssl",
"whois sslcert",
"suspicious",
"execution",
"malware",
"core",
"name verdict",
"falco",
"pattern match",
"ascii text",
"file",
"png image",
"sdcwhb",
"windows nt",
"jpeg image",
"jfif",
"appdata",
"kg2exe",
"date",
"unknown",
"general",
"hybrid",
"this",
"click",
"strings",
"class",
"critical",
"error",
"zfaoz",
"falcon sandbox",
"exit",
"node tcp",
"traffic",
"et tor",
"known tor",
"relayrouter",
"tor known",
"tor relayrouter",
"detection list",
"ip address",
"cisco umbrella",
"heur",
"site",
"safe site",
"alexa top",
"million",
"maltiverse",
"malicious url",
"malicious site",
"unsafe",
"riskware",
"swrort",
"downldr",
"artemis",
"team",
"phishing",
"iframe",
"crack",
"xrat",
"installcore",
"facebook",
"bank",
"opencandy",
"nircmd",
"exploit",
"filetour",
"cleaner",
"wacatac",
"win64",
"unruy",
"blacknet rat",
"stealer",
"azorult",
"service",
"runescape",
"download",
"tiggre",
"presenoker",
"conduit",
"xtrat",
"agent",
"patcher",
"adload",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"adaptivebee",
"iobit",
"dropper",
"trojanx",
"webshell",
"adposhel",
"union",
"trojanspy",
"webtoolbar",
"blacklist https",
"blacklist",
"command_and_control",
"Fitbit",
"hidden tear",
"google",
"spyware",
"potentially unwanted progams",
"network",
"bundlers",
"aware"
],
"references": [
"https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile",
"https://www.hybrid-analysis.com/sample/1e5fe7747a445f340ed8db6bd946b6fb2cf2db123b08c3ac818cb8a1c2ae28d0"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "ZfAoz",
"display_name": "ZfAoz",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "MediaMagnet",
"display_name": "MediaMagnet",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "WisdomEyes.16070401.9500",
"display_name": "WisdomEyes.16070401.9500",
"target": null
},
{
"id": "Wacatac",
"display_name": "Wacatac",
"target": null
},
{
"id": "Trojan:Win32/Tiggre",
"display_name": "Trojan:Win32/Tiggre",
"target": "/malware/Trojan:Win32/Tiggre"
},
{
"id": "Unruy",
"display_name": "Unruy",
"target": null
},
{
"id": "BlackNET RAT",
"display_name": "BlackNET RAT",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1114",
"name": "Email Collection",
"display_name": "T1114 - Email Collection"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 18,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 1052,
"FileHash-MD5": 173,
"FileHash-SHA1": 168,
"FileHash-SHA256": 3730,
"URL": 2806,
"domain": 446,
"CVE": 17,
"email": 1
},
"indicator_count": 8393,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 228,
"modified_text": "888 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "652b2a50c4487060d52346fd",
"name": "Fitbit app link IoC's",
"description": "Critical. Fitbit download link found in Google search results.\n[https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile]\n\nBlackNET is a Remote Access Trojan (RAT) - Advanced Windows Botnet.\nCapabilities: stealing/grabbing files and passwords, keylogging, cryptojacking, loading files, executing commands, etc. \n\nOpenCandy , PUP\nCapabilities: Browser home page hijacker, installs unwanted toolbars, plug-ins, and extensions to web browsers, collects information, user\u2019s surfing habits, distribution to third parties without user consent.\n\nProcess Injection: Privilege escalation adversaries use to inject arbitrary code.",
"modified": "2023-11-13T22:04:06.580000",
"created": "2023-10-14T23:54:55.973000",
"tags": [
"ssl certificate",
"contacted",
"contacted urls",
"referrer",
"march",
"historical ssl",
"whois sslcert",
"suspicious",
"execution",
"malware",
"core",
"name verdict",
"falco",
"pattern match",
"ascii text",
"file",
"png image",
"sdcwhb",
"windows nt",
"jpeg image",
"jfif",
"appdata",
"kg2exe",
"date",
"unknown",
"general",
"hybrid",
"this",
"click",
"strings",
"class",
