{ "type": "URL", "indicator": "https://w.msftc0nnecttest.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://w.msftc0nnecttest.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3741862652, "indicator": "https://w.msftc0nnecttest.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "6608aaf7ca0e965e593ed1d4", "name": "MUI programu Microsoft Office Access (w j\u0119zyku angielskim) zosta\u0142o u\u017cyte do wys\u0142ania z\u0142o\u015bliwego oprogramowania na serwer w Czechach jest to pierwszy tego typu atak na komputer. e", "description": "A look back at some of the key words and phrases used to describe the situation in Italy, as \"probacja\" (or \"democrata), as they were translated into English.", "modified": "2025-10-17T11:03:07.034000", "created": "2024-03-31T00:14:47.183000", "tags": [ "sha256", "ssdeep", "reputacja", "tworzy pliki", "informacje", "bardzo duga", "tworzy", "adresy url", "tworzy katalog", "win64", "ameryki", "typ pliku", "serwer nazw", "san jose", "adres", "digital", "data wyganicia", "csc corporate", "domains", "ca data", "data utworzenia", "dnssec" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6432, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2140, "hostname": 5874, "FileHash-SHA256": 12539, "FileHash-MD5": 3686, "FileHash-SHA1": 2751, "IPv4": 503, "URL": 10770, "email": 26, "CVE": 88, "YARA": 6, "JA3": 2, "IPv6": 28, "SSLCertFingerprint": 5, "BitcoinAddress": 3, "CIDR": 1 }, "indicator_count": 38422, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "225 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6605781ad51380e5b1c22815", "name": "haul from the last two weeks of wrangling - presumed malware and IOC's found on my personal devices", "description": "nearing the two year mark of the first initial attack - unfortunately OTX was only able to pull domains from the large majority of files uploaded which seems to be a built in anti-debug feature and goes with the theme and \"look & feel\" of this latest iteration being that most of them were somehow someway remote and acting as a net file system on my machine", "modified": "2024-04-27T02:04:29.606000", "created": "2024-03-28T14:00:58.809000", "tags": [ "dddf", "target", "dddj", "path", "base o", "base", "backupfile", "base rw", "exit", "date", "hell", "gnu libtool", "please do", "linker", "lsmime3 lnss3", "lplc4 lnspr4", "ludev", "directory", "lmagic ljansson", "feugiat", "lorem ipsum", "nulla facilisi", "malesuada", "etiam tempor", "suspendisse", "consectetur", "bibendum", "amet", "eget aliquet", "basesectors", "date echo", "default", "label", "kernel", "append rhgb", "clsid", "systemroot", "webbrowser", "ispell", "imagemagick", "flex", "zle c", "whois", "locate", "rubber", "chown", "ruby", "ninja", "pacman", "restart", "kill", "django", "mark", "repl", "service", "term", "mkdir", "borg", "black", "conan", "dolphin", "dotnet", "hello", "john", "generic", "find", "shutdown", "mozilla", "first", "subsystem", "action", "goto", "load", "devtype", "idnetdriver", "drivers", "program", "interface", "nmunmanaged", "ethernet", "mac prefix", "attr", "virtualbox host", "mac address", "interface name", "hello world", "unit", "timer", "onbootsec5min", "install", "wait online", "networkmanager", "edit", "note", "typeoneshot", "cloud", "optin", "helper", "for testing", "only", "restrict", "grant", "enable debug", "trace", "killmodeprocess", "typedbus", "reload", "capdacoverride", "dhcp etc", "include", "yara", "cflags", "libs", "xxx remove", "the author", "this software", "isc license", "copyright", "schlueter", "permission", "software is", "provided", "as is", "disclaims all", "direct", "require", "semver", "comparator", "range", "releasetypes", "simple", "tilde", "09azaz", "prerelease", "same", "beta", "semverrangesgtr", "semverrangesltr", "coerce version", "ranges", "alpha", "standalone", "exits", "null", "false", "reverse", "compare", "a javascript", "copyright isaac", "typeerror", "maxsafeinteger", "maxlength", "break", "error", "number", "drop", "same direction", "symbol", "comp", "const", "caret", "flagloose", "xrange", "parse", "identifier", "object", "match", "string", "walk", "manually", "stop", "highhaspre", "major", "minor", "patch", "istanbul", "preminor", "index", "regexp", "build metadata", "meaning", "replace", "token", "zero", "star", "infinity", "return", "a cache", "build status", "coverage status", "the same", "options", "before", "lrulist", "cache", "length", "dispose", "maxage", "allowstale", "nodisposeonset", "yallist", "node", "array", "head", "function", "tail", "start", "insert", "just", "node object", "barbar", "array method", "default export", "any comparator", "complex range", "simple range", "c1 c2", "outer", "every simple", "ecomp", "must", "clone", "case", "ignore", "setmin", "determine", "version", "typeof", "contribute", "status", "node package", "manager", "benchmark suite", "installation", "direct download", "ql https", "node version", "usage", "project", "calendar", "package", "source", "license", "source form", "perl foundation", "distributor fee", "distribute", "standard", "neither", "module", "basecommand", "lifecyclecmd", "base command", "pacote", "browser", "workspace", "pkgname", "await", "boolean", "base class", "wrapwidth", "chalk", "command", "config", "npmcliconfig", "logfile", "timers", "display", "location", "audit", "arboristcmd", "arborist", "global", "whoami", "async", "json", "view", "pref", "pckmnt", "resolve", "utf8", "libnpmversion", "unstar", "update", "save", "omit", "packagelock", "dryrun", "force", "libnpmaccess", "spec", "uninstall", "todo", "enoent", "enotdir", "test", "scriptshell", "scope", "team", "create", "user", "libnpmteam", "destroy", "table", "list", "cidr", "stars", "eneedauth", "shrinkwrap", "rename", "npmcliarborist", "value", "unicode", "sbom", "cyclonedx", "build", "sbomformats", "response", "software bill", "look", "script", "runscript", "indent", "root", "minipass", "search", "pipeline", "filterstream", "libnpmsearch", "long", "grab", "packageurlcmd", "repo", "info", "repo const", "rebuild", "reifycmd", "publish", "libnpmpack", "npmclirunscript", "prune", "remove", "prefix", "args", "queryable", "packagejson", "pong", "cleanurl", "registry", "pack", "load tarball", "noise", "query", "edge", "etarget", "e403", "e404", "outdated", "homepage", "developer", "admin", "owner", "libnpmorg", "npmfetch", "logout", "getauth", "invalid", "parent", "depth", "type", "filteredby", "dedupe", "problems", "login", "link", "util", "installcitest", "runs", "prop", "password", "profile", "mode", "email", "twitter", "hook", "libnpmhook", "init", "wpath", "installtest", "complete", "globaltop", "help", "viewer", "glob", "pattern", "file", "globify", "explore", "shell", "handle", "fund", "which", "fundingsource", "archy", "explain", "helpsearch", "text", "part", "editor", "editor const", "childprocess", "check", "nodemodules", "docs", "promisify", "doctor", "cacache", "mask", "win32", "disttag", "packagespec", "semver range", "delete", "diff", "workspacepath", "actualtree", "libnpmdiff", "deprecate", "message", "write", "clean", "spawn", "compline", "comppoint", "compcword", "epipe", "completion", "compfish", "os x", "bugs", "report", "adduser", "exec", "libnpmexec", "localprefix", "runpath", "skip", "public key", "npmauditreport", "access", "item", "finddupes", "syntaxerror", "getcli", "eventemitter", "abort", "ssri", "columnify", "bundled", "tarball details", "sha1", "daily", "latest", "check daily", "weekly", "cyclonedxschema", "cyclonedxformat", "proppath", "propbundled", "propdevelopment", "propextraneous", "propprivate", "refvcs", "refwebsite", "crypto", "readpassword", "readusername", "reademail", "enter", "enter otp", "otpprompt", "afaf09", "passwordprompt", "auditerror", "getfundinginfo", "json output", "data", "append", "maybeindex", "ontimeend", "name", "returns", "noassertion", "spdxidentifer", "spdxdatalicense", "reldescribes", "reldep", "reftypepurl", "spdxid", "eotp", "e401", "setinterval", "npmlog", "proclog", "maxlogsperfile", "fsminipass", "open", "colmax", "colmin", "colgutter", "quick help", "convert", "b return", "mb return", "gb return", "sigint", "readline", "prompt", "promise", "eresolve error", "overridden", "peer", "extraneous", "optional", "isworkspace", "maxlen", "code", "unfinished", "notice", "isshellout", "matcherrorcode", "devnull", "npmcompletion", "compwords", "compreply", "o default", "f npmcompletion", "ifs compadd", "fish shell", "l cmd", "taken", "comp stuff", "lx compline", "abbrev", "please", "enyi", "json version", "cygwin", "c1 control", "numbers", "x09 x0a", "10000", "nodemodulesnpm", "builtin", "npmrc", "notsup", "notarget", "nospc", "rofs", "author", "npmclifs", "minimatch", "pathtofoo", "relative", "synopsis", "description", "field", "person", "configuration", "whether", "premajor", "prepatch", "prevents", "run git", "upgrade", "examples", "will", "shareman", "cidr whitelist", "please refer", "tokenid", "eslint", "c eslint", "compatibility", "older", "versions", "nodeoptions", "details", "output", "example", "posix", "unstarring", "lcall", "starring", "lock", "materials", "spdx", "lodash", "nodeenv", "initcwd", "boolean set", "boolean tells", "windows", "unix", "selector", "use cases", "queries", "equivalent", "boolean