{ "type": "URL", "indicator": "https://tronscna.org", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://tronscna.org", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2899322104, "indicator": "https://tronscna.org", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 15, "pulses": [ { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66c5dcd42da951f32ee24e0f", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashesrs", "description": "", "modified": "2024-08-21T12:25:56.328000", "created": "2024-08-21T12:25:56.328000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": "655d0ec7b7cb12c66cac457d", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "606 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65be56d257bb241c4fa3f68d", "name": "AZORult CnC", "description": "Behaviors\n\nSteals computer data, such as installed programs, machine globally unique identifier (GUID), system architecture, system language, user name, computer name, and operating system (OS) version\nSteals stored account information used in different installed File Transfer Protocol (FTP) clients or file manager software\nSteals stored email credentials of different mail clients\nSteals user names, passwords, and hostnames from different browsers\nSteals bitcoin wallets - Monero and uCoin\nSteals Steam and telegram credentials\nSteals Skype chat history and messages\nExecutes backdoor commands from a remote malicious user to collect host Internet protocol (IP) information, download/execute/delete file\nCapabilities\n\nInformation Theft\nBackdoor commands\nExploits\nDownload Routine\nImpact\n\nCompromise system security - with backdoor capabilities that can execute malicious commands, downloads and installs additional malwares", "modified": "2024-03-04T14:03:17.574000", "created": "2024-02-03T15:08:02.291000", "tags": [ "ssl certificate", "whois record", "threat roundup", "whois whois", "january", "historical ssl", "referrer", "april", "resolutions", "siblings domain", "march", "february", "obz4usfn0 http", "problems", "threat network", "infrastructure", "st201601152", "startpage", "iframe", "united", "unknown", "search", "showing", "united kingdom", "creation date", "aaaa", "cname", "scan endpoints", "all octoseek", "date", "next", "script urls", "soa nxdomain", "link", "xml title", "portugal", "domain", "status", "expiration date", "pulse pulses", "as44273 host", "domain robot", "as61969 team", "body", "as8075", "netherlands", "servers", "emails", "duo insight", "type", "asnone united", "name servers", "germany unknown", "passive dns", "as14061", "as49453", "lowfi", "a domains", "urls", "privacy inc", "customer", "trojandropper", "dynamicloader", "default", "medium", "entries", "khtml", "download", "show", "activity", "http", "copy", "write", "malware", "adware affiliate", "hostname", "trojan", "pulse submit", "url analysis", "files", "as212913 fop", "russia unknown", "as397240", "as15169 google", "as19237 omnis", "as22169 omnis", "as20068 hawk", "as133618", "as47846", "as22489", "encrypt", "record value", "pragma", "accept ch", "ireland unknown", "msie", "chrome", "style", "gmt setcookie", "as6724 strato", "core", "win32", "backdoor", "expl", "exploit", "ipv4", "virtool", "azorult cnc", "possible", "as7018 att", "regsetvalueexa", "china as4134", "service", "asnone", "dns lookup", "ransom", "push", "eternalblue", "recon", "playgame", "domain name", "as13768 aptum", "meta", "error", "as43350 nforce", "as55286", "as60558 phoenix", "ip address", "registrar", "1996", "contacted", "unlocker", "red team", "af81 http", "execution", "open", "whois sslcert", "suspicious c2", "cve202322518", "collection", "vt graph", "excel", "emotet", "metro", "jeffrey reimer pt", "sharecare", "tsara brashears", "apple", "icloud" ], "references": [ "https://www.sharecare.com/doctor/jeffrey-reimer-6ie6z", "qbot.zip", "imp.fusioninstall.com", "https://mylegalbid.com/malwarebytes", "192.185.223.216 | 192.168.56.1 [malware]", "http://45.159.189.105/bot/regex", "https://success.trendmicro.com/dcx/s/solution/000146108-azorult-malware-information?language=en_US&sfdcIFrameOrigin=null", "http://config.premiuminstaller.com/config/ls/offers.json?pid=installer&ts=2014-10-14T18:54:45.9443368Z&br=CR&adprovider=marmarf", "xhamster.comyouporn.com", "cams4all.com", "watchhers.net", "weconnect.com", "icloud-appleidsuport.com | appleid.com | apple.com | apple-dns.net", "http://install.oinstaller5.com/o/jfaquew_jupdate/setup.exe?mode=dlshift&sf=0&subid=a208&filedescription=setup&adprovider=jfaquew&cpixe", "init.ess.apple.com | 0-courier.push.apple.com | dns1.registrar-servers.com", "Apple -dns1.registrar-servers.com | emails.redvue.com | icloud-appleidsuport.com", "https://songculture.com/tsara-brashears | https://www.songculture.com/tsara-brashears-music", "https://www.songculture.com/tsara-lynn-brashears-music", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "youramateuporn.com", "ns2.abovedomains.com", "ww16.porn-community.porn25.com", "https://totallyspies.1000hentai.com/tag/clover-porn/", "pirateproxy.cc", "mwilliams.dev@gmail.com | piratepages.com", "838114.parkingcrew.net", "static-push-preprod.porndig.com", "www.redtube.comyouporn.com", "https://severeporn-com.pornproxy.page/", "https://spankbang-com.pornproxy.page/593ao/video/sunshine%20mouth%20stuffed%20gagged%20and%20tied%20with%20her%20friend", "yoursexy.porn | indianyouporn.com", "source-6.youporn.express | source-6.sexpornsource.com\t hostname\tsource-3.xxxporn.club | source-2.pornhubs.best | source-2.freepornxo.com", "cdn.pornsocket.com", "http://secure.indianpornpass.com/track/hotpornstuff", "www.anyxxxtube.net", "https://twitter.com/PORNO_SEXYBABES", "http://www.my-sexcam.com/mf6w/?K48hY=mUHPm4taPKwCazx4uoqkcvO3m838TOpLC/XyTruUQEV1lwGjr5ldYJa4yIBvf0ifHE4=&sHB=DPfXxzFpo", "campaign-manager.sharecare.com", "qa.companycam.com", "https://app.join.engineeringim.com/e/er?utm_source=eloqua&utm_medium=email&utm_campaign=&sp_cid=&utm_content=PB_NAM23BSE_PB_06_BATT_PW_Shmuel&sp_aid=27591&sp_rid=31788066&sp_eh=577a94ae55b9b9c106e776e684a2413f8c4dac061fc5b814c054be9e822698d9&s=949606000&lid=79146&elqTrackId=2AD273F3E5AB3555FA7D5FA11122C7C2&elq=a46790e54bbc42d2b0adbc4e6533814e&elqaid=27591&elqat=1", "24-70mm.camera", "dropboxpayments.com", "http://r3.i.lencr.org/ | r3.i.lencr.org | c.lencr.org | x1.c.lencr.org", "http://xred.mooo.com", "https://sexgalaxy.net/tag/rodneymoore/", "http://alive.overit.com/~schoolbu/badmood3.exe", "jimgaffigan.