"critical",
"error",
"zfaoz",
"falcon sandbox",
"exit",
"node tcp",
"traffic",
"et tor",
"known tor",
"relayrouter",
"tor known",
"tor relayrouter",
"detection list",
"ip address",
"cisco umbrella",
"heur",
"site",
"safe site",
"alexa top",
"million",
"maltiverse",
"malicious url",
"malicious site",
"unsafe",
"riskware",
"swrort",
"downldr",
"artemis",
"team",
"phishing",
"iframe",
"crack",
"xrat",
"installcore",
"facebook",
"bank",
"opencandy",
"nircmd",
"exploit",
"filetour",
"cleaner",
"wacatac",
"win64",
"unruy",
"blacknet rat",
"stealer",
"azorult",
"service",
"runescape",
"download",
"tiggre",
"presenoker",
"conduit",
"xtrat",
"agent",
"patcher",
"adload",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"adaptivebee",
"iobit",
"dropper",
"trojanx",
"webshell",
"adposhel",
"union",
"trojanspy",
"webtoolbar",
"blacklist https",
"blacklist",
"command_and_control",
"Fitbit",
"hidden tear",
"google",
"spyware",
"potentially unwanted progams",
"network",
"bundlers",
"aware"
],
"references": [
"https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile",
"https://www.hybrid-analysis.com/sample/1e5fe7747a445f340ed8db6bd946b6fb2cf2db123b08c3ac818cb8a1c2ae28d0"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "ZfAoz",
"display_name": "ZfAoz",
"target": null
},
{
"id": "Maltiverse",
"display_name": "Maltiverse",
"target": null
},
{
"id": "WebToolbar",
"display_name": "WebToolbar",
"target": null
},
{
"id": "MediaMagnet",
"display_name": "MediaMagnet",
"target": null
},
{
"id": "TrojanSpy",
"display_name": "TrojanSpy",
"target": null
},
{
"id": "WisdomEyes.16070401.9500",
"display_name": "WisdomEyes.16070401.9500",
"target": null
},
{
"id": "Wacatac",
"display_name": "Wacatac",
"target": null
},
{
"id": "Trojan:Win32/Tiggre",
"display_name": "Trojan:Win32/Tiggre",
"target": "/malware/Trojan:Win32/Tiggre"
},
{
"id": "Unruy",
"display_name": "Unruy",
"target": null
},
{
"id": "BlackNET RAT",
"display_name": "BlackNET RAT",
"target": null
}
],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1114",
"name": "Email Collection",
"display_name": "T1114 - Email Collection"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 16,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 1052,
"FileHash-MD5": 173,
"FileHash-SHA1": 168,
"FileHash-SHA256": 3730,
"URL": 2806,
"domain": 446,
"CVE": 17,
"email": 1
},
"indicator_count": 8393,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 225,
"modified_text": "888 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "6425a2f9c155fd53b9922bcd",
"name": "v2 of web.basemark.com plus all suggested ioc,s dont forget about the dropped js files from the 2nd hybrid link",
"description": "hope peeps are gona learn from 3cx that false positives are in fact often not false",
"modified": "2023-04-29T13:05:05.409000",
"created": "2023-03-30T14:55:53.652000",
"tags": [
"trojan",
"apt",
"ansi",
"dropped file",
"runtime data",
"chromeua",
"optout",
"programfiles",
"typeof e",
"localappdata",
"error",
"date",
"generator",
"path",
"null",
"void",
"win64",
"twitter",
"this",
"critical",
"desktop",
"dark",
"light",
"meta",
"roboto",
"span",
"class",
"template",
"blink",
"suspicious",
"facebook",
"mexico",
"malicious",
"mozilla",
"strings",
"qakbot",
"://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00"
],
"references": [
"https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9",
"https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9/641e30763dcad56bc2075661",
"http://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 412,
"FileHash-SHA256": 1168,
"URL": 3576,
"hostname": 1366,
"email": 2,
"FileHash-MD5": 61,
"FileHash-SHA1": 54
},
"indicator_count": 6639,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 92,
"modified_text": "1086 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "63ed8628367c1a4f3f8e773a",