show", "nocolor environ", "cli look", "boolean force", "dependency", "json object", "production", "files", "cicd system", "property", "change", "url opener", "basic auth", "allow", "description a", "removes", "semvermajor", "ping https", "ping http", "found", "get http", "example add", "json format", "handy", "display prefix", "g usrlocal", "mycorp", "associate", "deprecated", "libnodemodules", "caveat note", "workspace usage", "string override", "tarball", "githubrepo", "initializer", "usrfoo", "forwarding", "suppose", "commandsnpm", "hooks", "url endpoint", "browse", "consider", "ci environment", "string optional", "promzard", "top level", "expect", "javascript", "it staff", "https", "cli team", "ecmascript", "readme", "package current", "latest location", "depended", "git repos", "git dependency", "newest version", "modify package", "description add", "show", "purpose tags", "tags", "keyvalue", "16 16", "boolean ignore", "boolean do", "string source", "treat", "example make", "grep", "travis ci", "details npm", "localappdata", "tab completion", "bulk advisory", "sha256publickey", "endpoint", "quick audit", "set access", "that user", "scoped", "python", "description npm", "node javascript", "important npm", "introduction", "c code", "unix system", "integrity", "provide", "facilitate", "cli tool", "handling old", "lockfiles", "file format", "legacy", "urls", "spdx license", "most", "barney rubble", "specify", "github", "dependencies", "github urls", "node installer", "linux", "overview", "windows node", "prefixetcnpmrc", "variablename", "home", "comments", "peruser config", "global config", "builtin config", "auth", "cycles", "local install", "global install", "appdata", "below", "please note", "stage", "after", "life cycle", "runs after", "post scripts", "scripts", "slate", "synopsis so", "rf usrlocal", "modules", "with", "laf usrlocal", "l npm", "description all", "installing", "myorgmypackage", "requiring", "publishing", "private modules", "scopes", "apis", "auth related", "does", "package name", "aliases", "folders", "os equivalent", "tarballs", "teams", "orgs", "super admin", "team admins", "developer guide", "description so", "be explicit", "blank", "standard glob", "link packages", "syntax", "selectors", "querying", "log file", "location all", "log levels", "information", "headers", "logs", "alias", "certificate", "format", "docext", "content", "descriptions", "shorthands", "keyb", "print", "dir1", "manual", "input", "line", "process", "display help", "dirs", "get contents", "maxdepth", "contents", "u2665 bxe5r", "ud834udf06 baz", "single", "cssesc", "usage arborist", "commands", "options most", "npm install", "npm rm", "time", "silent", "fetch", "conf", "handler", "extract", "additional", "jackspeak", "jack", "glob v", "expand", "drive letter", "never", "true", "rob browning", "gnu library", "general", "public license", "license file", "future import", "adderror", "cdfq", "charles levert", "egrep", "egrepegrep", "fgrepfgrep", "grepgrep", "svr4 grepegrep", "times", "attributeerror", "fixcygwinid", "enhanced", "false try", "false assert", "tsns", "inetaddress", "none", "return value", "unixaddress", "localrepo", "httpserver", "valueerror", "resourcepath", "exception", "eoferror", "c version", "bytesio", "offset", "binary", "ascii", "baseversion", "commit", "throw", "in n", "send", "data end", "if 10", "copy", "send logoutn", "exitatoi", "tmplink", "lcallc binls", "varlogsetup rm", "sf tmp", "slackware", "system console", "entry", "ansi mode", "b007e", "slackware ftp", "cdrom", "miquel van", "smoorenburg", "okay", "minix", "fixme", "overwrite", "connect", "ssh connection", "subcmd", "bbupttywidth", "bupforcetty", "hashsplitter", "b options", "false def", "hack", "kbytesr", "srcpath", "tmptagfiles", "device", "tmpreply", "reply", "including", "but not", "quotesplit", "quoteerror", "not word", "split line", "mainselect", "tpxetcfstab", "select", "slackware linux", "varlogmount", "anything", "tmpswapmsg", "swappart", "ndir", "swaplist", "tmpsetswap", "linux swap", "swap space", "redir", "linux fdisk", "tmptmpscript", "eof fi", "instsets", "gnome", "tmpsetds", "tmpsetseries", "gnu emacs", "gnome desktop", "linux kernel", "k desktop", "uucp", "tmp fi", "tmpsettpx", "tpxetcshadow", "root password", "detected", "internet", "press", "linux native", "partitions", "tmpreturn", "nodes", "nextpartition", "rootdevice", "mtpt", "size", "formatting", "doformat", "main", "done", "sourcemedia", "tmpmedia", "source media", "selection", "slackware cd", "network file", "tmpsetreturn", "maketag", "choice", "mount", "tagext", "tmpsetnewtag", "tmpsettagmake", "sorry", "tmpsetkeymap", "mapname", "moorhead", "keyboard map", "us keyboard", "updown", "copying", "kernel chmod", "kernel rdev", "lilo", "fullerr", "tmpsettestfull", "partition full", "setup", "altf2", "slackware setup", "dospart", "newdir", "tmptempscript", "tmpsetdos", "partition", "ntfs", "doslist", "installscripts", "tpxproc", "atapi cd", "kerberos", "file transfer", "iana", "appletalk", "network", "control", "secure shell", "chat", "contact", "prospero", "outtag", "outshift", "if 30", "conn", "setmode", "dumb", "smart", "clienterror", "rather", "stopiteration", "firstexclusion", "appendcommit", "firstbranchitem", "filterbranch", "origtip", "oldnew", "remoterepo", "group", "prevpath", "sisdir import", "dangerous", "count", "subcount", "ioerror", "oserror", "gitmodetree", "gitmodefile", "gitmodesymlink", "stack", "nonlocal", "revision", "presdir", "admdirpackages", "warn", "tmprequiredlist", "trigger", "arch", "procscsiscsi", "luns", "scsi", "ax1b", "skript", "scsi bus", "kurt garloff", "gnu gpl", "ieee1394", "l found0", "nextrepoid", "repoid", "realpath", "usb keyboard", "d libmodules", "nousb", "procbususb a", "procbususb fi", "load input", "q input", "inet system", "hostname", "attach", "etcmotd", "newdisk", "scan", "slackkernel", "ram disk", "r sbp2", "r ieee1394", "firewire", "noieee1394", "q ieee1394", "attempt", "use f", "none def", "return password", "return none", "passwd", "nametopwdcache", "gidtogrpcache", "nametogrpcache", "tagfile", "prompt mode", "help software", "less", "removepkg", "gnu cc", "linux source", "pkgtool", "proccmdline", "termvt100", "termlinux", "homeroot lessmm", "ps1u", "home path", "display less", "term ps1", "kind", "branch", "period", "tmpsetfdisk", "minor elif", "smashedline", "l dev", "tmpsetfdisk fi", "probe", "mylex", "raid", "disksets", "packagedir", "blurb", "sourcedir", "tmptmpmsg", "tmptagfile", "media", "pcmcia", "umountcdrom", "o ro", "floppy", "pcmcia andor", "cardbus", "usedflopfalse", "libdir", "libdir exedir", "bcmd", "exedir", "openssl set", "packageversion", "versiongreater", "invert", "optdict", "intify", "limited to", "sockets layer", "argv", "normally", "shutwr", "sigexception", "demuxconn", "pipe import", "demultiplex", "openssl", "debug", "opensslversion", "static imported", "target openssl", "cmake", "shared imported", "fatalerror", "obex", "import", "stringio import", "obex service", "bdaddr channeln", "ascii character", "alength", "notfoundreturn", "use nis", "nis version", "name service", "switch config", "legal", "use dns", "domain name", "os2 boot", "os2 fdisk", "partition magic", "boot manager", "tcpip subsystem", "nfs install", "network support", "make", "sample file", "zip disk", "zip drive", "first scsi", "first ide", "atari", "solaris", "drive x", "zip100", "linkdir", "linkdir fi", "tmp directory", "asap", "linkdir tmp", "indexerror", "want", "midxversion", "wrapper", "multiple index", "filename", "desiredhwm", "domidx", "exitstack", "total", "option", "c option", "vmsize", "vmrss", "vmdata", "vmstk", "majflt", "september", "guess object", "longmatch", "raid device", "devrd", "devname", "concord", "applyerror", "metadata", "einval", "macos", "frozen", "fifo", "common code", "faildelay", "faillogenab", "logunkfailenab", "logoklogins", "lastlogenab", "mailcheckenab", "quotasenab", "syslogsuenab", "syslogsgenab", "console console", "ttywidth", "baseexception", "pythonpath", "pipe", "sigismember", "xdropaqueauth", "libcpvalloc", "rtld", "gnu c", "library", "free software", "foundation", "gnu lesser", "general public", "merchantability", "refs", "keyerror", "important", "carefully", "kwargs", "super", "true result", "priority", "pmsg", "crunch", "tmptempmsg", "localnetmask", "localipaddr", "upnrun", "ip address", "localgateway", "kversion", "eof dialog", "tmpmask", "localnetwork", "slackdevice", "fgrep", "ftp site", "tmpsetmount", "reboot machine", "tmpwhichdrv", "tmpsetmount cat", "select floppy", "drive", "tmptempmsg exit", "tmptempmsg mv", "tmpsourcedir", "drivefound", "cddvd", "rdir", "cddvd drive", "tmpsetcddev", "ide bus", "tmperrordo exit", "third", "login binsh", "l ttys0", "l ttys1", "x0 s", "reboot", "stuff", "bupdir", "iterhelper", "next", "none d", "indexhdr", "ixexists", "ixhashvalid", "ixshamissing", "indexsig", "entlen", "footersig", "tmpdir", "experimental", "bdupcache", "brestore", "bindex", "agulbra", "tcpip", "linux box", "hlinkdb", "verify", "maxpertree", "bupblobbits", "buptreeblobbits", "giterror", "mpicount", "bupnormal", "bupchunked", "refresh", "close", "dump", "dest", "commonargs", "ref dest", "pick", "btree", "missingobject", "bloom