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United Kingdom of Great Britain and Northern Ireland", "United States of America", "Netherlands", "Germany", "France" ], "malware_families": [ { "id": "Adware Affiliate", "display_name": "Adware Affiliate", "target": null }, { "id": "AZORult CnC", "display_name": "AZORult CnC", "target": null }, { "id": "Possible", "display_name": "Possible", "target": null }, { "id": "VirTool", "display_name": "VirTool", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 737, "FileHash-SHA1": 692, "FileHash-SHA256": 7488, "URL": 6694, "domain": 5247, "hostname": 2932, "email": 49, "CVE": 2, "SSLCertFingerprint": 1 }, "indicator_count": 23842, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "776 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65be56d6df9d36bac14ccd87", "name": "AZORult CnC", "description": "Behaviors\n\nSteals computer data, such as installed programs, machine globally unique identifier (GUID), system architecture, system language, user name, computer name, and operating system (OS) version\nSteals stored account information used in different installed File Transfer Protocol (FTP) clients or file manager software\nSteals stored email credentials of different mail clients\nSteals user names, passwords, and hostnames from different browsers\nSteals bitcoin wallets - Monero and uCoin\nSteals Steam and telegram credentials\nSteals Skype chat history and messages\nExecutes backdoor commands from a remote malicious user to collect host Internet protocol (IP) information, download/execute/delete file\nCapabilities\n\nInformation Theft\nBackdoor commands\nExploits\nDownload Routine\nImpact\n\nCompromise system security - with backdoor capabilities that can execute malicious commands, downloads and installs additional malwares", "modified": "2024-03-04T14:03:17.574000", "created": "2024-02-03T15:08:06.808000", "tags": [ "ssl certificate", "whois record", "threat roundup", "whois whois", "january", "historical ssl", "referrer", "april", "resolutions", "siblings domain", "march", "february", "obz4usfn0 http", "problems", "threat network", "infrastructure", "st201601152", "startpage", "iframe", "united", "unknown", "search", "showing", "united kingdom", "creation date", "aaaa", "cname", "scan endpoints", "all octoseek", "date", "next", "script urls", "soa nxdomain", "link", "xml title", "portugal", "domain", "status", "expiration date", "pulse pulses", "as44273 host", "domain robot", "as61969 team", "body", "as8075", "netherlands", "servers", "emails", "duo insight", "type", "asnone united", "name servers", "germany unknown", "passive dns", "as14061", "as49453", "lowfi", "a domains", "urls", "privacy inc", "customer", "trojandropper", "dynamicloader", "default", "medium", "entries", "khtml", "download", "show", "activity", "http", "copy", "write", "malware", "adware affiliate", "hostname", "trojan", "pulse submit", "url analysis", "files", "as212913 fop", "russia unknown", "as397240", "as15169 google", "as19237 omnis", "as22169 omnis", "as20068 hawk", "as133618", "as47846", "as22489", "encrypt", "record value", "pragma", "accept ch", "ireland unknown", "msie", "chrome", "style", "gmt setcookie", "as6724 strato", "core", "win32", "backdoor", "expl", "exploit", "ipv4", "virtool", "azorult cnc", "possible", "as7018 att", "regsetvalueexa", "china as4134", "service", "asnone", "dns lookup", "ransom", "push", "eternalblue", "recon", "playgame", "domain name", "as13768 aptum", "meta", "error", "as43350 nforce", "as55286", "as60558 phoenix", "ip address", "registrar", "1996", "contacted", "unlocker", "red team", "af81 http", "execution", "open", "whois sslcert", "suspicious c2", "cve202322518", "collection", "vt graph", "excel", "emotet", "metro", "jeffrey reimer pt", "sharecare", "tsara brashears", "apple", "icloud" ], "references": [ "https://www.sharecare.com/doctor/jeffrey-reimer-6ie6z", "qbot.zip", "imp.fusioninstall.com", "https://mylegalbid.com/malwarebytes", "192.185.223.216 | 192.168.56.1 [malware]", "http://45.159.189.105/bot/regex", "https://success.trendmicro.com/dcx/s/solution/000146108-azorult-malware-information?language=en_US&sfdcIFrameOrigin=null", "http://config.premiuminstaller.com/config/ls/offers.json?pid=installer&ts=2014-10-14T18:54:45.9443368Z&br=CR&adprovider=marmarf", "xhamster.comyouporn.com", "cams4all.com", "watchhers.net", "weconnect.com", "icloud-appleidsuport.com | appleid.com | apple.com | apple-dns.net", "http://install.oinstaller5.com/o/jfaquew_jupdate/setup.exe?mode=dlshift&sf=0&subid=a208&filedescription=setup&adprovider=jfaquew&cpixe", "init.ess.apple.com | 0-courier.push.apple.com | dns1.registrar-servers.com", "Apple -dns1.registrar-servers.com | emails.redvue.com | icloud-appleidsuport.com", "https://songculture.com/tsara-brashears | https://www.songculture.com/tsara-brashears-music", "https://www.songculture.com/tsara-lynn-brashears-music", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "youramateuporn.com", "ns2.abovedomains.com", "ww16.porn-community.porn25.com", "https://totallyspies.1000hentai.com/tag/clover-porn/", "pirateproxy.cc", "mwilliams.dev@gmail.com | piratepages.com", "838114.parkingcrew.net", "static-push-preprod.porndig.com", "www.redtube.comyouporn.com", "https://severeporn-com.pornproxy.page/", "https://spankbang-com.pornproxy.page/593ao/video/sunshine%20mouth%20stuffed%20gagged%20and%20tied%20with%20her%20friend", "yoursexy.porn | indianyouporn.com", "source-6.youporn.express | source-6.sexpornsource.com\t hostname\tsource-3.xxxporn.club | source-2.pornhubs.best | source-2.freepornxo.com", "cdn.pornsocket.com", "http://secure.indianpornpass.com/track/hotpornstuff", "www.anyxxxtube.net", "https://twitter.com/PORNO_SEXYBABES", "http://www.my-sexcam.com/mf6w/?K48hY=mUHPm4taPKwCazx4uoqkcvO3m838TOpLC/XyTruUQEV1lwGjr5ldYJa4yIBvf0ifHE4=&sHB=DPfXxzFpo", "campaign-manager.sharecare.com", "qa.companycam.com", "https://app.join.engineeringim.com/e/er?utm_source=eloqua&utm_medium=email&utm_campaign=&sp_cid=&utm_content=PB_NAM23BSE_PB_06_BATT_PW_Shmuel&sp_aid=27591&sp_rid=31788066&sp_eh=577a94ae55b9b9c106e776e684a2413f8c4dac061fc5b814c054be9e822698d9&s=949606000&lid=79146&elqTrackId=2AD273F3E5AB3555FA7D5FA11122C7C2&elq=a46790e54bbc42d2b0adbc4e6533814e&elqaid=27591&elqat=1", "24-70mm.camera", "dropboxpayments.com", "http://r3.i.lencr.org/ | r3.i.lencr.org | c.lencr.org | x1.c.lencr.org", "http://xred.mooo.com", "https://sexgalaxy.net/tag/rodneymoore/", "http://alive.overit.com/~schoolbu/badmood3.exe", "jimgaffigan.