"name": "just a load of errors on edge watching twitch",
"description": "load of unknown user pics, but that could just be a twitch thing",
"modified": "2023-03-18T00:05:45.328000",
"created": "2023-02-16T01:26:00.959000",
"tags": [
"object",
"typeerror",
"typeof symbol",
"error",
"typeof t",
"array",
"string",
"typeof e",
"typeof n",
"referenceerror",
"date",
"body",
"null",
"local",
"generator",
"class",
"typeof tcfapi",
"tcfapi",
"daten",
"image",
"typeof comscore",
"true",
"regexp",
"config",
"nolbundle",
"novmsjs",
"nlssdk",
"retry request",
"nolsdkbundle",
"typeof o",
"bsdk check",
"optout",
"basever",
"lsid",
"qqfunction",
"nielsen log",
"info",
"stop",
"logger",
"android",
"donate",
"ukraine relief",
"requestbuilder",
"slotbuilder",
"uint8array",
"nthis",
"promise",
"symbol",
"fullscreen",
"adload",
"false",
"facebook",
"unknown",
"meta",
"direct",
"this",
"close",
"locale",
"model",
"survey",
"companion",
"scroll",
"backspace",
"insert",
"infinity",
"sandbox",
"malware",
"analysis",
"online",
"submit",
"vxstream",
"sample",
"download",
"trojan",
"apt",
"runtime data",
"ansi",
"path",
"hybrid analysis",
"api call",
"registry access",
"function",
"calls",
"window",
"hybrid",
"general",
"click",
"ransomware",
"february",
"strings",
"suspicious",
"irequestslot",
"islotbuilder",
"amazonerrorcode",
"errortype",
"adunit",
"conflict",
"please"
],
"references": [
"https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520",
"webpack buildin global.js",
"SlotBuilder.ts",
"P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js",
"apstag.js",
"nlsSDK600.bundle.min.js",
"v6s.js",
"https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604",
"https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=",
"https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/",
"beacon.js",
"https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "SlotBuilder",
"display_name": "SlotBuilder",
"target": null
},
{
"id": "RequestBuilder",
"display_name": "RequestBuilder",
"target": null
}
],
"attack_ids": [
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1353,
"hostname": 363,
"domain": 201,
"FileHash-SHA256": 203,
"FileHash-MD5": 9,
"FileHash-SHA1": 3
},
"indicator_count": 2132,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 90,
"modified_text": "1128 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "63ed86228ecb2b03d35b046f",
"name": "just a load of errors on edge watching twitch",
"description": "load of unknown user pics, but that could just be a twitch thing",
"modified": "2023-03-18T00:05:45.328000",
"created": "2023-02-16T01:25:54.305000",
"tags": [
"object",
"typeerror",
"typeof symbol",
"error",
"typeof t",
"array",
"string",
"typeof e",
"typeof n",
"referenceerror",
"date",
"body",
"null",
"local",
"generator",
"class",
"typeof tcfapi",
"tcfapi",
"daten",
"image",
"typeof comscore",
"true",
"regexp",
"config",
"nolbundle",
"novmsjs",
"nlssdk",
"retry request",
"nolsdkbundle",
"typeof o",
"bsdk check",
"optout",
"basever",
"lsid",
"qqfunction",
"nielsen log",
"info",
"stop",
"logger",
"android",
"donate",
"ukraine relief",
"requestbuilder",
"slotbuilder",
"uint8array",
"nthis",
"promise",
"symbol",
"fullscreen",
"adload",
"false",
"facebook",
"unknown",
"meta",
"direct",
"this",
"close",
"locale",
"model",
"survey",
"companion",
"scroll",
"backspace",
"insert",
"infinity",
"sandbox",
"malware",
"analysis",
"online",
"submit",
"vxstream",
"sample",
"download",
"trojan",
"apt",
"runtime data",
"ansi",
"path",
"hybrid analysis",
"api call",
"registry access",
"function",
"calls",
"window",
"hybrid",
"general",
"click",
"ransomware",
"february",
"strings",
"suspicious",
"irequestslot",
"islotbuilder",
"amazonerrorcode",
"errortype",
"adunit",
"conflict",
"please"
],
"references": [
