{ "type": "URL", "indicator": "https://unifiedlayer.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://unifiedlayer.com", "type": "url", "type_title": "URL", "validation": [ { "source": "majestic", "message": "Whitelisted domain unifiedlayer.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3736819779, "indicator": "https://unifiedlayer.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "66b7a0a606360e458f77aad9", "name": "Exploit Enterprise Resources-Steam Powered | x.com | Hunt | Crypt", "description": "Remotely attacks social media , game services, hunting for IP addresses, and all personal locations of targets. Service modifier, registry modifier.", "modified": "2024-10-11T00:04:00.735000", "created": "2024-08-10T17:17:26.271000", "tags": [ "as46606", "united", "unknown", "passive dns", "all scoreblue", "ipv4", "url analysis", "search", "a nxdomain", "whitelisted", "accept", "ns nxdomain", "soa nxdomain", "aaaa nxdomain", "reverse dns", "as29873", "trojan", "hacktool", "hosting", "ttl value", "algorithm", "full name", "data", "v3 serial", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "server", "registrar abuse", "dns replication", "subject public", "key info", "key algorithm", "key identifier", "subject key", "identifier", "first", "android", "united states", "status", "hostname", "as13414 twitter", "aaaa", "nxdomain", "date", "as44273 host", "scan endpoints", "systemroot", "ogoogle trust", "cngts ca", "delete c", "tofsee", "stcalifornia", "lsan francisco", "win64", "grum", "copy", "write", "malware", "encrypt", "memcommit", "read c", "yara detections", "medium", "memreserve", "command line", "get ip address", "steam", "api get ip", "steam get ip", "entries", "show", "windows nt", "khtml", "gecko", "next", "showing", "ip address", "writeconsolea", "february", "write c", "regsetvalueexa", "regdword", "delete", "napolar", "persistence", "execution", "network service", "location hunting", "ip hunting" ], "references": [ "analytics.x.com", "Yara Detections: ConventionEngine_Term_Users , ConventionEngine_Keyword_Anti , dbgdetect_procs", "Crypt: 1.3.6.1", "Crypt: FileHash-SHA256 71f1f6c91dbe8050e7c5d54f294f5eabec02dccbe97fb0100e7ebf8f35b0d062", "Crypt: FileHash-SHA1 d8b665ef01e3f9feaa746833cddadf3bf29f72d1", "Crypt: FileHash-MD5 5dd89c5f70c95bae85d864c7baf27b20", "Yara Detections: ryuk_1007_fx2_12_multi_for_crypt_x86 , dbgdetect_files", "IDS Detections: Win32/Tofsee.AX google.com connectivity check HTTP Request with Lowercase host Header Observed External IP Lookup ip-api.com", "Antivirus Detections: Win.Packer.pkr_ce1a-9980177-0", "IDS Detections: Observed External IP Lookup ip-api.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Packer.pkr_ce1a-9980177-0", "display_name": "Win.Packer.pkr_ce1a-9980177-0", "target": null }, { "id": "Crypt", "display_name": "Crypt", "target": null }, { "id": "Ransom", "display_name": "Ransom", "target": null } ], "attack_ids": [ { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1056.004", "name": "Credential API Hooking", "display_name": "T1056.004 - Credential API Hooking" }, { "id": "T1585.001", "name": "Social Media Accounts", "display_name": "T1585.001 - Social Media Accounts" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1428", "name": "Exploit Enterprise Resources", "display_name": "T1428 - Exploit Enterprise Resources" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 570, "domain": 563, "hostname": 1131, "FileHash-SHA1": 498, "FileHash-SHA256": 2070, "URL": 83, "email": 7, "SSLCertFingerprint": 10 }, "indicator_count": 4932, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "555 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64d56620fb6845e22b859e75", "name": "Who is ENOM (DREAMHOST)", "description": "", "modified": "2023-09-11T00:03:40.398000", "created": "2023-08-10T22:35:12.322000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "64d31d52d54a9591dd717e17", "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ellenmmm", "id": "233693", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2544, "domain": 2507, "URL": 2757, "email": 26, "CVE": 25, "FileHash-SHA256": 61, "FileHash-MD5": 9, "FileHash-SHA1": 12 }, "indicator_count": 7941, "is_author": false, "is_subscribing": null, "subscriber_count": 85, "modified_text": "951 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "Crypt: 1.3.6.1", "Crypt: FileHash-SHA256 71f1f6c91dbe8050e7c5d54f294f5eabec02dccbe97fb0100e7ebf8f35b0d062", "Yara Detections: ConventionEngine_Term_Users , ConventionEngine_Keyword_Anti , dbgdetect_procs", "analytics.x.com", "IDS Detections: Win32/Tofsee.AX google.com connectivity check HTTP Request with Lowercase host Header Observed External IP Lookup ip-api.com", "Crypt: FileHash-MD5 5dd89c5f70c95bae85d864c7baf27b20", "Yara Detections: ryuk_1007_fx2_12_multi_for_crypt_x86 , dbgdetect_files", "IDS Detections: Observed External IP Lookup ip-api.com", "Crypt: FileHash-SHA1 d8b665ef01e3f9feaa746833cddadf3bf29f72d1", "Antivirus Detections: Win.Packer.pkr_ce1a-9980177-0" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Crypt", "Ransom", "Win.packer.pkr_ce1a-9980177-0" ], "industries": [], "unique_indicators": 10612 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/unifiedlayer.com", "whois": "http://whois.domaintools.com/unifiedlayer.com", "domain": "unifiedlayer.