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United Kingdom of Great Britain and Northern Ireland", "United States of America", "Netherlands", "Germany", "France" ], "malware_families": [ { "id": "Adware Affiliate", "display_name": "Adware Affiliate", "target": null }, { "id": "AZORult CnC", "display_name": "AZORult CnC", "target": null }, { "id": "Possible", "display_name": "Possible", "target": null }, { "id": "VirTool", "display_name": "VirTool", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8134, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 737, "FileHash-SHA1": 692, "FileHash-SHA256": 7488, "URL": 6694, "domain": 5247, "hostname": 2932, "email": 49, "CVE": 2, "SSLCertFingerprint": 1 }, "indicator_count": 23842, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "776 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0ec7b7cb12c66cac457d", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:10:47.792000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 69, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "850 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0edbb8c22bcb4e5969b8", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:11:07.064000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 68, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "850 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0f94ad4d7cdc5e3f0a98", "name": "BlackNET", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:14:12.454000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 73, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "850 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708db0c7b19b62c501601b", "name": "DDOS Attack", "description": "", "modified": "2023-12-06T15:05:20.038000", "created": "2023-12-06T15:05:20.038000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 182, "FileHash-SHA256": 519, "domain": 190, "URL": 528, "FileHash-SHA1": 2 }, "indicator_count": 1421, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708a0bc7609ce090cb33e5", "name": "lapsus known associations", "description": "", "modified": "2023-12-06T14:49:47.058000", "created": "2023-12-06T14:49:47.058000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 182, "FileHash-SHA256": 519, "domain": 190, "URL": 528, "FileHash-SHA1": 2 }, "indicator_count": 1421, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f02354c2493b26aca12", "name": "Neustar.biz", "description": "", "modified": "2023-12-06T14:02:42.071000", "created": "2023-12-06T14:02:42.071000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 584, "domain": 248, "URL": 1305, "hostname": 656, "CVE": 1, "email": 7, "FileHash-SHA1": 6, "FileHash-MD5": 5 }, "indicator_count": 2812, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6546cf78627adef6562a97aa", "name": "Browser Malware Attack", "description": "Attacking my browser to identify.\nCommand for critical failure/destruction: https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "modified": "2023-12-04T22:00:43.514000", "created": "2023-11-04T23:10:48.676000", "tags": [ "united", "facebook", "phishtank", "detection list", "ip address", "blacklist", "paypal", "cisco umbrella", "site", "alexa top", "safe site", "million", "malicious url", "malware site", "malicious site", "malware", "name verdict", "falcon sandbox", "reports no", "speci", "efr1", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "et tor", "known tor", "relayrouter", "date", "unknown", "general", "hybrid", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "phishing site", "heur", "cyber threat", "unsafe", "riskware", "phishing", "bank", "service", "artemis", "team", "xtrat", "agent", "xrat", "filetour", "exploit", "conduit", "opencandy", "fusioncore", "orkut", "steam", "genkryptik", "runescape", "presenoker", "ramnit", "msil", "crack", "tofsee", "suppobox", "malicious", "simda", "vawtrak", "hotmail", "generic", "webtoolbar", "hsbc", "maltiverse", "ip summary", "url summary", "summary", "sample", "samples", "count blacklist", "tag count", "downldr", "cleaner", "iframe", "wacatac", "alexa", "win64", "swrort", "installcore", "azorult", "download", "blacknet rat", "stealer", "softcnapp", "nircmd", "unruy", "patcher", "adload", "dropper", "installpack", "tiggre", "gamehack", "trojanspy", "germany http", "attacker", "static engine", "internet storm", "center", "passive dns", "urls", "scan endpoints", "all search", "otx scoreblue", "url http", "pulse pulses", "http", "related nids" ], "references": [ "https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "object.prototype.hasownproperty.call", "hasownproperty.call", "a.default.meta.applestore.id", "applestore.id", "http://decafsmob.this.id", "id.google.com", "http://critical-system-failure7250.21ny35098453.com-bm3y-v806d9gk.cricket/", "http://git.io/yBU2rg", "critical-failure-alert2286.40ek97931491.com-4nj1ze3ivfwy.website", "https://fairspin.io/?track_id=44698569&pid=1&geo=6252001&utm_source=bonafides&utm_medium=&utm_campaign=smarttds&utm_term=incorrect_param", "http://tracking.3061331.corn10wuk.club", "http://information.7174932.cakcuk.az/tracking/tracking.php?id=8459701&page=904", "apps.apple.com/us/app/id$", "t.name", "http://e.id?e.id:e.id.getAttribute", "location.search", "https://dnsorangetel.dn2.n-helix.com", "1080p-torrent.ml", "states.app", "dev-2.ernestatech.com", "https://hybrid-analysis.com/sample/d26000dfe1137f05f9187996dc752a703000402fe9e35a8ea216e9215a34560d", "209.85.145.113 [malware]", "cdn.fuckporntube.com", "www.search.app.goo.gl", "apps.apple.com", "http://www.youtube.com/gen_204?cplatform=tablet&c=android&cver=5.6.36&cos=Android&cosver=4.4.2&cbr=com.google.android.youtube&cbrv", "https://coloradosprings.americanlisted.com/pets-animals/beautiful-ragdoll-kittens_31591993.html", "globalworker1.sol.us", "worker-m-tlcus1.sol.us" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Ireland", "Singapore" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "HSBC", "display_name": "HSBC", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "GameHack", "display_name": "GameHack", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1015, "hostname": 1309, "FileHash-MD5": 466, "FileHash-SHA1": 255, "FileHash-SHA256": 3783, "URL": 4001, "CVE": 9, "email": 3 }, "indicator_count": 10841, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "867 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6546d0120a7e479fecffe2b1", "name": "Browser Malware Attack", "description": "Attacking browser to identify researcher.