filter", "existingcount", "idxlivecount", "ram budget", "bupfs", "importerror", "fuse", "verbose", "fakemetadata", "fsdecode", "ptraceerror", "ptracesetregs", "cpu64bits", "ptraceattach", "ptracedetach", "ptracesyscall", "cpuwordsize", "runningbsd", "ext2", "proc proc", "commanderror", "optionerror", "lcctype", "iso88591", "localrepo repo", "sbine2fsck", "bfailed", "elif", "bcanary", "posix acls", "linux partition", "move", "pgdnspace", "olargefile", "onofollow", "xdev", "xdevxdev", "dirlist", "prepend", "cyan", "white", "blue", "dialog box", "yellow", "active button", "inactive button", "search box", "input box", "green", "excluderxs", "doit", "s seed", "this command", "is extremely", "dangerous n", "chunksize", "socket", "return hex", "supports python", "rethrow", "hostrs", "bnone", "bload", "branchpath", "snapshotroot", "snapshot", "tmpidx", "bashsource", "bashlineno", "int dryrun", "importing", "ux f", "sbinbrc", "eof binsync", "unmounting file", "devnull echo", "rest", "first assert", "existing", "restcount", "none path", "maxbloombits", "bloomversion", "maxbitseach", "discussion", "k4 k5", "k6 k7", "k8 k9", "rvatoi", "exitrv", "exit 1", "noblock", "sisdir", "sislnk", "writetree", "rawtreeitem", "splittreeitem", "metadataro", "meta", "builtmodulename", "dkms", "packagename", "autoinstall", "kernelrelease", "kbuild", "kerneluname", "implementation", "murmurhash3", "jens taylor", "gary court", "austin appleby", "typeof h", "later", "tls1", "fbtfr", "fbfr", "apache http", "fbefr", "fbhfr", "fbabfr", "http", "keepalive", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "getprocaddress", "access type", "ck id", "observed ja3", "mitre att", "show technique", "suspicious", "hybrid", "click", "delphi", "strings", "malicious", "february", "middle", "exploit", "gameover", "hybrid analysis", "api key", "vetting process", "ck matrix", "accept", "memoryfile scan", "invalid octet", "falcon sandbox", "tmpp59thrck", "informative", "name tactics" ], "references": [ "itl-logo.txt", "empty.exe", "libnm.la", "libyara.la", "sunjava_map.xml", "lorem.txt", "stage2", "q\u00e9\u00d5?e\u00ac\u00d2\u00b6.\u000f\u001c\u00cc", "syslinux.cfg", "x.jnlp", "desktop.ini", "a.txt", "a.txt:ads.txt", "dir:ads.txt", "b.txt:ads.txt", "no_ads.txt", ".:ads.txt", "b.txt", "nm-shared.xml", ".zcompdump-m1904-5.9", ".zcompdump", "90-nm-thunderbolt.rules", "84-nm-drivers.rules", "85-nm-unmanaged.rules", "???? ????????.txt", "notes.txt", "notes.txt:ads", "nm-cloud-setup.timer", "NetworkManager-wait-online.service", "nm-cloud-setup.service", "nm-priv-helper.service", "NetworkManager-dispatcher.service", "NetworkManager.service", "NetworkManager-ovs.conf", "nm-pppd-plugin.la", "yara.pc", "libnm.pc", "preload.js", "LICENSE", "index.js", "range.bnf", "package.json", "README.md", "semver.js", "comparator.js", "range.js", "valid.js", "sort.js", "satisfies.js", "rsort.js", "rcompare.js", "prerelease.js", "patch.js", "neq.js", "minor.js", "major.js", "lt.js", "inc.js", "parse.js", "gt.js", "eq.js", "gte.js", "compare-loose.js", "compare.js", "clean.js", "cmp.js", "coerce.js", "compare-build.js", "diff.js", "lte.js", "parse-options.js", "identifiers.js", "debug.js", "constants.js", "re.js", "yallist.js", "iterator.js", "subset.js", "to-comparators.js", "outside.js", "min-version.js", "min-satisfying.js", "max-satisfying.js", "ltr.js", "simplify.js", "intersects.js", "gtr.js", "npmrc", "cli.js", "lifecycle-cmd.js", "cli-entry.js", "package-url-cmd.js", "base-command.js", "npm.js", "arborist-cmd.js", "whoami.js", "view.js", "version.js", "unstar.js", "update.js", "unpublish.js", "uninstall.js", "test.js", "team.js", "stop.js", "start.js", "token.js", "stars.js", "shrinkwrap.js", "set.js", "star.js", "sbom.js", "run-script.js", "root.js", "search.js", "repo.js", "restart.js", "rebuild.js", "publish.js", "prune.js", "prefix.js", "pkg.js", "ping.js", "pack.js", "query.js", "outdated.js", "org.js", "owner.js", "logout.js", "ls.js", "ll.js", "login.js", "link.js", "install-ci-test.js", "profile.js", "hook.js", "init.js", "install-test.js", "install.js", "help.js", "explore.js", "fund.js", "explain.js", "help-search.js", "get.js", "edit.js", "docs.js", "doctor.js", "dist-tag.js", "dedupe.js", "deprecate.js", "ci.js", "config.js", "completion.js", "bugs.js", "adduser.js", "exec.js", "audit.js", "access.js", "cache.js", "find-dupes.js", "validate-engines.js", "web-auth.js", "tar.js", "update-notifier.js", "sbom-cyclonedx.js", "replace-info.js", "read-user-info.js", "reify-output.js", "queryable.js", "timers.js", "validate-lockfile.js", "sbom-spdx.js", "otplease.js", "pulse-till-done.js", "log-shim.js", "log-file.js", "npm-usage.js", "get-identity.js", "format-bytes.js", "open-url-prompt.js", "explain-eresolve.js", "explain-dep.js", "exit-handler.js", "open-url.js", "did-you-mean.js", "completion.sh", "completion.fish", "cmd-list.js", "auth.js", "audit-error.js", "is-windows.js", "display.js", "reify-finish.js", "error-message.js", "format-search-stream.js", "installed-shallow.js", "installed-deep.js", "update-workspaces.js", "get-workspaces.js", "npm-view.md", "npm-version.md", "npm-uninstall.md", "npm-token.md", "npx.md", "npm-team.md", "npm-stop.md", "npm-unstar.md", "npm-start.md", "npm-star.md", "npm-test.md", "npm-shrinkwrap.md", "npm-stars.md", "npm-sbom.md", "npm-root.md", "npm-run-script.md", "npm-restart.md", "npm-rebuild.md", "npm-query.md", "npm-search.md", "npm-prune.md", "npm-publish.md", "npm-profile.md", "npm-repo.md", "npm-whoami.md", "npm-pkg.md", "npm-pack.md", "npm-ping.md", "npm-org.md", "npm-owner.md", "npm-prefix.md", "npm-login.md", "npm-logout.md", "npm-link.md", "npm-install-ci-test.md", "npm-install.md", "npm-init.md", "npm-update.md", "npm-help-search.md", "npm-hook.md", "npm-help.md", "npm-find-dupes.md", "npm-explore.md", "npm-unpublish.md", "npm-exec.md", "npm-ls.md", "npm-edit.md", "npm-doctor.md", "npm-fund.md", "npm-outdated.md", "npm-docs.md", "npm-dist-tag.md", "npm-config.md", "npm-diff.md", "npm-ci.md", "npm-cache.md", "npm-bugs.md", "npm-completion.md", "npm-audit.md", "npm-access.md", "npm.md", "npm-install-test.md", "npm-adduser.md", "npm-dedupe.md", "package-lock-json.md", "package-json.md", "npm-shrinkwrap-json.md", "install.md", "npmrc.md", "folders.md", "workspaces.md", "scripts.md", "removal.md", "scope.md", "registry.md", "package-spec.md", "orgs.md", "developers.md", "dependency-selectors.md", "logging.md", "config.md", "node-which", "mkdirp", "qrcode-terminal", "installed-package-contents", "cssesc", "color-support", "arborist", "pacote", "glob", "empty", "xstat (2).py", "zgrep", "xstat.py", "wtmp", "web.py", "vt300", "vt300 (2)", "vt100 (3)", "vt100", "vint.py", "version (2).py", "version.py", "vdecmd", "unmigrate (2).sh", "unmigrate.sh", "tick.py", "termcap (2)", "termcap", "tag.py", "syslinux (2).cfg", "syslog.conf", "syslog (2).conf", "styles.css", "stdcrt (2)", "std (2)", "stage2 (3)", "stage2 (2)", "std", "ssh.py", "source_info.py", "split.py", "slackinstall", "stdcrt", "shells", "shells (2)", "shquote.py", "shadow (2)", "shadow", "setup (2)", "SeTswap (2)", "SeTPKG (2)", "setup", "SeTswap", "SeTpasswd (2)", "SeTpasswd", "SeTnopart (2)", "SeTpartitions (2)", "SeTnopart", "SeTPKG", "SeTmedia (2)", "SeTpartitions", "SeTmedia", "SeTmaketag", "slackinstall (2)", "SeTkeymap (2)", "SeTmaketag (2)", "SeTkernel", "SeTfull (2)", "SeTkernel (2)", "SeTfull", "SeTfdHELP", "SeTfdHELP (2)", "SeTkeymap", "SeTDOS (2)", "SeTconfig (2)", "services (2)", "SeTDOS", "SeTconfig", "services", "sendcmd.rc", "securetty (2)", "securetty", "server.py", "rm.py", "restore.py", "rm (2).py", "save.py", "removepkg", "rescan-scsi-bus", "removepkg (2)", "README (2)", "README", "repo.py", "rc.usb", "rc.inet1", "rc.S", "rc.ieee1394", "random.py", "pwdgrp.py", "PROMPThelp (2)", "profile (2)", "prune_older.py", "profile", "probe (2)", "probe", "pkgtool", "pkgtool (2)", "pcmcia", "path.py", "passwd (2)", "passwd", "OpenSSLConfigVersion.cmake", "options.py", "PROMPThelp", "openssl.pc", "openmachine.rc", "on__server.py", "on.py", "OpenSSLConfig.cmake", "obexstress", "nsswitch (2).conf", "nsswitch.conf", "nopartHELP (2)", "nopartHELP", "networks (2)", "networks", "network", "mux.py", "mtools (2).conf", "mtools.conf", "mtab (2)", "mtab", "motd (2)", "motd", "modules.pcimap", "modules.pnpbiosmap", "modules.parportmap", "modules.usbmap", "modules.isapnpmap", "modules.ieee1394map", "modules.generic_string", "modules.dep", "migrate (2).sh", "migrate.sh", "midx.py", "midx (2).py", "meta.py", "memtest.py", "margin.py", "makedevs (2).sh", "makedevs.sh", "metadata.py", "ls (2).py", "ls.py", "login (2).defs", "main.py", "login.defs", "list_idx.py", "libssl.pc", "libnm-wwan.la", "libnm-ppp-plugin.la", "libnm-device-plugin-wwan.la", "libnm-device-plugin-wifi.la", "libnm-device-plugin-team.la", "libnm-device-plugin-bluetooth.la", "libnm-device-plugin-ovs.la", "libnm-device-plugin-adsl.la", "libcrypto.pc", "libc6-i386_2.31-0ubuntu6_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.info", "libc6-i386_2.30-4_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.symbols", "libc6-i386_2.30-4_amd64.info", "libc6-i386_2.30-4_amd64.symbols", "libc6-i386_2.30-0ubuntu2_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.info", "libc6-i386_2.30-0ubuntu2.1_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.symbols", "libc6-i386_2.30-0ubuntu2.1_amd64.info", "libc6-i386_2.29-0ubuntu2_amd64.url", "libc6-i386_2.29-0ubuntu2_amd64.symbols", "libc6-i386_2.29-0ubuntu2_amd64.info", "libc6-i386_2.28-10_amd64.url", "libc6-i386_2.28-10_amd64.info", "libc6-i386_2.28-10_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.info", "libc6-i386_2.27-3ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.url", "libc6-i386_2.26-0ubuntu2_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.url", "libc6-i386_2.26-0ubuntu2.1_amd64.info", "libc6-i386_2.24-11+deb9u4_amd64.url", "libc6-i386_2.30-0ubuntu2.1_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.url", "libc6-i386_2.24-9ubuntu2_amd64.info", "libc6-i386_2.24-9ubuntu2.2_amd64.url", "libc6-i386_2.24-9ubuntu2.2_amd64.symbols", "libc6-i386_2.24-9ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.url", "libc6-i386_2.24-3ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.url", "libc6-i386_2.23-0ubuntu11_amd64.url", "libc6-i386_2.24-3ubuntu1_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.info", "libc6-i386_2.23-0ubuntu11_amd64.symbols", "libc6-i386_2.23-0ubuntu11_amd64.info", "libc6-i386_2.23-0ubuntu10_amd64.url", "libc6-i386_2.23-0ubuntu10_amd64.symbols", "libc6-i386_2.23-0ubuntu10_amd64.info", "libc6-i386_2.23-0ubuntu3_amd64.symbols", "libc6-i386_2.23-0ubuntu3_amd64.info", "libc6-i386_2.21-0ubuntu4_amd64.url", "libc6-i386_2.23-0ubuntu3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.info", "libc6-i386_2.21-0ubuntu4.3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.info", "libc6-i386_2.19-18+deb8u10_amd64.url", "libc6-i386_2.19-18+deb8u10_amd64.symbols", "libc6-i386_2.19-18+deb8u10_amd64.info", "libc6-i386_2.19-10ubuntu2_amd64.url", "libc6-i386_2.19-10ubuntu2_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.symbols", "libc6-i386_2.19-10ubuntu2_amd64.info", "libc6-i386_2.19-10ubuntu2.3_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.symbols", "libc6-i386_2.19-0ubuntu6.15_amd64.info", "libc6-i386_2.19-0ubuntu6.15_amd64.url", "libc6-i386_2.19-0ubuntu6.15_amd64.symbols", "libc6-i386_2.17-93ubuntu4_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.info", "libc6-i386_2.17-0ubuntu5_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.symbols", "libc6-i386_2.17-0ubuntu5_amd64.info", "libc6-i386_2.17-0ubuntu5.1_amd64.url", "libc6-i386_2.17-0ubuntu5_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.info", "libc6-i386_2.15-0ubuntu20_amd64.url", "libc6-i386_2.15-0ubuntu20.2_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.symbols", "libc6-i386_2.15-0ubuntu20.2_amd64.info", "libc6-i386_2.15-0ubuntu20.2_amd64.symbols", "libc6-i386_2.15-0ubuntu10_amd64.info", "libc6-i386_2.15-0ubuntu10_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.info", "libc6-i386_2.15-0ubuntu10.18_amd64.url", "libc6-i386_2.15-0ubuntu10_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.url", "libc6-i386_2.13-20ubuntu5_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.symbols", "libc6-i386_2.13-20ubuntu5.3_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.symbols", "libc6-i386_2.13-20ubuntu5.2_amd64.info", "libc6-i386_2.13-0ubuntu13_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.symbols", "libc6-i386_2.13-0ubuntu13.2_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.url", "libc6-i386_2.13-0ubuntu13.2_amd64.info", "libc6-i386_2.12.1-0ubuntu10.4_amd64.info", "libc6-i386_2.13-0ubuntu13.2_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.info", "libc6-i386_2.11.1-0ubuntu7_amd64.url", "libc6-i386_2.12.1-0ubuntu6_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.url", "libc6-i386_2.11.1-0ubuntu7.21_amd64.url", "libc6-i386_2.11.1-0ubuntu7.12_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.info", "libc6-i386_2.11.1-0ubuntu7.11_amd64.symbols", "libc6-i386_2.10.1-0ubuntu19_amd64.url", "libc6-i386_2.10.1-0ubuntu19_amd64.info", "libc6-i386_2.10.1-0ubuntu19_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.info", "libc6-i386_2.10.1-0ubuntu15_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.url", "libc6-i386_2.9-4ubuntu6_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.symbols", "libc6-i386_2.9-4ubuntu6.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu9_amd64.info", "libc6-i386_2.8~20080505-0ubuntu7_amd64.url", "libc6-i386_2.7-10ubuntu8.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.info", "libc6-i386_2.7-10ubuntu3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.info", "libc6-i386_2.6.1-1ubuntu10_amd64.url", "libc6-i386_2.6.1-1ubuntu10_amd64.symbols", "libc6-i386_2.6.1-1ubuntu10_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.symbols", "libc6-i386_2.6.1-1ubuntu9_amd64.url", "libc6-i386_2.6.1-1ubuntu9_amd64.info", "libc6-i386_2.6.1-1ubuntu9_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.info", "libc6-i386_2.4-1ubuntu12_amd64.url", "libc6-i386_2.4-1ubuntu12_amd64.symbols", "libc6-i386_2.4-1ubuntu12_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.symbols", "libc6-i386_2.4-1ubuntu12.3_amd64.url", "libc6-i386_2.4-1ubuntu12.3_amd64.info", "libc6-i386_2.5-0ubuntu14_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.symbols", "libc6-i386_2.3.6-0ubuntu20_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.url", "libc6-i386_2.3.6-0ubuntu20.6_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.symbols", "ldd", "libc6-i386_2.4-1ubuntu12.3_amd64.symbols", "ld.so (2).conf", "ld.so.conf", "join.py", "itl-logo (3).txt", "itl-logo (2).txt", "issue", "issue (2)", "io.py", "installpkg", "INSNFS (2)", "installpkg (2)", "INSNFS", "INShd", "INShd (2)", "INSfd (2)", "INSfd", "INSdir (2)", "INSdir", "INSCD", "INSCD (2)", "inittab (2)", "inittab", "init.py", "__init__ (2).py", "__init__.py", "index (2).py", "index.py", "import_duplicity.py", "hosts (2)", "hosts", "host (2).conf", "host.conf", "HOSTNAME", "hlinkdb.py", "help.py", "helpers.py", "HOSTNAME (2)", "hashsplit.py", "group (2)", "group", "gc (2).py", "git.py", "get.py", "gc.py", "fuse.py", "func.py", "fstab (2)", "fstab", "ftp.py", "fsck (2).ext2", "fsck (2).ext3", "fsck.ext3", "fsck.ext2", "fsck.py", "filesize", "features.py", "fdisk (2)", "fdisk", "FDhelp (2)", "FDhelp", "empty (3)", "empty (2)", "drecurse.py", "dialogrc", "dialogrc (2)", "disk2 (2)", "drecurse (2).py", "disk2", "damage.py", "daemon.py", "compat.py", "closemachine.rc", "checkout_info.py", "cfdisk (2)", "client.py", "cfdisk", "cat_file.py", "bup-import-rsnapshot", "bup-import-rdiff-backup", "brc (2)", "brc", "bloom (2).py", "bloom.py", "asyncrecv.rc", "90-nm-cloud-setup.sh", "vfs.py", "tree.py", "template-WaR2X6", "a1676298638", "a4033901479", ".X1-lock", ".X0-lock", ".X1024-lock", "b3336837578", "MozillaUpdateLock-7A4D7A8EFFB43502", "imurmurhash.min.js", ".X1025-lock", "murmur2", "b529967783", "empty.lock~", "ab.1", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/65fcd2b1519a5f86d60eed63", "https://hybrid-analysis.com/file-collection/6604df33503d4a306e01c776", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/6604e16b6b94878cbb062194", "https://hybrid-analysis.com/file-collection/6604df4bb797f028b4065601", "https://hybrid-analysis.com/sample/2eaba531c48445e241c116f61653649e403d4b1ef07bfc96390e986e1eeb5b83/6604e230edf88ab15b0d83fc", "https://hybrid-analysis.com/file-collection/66057525d9b81759df06c4b5", "https://hybrid-analysis.com/sample/d714e2a850645f9a0f8f3785dd0eedd47a417417bed470b968e0f6a1a2e746e6/652cf1f4243d9d03b90f74a1", "https://www.virustotal.com/gui/file/ea8490563a229b89f2b779217938f9eb2bcf93dd89de9f7fc5c035632f0934b5/relations" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 297, "email": 8, "hostname": 204, "URL": 382, "FileHash-SHA1": 7, "CVE": 2, "FileHash-MD5": 45, "FileHash-SHA256": 5 }, "indicator_count": 950, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "764 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64e298af236c03fdd49226dd", "name": "IOC's from my personal devices for the week starting 08/21/23 - Pure Linux", "description": "It's becoming quite the wrestling match trying to get these pulses's created especially trying to utilize OTX's native uploader for the actual pulse; but after taking another persistent OS instance as a casualty I'm finally getting a workflow down. \n\nThis is all Linux starting this week; with a metric f*ck ton and frankly overwhelming amount of Yara matches I could only get a few to play outside of local analysis. But those include an apprently rooted libgo that landed on an Arch ISO as well as a CAchyOS ISO; a Dockerd that was hiding in the source {~/docker/bundles/binary) directory after cloning from gtihub earlier today as well as an unsolicited dsniff executable. Whatever this is also decided to leech off of and make a home out of the Cuda lib (/opt/cuda/ --- and as soon as I can get it uploaded a malicious ISO, and kernel out of the docker-desktop (/opt/docker-desktop) directory. Never a dull moment.", "modified": "2024-02-14T21:44:03.410000", "created": "2023-08-20T22:50:23.225000", "tags": [ "dukexternaldecl", "dukfilemacro", "duklinemacro", "duktape", "dukapinoreturn", "dukcompileeval", "dukcompilesafe", "null", "vaargs", "ecmascript", "date", "error", "push", "local", "internal", "returns", "value", "boostnocwchar", "indeterminate", "boostusefacet", "brief