{ "type": "URL", "indicator": "https://tttttt.me/antitantief3", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://tttttt.me/antitantief3", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3491971541, "indicator": "https://tttttt.me/antitantief3", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 15, "pulses": [ { "id": "64dca4eb3f10605dbeff12ac", "name": "Raccoon Stealer Announce Return After Hiatus", "description": "First observed in 2019 and advertised as a \u2018Malware-as-a-Service\u2019 (MaaS) threat on various cybercriminal forums, Raccoon is an information stealer targeting victim credentials and cryptocurrency wallets.", "modified": "2023-09-15T10:03:19.702000", "created": "2023-08-16T10:28:58.697000", "tags": [ "stealer", "raccoon", "infostealer" ], "references": [ "https://cyberint.com/blog/financial-services/raccoon-stealer/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Raccoon", "display_name": "Raccoon", "target": null } ], "attack_ids": [ { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 434, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 10 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 386656, "modified_text": "990 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62ed397d23b4894198f2816e", "name": "DatasoftComnet-AntiSpam-Pulse1", "description": "Phishing Attempts and all malware links and URLs, IPs Hostnames", "modified": "2026-04-20T00:26:28.752000", "created": "2022-08-05T15:38:37.221000", "tags": [ "Latest", "malware", "phishing", "ransomware" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 89, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dp@datasoftcomnet.com", "id": "117672", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 80, "email": 48, "hostname": 25, "FileHash-MD5": 65, "FileHash-SHA1": 73, "FileHash-SHA256": 105, "domain": 30 }, "indicator_count": 426, "is_author": false, "is_subscribing": null, "subscriber_count": 12, "modified_text": "42 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "688990fa0d8382bd5f02d806", "name": "EbeeJuly2025 Pt1", "description": "IOCs of multiple threaats observed and collected in July 2025", "modified": "2025-08-29T03:04:16.203000", "created": "2025-07-30T03:26:50.115000", "tags": [], "references": [ "Julypt1.pdf" ], "public": 1, "adversary": "Multiple", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 39, "FileHash-MD5": 131, "FileHash-SHA1": 144, "FileHash-SHA256": 232, "CIDR": 1, "CVE": 3, "domain": 150, "email": 9, "hostname": 37 }, "indicator_count": 746, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "276 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6654198962e43dc463f692c2", "name": "DOH IP & URL IOC", "description": "The following is the full text of the report on the findings of this year's World Cup in Brazil, which was held at the same time as the 2016 Olympics in Rio de Janeiro, Brazil.", "modified": "2024-09-25T04:01:33.267000", "created": "2024-05-27T05:26:33.698000", "tags": [ "iocs https" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 59, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fueledbycoffeeDXB", "id": "272228", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 270, "CIDR": 1, "domain": 116, "hostname": 33, "FileHash-MD5": 1 }, "indicator_count": 421, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "614 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709feb03b8f1cdc6abe335", "name": "Raccoon Stealer malware 2.3.0", "description": "", "modified": "2023-12-06T16:23:06.809000", "created": "2023-12-06T16:23:06.809000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 208, "hostname": 2, "domain": 32, "FileHash-MD5": 168, "FileHash-SHA1": 539, "URL": 189 }, "indicator_count": 1138, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ff064f2582a2a681f4e6a8", "name": "Orpheus TTPs August 2023", "description": "", "modified": "2023-10-11T00:00:51.078000", "created": "2023-09-11T12:21:35.642000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ManagedSIEMTeam", "id": "111951", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 9 }, "indicator_count": 55, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "964 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ffeb3867304dc27b7ed82e", "name": "Orpheus TTPs (by ManagedSIEMTeam)", "description": "", "modified": "2023-10-11T00:00:51.078000", "created": "2023-09-12T04:38:16.190000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "64ff064f2582a2a681f4e6a8", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 9 }, "indicator_count": 55, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "964 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dcd6ebdf0ed22d6f544880", "name": "Raccoon Stealer Announce Return After Hiatus", "description": "We are the first company in the world to offer a full range of security tools and tools to help combat phishing and other cyber-attacks, but how do we keep up with this growing trend?", "modified": "2023-09-15T14:02:24.610000", "created": "2023-08-16T14:02:19.942000", "tags": [ "raccoon", "figure", "raccoon stealer", "ip