\nCommand for critical failure/destruction: https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "modified": "2023-12-04T22:00:43.514000", "created": "2023-11-04T23:13:21.883000", "tags": [ "united", "facebook", "phishtank", "detection list", "ip address", "blacklist", "paypal", "cisco umbrella", "site", "alexa top", "safe site", "million", "malicious url", "malware site", "malicious site", "malware", "name verdict", "falcon sandbox", "reports no", "speci", "efr1", "pattern match", "file", "web open", "font format", "truetype", "indicator", "windows nt", "et tor", "known tor", "relayrouter", "date", "unknown", "general", "hybrid", "local", "stream", "click", "strings", "class", "generator", "critical", "error", "self", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "phishing site", "heur", "cyber threat", "unsafe", "riskware", "phishing", "bank", "service", "artemis", "team", "xtrat", "agent", "xrat", "filetour", "exploit", "conduit", "opencandy", "fusioncore", "orkut", "steam", "genkryptik", "runescape", "presenoker", "ramnit", "msil", "crack", "tofsee", "suppobox", "malicious", "simda", "vawtrak", "hotmail", "generic", "webtoolbar", "hsbc", "maltiverse", "ip summary", "url summary", "summary", "sample", "samples", "count blacklist", "tag count", "downldr", "cleaner", "iframe", "wacatac", "alexa", "win64", "swrort", "installcore", "azorult", "download", "blacknet rat", "stealer", "softcnapp", "nircmd", "unruy", "patcher", "adload", "dropper", "installpack", "tiggre", "gamehack", "trojanspy", "germany http", "attacker", "static engine", "internet storm", "center", "passive dns", "urls", "scan endpoints", "all search", "otx scoreblue", "url http", "pulse pulses", "http", "related nids" ], "references": [ "https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "object.prototype.hasownproperty.call", "hasownproperty.call", "a.default.meta.applestore.id", "applestore.id", "http://decafsmob.this.id", "id.google.com", "http://critical-system-failure7250.21ny35098453.com-bm3y-v806d9gk.cricket/", "http://git.io/yBU2rg", "critical-failure-alert2286.40ek97931491.com-4nj1ze3ivfwy.website", "https://fairspin.io/?track_id=44698569&pid=1&geo=6252001&utm_source=bonafides&utm_medium=&utm_campaign=smarttds&utm_term=incorrect_param", "http://tracking.3061331.corn10wuk.club", "http://information.7174932.cakcuk.az/tracking/tracking.php?id=8459701&page=904", "apps.apple.com/us/app/id$", "t.name", "http://e.id?e.id:e.id.getAttribute", "location.search", "https://dnsorangetel.dn2.n-helix.com", "1080p-torrent.ml", "states.app", "dev-2.ernestatech.com", "https://hybrid-analysis.com/sample/d26000dfe1137f05f9187996dc752a703000402fe9e35a8ea216e9215a34560d", "209.85.145.113 [malware]", "cdn.fuckporntube.com", "www.search.app.goo.gl", "apps.apple.com", "http://www.youtube.com/gen_204?cplatform=tablet&c=android&cver=5.6.36&cos=Android&cosver=4.4.2&cbr=com.google.android.youtube&cbrv", "https://coloradosprings.americanlisted.com/pets-animals/beautiful-ragdoll-kittens_31591993.html", "globalworker1.sol.us", "worker-m-tlcus1.sol.us" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Ireland", "Singapore" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "HSBC", "display_name": "HSBC", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "GameHack", "display_name": "GameHack", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1015, "hostname": 1309, "FileHash-MD5": 466, "FileHash-SHA1": 255, "FileHash-SHA256": 3783, "URL": 4001, "CVE": 9, "email": 3 }, "indicator_count": 10841, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "867 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "627b806be644fbc56410ea90", "name": "DDOS Attack", "description": "", "modified": "2022-05-11T09:22:51.290000", "created": "2022-05-11T09:22:51.290000", "tags": [ "soap-demo.xyz", "associations", "lapsus" ], "references": [ "soap-demo.xyz" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "623d1ab277bbaca57464872b", "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ALSHOBAKI", "id": "192458", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 519, "hostname": 182, "domain": 190, "URL": 528, "FileHash-SHA1": 2 }, "indicator_count": 1421, "is_author": false, "is_subscribing": null, "subscriber_count": 42, "modified_text": "1439 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "623d1ab277bbaca57464872b", "name": "lapsus known associations", "description": "", "modified": "2022-04-24T00:01:15.470000", "created": "2022-03-25T01:28:18.545000", "tags": [ "soap-demo.xyz", "associations", "lapsus" ], "references": [ "soap-demo.xyz" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 519, "hostname": 182, "domain": 190, "URL": 528, "FileHash-SHA1": 2 }, "indicator_count": 1421, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6216651300b16bc2a50500e6", "name": "Neustar.biz", "description": "", "modified": "2022-03-25T00:03:52.440000", "created": "2022-02-23T16:47:15.827000", "tags": [ "whois record", "ssl certificate", "whois", "registry", "biz registry", "operator", "historical ssl", "graph summary", "atreya", "neustar", "july", "am manos", "antonakakis", "burke", "joffe", "foster", "dejong", "robinson", "steve dejong", "mark robinson", "win32 exe", "microsoft", "date", "subdomains", "communicating", "detections