returns", "boosthasfacet", "gregor", "boost software", "license", "banner", "ipaddr", "author", "usage", "version", "anhth", "atlassian2", "cdn2", "devadmin", "haproxy3", "false", "team", "abba", "abcd", "acid", "adonis", "aeon", "afrodita", "agent", "akira", "alabama", "aldebaran", "aleph", "alex", "alexa", "alfa", "alien", "alina", "alisa", "alma", "alpha", "amigo", "amos", "anarchy", "andromeda", "angela", "anime", "anis", "anna", "anubis", "apache", "apollo", "april", "arch", "archie", "argos", "argus", "aria", "aris", "armageddon", "artemis", "asahi", "ashley", "assassin", "astra", "atom", "atomic", "august", "auriga", "aurora", "austin", "autorun", "avalanche", "avalon", "avenger", "aviator", "avril", "azrael", "baba", "babe", "baby", "babylon", "bach", "baidu", "bandung", "bank", "baobab", "bara", "baran", "baron", "barry", "bart", "basket", "batman", "bazar", "beer", "belarus", "belka", "belle", "benchmark", "benjamin", "benny", "bill", "bingo", "blackbox", "blackcat", "blackhole", "blacksun", "blaze", "blizzard", "blondie", "blood", "bluesky", "bnet", "bobo", "bomb", "bomber", "boom", "borg", "bounce", "bouncer", "boxer", "bridge", "buddy", "bullet", "bumblebee", "bunny", "burn", "caca", "caesar", "calendar", "calgary", "camel", "candle", "canvas", "cardinal", "cargo", "carpediem", "carrier", "casino", "casper", "cassini", "celine", "cerberus", "cetus", "chacha", "chantal", "cheap", "chester", "chewbacca", "chin", "citadel", "clarity", "class", "click", "clock", "cluster", "cobalt", "cobra", "coco", "coconut", "code", "coke", "combo", "comet", "comment", "comp", "conan", "config", "connector", "contact", "cookie", "cool", "corona", "cracker", "crash", "crawl", "crazy", "crew", "crime", "crimson", "crypton", "crystal", "cuba", "cyber", "cyrus", "dada", "dani", "daniel", "dark", "darkman", "darkness", "darkside", "darkstar", "daum", "david", "davis", "dbase", "death", "deimos", "delphi", "delta", "demo", "democracy", "dennis", "depot", "derek", "designer", "desktop", "dexter", "dharma", "diablo", "dialer", "diego", "diesel", "digi", "dima", "dino", "direct", "divine", "django", "dock", "dodo", "dolphin", "domino", "donald", "doom", "dora", "dotnet", "dracula", "dragon", "drop", "drweb", "dude", "duke", "dummy", "dump", "dune", "dust", "duster", "easy", "echelon", "eclipse", "eddie", "eddy", "elaine", "eleanor", "elisa", "elite", "emilia", "emma", "empire", "encrypt", "energy", "epsilon", "equinox", "eris", "esmeralda", "esupport", "eternal", "eternity", "euclid", "evil", "excalibur", "exodus", "experiment", "explorer", "express", "face", "facebook", "factory", "faisal", "fastcash", "feedme", "fenrir", "feri", "fiesta", "final", "finger", "firebird", "firefly", "first", "flamingo", "flash", "flex", "floyd", "flux", "fortune", "foryou", "foxy", "freddy", "freedom", "freeweb", "frodo", "frog", "front", "frozen", "fruit", "funky", "fury", "gaga", "galaxy", "galileo", "gamma", "gate", "gauss", "general", "generator", "genome", "giga", "gigi", "ginger", "girls", "glacier", "globe", "gloria", "goblin", "gogo", "golf", "gollum", "gondor", "gotcha", "graphite", "groove", "guard", "habbo", "hair", "hale", "hamster", "happytime", "harmony", "harrier", "havoc", "hawk", "hehe", "hell", "hello", "helpme", "hermit", "hino", "hippo", "honeypot", "hook", "horror", "hoster", "hotmail", "hunter", "hydra", "ibank", "icarus", "ident", "igloo", "iloveyou", "immortal", "impact", "import", "incom", "incubator", "indra", "inex", "inferno", "infinity", "info", "infra", "insane", "inside", "inter", "iowa", "iron", "iservice", "istanbul", "ivan", "jackson", "jaka", "jason", "jedi", "jeff", "jigsaw", "jimmy", "jinx", "john", "johnny", "joker", "joshi", "jquery", "judy", "julia", "juliet", "julius", "june", "juno", "justin", "kaiser", "kala", "kali", "kami", "kamikaze", "kamil", "kappa", "karin", "karina", "karma", "kato", "katy", "keeper", "kevin", "kiev", "killer", "kilo", "kiwi", "koko", "krasnodar", "krypton", "kurgan", "lana", "landmark", "lapis", "larry", "lazarus", "lazy", "leda", "legacy", "leon", "levi", "leviathan", "light", "lilith", "lilo", "lime", "little", "liza", "lizard", "logger", "logic", "loke", "loki", "lola", "loli", "lolita", "lolol", "look", "loulou", "love", "lucia", "lucky", "lucy", "luna", "lust", "madmax", "mafia", "magazine", "magento", "maggie", "magic", "magnum", "mailto", "maker", "mamba", "mami", "mandrake", "mania", "manuel", "marina", "mario", "mark", "markus", "marlboro", "martin", "maru", "mask", "massmail", "matrix", "maverick", "maximus", "maya", "mayak", "maze", "media", "medusa", "mensa", "mercurial", "mercury", "merlin", "meta", "metal", "metallica", "meteor", "metro", "mexico", "michael", "mikey", "mine", "mini", "minotaur", "minsk", "mint", "mira", "miso", "mission", "model", "monster", "moran", "mordor", "mozart", "multi", "murphy", "mylove", "nazgul", "nebula", "neko", "netmail", "neuro", "neuron", "nevada", "nexus", "night", "nightmare", "nikita", "niko", "nina", "ninja", "nirvana", "nitro", "nomad", "nono", "noob", "northstar", "nova", "nuke", "oblivion", "octopus", "ogre", "olga", "olivia", "omni", "ontario", "open", "orinoco", "oscar", "otto", "outside", "ozzy", "pacman", "pamela", "panama", "panda", "pandora", "panic", "paradox", "paraguay", "paranoia", "paris", "pass", "passmark", "path", "payment", "pedro", "pepe", "pepper", "perseus", "phantom", "philadelphia", "phoenix", "phpbb", "picasso", "pigeon", "pikachu", "pinger", "pingpong", "pinky", "pioneer", "pirate", "piter", "pixel", "pizza", "plasma", "pluto", "police", "pony", "porno", "posta", "prague", "predator", "prestige", "primus", "prism", "privat", "probe", "problem", "proj", "project", "prometheus", "prophet", "protect", "proteus", "proton", "puma", "punk", "python", "quake", "quartz", "quasar", "r2d2", "race", "ragnarok", "raid", "rainbow", "rambo", "rana", "ranger", "rape", "rapid", "raptor", "ravi", "razor", "reboot", "recon", "rector", "reda", "redir", "redirector", "redline", "refresh", "reklam", "relax", "rescue", "retro", "rhino", "rigel", "riot", "robin", "robinhood", "robo", "rock", "rocket", "rogue", "roma", "rosebud", "roxy", "ruby", "runner", "rush", "sadmin", "saigon", "sailor", "sakura", "salsa", "samurai", "sanctuary", "sandbox", "sandra", "sandy", "sapphire", "sara", "sarah", "satan", "saturn", "sauron", "savenow", "school", "seeker", "sentinel", "seraph", "serena", "serg", "service", "servidor", "sexy", "shadow", "shaggy", "shaman", "shane", "sharepoint", "shark", "shell", "sherlock", "silent", "simba", "simplex", "sirius", "skinner", "skipper", "skynet", "slash", "slice", "slim", "smash", "smog", "snake", "sniper", "snow", "snowflake", "sochi", "solid", "sonic", "sora", "soul", "spark", "sparkle", "sparta", "spartacus", "spawn", "spectre", "sphinx", "spice", "spin", "spirit", "splash", "spooky", "sport", "squirrel", "star", "stark", "stealth", "steel", "stop", "story", "striker", "stub", "styx", "sugar", "sunny", "sunset", "super", "supernova", "supervisor", "supra", "suri", "survey", "sweet", "sword", "sysadmin", "target", "tarot", "taurus", "teamo", "techno", "telecom", "template", "terminal", "terra", "terre", "testapi", "tetris", "thebe", "theta", "thor", "tibia", "tick", "ticker", "tiger", "tigger", "tiny", "titan", "titanic", "tokyo", "toolbar", "torun", "trace", "trailer", "trash", "trident", "trigger", "trinity", "tripoli", "triton", "troll", "tron", "troy", "tsunami", "tula", "twister", "twitter", "ultimate", "uranus", "uruguay", "valencia", "valentine", "valeria", "vampire", "vanguard", "venus", "victor", "vidar", "vienna", "viper", "voice", "voodoo", "voronezh", "vortex", "voyager", "vulcano", "waffle", "wagner", "walker", "wallpaper", "walrus", "wanderer", "warrior", "webadmin", "webdav", "websearch", "webview", "wedge", "westnet", "whiterose", "wide", "widget", "willow", "win4", "window", "winnie", "winnt", "wolf", "wraith", "write", "wuhan", "xanadu", "xena", "xenon", "xmail", "xpress", "yang", "youth", "yoyo", "yume", "zeppelin", "zero", "zeus", "zhang", "zimbra", "zion", "zombie", "zona", "zorro", "zulu", "NativeAPI" ], "references": [ "duktape.h", "tribool_io.hpp", "dnsspider", "libgo.so.22.0.0", "https://hybrid-analysis.com/sample/a55c43184ee4ec03a636b357e8fef5ce2e8fde34f61a28610d4ca285db9b07e4/64e43114272b03328005b88b", "/opt/cuda", "https://hybrid-analysis.com/sample/db47ed2f22009cab171b7d16ec3462258ddf7bed0a6a9af198e5394e783198c0/64e3ff9747b24214820d5c1a", "https://hybrid-analysis.com/sample/32bc49b0d1d7aba6742b0e81dc0105c54bd5c9f32321f96b1594fbbe36692880", "https://hybrid-analysis.com/sample/bad3965a417d2fd936116414be04591aedc9275d3c545b3709334d3805d69bef/64e3ffbd15668ff65803bf54", "dockerd", "https://hybrid-analysis.com/sample/a55c43184ee4ec03a636b357e8fef5ce2e8fde34f61a28610d4ca285db9b07e4", "https://hybrid-analysis.com/sample/db47ed2f22009cab171b7d16ec3462258ddf7bed0a6a9af198e5394e783198c0", "https://hybrid-analysis.com/sample/0d4a7cda209c9701bc4cd19aac861d2be8aa1ce6258922d64e711de3d9bad2ae/64e679f61825d88cf802a74d", "https://hybrid-analysis.com/sample/b2efd5e0c2f695063a8bce40c8182aa70f33c4b1b77d232b7530d89fb9646f0c/64e52411dbff7da2f4065fe7", "https://hybrid-analysis.com/sample/bad3965a417d2fd936116414be04591aedc9275d3c545b3709334d3805d69bef", "https://hybrid-analysis.com/sample/1ba7314785f705d0a3db7a3a8ae1da4fe11a2f776287ce3aabc3f3931469447b/64e67888f8d1145b63007ad1", "https://hybrid-analysis.com/sample/27c46f4f186b2168b1d37057378b58667151088cea24c8944d539d251d0b7f6d/64e678fba4a2aff1640fc39a" ], "public": 