address", "racoon stealer", "javascript", "number", "suspicious", "raccoon malware", "ethereum", "exodus", "first", "stealer", "racealer", "infostealer", "legend", "dragon", "amigo", "explorer", "virustotal", "main", "download", "path", "mask", "february", "april", "bitcoin", "click", "contact", "racoon" ], "references": [ "https://cyberint.com/blog/financial-services/raccoon-stealer/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Racoon", "display_name": "Racoon", "target": null }, { "id": "Raccoon", "display_name": "Raccoon", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [ "Finance", "Financial" ], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "parvesh4399", "id": "224939", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-SHA256": 13, "domain": 10 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "989 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dca85e2eb2f561b240da8e", "name": "Raccoon Stealer Announce Return After Hiatus", "description": "", "modified": "2023-09-15T10:03:19.702000", "created": "2023-08-16T10:43:42.223000", "tags": [ "raccoon", "figure", "raccoon stealer", "ip address", "racoon stealer", "javascript", "number", "suspicious", "raccoon malware", "ethereum", "exodus", "first", "stealer", "racealer", "infostealer", "legend", "dragon", "amigo", "explorer", "virustotal", "main", "download", "path", "mask", "february", "april", "bitcoin", "click", "contact" ], "references": [ "https://cyberint.com/blog/financial-services/raccoon-stealer/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ChaiPatti", "id": "217274", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_217274/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 10 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "990 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ddd043075527748659cec7", "name": "Raccoon Stealer Announce Return After Hiatus", "description": "", "modified": "2023-09-15T10:03:19.702000", "created": "2023-08-17T07:46:11.409000", "tags": [ "stealer", "raccoon", "infostealer" ], "references": [ "https://cyberint.com/blog/financial-services/raccoon-stealer/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Raccoon", "display_name": "Raccoon", "target": null } ], "attack_ids": [ { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "64dca4eb3f10605dbeff12ac", "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 10 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "990 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ddf9c985a39d2762c771fe", "name": "Raccoon Stealer Announce Return After Hiatus", "description": "", "modified": "2023-09-15T10:03:19.702000", "created": "2023-08-17T10:43:21.590000", "tags": [ "stealer", "raccoon", "infostealer" ], "references": [ "https://cyberint.com/blog/financial-services/raccoon-stealer/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Raccoon", "display_name": "Raccoon", "target": null } ], "attack_ids": [ { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "64ddd043075527748659cec7", "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 10 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "990 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dca234247c8db04664ff5d", "name": "raccoon", "description": "A security alert has been issued by the Ministry of Defence (MoD) and the Office of National Statistics (ONS) to monitor the threat posed by cyber-thieves, known as \u201cTrojan Horse\".", "modified": "2023-09-15T09:05:55.294000", "created": "2023-08-16T10:17:24.866000", "tags": [ "suspicious", "initial", "call", "hashes", "ip addresses" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "JordanPowell@123", "id": "246048", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 10 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 44, "modified_text": "990 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dbd0ecd944ae862dc13616", "name": "Raccoon Stealer malware 2.3.0", "description": "", "modified": "2023-09-15T02:01:46.848000", "created": "2023-08-15T19:24:28.449000", "tags": [ "http", "https", "urls", "hash", "sha1", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 189, "FileHash-MD5": 189, "FileHash-SHA1": 560, "FileHash-SHA256": 229, "domain": 32, "hostname": 2 }, "indicator_count": 1201, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "990 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62bc50ab789f367c193cadad", "name": "New Version of Raccoon Stealer Released - SOCRadar\u00ae Cyber Intelligence Inc.", "description": "Raccoon Stealer, a malware designed to steal the passwords and credit cards of users, has been reintroduced with a new version, according to Sekoia, an international security firm.", "modified": "2022-07-29T00:00:24.010000", "created": "2022-06-29T13:16:27.823000", "tags": [ "raccoon", "racoon", "maas", "downloads", "netwalker", "raccoon stealer", "c2 server", "winapi", "iocs", "racoon stealer", "os version", "post request", "dlls", "march", "atomic" ], "references": [ "https://socradar.io/new-version-of-raccoon-stealer-released/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Raccoon", "display_name": "Raccoon", "target": null }, { "id": "Racoon", "display_name": "Racoon", "target": null }, { "id": "Netwalker", "display_name": "Netwalker", "target": null }, { "id": "Downloads", "display_name": "Downloads", "target": null }, { "id": "MaaS", "display_name": "MaaS", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1407", "name": "Download New Code at Runtime", "display_name": "T1407 - Download New Code at Runtime" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 28, "FileHash-SHA1": 28, "FileHash-SHA256": 56, "domain": 11 }, "indicator_count": 130, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "1403 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62bc5c43ca848271d2f1c944", "name": "New Version of Raccoon Stealer", "description": "", "modified": "2022-07-29T00:00:24.010000", "created": "2022-06-29T14:05:55.767000", "tags": [ "raccoon", "racoon", "maas", "downloads", "netwalker", "raccoon stealer", "c2 server", "winapi", "iocs", "racoon stealer", "os version", "post request", "dlls", "march", "atomic" ], "references": [ "https://socradar.io/new-version-of-raccoon-stealer-released/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Raccoon", "display_name": "Raccoon", "target": null }, { "id": "Racoon", "display_name": "Racoon", "target": null }, { "id": "Netwalker", "display_name": "Netwalker", "target": null }, { "id": "Downloads", "display_name": "Downloads", "target": null }, { "id": "MaaS", "display_name": "MaaS", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1407", "name": "Download New Code at Runtime", "display_name": "T1407 - Download New Code at Runtime" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": "62bc50ab789f367c193cadad", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tf.ransomware", "id": "119736", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 28, "FileHash-SHA1": 28, "FileHash-SHA256": 56, "domain": 11 }, "indicator_count": 130, "is_author": false, "is_subscribing": null, "subscriber_count": 87, "modified_text": "1403 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://socradar.io/new-version-of-raccoon-stealer-released/", "Julypt1.pdf", "https://cyberint.com/blog/financial-services/raccoon-stealer/" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Raccoon" ], "industries": [], "unique_indicators": 58 }, "other": { "adversary": [ "Multiple" ], "malware_families": [ "Netwalker", "Downloads", "Racoon", "Raccoon", "Maas" ], "industries": [ "Finance", "Financial" ], "unique_indicators": 3869 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/tttttt.me", "whois": "http://whois.domaintools.com/tttttt.me", "domain": "tttttt.me", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 15, "pulses": [ { "id": "64dca4eb3f10605dbeff12ac", "name": "Raccoon Stealer Announce Return After Hiatus", "description": "First observed in 2019 and advertised as a \u2018Malware-as-a-Service\u2019 (MaaS) threat on various cybercriminal forums, Raccoon is an information stealer targeting victim credentials and cryptocurrency wallets.", "modified": "2023-09-15T10:03:19.702000", "created": "2023-08-16T10:28:58.697000", "tags": [ "stealer", "raccoon", "infostealer" ], "references": [ "https://cyberint.com/blog/financial-services/raccoon-stealer/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Raccoon", "display_name": "Raccoon", "target": null } ], "attack_ids": [ { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 434, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 10 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 386656, "modified_text": "990 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62ed397d23b4894198f2816e", "name": "DatasoftComnet-AntiSpam-Pulse1", "description": "Phishing Attempts and all malware links and URLs, IPs Hostnames", "modified": "2026-04-20T00:26:28.752000", "created": "2022-08-05T15:38:37.221000", "tags": [ "Latest", "malware", "phishing", "ransomware" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 89, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dp@datasoftcomnet.com", "id": "117672", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 80, "email": 48, "hostname": 25, "FileHash-MD5": 65, "FileHash-SHA1": 73, "FileHash-SHA256": 105, "domain": 30 }, "indicator_count": 426, "is_author": false, "is_subscribing": null, "subscriber_count": 12, "modified_text": "42 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "688990fa0d8382bd5f02d806", "name": "EbeeJuly2025 Pt1", "description": "IOCs of multiple threaats observed and collected in July 2025", "modified": "2025-08-29T03:04:16.203000", "created": "2025-07-30T03:26:50.115000", "tags": [], "references": [ "Julypt1.pdf" ], "public": 1, "adversary": "Multiple", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 39, "FileHash-MD5": 131, "FileHash-SHA1": 144, "FileHash-SHA256": 232, "CIDR": 1, "CVE": 3, "domain": 150, "email": 9, "hostname": 37 }, "indicator_count": 746, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "276 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6654198962e43dc463f692c2", "name": "DOH