type", "name", "server", "redacted for", "domain status", "privacy tech", "privacy admin", "algorithm", "key identifier", "x509v3 subject", "country", "umbrella", "code" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 656, "URL": 1305, "domain": 248, "FileHash-SHA256": 584, "CVE": 1, "email": 7, "FileHash-SHA1": 6, "FileHash-MD5": 5 }, "indicator_count": 2812, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1486 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "Thor Scan: S-I9VvMTB6cZU", "https://dnsorangetel.dn2.n-helix.com", "https://urlscan.io/search/#ualberta.ca", "location.search", "source-6.youporn.express | source-6.sexpornsource.com\t hostname\tsource-3.xxxporn.club | source-2.pornhubs.best | source-2.freepornxo.com", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.join.engineeringim.com/e/er?utm_source=eloqua&utm_medium=email&utm_campaign=&sp_cid=&utm_content=PB_NAM23BSE_PB_06_BATT_PW_Shmuel&sp_aid=27591&sp_rid=31788066&sp_eh=577a94ae55b9b9c106e776e684a2413f8c4dac061fc5b814c054be9e822698d9&s=949606000&lid=79146&elqTrackId=2AD273F3E5AB3555FA7D5FA11122C7C2&elq=a46790e54bbc42d2b0adbc4e6533814e&elqaid=27591&elqat=1", "states.app", "209.85.145.113 [malware]", "https://success.trendmicro.com/dcx/s/solution/000146108-azorult-malware-information?language=en_US&sfdcIFrameOrigin=null", "838114.parkingcrew.net", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "dropboxpayments.com", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "http://critical-system-failure7250.21ny35098453.com-bm3y-v806d9gk.cricket/", "https://www.hudsonrock.com/search?domain=ualberta.ca", "http://secure.indianpornpass.com/track/hotpornstuff", "https://coloradosprings.americanlisted.com/pets-animals/beautiful-ragdoll-kittens_31591993.html", "http://r3.i.lencr.org/ | r3.i.lencr.org | c.lencr.org | x1.c.lencr.org", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "hasownproperty.call", "https://mylegalbid.com/malwarebytes", "object.prototype.hasownproperty.call", "a.default.meta.applestore.id", "https://search.app.goo.gl/?ofl=https://lens.google&al=googleapp://lens?lens_data=KAw&apn=com.google.android.googlequicksearchbox&amv=301204913&isi=284815942&ius=googleapp&ibi=com.goog", "http://www.my-sexcam.com/mf6w/?K48hY=mUHPm4taPKwCazx4uoqkcvO3m838TOpLC/XyTruUQEV1lwGjr5ldYJa4yIBvf0ifHE4=&sHB=DPfXxzFpo", "http://git.io/yBU2rg", "AppRegistrationList.csv", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "campaign-manager.sharecare.com", "icloud-appleidsuport.com | appleid.com | apple.com | apple-dns.net", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "https://tria.ge/240521-q4s79agb25/static1", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://sexgalaxy.net/tag/rodneymoore/", "watchhers.net", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "1080p-torrent.ml", "http://config.premiuminstaller.com/config/ls/offers.json?pid=installer&ts=2014-10-14T18:54:45.9443368Z&br=CR&adprovider=marmarf", "yoursexy.porn | indianyouporn.com", "https://www.sharecare.com/doctor/jeffrey-reimer-6ie6z", "Apple -dns1.registrar-servers.com | emails.redvue.com | icloud-appleidsuport.com", "https://songculture.com/tsara-brashears | https://www.songculture.com/tsara-brashears-music", "cdn.fuckporntube.com", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "ns2.abovedomains.com", "http://www.youtube.com/gen_204?cplatform=tablet&c=android&cver=5.6.36&cos=Android&cosver=4.4.2&cbr=com.google.android.youtube&cbrv", "https://tria.ge/240517-t9pc2ahb2t", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "id.google.com", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://severeporn-com.pornproxy.page/", "globalworker1.sol.us", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "www.search.app.goo.gl", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "soap-demo.xyz", "static-push-preprod.porndig.com", "www.redtube.comyouporn.com", "https://tria.ge/240517-vdwb5shc71/behavioral1", "dev-2.ernestatech.com", "https://www.songculture.com/tsara-lynn-brashears-music", "applestore.id", "qbot.zip", "http://information.7174932.cakcuk.az/tracking/tracking.php?id=8459701&page=904", "cdn.pornsocket.com", "24-70mm.camera", "http://decafsmob.this.id", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://spankbang-com.pornproxy.page/593ao/video/sunshine%20mouth%20stuffed%20gagged%20and%20tied%20with%20her%20friend", "qa.companycam.com", "http://alive.overit.com/~schoolbu/badmood3.exe", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://totallyspies.1000hentai.com/tag/clover-porn/", "ww16.porn-community.porn25.com", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "imp.fusioninstall.com", "https://fairspin.io/?track_id=44698569&pid=1&geo=6252001&utm_source=bonafides&utm_medium=&utm_campaign=smarttds&utm_term=incorrect_param", "http://xred.mooo.com", "All - EnterpriseAppsList.csv", "https://hybrid-analysis.com/sample/d26000dfe1137f05f9187996dc752a703000402fe9e35a8ea216e9215a34560d", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "www.anyxxxtube.net", "init.ess.apple.com | 0-courier.push.apple.com | dns1.registrar-servers.com", "http://45.159.189.105/bot/regex", "https://twitter.com/PORNO_SEXYBABES", "pirateproxy.cc", "http://tracking.3061331.corn10wuk.club", "jimgaffigan.com", "cams4all.com", "apps.apple.com/us/app/id$", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "mwilliams.dev@gmail.com | piratepages.com", "worker-m-tlcus1.sol.us", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "192.185.223.216 | 192.168.56.1 [malware]", "xhamster.comyouporn.com", "youramateuporn.com", "apps.apple.com", "http://e.id?e.id:e.id.getAttribute", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "http://install.oinstaller5.com/o/jfaquew_jupdate/setup.exe?mode=dlshift&sf=0&subid=a208&filedescription=setup&adprovider=jfaquew&cpixe", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "weconnect.com", "critical-failure-alert2286.40ek97931491.com-4nj1ze3ivfwy.website", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "t.name" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Cl0p", "Blacknet", "Adware affiliate", "Webtoolbar", "Trojanspy", "Gamehack", "Virtool", "Hsbc", "Maltiverse", "Possible", "Azorult