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "66b7a0a606360e458f77aad9", "name": "Exploit Enterprise Resources-Steam Powered | x.com | Hunt | Crypt", "description": "Remotely attacks social media , game services, hunting for IP addresses, and all personal locations of targets. Service modifier, registry modifier.", "modified": "2024-10-11T00:04:00.735000", "created": "2024-08-10T17:17:26.271000", "tags": [ "as46606", "united", "unknown", "passive dns", "all scoreblue", "ipv4", "url analysis", "search", "a nxdomain", "whitelisted", "accept", "ns nxdomain", "soa nxdomain", "aaaa nxdomain", "reverse dns", "as29873", "trojan", "hacktool", "hosting", "ttl value", "algorithm", "full name", "data", "v3 serial", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "server", "registrar abuse", "dns replication", "subject public", "key info", "key algorithm", "key identifier", "subject key", "identifier", "first", "android", "united states", "status", "hostname", "as13414 twitter", "aaaa", "nxdomain", "date", "as44273 host", "scan endpoints", "systemroot", "ogoogle trust", "cngts ca", "delete c", "tofsee", "stcalifornia", "lsan francisco", "win64", "grum", "copy", "write", "malware", "encrypt", "memcommit", "read c", "yara detections", "medium", "memreserve", "command line", "get ip address", "steam", "api get ip", "steam get ip", "entries", "show", "windows nt", "khtml", "gecko", "next", "showing", "ip address", "writeconsolea", "february", "write c", "regsetvalueexa", "regdword", "delete", "napolar", "persistence", "execution", "network service", "location hunting", "ip hunting" ], "references": [ "analytics.x.com", "Yara Detections: ConventionEngine_Term_Users , ConventionEngine_Keyword_Anti , dbgdetect_procs", "Crypt: 1.3.6.1", "Crypt: FileHash-SHA256 71f1f6c91dbe8050e7c5d54f294f5eabec02dccbe97fb0100e7ebf8f35b0d062", "Crypt: FileHash-SHA1 d8b665ef01e3f9feaa746833cddadf3bf29f72d1", "Crypt: FileHash-MD5 5dd89c5f70c95bae85d864c7baf27b20", "Yara Detections: ryuk_1007_fx2_12_multi_for_crypt_x86 , dbgdetect_files", "IDS Detections: Win32/Tofsee.AX google.com connectivity check HTTP Request with Lowercase host Header Observed External IP Lookup ip-api.com", "Antivirus Detections: Win.Packer.pkr_ce1a-9980177-0", "IDS Detections: Observed External IP Lookup ip-api.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Packer.pkr_ce1a-9980177-0", "display_name": "Win.Packer.pkr_ce1a-9980177-0", "target": null }, { "id": "Crypt", "display_name": "Crypt", "target": null }, { "id": "Ransom", "display_name": "Ransom", "target": null } ], "attack_ids": [ { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1056.004", "name": "Credential API Hooking", "display_name": "T1056.004 - Credential API Hooking" }, { "id": "T1585.001", "name": "Social Media Accounts", "display_name": "T1585.001 - Social Media Accounts" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1428", "name": "Exploit Enterprise Resources", "display_name": "T1428 - Exploit Enterprise Resources" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 570, "domain": 563, "hostname": 1131, "FileHash-SHA1": 498, "FileHash-SHA256": 2070, "URL": 83, "email": 7, "SSLCertFingerprint": 10 }, "indicator_count": 4932, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "555 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64d56620fb6845e22b859e75", "name": "Who is ENOM (DREAMHOST)", "description": "", "modified": "2023-09-11T00:03:40.398000", "created": "2023-08-10T22:35:12.322000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "64d31d52d54a9591dd717e17", "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ellenmmm", "id": "233693", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2544, "domain": 2507, "URL": 2757, "email": 26, "CVE": 25, "FileHash-SHA256": 61, "FileHash-MD5": 9, "FileHash-SHA1": 12 }, "indicator_count": 7941, "is_author": false, "is_subscribing": null, "subscriber_count": 85, "modified_text": "951 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://unifiedlayer.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://unifiedlayer.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776638178.658654 }