{ "type": "URL", "indicator": "https://twitter.com/YourAlberta", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://twitter.com/YourAlberta", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #37", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #63", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain twitter.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain twitter.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4053021861, "indicator": "https://twitter.com/YourAlberta", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "68c6ee7fed3c32c4e9d929f9", "name": "https://www[.]alberta[.]ca/technology-and-innovation - 09.14.25", "description": "Find out more about the Alberta government's technology and innovation projects at the same time as the release of a new artificial intelligence (AI) search tool on the website of the province's main website. Mashup of VT collections/graphs from jwanihad and Arkadij_0", "modified": "2025-10-14T16:57:23.520000", "created": "2025-09-14T16:34:07.408000", "tags": [ "alberta", "find", "innovation", "government", "august", "home all", "business", "strategy", "skip", "search ai", "wildfire", "footer", "please", "javascript", "technology", "ai data", "ministry", "social", "ministries", "june", "media", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "prefetch8 ansi", "show process", "date", "pcap processing", "threat level", "hash seen", "pcap frame", "programfiles", "sha256", "suspicious", "comspec", "hybrid", "model", "close", "click", "hosts", "general", "path", "starfield", "strings", "contact", "url", "scanner", "reputation", "phishing", "warning icon", "share report", "domain", "systems", "google tag", "manager", "cloudflare", "nginx", "amazon web", "services", "write", "url analysis", "website security scan", "phishing detection", "brand monitoring", "website vulnerability checker", "online threat intelligence", "cybersecurity tools", "api for website analysis", "python security library", "ai web analysis", "online fraud prevention", "takedown service", "dna test", "virus", "ransomware", "static", "indicator of compromise", "ioc", "extraction", "emulation", "platform", "pcap", "entity", "UCP", "Alberta", "UAlberta" ], "references": [ "https://www.alberta.ca/innovation-technology", "https://www.virustotal.com/gui/url/02ac643ab4887f1369e972111782ffb97a98e476ba9277217b048e9c529c7b67/details", "https://www.virustotal.com/gui/url/50a0c769107dd6645c080610169f2da5a43d64d06839800fdb426b2b1dc8b552/details", "https://www.alberta.ca/technology-and-innovation", "https://hybrid-analysis.com/sample/8f73a016e04056778913b3a3192cd57649f6243488898938874b7f31831002aa/68c6dbeb73994f791800aa28", "https://urlquery.net/report/9e772488-395e-4d54-a170-c148a573c337", "https://urldna.io/scan/68c6dc443b7750000f71bb02", "https://www.filescan.io/uploads/68c6de05732879482929ac55/reports/ed420243-2df7-46a3-89e0-f807373b8885/overview", "https://hybrid-analysis.com/sample/e81eb1d6abbf1818869d857b2dba4b432cfdb69d11d02336946c229f252e8f03/68c6de4c44d253a54b0e2076", "https://urlquery.net/report/b68eb048-4eca-43f6-8f8e-f58064296d03", "https://urldna.io/scan/68c6e2653b7750000ab1b015", "https://www.virustotal.com/graph/embed/ge6af493614484a64b8f6778d729f95faeb8d09db49ea4e8da0a3e1e5d6497ca4?theme=dark" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Government", "Tech" ], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 54, "FileHash-SHA1": 53, "FileHash-SHA256": 122, "SSLCertFingerprint": 12, "URL": 75, "email": 6, "domain": 10, "hostname": 82 }, "indicator_count": 414, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "187 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67e709c0cfa1a1851d81a657", "name": "Government of Alberta ** Domain Analysis - 05.05.25", "description": "Domain Name: alberta.ca\nRegistry Domain ID: D198023-CIRA\nRegistrar WHOIS Server: whois.ca.fury.ca\nRegistrar URL: webnames.ca\nRegistrar: Webnames.ca Inc.