cnc" ], "industries": [ "Technology", "Government", "Education", "Telecommunications", "Healthcare" ], "unique_indicators": 92718 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/tronscna.org", "whois": "http://whois.domaintools.com/tronscna.org", "domain": "tronscna.org", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 15, "pulses": [ { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66c5dcd42da951f32ee24e0f", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashesrs", "description": "", "modified": "2024-08-21T12:25:56.328000", "created": "2024-08-21T12:25:56.328000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": "655d0ec7b7cb12c66cac457d", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "606 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65be56d257bb241c4fa3f68d", "name": "AZORult CnC", "description": "Behaviors\n\nSteals computer data, such as installed programs, machine globally unique identifier (GUID), system architecture, system language, user name, computer name, and operating system (OS) version\nSteals stored account information used in different installed File Transfer Protocol (FTP) clients or file manager software\nSteals stored email credentials of different mail clients\nSteals user names, passwords, and hostnames from different browsers\nSteals bitcoin wallets - Monero and uCoin\nSteals Steam and telegram credentials\nSteals Skype chat history and messages\nExecutes backdoor commands from a remote malicious user to collect host Internet protocol (IP) information, download/execute/delete file\nCapabilities\n\nInformation Theft\nBackdoor commands\nExploits\nDownload Routine\nImpact\n\nCompromise system security - with backdoor capabilities that can execute malicious commands, downloads and installs additional malwares", "modified": "2024-03-04T14:03:17.574000", "created": "2024-02-03T15:08:02.291000", "tags": [ "ssl certificate", "whois record", "threat roundup", "whois whois", "january", "historical ssl", "referrer", "april", "resolutions", "siblings domain", "march", "february", "obz4usfn0 http", "problems", "threat network", "infrastructure", "st201601152", "startpage", "iframe", "united", "unknown", "search", "showing", "united kingdom", "creation date", "aaaa", "cname", "scan endpoints", "all octoseek", "date", "next", "script urls", "soa nxdomain", "link", "xml title", "portugal", "domain", "status", "expiration date", "pulse pulses", "as44273 host", "domain robot", "as61969 team", "body", "as8075", "netherlands", "servers", "emails", "duo insight", "type", "asnone united", "name servers", "germany unknown", "passive dns", "as14061", "as49453", "lowfi", "a domains", "urls", "privacy inc", "customer", "trojandropper", "dynamicloader", "default", "medium", "entries", "khtml", "download", "show", "activity", "http", "copy", "write", "malware", "adware affiliate", "hostname", "trojan", "pulse submit", "url analysis", "files", "as212913 fop", "russia unknown", "as397240", "as15169 google", "as19237 omnis", "as22169 omnis", "as20068 hawk", "as133618", "as47846", "as22489", "encrypt", "record value", "pragma", "accept ch", "ireland unknown", "msie", "chrome", "style", "gmt setcookie", "as6724 strato", "core", "win32", "backdoor", "expl", "exploit", "ipv4", "virtool", "azorult cnc", "possible", "as7018 att", "regsetvalueexa", "china as4134", "service", "asnone", "dns lookup", "ransom", "push", "eternalblue", "recon", "playgame", "domain name", "as13768 aptum", "meta", "error", "as43350 nforce", "as55286", "as60558 phoenix", "ip address", "registrar", "1996", "contacted", "unlocker", "red team", "af81 http", "execution", "open", "whois sslcert", "suspicious c2", "cve202322518", "collection", "vt graph", "excel", "emotet", "metro", "jeffrey reimer pt", "sharecare", "tsara brashears", "apple", "icloud" ], "references": [ "https://www.sharecare.com/doctor/jeffrey-reimer-6ie6z", "qbot.zip", "imp.fusioninstall.com", "https://mylegalbid.com/malwarebytes", "192.185.223.216 | 192.168.56.1 [malware]", "http://45.159.189.105/bot/regex", "https://success.trendmicro.com/dcx/s/solution/000146108-azorult-malware-information?language=en_US&sfdcIFrameOrigin=null", "http://config.premiuminstaller.com/config/ls/offers.json?pid=installer&ts=2014-10-14T18:54:45.9443368Z&br=CR&adprovider=marmarf", "xhamster.comyouporn.com", "cams4all.com", "watchhers.net", "weconnect.com", "icloud-appleidsuport.com | appleid.com | apple.com | apple-dns.net", "http://install.oinstaller5.com/o/jfaquew_jupdate/setup.exe?mode=dlshift&sf=0&subid=a208&filedescription=setup&adprovider=jfaquew&cpixe", "init.ess.apple.com | 0-courier.push.apple.com | dns1.registrar-servers.com", "Apple -dns1.registrar-servers.com | emails.redvue.com | icloud-appleidsuport.com", "https://songculture.com/tsara-brashears | https://www.songculture.com/tsara-brashears-music", "https://www.songculture.com/tsara-lynn-brashears-music", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "youramateuporn.com", "ns2.abovedomains.com", "ww16.porn-community.porn25.com", "https://totallyspies.1000hentai.com/tag/clover-porn/", "pirateproxy.cc", "mwilliams.dev@gmail.com | piratepages.com", "838114.parkingcrew.net", "static-push-preprod.porndig.com", "www.redtube.comyouporn.com", "https://severeporn-com.pornproxy.page/", "https://spankbang-com.pornproxy.page/593ao/video/sunshine%20mouth%20stuffed%20gagged%20and%20tied%20with%20her%20friend", "yoursexy.porn | indianyouporn.com", "source-6.youporn.express | source-6.sexpornsource.com\t hostname\tsource-3.xxxporn.club | source-2.pornhubs.best | source-2.freepornxo.com", "cdn.pornsocket.com", "http://secure.indianpornpass.com/track/hotpornstuff", "www.anyxxxtube.net", "https://twitter.com/PORNO_SEXYBABES", "http://www.my-sexcam.com/mf6w/?K48hY=mUHPm4taPKwCazx4uoqkcvO3m838TOpLC/XyTruUQEV1lwGjr5ldYJa4yIBvf0ifHE4=&sHB=DPfXxzFpo", "campaign-manager.sharecare.com", "qa.companycam.com", "https://app.join.engineeringim.com/e/er?utm_source=eloqua&utm_medium=email&utm_campaign=&sp_cid=&utm_content=PB_NAM23BSE_PB_06_BATT_PW_Shmuel&sp_aid=27591&sp_rid=31788066&sp_eh=577a94ae55b9b9c106e776e684a2413f8c4dac061fc5b814c054be9e822698d9&s=949606000&lid=79146&elqTrackId=2AD273F3E5AB3555FA7D5FA11122C7C2&elq=a46790e54bbc42d2b0adbc4e6533814e&elqaid=27591&elqat=1", "24-70mm.camera", "dropboxpayments.com", "http://r3.i.lencr.org/ | r3.i.lencr.org | c.lencr.org | x1.c.lencr.org", "http://xred.mooo.com", "https://sexgalaxy.net/tag/rodneymoore/", "http://alive.overit.com/~schoolbu/badmood3.exe", "jimgaffigan.