IP & URL IOC", "description": "The following is the full text of the report on the findings of this year's World Cup in Brazil, which was held at the same time as the 2016 Olympics in Rio de Janeiro, Brazil.", "modified": "2024-09-25T04:01:33.267000", "created": "2024-05-27T05:26:33.698000", "tags": [ "iocs https" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 59, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fueledbycoffeeDXB", "id": "272228", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 270, "CIDR": 1, "domain": 116, "hostname": 33, "FileHash-MD5": 1 }, "indicator_count": 421, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "614 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709feb03b8f1cdc6abe335", "name": "Raccoon Stealer malware 2.3.0", "description": "", "modified": "2023-12-06T16:23:06.809000", "created": "2023-12-06T16:23:06.809000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 208, "hostname": 2, "domain": 32, "FileHash-MD5": 168, "FileHash-SHA1": 539, "URL": 189 }, "indicator_count": 1138, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ff064f2582a2a681f4e6a8", "name": "Orpheus TTPs August 2023", "description": "", "modified": "2023-10-11T00:00:51.078000", "created": "2023-09-11T12:21:35.642000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ManagedSIEMTeam", "id": "111951", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 9 }, "indicator_count": 55, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "964 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ffeb3867304dc27b7ed82e", "name": "Orpheus TTPs (by ManagedSIEMTeam)", "description": "", "modified": "2023-10-11T00:00:51.078000", "created": "2023-09-12T04:38:16.190000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "64ff064f2582a2a681f4e6a8", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 9 }, "indicator_count": 55, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "964 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dcd6ebdf0ed22d6f544880", "name": "Raccoon Stealer Announce Return After Hiatus", "description": "We are the first company in the world to offer a full range of security tools and tools to help combat phishing and other cyber-attacks, but how do we keep up with this growing trend?", "modified": "2023-09-15T14:02:24.610000", "created": "2023-08-16T14:02:19.942000", "tags": [ "raccoon", "figure", "raccoon stealer", "ip address", "racoon stealer", "javascript", "number", "suspicious", "raccoon malware", "ethereum", "exodus", "first", "stealer", "racealer", "infostealer", "legend", "dragon", "amigo", "explorer", "virustotal", "main", "download", "path", "mask", "february", "april", "bitcoin", "click", "contact", "racoon" ], "references": [ "https://cyberint.com/blog/financial-services/raccoon-stealer/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Racoon", "display_name": "Racoon", "target": null }, { "id": "Raccoon", "display_name": "Raccoon", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [ "Finance", "Financial" ], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "parvesh4399", "id": "224939", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-SHA256": 13, "domain": 10 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "989 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dca85e2eb2f561b240da8e", "name": "Raccoon Stealer Announce Return After Hiatus", "description": "", "modified": "2023-09-15T10:03:19.702000", "created": "2023-08-16T10:43:42.223000", "tags": [ "raccoon", "figure", "raccoon stealer", "ip address", "racoon stealer", "javascript", "number", "suspicious", "raccoon malware", "ethereum", "exodus", "first", "stealer", "racealer", "infostealer", "legend", "dragon", "amigo", "explorer", "virustotal", "main", "download", "path", "mask", "february", "april", "bitcoin", "click", "contact" ], "references": [ "https://cyberint.com/blog/financial-services/raccoon-stealer/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ChaiPatti", "id": "217274", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_217274/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 10 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "990 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ddd043075527748659cec7", "name": "Raccoon Stealer Announce Return After Hiatus", "description": "", "modified": "2023-09-15T10:03:19.702000", "created": "2023-08-17T07:46:11.409000", "tags": [ "stealer", "raccoon", "infostealer" ], "references": [ "https://cyberint.com/blog/financial-services/raccoon-stealer/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Raccoon", "display_name": "Raccoon", "target": null } ], "attack_ids": [ { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "64dca4eb3f10605dbeff12ac", "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 10 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "990 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://tttttt.me/antitantief3", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://tttttt.me/antitantief3", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780308601.0906577 }