\nRegistrar IANA ID: 456\nRegistrar Abuse Contact Email: abuse@webnames.ca\nRegistrar Abuse Contact Phone: +1.8662217878\n\nRegistry Registrant ID: R2532-CIRA\nRegistrant Name: Alberta Provincial Government\n3720 - 76 Avenue, Main Floor - Access Building\nEdmonton, AB T6B2N9, CA\nPh: +1.7806381828\nFax: +1.7806385949\nRegistrant Email: dutyweb@gov.ab.ca\nRegistry Admin ID: C851779-CIRA\nAdmin Name: CERTS Analyst\nAdmin Email: certs@gov.ab.ca\nRegistry Tech ID: C851781-CIRA\n\nName Server: is-dns1.gov.ab.ca\nName Server: is-dns3.gov.ab.ca\nDNSSEC: unsigned", "modified": "2025-06-05T02:05:37.765000", "created": "2025-03-28T20:42:40.389000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "symbol", "memoryfile scan", "path", "alberta", "prefetch8 ansi", "please", "show process", "date", "span", "find", "facebook", "twitter", "footer", "iframe", "suspicious", "body", "generator", "april", "energy", "comspec", "hybrid", "form", "main", "model", "close", "click", "hosts", "general", "starfield", "strings", "contact", "triage", "report", "reported", "analyze", "download submit", "sha512", "sha256", "prefetch8", "sha1", "filesize", "file", "prefetch1", "dataedge cloud", "process key", "config", "copy", "target", "impact", "javascript", "threat intelligence", "feed", "ioc", "change theme", "contact us", "intelligence", "threats api", "analyze api", "overview", "threats explore", "rate limits", "stixtaxii", "bulk export", "virus", "ransomware", "static", "indicator of compromise", "extraction", "emulation", "platform", "eid2", "eid3", "uaaaaaaai", "eid104", "malcore", "file analysis", "historical dns", "info", "login", "scan", "domain analysis", "discovered ip", "subdomains", "info malcore", "simple file", "policy terms", "intelligence x", "results", "product blog", "sign", "most relevant", "darknet", "please search", "search advanced", "categories date", "term", "slow", "scroll", "schedule", "cavalier", "bayonet", "full report", "users", "free report", "hudson rock", "attack surface", "customers", "demo explore", "tools", "third", "protect", "over", "rock", "service" ], "references": [ "https://hybrid-analysis.com/sample/b0221df98cf7c8cbb752166c2942167038905c6ce60cd4289bee7d6c9d9c9981/67e70010db76da6d2704fa75", "https://tria.ge/250328-yq3hrsz1c1/behavioral1", "https://www.virustotal.com/gui/domain/alberta.ca", "https://pulsedive.com/indicator/?iid=9866511", "https://www.filescan.io/uploads/67e70367631830704a8a8a0c/reports/0cb06032-68da-40e4-8f2a-f2ef06384df8/ioc", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce = Domain Analysis (refer to databreaches)", "https://intelx.io/?s=alberta.ca", "https://www.hudsonrock.com/search?domain=alberta.ca", "https://polyswarm.network/scan/results/url/8f3e04dffd9a4447667ca0135138ca8da321c66c9dbd6be815c17e2aa6e6f292", "https://www.urlvoid.com/whois-lookup/", "https://app.pentester.com/scans/U2NhblR5cGU6NjM1NDk1OA==", "https://cwe.mitre.org/data/definitions/79.html", "https://www.virustotal.com/gui/domain/alberta.ca/relations", "http://ci-www.threatcrowd.org/domain.php?domain=alberta.ca", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce", "https://www.hybrid-analysis.com/sample/9b22c3771c435ce35bd0d8c766594a7e01156167829b60155e028d8852c69ba2/681974f451849933040662f6", "https://www.filescan.io/uploads/68197523c7418694c8a5dcd3/reports/ae06283d-f5d8-426d-a32c-1a04566e7635/ioc" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1217", "name": "Browser