{ "type": "URL", "indicator": "https://timewisevirtual.co.uk/tle/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://timewisevirtual.co.uk/tle/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3681254607, "indicator": "https://timewisevirtual.co.uk/tle/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6474a025e7830f86fcbda9ba", "name": "QBot malware abuses Windows WordPad EXE to infect devices", "description": "The QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program to infect computers, using the legitimate program to evade detection by security software.\n\nA DLL is a library file containing functions that can be used by more than one program at the same time. When an application is launched, it will attempt to load any required DLLs.\n\nIt does this by searching through specific Windows folders for the DLL and, when found, loads it. However, Windows applications will prioritize DLLs in the same folder as the executable, loading them before all others.", "modified": "2023-06-28T12:05:32.597000", "created": "2023-05-29T12:52:53.004000", "tags": [ "path", "span", "script", "button", "link", "header dropdown", "github", "footer", "template", "product", "form", "meta", "copy", "code", "qakbot", "enterprise", "open", "reload", "body", "find", "write", "star", "close", "desktop", "encodedcommand", "main" ], "references": [ "https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_15.05.2023.txt", "https://www.bleepingcomputer.com/news/security/qbot-malware-abuses-windows-wordpad-exe-to-infect-devices/", "https://twitter.com/Cryptolaemus1/status/1658152178945601549" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 307, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dekaRituraj", "id": "99856", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_99856/resized/80/avatar_0e93d502b7.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 630, "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 20, "domain": 506 }, "indicator_count": 1160, "is_author": false, "is_subscribing": null, "subscriber_count": 434, "modified_text": "1069 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "647610098b9502588eee94d2", "name": "QBot malware abuses Windows WordPad EXE to infect devices", "description": "", "modified": "2023-06-28T12:05:32.597000", "created": "2023-05-30T15:02:33.979000", "tags": [ "path", "span", "script", "button", "link", "header dropdown", "github", "footer", "template", "product", "form", "meta", "copy", "code", "qakbot", "enterprise", "open", "reload", "body", "find", "write", "star", "close", "desktop", "encodedcommand", "main" ], "references": [ "https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_15.05.2023.txt", "https://www.bleepingcomputer.com/news/security/qbot-malware-abuses-windows-wordpad-exe-to-infect-devices/", "https://twitter.com/Cryptolaemus1/status/1658152178945601549" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6474a025e7830f86fcbda9ba", "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OtpNgGim", "id": "207976", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 630, "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 20, "domain": 506 }, "indicator_count": 1160, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "1069 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/Cryptolaemus1/status/1658152178945601549", "https://www.bleepingcomputer.com/news/security/qbot-malware-abuses-windows-wordpad-exe-to-infect-devices/", "https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_15.05.2023.txt" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 1273 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/timewisevirtual.co.uk", "whois": "http://whois.domaintools.com/timewisevirtual.co.uk", "domain": "timewisevirtual.co.uk", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6474a025e7830f86fcbda9ba", "name": "QBot malware abuses Windows WordPad EXE to infect devices", "description": "The QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program to infect computers, using the legitimate program to evade detection by security software.\n\nA DLL is a library file containing functions that can be used by more than one program at the same time. When an application is launched, it will attempt to load any required DLLs.\n\nIt does this by searching through specific Windows folders for the DLL and, when found, loads it. However, Windows applications will prioritize DLLs in the same folder as the executable, loading them before all others.", "modified": "2023-06-28T12:05:32.597000", "created": "2023-05-29T12:52:53.004000", "tags": [ "path", "span", "script", "button", "link", "header dropdown", "github", "footer", "template", "product", "form", "meta", "copy", "code", "qakbot", "enterprise", "open", "reload", "body", "find", "write", "star", "close", "desktop", "encodedcommand", "main" ], "references": [ "https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_15.05.2023.txt", "https://www.bleepingcomputer.com/news/security/qbot-malware-abuses-windows-wordpad-exe-to-infect-devices/", "https://twitter.com/Cryptolaemus1/status/1658152178945601549" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 307, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dekaRituraj", "id": "99856", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_99856/resized/80/avatar_0e93d502b7.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 630, "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 20, "domain": 506 }, "indicator_count": 1160, "is_author": false, "is_subscribing": null, "subscriber_count": 434, "modified_text": "1069 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "647610098b9502588eee94d2", "name": "QBot malware abuses Windows WordPad EXE to infect devices", "description": "", "modified": "2023-06-28T12:05:32.597000", "created": "2023-05-30T15:02:33.979000", "tags": [ "path", "span", "script", "button", "link", "header dropdown", "github", "footer", "template", "product", "form", "meta", "copy", "code", "qakbot", "enterprise", "open", "reload", "body", "find", "write", "star", "close", "desktop", "encodedcommand", "main" ], "references": [ "https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_15.05.2023.txt", "https://www.bleepingcomputer.com/news/security/qbot-malware-abuses-windows-wordpad-exe-to-infect-devices/", "https://twitter.com/Cryptolaemus1/status/1658152178945601549" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6474a025e7830f86fcbda9ba", "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OtpNgGim", "id": "207976", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 630, "FileHash-MD5": 1, "FileHash-SHA1": 3, "FileHash-SHA256": 20, "domain": 506 }, "indicator_count": 1160, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "1069 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://timewisevirtual.co.uk/tle/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://timewisevirtual.co.uk/tle/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780315727.0252967 }