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United Kingdom of Great Britain and Northern Ireland", "United States of America", "Netherlands", "Germany", "France" ], "malware_families": [ { "id": "Adware Affiliate", "display_name": "Adware Affiliate", "target": null }, { "id": "AZORult CnC", "display_name": "AZORult CnC", "target": null }, { "id": "Possible", "display_name": "Possible", "target": null }, { "id": "VirTool", "display_name": "VirTool", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 737, "FileHash-SHA1": 692, "FileHash-SHA256": 7488, "URL": 6694, "domain": 5247, "hostname": 2932, "email": 49, "CVE": 2, "SSLCertFingerprint": 1 }, "indicator_count": 23842, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "776 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65be56d6df9d36bac14ccd87", "name": "AZORult CnC", "description": "Behaviors\n\nSteals computer data, such as installed programs, machine globally unique identifier (GUID), system architecture, system language, user name, computer name, and operating system (OS) version\nSteals stored account information used in different installed File Transfer Protocol (FTP) clients or file manager software\nSteals stored email credentials of different mail clients\nSteals user names, passwords, and hostnames from different browsers\nSteals bitcoin wallets - Monero and uCoin\nSteals Steam and telegram credentials\nSteals Skype chat history and messages\nExecutes backdoor commands from a remote malicious user to collect host Internet protocol (IP) information, download/execute/delete file\nCapabilities\n\nInformation Theft\nBackdoor commands\nExploits\nDownload Routine\nImpact\n\nCompromise system security - with backdoor capabilities that can execute malicious commands, downloads and installs additional malwares", "modified": "2024-03-04T14:03:17.574000", "created": "2024-02-03T15:08:06.808000", "tags": [ "ssl certificate", "whois record", "threat roundup", "whois whois", "january", "historical ssl", "referrer", "april", "resolutions", "siblings domain", "march", "february", "obz4usfn0 http", "problems", "threat network", "infrastructure", "st201601152", "startpage", "iframe", "united", "unknown", "search", "showing", "united kingdom", "creation date", "aaaa", "cname", "scan endpoints", "all octoseek", "date", "next", "script urls", "soa nxdomain", "link", "xml title", "portugal", "domain", "status", "expiration date", "pulse pulses", "as44273 host", "domain robot", "as61969 team", "body", "as8075", "netherlands", "servers", "emails", "duo insight", "type", "asnone united", "name servers", "germany unknown", "passive dns", "as14061", "as49453", "lowfi", "a domains", "urls", "privacy inc", "customer", "trojandropper", "dynamicloader", "default", "medium", "entries", "khtml", "download", "show", "activity", "http", "copy", "write", "malware", "adware affiliate", "hostname", "trojan", "pulse submit", "url analysis", "files", "as212913 fop", "russia unknown", "as397240", "as15169 google", "as19237 omnis", "as22169 omnis", "as20068 hawk", "as133618", "as47846", "as22489", "encrypt", "record value", "pragma", "accept ch", "ireland unknown", "msie", "chrome", "style", "gmt setcookie", "as6724 strato", "core", "win32", "backdoor", "expl", "exploit", "ipv4", "virtool", "azorult cnc", "possible", "as7018 att", "regsetvalueexa", "china as4134", "service", "asnone", "dns lookup", "ransom", "push", "eternalblue", "recon", "playgame", "domain name", "as13768 aptum", "meta", "error", "as43350 nforce", "as55286", "as60558 phoenix", "ip address", "registrar", "1996", "contacted", "unlocker", "red team", "af81 http", "execution", "open", "whois sslcert", "suspicious c2", "cve202322518", "collection", "vt graph", "excel", "emotet", "metro", "jeffrey reimer pt", "sharecare", "tsara brashears", "apple", "icloud" ], "references": [ "https://www.sharecare.com/doctor/jeffrey-reimer-6ie6z", "qbot.zip", "imp.fusioninstall.com", "https://mylegalbid.com/malwarebytes", "192.185.223.216 | 192.168.56.1 [malware]", "http://45.159.189.105/bot/regex", "https://success.trendmicro.com/dcx/s/solution/000146108-azorult-malware-information?language=en_US&sfdcIFrameOrigin=null", "http://config.premiuminstaller.com/config/ls/offers.json?pid=installer&ts=2014-10-14T18:54:45.9443368Z&br=CR&adprovider=marmarf", "xhamster.comyouporn.com", "cams4all.com", "watchhers.net", "weconnect.com", "icloud-appleidsuport.com | appleid.com | apple.com | apple-dns.net", "http://install.oinstaller5.com/o/jfaquew_jupdate/setup.exe?mode=dlshift&sf=0&subid=a208&filedescription=setup&adprovider=jfaquew&cpixe", "init.ess.apple.com | 0-courier.push.apple.com | dns1.registrar-servers.com", "Apple -dns1.registrar-servers.com | emails.redvue.com | icloud-appleidsuport.com", "https://songculture.com/tsara-brashears | https://www.songculture.com/tsara-brashears-music", "https://www.songculture.com/tsara-lynn-brashears-music", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "youramateuporn.com", "ns2.abovedomains.com", "ww16.porn-community.porn25.com", "https://totallyspies.1000hentai.com/tag/clover-porn/", "pirateproxy.cc", "mwilliams.dev@gmail.com | piratepages.com", "838114.parkingcrew.net", "static-push-preprod.porndig.com", "www.redtube.comyouporn.com", "https://severeporn-com.pornproxy.page/", "https://spankbang-com.pornproxy.page/593ao/video/sunshine%20mouth%20stuffed%20gagged%20and%20tied%20with%20her%20friend", "yoursexy.porn | indianyouporn.com", "source-6.youporn.express | source-6.sexpornsource.com\t hostname\tsource-3.xxxporn.club | source-2.pornhubs.best | source-2.freepornxo.com", "cdn.pornsocket.com", "http://secure.indianpornpass.com/track/hotpornstuff", "www.anyxxxtube.net", "https://twitter.com/PORNO_SEXYBABES", "http://www.my-sexcam.com/mf6w/?K48hY=mUHPm4taPKwCazx4uoqkcvO3m838TOpLC/XyTruUQEV1lwGjr5ldYJa4yIBvf0ifHE4=&sHB=DPfXxzFpo", "campaign-manager.sharecare.com", "qa.companycam.com", "https://app.join.engineeringim.com/e/er?utm_source=eloqua&utm_medium=email&utm_campaign=&sp_cid=&utm_content=PB_NAM23BSE_PB_06_BATT_PW_Shmuel&sp_aid=27591&sp_rid=31788066&sp_eh=577a94ae55b9b9c106e776e684a2413f8c4dac061fc5b814c054be9e822698d9&s=949606000&lid=79146&elqTrackId=2AD273F3E5AB3555FA7D5FA11122C7C2&elq=a46790e54bbc42d2b0adbc4e6533814e&elqaid=27591&elqat=1", "24-70mm.camera", "dropboxpayments.com", "http://r3.i.lencr.org/ | r3.i.lencr.org | c.lencr.org | x1.c.lencr.org", "http://xred.mooo.com", "https://sexgalaxy.net/tag/rodneymoore/", "http://alive.overit.com/~schoolbu/badmood3.exe", "jimgaffigan.