Bookmark Discovery", "display_name": "T1217 - Browser Bookmark Discovery" } ], "industries": [ "Education", "Technology", "Government", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 62, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 126, "FileHash-SHA1": 118, "FileHash-SHA256": 347, "SSLCertFingerprint": 18, "domain": 149, "email": 16, "URL": 478, "hostname": 1562, "CVE": 7 }, "indicator_count": 2821, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "318 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.hudsonrock.com/search?domain=alberta.ca", "https://hybrid-analysis.com/sample/8f73a016e04056778913b3a3192cd57649f6243488898938874b7f31831002aa/68c6dbeb73994f791800aa28", "https://www.filescan.io/uploads/67e70367631830704a8a8a0c/reports/0cb06032-68da-40e4-8f2a-f2ef06384df8/ioc", "https://intelx.io/?s=alberta.ca", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce", "https://urlquery.net/report/b68eb048-4eca-43f6-8f8e-f58064296d03", "https://tria.ge/250328-yq3hrsz1c1/behavioral1", "https://urlquery.net/report/9e772488-395e-4d54-a170-c148a573c337", "https://www.virustotal.com/gui/domain/alberta.ca", "https://www.filescan.io/uploads/68c6de05732879482929ac55/reports/ed420243-2df7-46a3-89e0-f807373b8885/overview", "https://www.urlvoid.com/whois-lookup/", "https://www.virustotal.com/gui/domain/alberta.ca/relations", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce = Domain Analysis (refer to databreaches)", "https://www.virustotal.com/gui/url/50a0c769107dd6645c080610169f2da5a43d64d06839800fdb426b2b1dc8b552/details", "https://www.filescan.io/uploads/68197523c7418694c8a5dcd3/reports/ae06283d-f5d8-426d-a32c-1a04566e7635/ioc", "https://www.virustotal.com/graph/embed/ge6af493614484a64b8f6778d729f95faeb8d09db49ea4e8da0a3e1e5d6497ca4?theme=dark", "https://urldna.io/scan/68c6dc443b7750000f71bb02", "https://hybrid-analysis.com/sample/e81eb1d6abbf1818869d857b2dba4b432cfdb69d11d02336946c229f252e8f03/68c6de4c44d253a54b0e2076", "https://cwe.mitre.org/data/definitions/79.html", "http://ci-www.threatcrowd.org/domain.php?domain=alberta.ca", "https://polyswarm.network/scan/results/url/8f3e04dffd9a4447667ca0135138ca8da321c66c9dbd6be815c17e2aa6e6f292", "https://app.pentester.com/scans/U2NhblR5cGU6NjM1NDk1OA==", "https://hybrid-analysis.com/sample/b0221df98cf7c8cbb752166c2942167038905c6ce60cd4289bee7d6c9d9c9981/67e70010db76da6d2704fa75", "https://www.hybrid-analysis.com/sample/9b22c3771c435ce35bd0d8c766594a7e01156167829b60155e028d8852c69ba2/681974f451849933040662f6", "https://www.alberta.ca/technology-and-innovation", "https://www.virustotal.com/gui/url/02ac643ab4887f1369e972111782ffb97a98e476ba9277217b048e9c529c7b67/details", "https://pulsedive.com/indicator/?iid=9866511", "https://www.alberta.ca/innovation-technology", "https://urldna.io/scan/68c6e2653b7750000ab1b015" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Technology", "Healthcare", "Education", "Tech", "Government" ], "unique_indicators": 3513 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/twitter.com", "whois": "http://whois.domaintools.com/twitter.com", "domain": "twitter.