1, "adversary": "TBD", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1573.001", "name": "Symmetric Cryptography", "display_name": "T1573.001 - Symmetric Cryptography" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003.008", "name": "/etc/passwd and /etc/shadow", "display_name": "T1003.008 - /etc/passwd and /etc/shadow" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1547.009", "name": "Shortcut Modification", "display_name": "T1547.009 - Shortcut Modification" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1055.003", "name": "Thread Execution Hijacking", "display_name": "T1055.003 - Thread Execution Hijacking" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1560.002", "name": "Archive via Library", "display_name": "T1560.002 - Archive via Library" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056.004", "name": "Credential API Hooking", "display_name": "T1056.004 - Credential API Hooking" }, { "id": "T1074.001", "name": "Local Data Staging", "display_name": "T1074.001 - Local Data Staging" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1546.015", "name": "Component Object Model Hijacking", "display_name": "T1546.015 - Component Object Model Hijacking" }, { "id": "T1059.005", "name": "Visual Basic", "display_name": "T1059.005 - Visual Basic" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" } ], "industries": [ "individuals" ], "TLP": "white", "cloned_from": null, "export_count": 152, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 676, "URL": 1068, "domain": 11442, "email": 36, "hostname": 1862, "FileHash-MD5": 2000, "FileHash-SHA256": 1082 }, "indicator_count": 18166, "is_author": false, "is_subscribing": null, "subscriber_count": 79, "modified_text": "836 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dd9c1d76a7807782a691d3", "name": "IOC's found on my pesonal devices; week starting 08/14/23", "description": "I had wrapped the majority of the files i'd run since the 14th into the Pulse of the same date, but at over 17k indicators i think it was time to put that one to rest. Obviously time and life allowing my intention is to keep updating and creating more of these as long as i'm kept flush with content. At current i'm pretty damned flush. This is just a preliminary dump of my /tmp folder on Arch. part of the infection chain is process hallowing and then hijacking a program close to the user, with decent call ability to the rest of the system.", "modified": "2024-02-14T21:44:02.852000", "created": "2023-08-17T04:03:41.985000", "tags": [ "o cloexec", "r procversion", "cachyos", "gnu ld", "gnu binutils", "microsoft", "f lockfd", "cygwin", "u respfd", "procselffd13", "procselffd14", "x8664", "uname", "linux", "getconf", "cpus32", "case", "m x8664", "s linux", "x8664 o", "z linux", "z x8664", "replying", "timing", "successfully", "shift", "procselffd16", "empty", "head", "dirty", "found", "splitting", "license", "index", "kill", "zfrm", "argv" ], "references": [ ".ICE-unix", ".org.chromium.Chromium.12ZdF3", ".vbox-mrkd-ipc", "@tmp", ".org.chromium.Chromium.T2jdbS", ".X11-unix", "albert_yt_ynb2tftv", "fish.root", "20230816_202710-scantemp.b14ff4bc3a", "plasma-csd-generator.LTvjbT", "pytest-of-mrkd", "runtime-root", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-ananicy-cpp.service-U5RKxp", ".org.chromium.Chromium.coQnti", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-bluetooth.service-7fh2tg", "bauh@mrkd", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-iwd.service-jnpcHR", ".org.chromium.Chromium.8GBhMA", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-polkit.service-CfCUQZ", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-systemd-logind.service-Q9OYbj", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-power-profiles-daemon.service-hSCDr7", ".org.chromium.Chromium.HMzFxo", "Temp-0c3dc677-7d66-4234-b14e-f604605b2d0c", "tmp.D4NXyZ3U4J", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-uksmd.service-oAjI9s", "Temp-0148ee46-b3e0-4c4b-aa55-b60c6b63eb6f", "tmp.ziktUZeKXL", "v8-compile-cache-0", "tmp90lfbdek", "tst-bz26353KOtJVp", "v8-compile-cache-1000", ".X0-lock", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.xtrace.log", "Temp-4d7e99a7-2d45-4347-a3b6-b64e3ae65e2e", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.xtrace.log", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.daemon.log", "gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.10291.1692217508.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.11270.1692217597.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.daemon.log", "gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.12928.1692233448.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.13309.1692233456.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.28823.1692223670.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.23930.1692220492.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.241161.1692238939.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.240792.1692238921.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.268412.1692240156.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.317097.1692240795.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.345673.1692241474.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.daemon.log", "qtsingleapp-Notifi-4c42-3e8", "gitstatus.POWERLEVEL9K.1000.2588447.1692243345.1.xtrace.log", "memmemY_2MMv.c", "gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.xtrace.log", "qtsingleapp-Notifi-4c42-3e8-lockfile", "stdbool.hcc0B2j.c", "strlcatmMvE1V.c", "qtsingleapp-Octopi-1d88-3e8-lockfile", "strlcpydb8x03.c", "stdbool.ht64kj6qw.c", "qtsingleapp-Octopi-1d88-3e8", "gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.daemon.log", "https://hybrid-analysis.com/sample/43b03483bf2b292ebb1b33469ab4b19e2ac84b1c86c0f34f60adab4bc64176b9", "https://hybrid-analysis.com/sample/320a60044adeccec22937423e859d2b095e976698133e37a83e019ce08c8bc0c", "https://hybrid-analysis.com/file-collection/64dfee6a3329552c91026445", "https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca", "https://hybrid-analysis.com/sample/8c7c7246468ffeffe01617b597622cd237fa334fb24dc4977fcac398bbe0df80", "https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/64dff1fbeab7dc252b0e56a6", "https://www.virustotal.com/gui/file/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/details", "https://otx.alienvault.com/indicator/file/5820da0bbae4f091dc0248e566d8f1076fd81485d1893effa14cdc1dc122f1fd" ], "public": 1, "adversary": "N/A", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BV:TelegramBot-A\\ [Trj]", "display_name": "BV:TelegramBot-A\\ [Trj]", "target": null }, { "id": "Ransom:Linux/DarkRadiation.A!MTB", "display_name": "Ransom:Linux/DarkRadiation.A!MTB", "target": "/malware/Ransom:Linux/DarkRadiation.A!MTB" }, { "id": "SLF:MamacseMacro.A", "display_name": "SLF:MamacseMacro.A", "target": null }, { "id": "TrojanDownloader:Linux/Morila!MTB", "display_name": "TrojanDownloader:Linux/Morila!MTB", "target": "/malware/TrojanDownloader:Linux/Morila!MTB" }, { "id": "Backdoor:Win32/R2d2.A", "display_name": "Backdoor:Win32/R2d2.A", "target": "/malware/Backdoor:Win32/R2d2.A" }, { "id": "Sf:ShellCode-DZ\\ [Trj]", "display_name": "Sf:ShellCode-DZ\\ [Trj]", "target": null }, { "id": "NETexecutableMicrosoft", "display_name": "NETexecutableMicrosoft", "target": null }, { "id": "TrojanDropper:Win32/FakeFlexnet.A", "display_name": "TrojanDropper:Win32/FakeFlexnet.A", "target": "/malware/TrojanDropper:Win32/FakeFlexnet.A" }, { "id": "Delphi", "display_name": "Delphi", "target": null } ], "attack_ids": [], "industries": [ "individuals" ], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 206, "domain": 5129, "FileHash-MD5": 177, "FileHash-SHA1": 114, "URL": 646, "hostname": 2078, "CVE": 412, "email": 4 }, "indicator_count": 8766, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "836 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ee2668cad3bfce7a474d79", "name": "IOC's from my personal devices for the week starting 08/28/23 - leveraging Yara, overwhelmed", "description": "placeholder\n\nAt current I have well over 2000 detentions just on this one device - I'm working on getting everything presentable.", "modified": "2024-02-10T03:37:00.560000", "created": "2023-08-29T17:10:00.158000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "indicator", "file", "ck id", "mitre att", "show technique", "ck matrix", "hybrid analysis", "suspicious", "hybrid", "close", "click", "august", "crypto", "strings", "malicious", "podcast", "team", "june", "error", "virtual size", "fail", "media", "path", "entropy", "alienvault", "open threat" ], "references": [ "https://hybrid-analysis.com/sample/2a061121e90f3354504a1546b1ca4c71252d02c99b7f677f29602aaa95f91c9e/64e8955eca839267790e3ef3", "https://hybrid-analysis.com/sample/f0da979013dc3adf7841d93af10dd5d12907752954bde8ca0bb2f027e869f086/6463a5722450ab7d6c0b893e", "https://otx.alienvault.com/indicator/file/0630d8faa930aa80f7fb6b27ff51e082151b64882c69319eba561280da3064ec", "https://otx.alienvault.com/indicator/file/5987131af62bc75d60f1f8894be2f75d709d8a328570259457063ccfac7f59ca", "https://otx.alienvault.com/indicator/file/4db808dc54c9ef1fdad38f1fb7b1ea11be64dbadd8c38d02fa1e66c6eb3c1ed2", "https://otx.alienvault.com/indicator/file/cbb9ab5848535b5ff8c79badc80efc77e7dd4200b192c14c5990993919b3b156", "https://tria.ge/230825-pdyvdabe74", "https://hybrid-analysis.com/sample/4db808dc54c9ef1fdad38f1fb7b1ea11be64dbadd8c38d02fa1e66c6eb3c1ed2", "https://hybrid-analysis.com/sample/f0da979013dc3adf7841d93af10dd5d12907752954bde8ca0bb2f027e869f086" ], "public": 1, "adversary": "N/A", "targeted_countries": [], "malware_families": [ { "id": "SpyEye", "display_name": "SpyEye", "target": null }, { "id": "Trojan:Linux/Rootkit", "display_name": "Trojan:Linux/Rootkit", "target": "/malware/Trojan:Linux/Rootkit" }, { "id": "Poet RAT", "display_name": "Poet RAT", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "TrojanDropper:Win32/Ponmocup", "display_name": "TrojanDropper:Win32/Ponmocup", "target": "/malware/TrojanDropper:Win32/Ponmocup" }, { "id": "Shylock", "display_name": "Shylock", "target": null }, { "id": "Virus:Win95/Cerebrus", "display_name": "Virus:Win95/Cerebrus", "target": "/malware/Virus:Win95/Cerebrus" }, { "id": "TrojanSpy:Win32/Warpp", "display_name": "TrojanSpy:Win32/Warpp", "target": "/malware/TrojanSpy:Win32/Warpp" }, { "id": "IronTiger", "display_name": "IronTiger", "target": null }, { "id": "wimmie", "display_name": "wimmie", "target": null }, { "id": "lsadump", "display_name": "lsadump", "target": null }, { "id": "SURTR", "display_name": "SURTR", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" } ], "industries": [ "individuals" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 79, "FileHash-SHA1": 46, "FileHash-SHA256": 68, "URL": 119, "domain": 36, "hostname": 88, "email": 1, "SSLCertFingerprint": 5 }, "indicator_count": 442, "is_author": false, "is_subscribing": null, "subscriber_count": 75, "modified_text": "841 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a05f90fecc8ca5ef695c", "name": "IOC's from my personal devices for the week starting 08/21/23 - Pure Linux", "description": "", "modified": "2023-12-06T16:25:02.930000", "created": "2023-12-06T16:25:02.930000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2821, "hostname": 464, "email": 26, "URL": 978, "FileHash-MD5": 1139, "FileHash-SHA1": 541, "FileHash-SHA256": 839 }, "indicator_count": 6808, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709ffcf3ffe737f8cb8dfd", "name": "IOC's found on my pesonal devices; week starting 08/14/23", "description": "", "modified": "2023-12-06T16:23:24.919000", "created": "2023-12-06T16:23:24.919000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 103, "hostname": 524, "domain": 1292, "FileHash-SHA256": 95, "FileHash-MD5": 54, "FileHash-SHA1": 39, "URL": 169, "email": 1 }, "indicator_count": 2277, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64f379639e77ae81f51fb1a6", "name": "IOC's from my personal devices for the week starting 08/28/23 (byMeekd1904) hmm?", "description": "", "modified": "2023-09-02T18:05:23.864000", "created": "2023-09-02T18:05:23.864000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "indicator", "file", "ck id", "mitre att", "show technique", "ck matrix", "hybrid analysis", "suspicious", "hybrid", "close", "click", "august", "crypto", "strings", "malicious", "podcast", "team", "june", "error", "virtual size", "fail", "media", "path", "entropy", "alienvault", "open threat" ], "references": [ "https://hybrid-analysis.com/sample/2a061121e90f3354504a1546b1ca4c71252d02c99b7f677f29602aaa95f91c9e/64e8955eca839267790e3ef3", "https://hybrid-analysis.com/sample/f0da979013dc3adf7841d93af10dd5d12907752954bde8ca0bb2f027e869f086/6463a5722450ab7d6c0b893e", "https://otx.alienvault.com/indicator/file/0630d8faa930aa80f7fb6b27ff51e082151b64882c69319eba561280da3064ec", "https://otx.alienvault.com/indicator/file/5987131af62bc75d60f1f8894be2f75d709d8a328570259457063ccfac7f59ca", "https://otx.alienvault.com/indicator/file/4db808dc54c9ef1fdad38f1fb7b1ea11be64dbadd8c38d02fa1e66c6eb3c1ed2", "https://otx.alienvault.com/indicator/file/cbb9ab5848535b5ff8c79badc80efc77e7dd4200b192c14c5990993919b3b156", "https://tria.ge/230825-pdyvdabe74", "https://hybrid-analysis.com/sample/4db808dc54c9ef1fdad38f1fb7b1ea11be64dbadd8c38d02fa1e66c6eb3c1ed2", "https://hybrid-analysis.com/sample/f0da979013dc3adf7841d93af10dd5d12907752954bde8ca0bb2f027e869f086" ], "public": 1, "adversary": "N/A", "targeted_countries": [], "malware_families": [ { "id": "SpyEye", "display_name": "SpyEye", "target": null }, { "id": "Trojan:Linux/Rootkit", "display_name": "Trojan:Linux/Rootkit", "target": "/malware/Trojan:Linux/Rootkit" }, { "id": "Poet RAT", "display_name": "Poet RAT", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "TrojanDropper:Win32/Ponmocup", "display_name": "TrojanDropper:Win32/Ponmocup", "target": "/malware/TrojanDropper:Win32/Ponmocup" }, { "id": "Shylock", "display_name": "Shylock", "target": null }, { "id": "Virus:Win95/Cerebrus", "display_name": "Virus:Win95/Cerebrus", "target": "/malware/Virus:Win95/Cerebrus" }, { "id": "TrojanSpy:Win32/Warpp", "display_name": "TrojanSpy:Win32/Warpp", "target": "/malware/TrojanSpy:Win32/Warpp" }, { "id": "IronTiger", "display_name": "IronTiger", "target": null }, { "id": "wimmie", "display_name": "wimmie", "target": null }, { "id": "lsadump", "display_name": "lsadump", "target": null }, { "id": "SURTR", "display_name": "SURTR", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" } ], "industries": [ "individuals" ], "TLP": "white", "cloned_from": "64ee2668cad3bfce7a474d79", "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 79, "FileHash-SHA1": 46, "FileHash-SHA256": 68, "URL": 119, "domain": 36, "hostname": 88, "email": 1, "SSLCertFingerprint": 5 }, "indicator_count": 442, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "1001 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "npm-rebuild.md", "whoami.js", "libc6-i386_2.19-0ubuntu6_amd64.url", "func.py", "libc6-i386_2.26-0ubuntu2.1_amd64.info", "libc6-i386_2.10.1-0ubuntu19_amd64.symbols", "x.jnlp", "installed-package-contents", "PROMPThelp (2)", "hook.js", "libc6-i386_2.7-10ubuntu3_amd64.symbols", "docs.js", "https://hybrid-analysis.com/sample/2a061121e90f3354504a1546b1ca4c71252d02c99b7f677f29602aaa95f91c9e/64e8955eca839267790e3ef3", "token.js", "libc6-i386_2.17-0ubuntu5.1_amd64.url", "fstab", "gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.xtrace.log", "libc6-i386_2.11.1-0ubuntu7_amd64.info", "libc6-i386_2.4-1ubuntu12_amd64.url", "group (2)", "gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.daemon.log", "npm-update.md", "dialogrc", "gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.daemon.log", "libc6-i386_2.26-0ubuntu2_amd64.symbols", "fsck (2).ext3", "libc6-i386_2.3.6-0ubuntu20_amd64.symbols", "notes.txt", "dialogrc (2)", "libc6-i386_2.12.1-0ubuntu10.4_amd64.symbols", "libc6-i386_2.30-0ubuntu2_amd64.symbols", "https://hybrid-analysis.com/sample/43b03483bf2b292ebb1b33469ab4b19e2ac84b1c86c0f34f60adab4bc64176b9", "join.py", "preload.js", "openmachine.rc", "npm-cache.md", "tick.py", "libyara.la", "modules.ieee1394map", "cfdisk", "https://hybrid-analysis.com/sample/32bc49b0d1d7aba6742b0e81dc0105c54bd5c9f32321f96b1594fbbe36692880", "ls (2).py", "npm-version.md", "libc6-i386_2.30-0ubuntu2_amd64.info", "logout.js", "stdcrt (2)", "gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.daemon.log", "pkg.js", "scripts.md", "gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.daemon.log", "vt300", "source_info.py", "libc6-i386_2.12.1-0ubuntu6_amd64.info", "npm-start.md", "host (2).conf", "npm-ping.md", "repo.js", "OpenSSLConfigVersion.cmake", ".zcompdump-m1904-5.9", "libc6-i386_2.19-0ubuntu6.15_amd64.url", "libc6-i386_2.28-10_amd64.url", "explain-dep.js", "gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.daemon.log", "npm-stop.md", "qrcode-terminal", "https://hybrid-analysis.com/sample/320a60044adeccec22937423e859d2b095e976698133e37a83e019ce08c8bc0c", "format-bytes.js", "nm-cloud-setup.timer", "npm-logout.md", "npm-install.md", "gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.xtrace.log", "rc.S", "cmp.js", "cli.js", "client.py", "securetty (2)", "Temp-0148ee46-b3e0-4c4b-aa55-b60c6b63eb6f", ".org.chromium.Chromium.T2jdbS", "SeTkernel (2)", "libnm-device-plugin-wwan.la", "gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.daemon.log", "npm-usage.js", "https://hybrid-analysis.com/sample/a55c43184ee4ec03a636b357e8fef5ce2e8fde34f61a28610d4ca285db9b07e4/64e43114272b03328005b88b", "network", "libc6-i386_2.8~20080505-0ubuntu9_amd64.url", "template-WaR2X6", "hashsplit.py", "libnm-device-plugin-adsl.la", ".vbox-mrkd-ipc", "nm-cloud-setup.service", "libc6-i386_2.30-0ubuntu2_amd64.url", "ls.js", "issue (2)", ".X1024-lock", "npm-unstar.md", "libc6-i386_2.19-10ubuntu2_amd64.info", "rescan-scsi-bus", "owner.js", "gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.daemon.log", "package-spec.md", "libc6-i386_2.15-0ubuntu20_amd64.symbols", "probe (2)", "v8-compile-cache-1000", "SeTpasswd", "init.py", "timers.js", "libc6-i386_2.6.1-1ubuntu9_amd64.url", "web.py", "empty", "npm-ls.md", "outside.js", "SeTDOS (2)", "npm-repo.md", "base-command.js", "npm-completion.md", "libc6-i386_2.17-0ubuntu5_amd64.symbols", "SeTnopart (2)", "libc6-i386_2.15-0ubuntu10.18_amd64.symbols", "nm-pppd-plugin.la", "valid.js", "/opt/cuda", "sort.js", "tmp.ziktUZeKXL", "modules.dep", "https://otx.alienvault.com/indicator/file/4db808dc54c9ef1fdad38f1fb7b1ea11be64dbadd8c38d02fa1e66c6eb3c1ed2", "slackinstall", "npm-audit.md", "libc6-i386_2.11.1-0ubuntu7.21_amd64.symbols", "gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.xtrace.log", "tar.js", "libc6-i386_2.8~20080505-0ubuntu7_amd64.symbols", "set.js", "arborist", "compare-loose.js", "npm-prune.md", "max-satisfying.js", "vfs.py", "std", "libc6-i386_2.15-0ubuntu20.2_amd64.url", "INShd", ".X1025-lock", "edit.js", "fdisk (2)", "wtmp", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.daemon.log", "gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.xtrace.log", "prune.js", "meta.py", "gitstatus.POWERLEVEL9K.1000.12928.1692233448.