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United Kingdom of Great Britain and Northern Ireland", "United States of America", "Netherlands", "Germany", "France" ], "malware_families": [ { "id": "Adware Affiliate", "display_name": "Adware Affiliate", "target": null }, { "id": "AZORult CnC", "display_name": "AZORult CnC", "target": null }, { "id": "Possible", "display_name": "Possible", "target": null }, { "id": "VirTool", "display_name": "VirTool", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8134, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 737, "FileHash-SHA1": 692, "FileHash-SHA256": 7488, "URL": 6694, "domain": 5247, "hostname": 2932, "email": 49, "CVE": 2, "SSLCertFingerprint": 1 }, "indicator_count": 23842, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "776 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0ec7b7cb12c66cac457d", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:10:47.792000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 69, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "850 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0edbb8c22bcb4e5969b8", "name": "https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:11:07.064000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 68, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "850 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655d0f94ad4d7cdc5e3f0a98", "name": "BlackNET", "description": "Exploit\nContains escaped byte string (often part of obfuscated shellcode), Malicious\nhttps://www.profitabledisplaycontent.com/watch.375255570190.js, Malvertizing a true crime, child pornographer.\n\nSource: https://mypornwap.fun/downloads/5/search/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears-gzip\n\nResource: https://www.hybrid-analysis.com/sample/f0233084bd810eb266cd29a879dc58d84c2a85032ba58b4b50d5643e7a41a144/655cf15b9f12303f990942e9", "modified": "2023-12-21T19:03:27.243000", "created": "2023-11-21T20:14:12.454000", "tags": [ "cins active", "poor reputation", "host", "threats et", "ip tcp", "detection list", "ip address", "blacklist", "macedonia", "former yugoslav", "site", "cisco umbrella", "alexa top", "million", "alexa", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "paypal", "team phishing", "blacknet rat", "loki password", "stealer", "malicious url", "malicious site", "azorult", "phishing", "service", "runescape", "facebook", "bank", "download", "blacknet", "site top", "million alexa", "safe site", "malware", "genpack", "deepscan", "cobalt strike", "malicious", "zbot", "memscan", "cl0p", "cyber threat", "heur", "engineering", "united", "covid19", "malicious host", "team", "virut", "nymaim", "pony", "ransomware", "bradesco", "opencandy", "ramnit", "adload", "simda", "zeus", "pykspa", "riskware", "generic", "artemis", "downldr", "binder", "sutra", "steam", "asyncrat", "revengerat", "downloader", "exploit", "emailworm", "agent", "tinba", "maltiverse safe", "generic malware", "phishing site", "outbrowse", "suppobox", "vawtrak", "solimba", "wacatac", "msil", "outbreak", "installcore", "acint", "conduit", "installpack", "iobit", "dropper", "mediaget", "crack", "blacklist http", "ascii text", "nysp", "appdata", "jpeg image", "jfif standard", "file", "0xeae6b5", "function", "0x308d49", "x6a4", "push", "shift", "cookie", "slice", "path", "window", "error", "false", "hybrid", "crypto", "open", "blank", "template", "target", "trim", "write", "period", "touchmove", "click", "close", "body", "screen", "android", "canvas", "class", "span", "trident", "accept", "general", "local", "html", "unsafe", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "trojanx", "webshell", "iframe", "patcher", "driverpack", "union", "maltiverse", "blacklist https", "google", "noname057", "redlinestealer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "Cl0p", "display_name": "Cl0p", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 73, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 884, "hostname": 1809, "FileHash-MD5": 635, "FileHash-SHA1": 321, "FileHash-SHA256": 2079, "CVE": 16, "URL": 6434 }, "indicator_count": 12178, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "850 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708db0c7b19b62c501601b", "name": "DDOS Attack", "description": "", "modified": "2023-12-06T15:05:20.038000", "created": "2023-12-06T15:05:20.038000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 182, "FileHash-SHA256": 519, "domain": 190, "URL": 528, "FileHash-SHA1": 2 }, "indicator_count": 1421, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708a0bc7609ce090cb33e5", "name": "lapsus known associations", "description": "", "modified": "2023-12-06T14:49:47.058000", "created": "2023-12-06T14:49:47.058000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 182, "FileHash-SHA256": 519, "domain": 190, "URL": 528, "FileHash-SHA1": 2 }, "indicator_count": 1421, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f02354c2493b26aca12", "name": "Neustar.biz", "description": "", "modified": "2023-12-06T14:02:42.071000", "created": "2023-12-06T14:02:42.071000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 584, "domain": 248, "URL": 1305, "hostname": 656, "CVE": 1, "email": 7, "FileHash-SHA1": 6, "FileHash-MD5": 5 }, "indicator_count": 2812, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://tronscna.org", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://tronscna.org", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776640061.8919733 }