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "68c6ee7fed3c32c4e9d929f9", "name": "https://www[.]alberta[.]ca/technology-and-innovation - 09.14.25", "description": "Find out more about the Alberta government's technology and innovation projects at the same time as the release of a new artificial intelligence (AI) search tool on the website of the province's main website. Mashup of VT collections/graphs from jwanihad and Arkadij_0", "modified": "2025-10-14T16:57:23.520000", "created": "2025-09-14T16:34:07.408000", "tags": [ "alberta", "find", "innovation", "government", "august", "home all", "business", "strategy", "skip", "search ai", "wildfire", "footer", "please", "javascript", "technology", "ai data", "ministry", "social", "ministries", "june", "media", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "prefetch8 ansi", "show process", "date", "pcap processing", "threat level", "hash seen", "pcap frame", "programfiles", "sha256", "suspicious", "comspec", "hybrid", "model", "close", "click", "hosts", "general", "path", "starfield", "strings", "contact", "url", "scanner", "reputation", "phishing", "warning icon", "share report", "domain", "systems", "google tag", "manager", "cloudflare", "nginx", "amazon web", "services", "write", "url analysis", "website security scan", "phishing detection", "brand monitoring", "website vulnerability checker", "online threat intelligence", "cybersecurity tools", "api for website analysis", "python security library", "ai web analysis", "online fraud prevention", "takedown service", "dna test", "virus", "ransomware", "static", "indicator of compromise", "ioc", "extraction", "emulation", "platform", "pcap", "entity", "UCP", "Alberta", "UAlberta" ], "references": [ "https://www.alberta.ca/innovation-technology", "https://www.virustotal.com/gui/url/02ac643ab4887f1369e972111782ffb97a98e476ba9277217b048e9c529c7b67/details", "https://www.virustotal.com/gui/url/50a0c769107dd6645c080610169f2da5a43d64d06839800fdb426b2b1dc8b552/details", "https://www.alberta.ca/technology-and-innovation", "https://hybrid-analysis.com/sample/8f73a016e04056778913b3a3192cd57649f6243488898938874b7f31831002aa/68c6dbeb73994f791800aa28", "https://urlquery.net/report/9e772488-395e-4d54-a170-c148a573c337", "https://urldna.io/scan/68c6dc443b7750000f71bb02", "https://www.filescan.io/uploads/68c6de05732879482929ac55/reports/ed420243-2df7-46a3-89e0-f807373b8885/overview", "https://hybrid-analysis.com/sample/e81eb1d6abbf1818869d857b2dba4b432cfdb69d11d02336946c229f252e8f03/68c6de4c44d253a54b0e2076", "https://urlquery.net/report/b68eb048-4eca-43f6-8f8e-f58064296d03", "https://urldna.io/scan/68c6e2653b7750000ab1b015", "https://www.virustotal.com/graph/embed/ge6af493614484a64b8f6778d729f95faeb8d09db49ea4e8da0a3e1e5d6497ca4?theme=dark" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Government", "Tech" ], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 54, "FileHash-SHA1": 53, "FileHash-SHA256": 122, "SSLCertFingerprint": 12, "URL": 75, "email": 6, "domain": 10, "hostname": 82 }, "indicator_count": 414, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "187 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67e709c0cfa1a1851d81a657", "name": "Government of Alberta ** Domain Analysis - 05.05.25", "description": "Domain Name: alberta.ca\nRegistry Domain ID: D198023-CIRA\nRegistrar WHOIS Server: whois.ca.fury.ca\nRegistrar URL: webnames.ca\nRegistrar: Webnames.ca Inc.