"https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520",
"webpack buildin global.js",
"SlotBuilder.ts",
"P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js",
"apstag.js",
"nlsSDK600.bundle.min.js",
"v6s.js",
"https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604",
"https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=",
"https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/",
"beacon.js",
"https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "SlotBuilder",
"display_name": "SlotBuilder",
"target": null
},
{
"id": "RequestBuilder",
"display_name": "RequestBuilder",
"target": null
}
],
"attack_ids": [
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1353,
"hostname": 363,
"domain": 201,
"FileHash-SHA256": 203,
"FileHash-MD5": 9,
"FileHash-SHA1": 3
},
"indicator_count": 2132,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 90,
"modified_text": "1128 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "63b580a925bb698985fa83ea",
"name": "vendor.bundle.js",
"description": "",
"modified": "2023-02-03T13:00:02.804000",
"created": "2023-01-04T13:35:37.535000",
"tags": [
"vxstream",
"trojan",
"apt",
"memoryfile scan",
"error",
"progresstype",
"graytext",
"typeof e",
"highlight",
"bg96gwp",
"typeof",
"window",
"null",
"date",
"span",
"path",
"meta",
"push",
"unknown",
"roboto",
"scroll",
"suspicious",
"close",
"light",
"template",
"abcd",
"android",
"trident",
"backspace",
"insert",
"4096",
"void",
"legend",
"iframe",
"webview",
"infinity",
"ransomware",
"malicious",
"accept toggle",
"voice",
"upgrade"
],
"references": [
"https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d",
"This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.",
"original dropped file discovery url",
"http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css",
"Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)",
"https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1012",
"name": "Query Registry",
"display_name": "T1012 - Query Registry"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1106",
"name": "Native API",
"display_name": "T1106 - Native API"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 16,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 205,
"URL": 1340,
"FileHash-SHA256": 407,
"hostname": 491,
"FileHash-MD5": 8,
"email": 1,
"FileHash-SHA1": 1
},
"indicator_count": 2453,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 90,
"modified_text": "1171 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "62e1ca167a1591e7b4ca1129",
"name": "VirusTotal view-source on https://www.virustotal.com/en/file/undefined/analysis/",
"description": "someone really needs to figure out wtf this is all doing it has to be part of the net.sh",
"modified": "2022-07-28T02:05:04.183000",
"created": "2022-07-27T23:28:22.504000",
"tags": [
"array",
"object",
"typeof t",
"layer1",
"error",
"path",
"function",
"typeerror",
"date",
"svg export",
"span",
"null",
"unknown",
"click",
"february",
"april",
"june",
"august",
"this",
"void",
"bounce",
"string",
"regexp",
"number",
"sxa0",
"amptoken",
"optout",
"notfound",
"contenttype",
"form",
"copyright",
"element",
"polymer project",
"authors",
"bsd style",
"code",
"google",
"software",
"window",
"generator",
"comment",
"trident",
"typeof e",
"typeof symbol",
"typeof btoa",
"btoa",
"typeof reflect",
"boolean",
"customevent",
"plugin",
"build",
"home",
"intelligence",
"graph",
"report",
"urls",
"please",
"javascript",
"https://www.virustotal.com/en/file/undefined/analysis/",
"net.sh"
],
"references": [
"entity%3Aip%20whois%3Ainfo%40anodicnetwork.com.html",
"14.main.bundle.91f9f7ff635e0b797de3.js",
"5.main.bundle.e92e5e24e074f9c2a52b.js",
"0.main.bundle.a9d68f5204cd3ac257b6.js",
"webcomponent-polyfill.js",
"analytics.js",
"12.main.bundle.50be73a11d1d3745a5ee.js",
"\" Page not found Page not found