\nRegistrar IANA ID: 456\nRegistrar Abuse Contact Email: abuse@webnames.ca\nRegistrar Abuse Contact Phone: +1.8662217878\n\nRegistry Registrant ID: R2532-CIRA\nRegistrant Name: Alberta Provincial Government\n3720 - 76 Avenue, Main Floor - Access Building\nEdmonton, AB T6B2N9, CA\nPh: +1.7806381828\nFax: +1.7806385949\nRegistrant Email: dutyweb@gov.ab.ca\nRegistry Admin ID: C851779-CIRA\nAdmin Name: CERTS Analyst\nAdmin Email: certs@gov.ab.ca\nRegistry Tech ID: C851781-CIRA\n\nName Server: is-dns1.gov.ab.ca\nName Server: is-dns3.gov.ab.ca\nDNSSEC: unsigned", "modified": "2025-06-05T02:05:37.765000", "created": "2025-03-28T20:42:40.389000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "symbol", "memoryfile scan", "path", "alberta", "prefetch8 ansi", "please", "show process", "date", "span", "find", "facebook", "twitter", "footer", "iframe", "suspicious", "body", "generator", "april", "energy", "comspec", "hybrid", "form", "main", "model", "close", "click", "hosts", "general", "starfield", "strings", "contact", "triage", "report", "reported", "analyze", "download submit", "sha512", "sha256", "prefetch8", "sha1", "filesize", "file", "prefetch1", "dataedge cloud", "process key", "config", "copy", "target", "impact", "javascript", "threat intelligence", "feed", "ioc", "change theme", "contact us", "intelligence", "threats api", "analyze api", "overview", "threats explore", "rate limits", "stixtaxii", "bulk export", "virus", "ransomware", "static", "indicator of compromise", "extraction", "emulation", "platform", "eid2", "eid3", "uaaaaaaai", "eid104", "malcore", "file analysis", "historical dns", "info", "login", "scan", "domain analysis", "discovered ip", "subdomains", "info malcore", "simple file", "policy terms", "intelligence x", "results", "product blog", "sign", "most relevant", "darknet", "please search", "search advanced", "categories date", "term", "slow", "scroll", "schedule", "cavalier", "bayonet", "full report", "users", "free report", "hudson rock", "attack surface", "customers", "demo explore", "tools", "third", "protect", "over", "rock", "service" ], "references": [ "https://hybrid-analysis.com/sample/b0221df98cf7c8cbb752166c2942167038905c6ce60cd4289bee7d6c9d9c9981/67e70010db76da6d2704fa75", "https://tria.ge/250328-yq3hrsz1c1/behavioral1", "https://www.virustotal.com/gui/domain/alberta.ca", "https://pulsedive.com/indicator/?iid=9866511", "https://www.filescan.io/uploads/67e70367631830704a8a8a0c/reports/0cb06032-68da-40e4-8f2a-f2ef06384df8/ioc", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce = Domain Analysis (refer to databreaches)", "https://intelx.io/?s=alberta.ca", "https://www.hudsonrock.com/search?domain=alberta.ca", "https://polyswarm.network/scan/results/url/8f3e04dffd9a4447667ca0135138ca8da321c66c9dbd6be815c17e2aa6e6f292", "https://www.urlvoid.com/whois-lookup/", "https://app.pentester.com/scans/U2NhblR5cGU6NjM1NDk1OA==", "https://cwe.mitre.org/data/definitions/79.html", "https://www.virustotal.com/gui/domain/alberta.ca/relations", "http://ci-www.threatcrowd.org/domain.php?domain=alberta.ca", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce", "https://www.hybrid-analysis.com/sample/9b22c3771c435ce35bd0d8c766594a7e01156167829b60155e028d8852c69ba2/681974f451849933040662f6", "https://www.filescan.io/uploads/68197523c7418694c8a5dcd3/reports/ae06283d-f5d8-426d-a32c-1a04566e7635/ioc" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1217", "name": "Browser Bookmark Discovery", "display_name": "T1217 - Browser Bookmark Discovery" } ], "industries": [ "Education", "Technology", "Government", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 62, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 126, "FileHash-SHA1": 118, "FileHash-SHA256": 347, "SSLCertFingerprint": 18, "domain": 149, "email": 16, "URL": 478, "hostname": 1562, "CVE": 7 }, "indicator_count": 2821, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "318 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://twitter.com/YourAlberta", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://twitter.com/YourAlberta", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776641976.3939111 }