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.2588447.1692243345.1.xtrace.log", "reify-output.js", "libc6-i386_2.9-4ubuntu6.3_amd64.symbols", "libc6-i386_2.7-10ubuntu8.3_amd64.url", "https://hybrid-analysis.com/file-collection/66057525d9b81759df06c4b5", "dedupe.js", "pwdgrp.py", "fsck.ext3", "libc6-i386_2.4-1ubuntu12_amd64.symbols", "gitstatus.POWERLEVEL9K.1000.28823.1692223670.1.xtrace.log", "libc6-i386_2.29-0ubuntu2_amd64.info", "libc6-i386_2.10.1-0ubuntu15_amd64.symbols", "libc6-i386_2.21-0ubuntu4_amd64.url", "b.txt:ads.txt", "star.js", "README", "HOSTNAME", "git.py", "libc6-i386_2.21-0ubuntu4.3_amd64.info", "ftp.py", "metadata.py", "libc6-i386_2.24-9ubuntu2.2_amd64.url", "gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.daemon.log", "https://hybrid-analysis.com/sample/f0da979013dc3adf7841d93af10dd5d12907752954bde8ca0bb2f027e869f086/6463a5722450ab7d6c0b893e", "libc6-i386_2.19-0ubuntu6.15_amd64.info", "npm.js", "gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.xtrace.log", "npm-help-search.md", "ltr.js", "ping.js", "motd (2)", "libc6-i386_2.11.1-0ubuntu7.12_amd64.info", "libc6-i386_2.11.1-0ubuntu7.11_amd64.info", "libc6-i386_2.12.1-0ubuntu6_amd64.url", ".org.chromium.Chromium.HMzFxo", "migrate.sh", "damage.py", "SeTswap (2)", "replace-info.js", "libc6-i386_2.30-0ubuntu2.1_amd64.info", "libc6-i386_2.13-0ubuntu13_amd64.info", "libc6-i386_2.7-10ubuntu3_amd64.url", "mtab", "libc6-i386_2.23-0ubuntu3_amd64.symbols", "libc6-i386_2.19-0ubuntu6_amd64.symbols", "tree.py", "openssl.pc", "constants.js", "npm-bugs.md", "libc6-i386_2.5-0ubuntu14_amd64.url", "link.js", "__init__.py", "INSfd", "sbom.js", "npm-config.md", "cli-entry.js", "libc6-i386_2.7-10ubuntu3_amd64.info", "npm-restart.md", "rm.py", "libnm-wwan.la", "INSNFS (2)", "libnm.la", "syslog.conf", "hlinkdb.py", "split.py", "libnm-ppp-plugin.la", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-bluetooth.service-7fh2tg", "Temp-0c3dc677-7d66-4234-b14e-f604605b2d0c", "rc.usb", "b.txt", "disk2 (2)", "https://hybrid-analysis.com/sample/bad3965a417d2fd936116414be04591aedc9275d3c545b3709334d3805d69bef", "nopartHELP", "tst-bz26353KOtJVp", "mtab (2)", "SeTnopart", "murmur2", "subset.js", "https://hybrid-analysis.com/sample/f0da979013dc3adf7841d93af10dd5d12907752954bde8ca0bb2f027e869f086", "patch.js", "SeTpasswd (2)", "std (2)", "completion.js", "libc6-i386_2.31-0ubuntu6_amd64.url", "brc (2)", "dist-tag.js", "gitstatus.POWERLEVEL9K.1000.23930.1692220492.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.daemon.log", "vint.py", "modules.isapnpmap", "pacote", "libc6-i386_2.13-0ubuntu13.2_amd64.info", "strlcpydb8x03.c", "gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.xtrace.log", "libcrypto.pc", "memmemY_2MMv.c", "passwd", "prune_older.py", "libc6-i386_2.13-20ubuntu5_amd64.url", "path.py", "gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.daemon.log", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-systemd-logind.service-Q9OYbj", "libc6-i386_2.28-0ubuntu1_amd64.info", "root.js", "restore.py", "init.js", "libgo.so.22.0.0", "shrinkwrap.js", "INSdir", "services", "libc6-i386_2.19-0ubuntu6_amd64.info", "filesize", "ssh.py", "libc6-i386_2.11.1-0ubuntu7.12_amd64.symbols", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.xtrace.log", "rcompare.js", "hosts (2)", "profile.js", "iterator.js", "midx.py", "libc6-i386_2.21-0ubuntu4_amd64.info", "services (2)", "npm-ci.md", "tmp90lfbdek", "npm-find-dupes.md", "syslinux.cfg", "satisfies.js", "networks", "doctor.js", "nsswitch (2).conf", "unstar.js", "is-windows.js", "libc6-i386_2.19-10ubuntu2_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.url", "host.conf", "90-nm-cloud-setup.sh", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/6604e16b6b94878cbb062194", "libc6-i386_2.19-18+deb8u10_amd64.info", "libc6-i386_2.15-0ubuntu20.2_amd64.symbols", "libc6-i386_2.15-0ubuntu20_amd64.url", "npm-hook.md", "glob", "npm-uninstall.md", "read-user-info.js", "dockerd", "gte.js", "gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.xtrace.log", "bauh@mrkd", "INSfd (2)", "probe", "hosts", "rc.ieee1394", "ld.so (2).conf", "libc6-i386_2.11.1-0ubuntu7.11_amd64.symbols", "compat.py", "ab.1", "gc (2).py", "cfdisk (2)", "npm-exec.md", "npm-team.md", "libc6-i386_2.31-0ubuntu6_amd64.info", "list_idx.py", "libc6-i386_2.13-0ubuntu13.2_amd64.url", "team.js", "libc6-i386_2.23-0ubuntu11_amd64.info", "xstat.py", "web-auth.js", "motd", "memtest.py", "libc6-i386_2.28-10_amd64.info", "README (2)", "cache.js", "libc6-i386_2.24-3ubuntu1_amd64.info", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-uksmd.service-oAjI9s", "stars.js", "access.js", "FDhelp (2)", "npm-init.md", "libc6-i386_2.30-4_amd64.url", "rc.inet1", "https://hybrid-analysis.com/file-collection/6604df4bb797f028b4065601", "a.txt:ads.txt", "https://www.virustotal.com/gui/file/ea8490563a229b89f2b779217938f9eb2bcf93dd89de9f7fc5c035632f0934b5/relations", "pkgtool (2)", "update-workspaces.js", "identifiers.js", "version.py", "SeTkeymap", "libc6-i386_2.3.6-0ubuntu20_amd64.info", "albert_yt_ynb2tftv", "gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.240792.1692238921.1.daemon.log", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-polkit.service-CfCUQZ", "npm-help.md", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.xtrace.log", "fuse.py", "libc6-i386_2.26-0ubuntu2_amd64.info", "explain.js", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.xtrace.log", "libc6-i386_2.3.6-0ubuntu20.6_amd64.url", "https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca", "libc6-i386_2.26-0ubuntu2.1_amd64.url", "install-test.js", "cssesc", "https://otx.alienvault.com/indicator/file/5987131af62bc75d60f1f8894be2f75d709d8a328570259457063ccfac7f59ca", "SeTkeymap (2)", "setup", "libc6-i386_2.7-10ubuntu8.3_amd64.info", "fund.js", "queryable.js", "installed-shallow.js", "libc6-i386_2.8~20080505-0ubuntu9_amd64.info", "unmigrate.sh", "ld.so.conf", "log-shim.js", "SeTfdHELP", "prerelease.js", "restart.js", "gt.js", "gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.xtrace.log", "npm-outdated.md", "qtsingleapp-Octopi-1d88-3e8-lockfile", "libc6-i386_2.24-9ubuntu2_amd64.url", "inittab", "registry.md", "no_ads.txt", "libc6-i386_2.12.1-0ubuntu6_amd64.symbols", "stdbool.ht64kj6qw.c", "help.py", "libc6-i386_2.15-0ubuntu10.18_amd64.url", "libc6-i386_2.3.6-0ubuntu20.6_amd64.info", "https://hybrid-analysis.com/sample/1ba7314785f705d0a3db7a3a8ae1da4fe11a2f776287ce3aabc3f3931469447b/64e67888f8d1145b63007ad1", "gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.xtrace.log", "https://hybrid-analysis.com/file-collection/64dfee6a3329552c91026445", "minor.js", "libc6-i386_2.19-10ubuntu2.3_amd64.symbols", "gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.xtrace.log", "libc6-i386_2.24-11+deb9u4_amd64.url", "libc6-i386_2.30-4_amd64.symbols", "Temp-4d7e99a7-2d45-4347-a3b6-b64e3ae65e2e", "npm-shrinkwrap-json.md", "SeTmaketag (2)", "q\u00e9\u00d5?e\u00ac\u00d2\u00b6.\u000f\u001c\u00cc", "run-script.js", "npm-dedupe.md", "itl-logo (2).txt", "clean.js", "ci.js", "validate-engines.js", "npm-sbom.md", "nsswitch.conf", "libc6-i386_2.9-4ubuntu6_amd64.info", "parse-options.js", "libc6-i386_2.21-0ubuntu4.3_amd64.symbols", "simplify.js", "main.py", "adduser.js", "bloom (2).py", "libc6-i386_2.4-1ubuntu12_amd64.info", "save.py", "a4033901479", "libc6-i386_2.11.1-0ubuntu7.12_amd64.url", "https://hybrid-analysis.com/file-collection/6604df33503d4a306e01c776", "???? ????????.txt", "NetworkManager-dispatcher.service", "group", "tmp.D4NXyZ3U4J", "config.js", "stage2 (3)", "gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.daemon.log", "90-nm-thunderbolt.rules", "SeTmaketag", "https://hybrid-analysis.com/sample/db47ed2f22009cab171b7d16ec3462258ddf7bed0a6a9af198e5394e783198c0/64e3ff9747b24214820d5c1a", "libc6-i386_2.6.1-1ubuntu10_amd64.info", ".X1-lock", "mkdirp", "libc6-i386_2.27-3ubuntu1_amd64.symbols", "audit-error.js", "libc6-i386_2.17-93ubuntu4_amd64.info", "sbom-spdx.js", "on.py", "libc6-i386_2.15-0ubuntu10.18_amd64.info", "itl-logo (3).txt", "npm-unpublish.md", "libc6-i386_2.6.1-1ubuntu10_amd64.symbols", "ll.js", "termcap", "modules.parportmap", "__init__ (2).py", ".org.chromium.Chromium.coQnti", "libc6-i386_2.13-20ubuntu5.3_amd64.info", "fdisk", "gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.daemon.log", "migrate (2).sh", "libc6-i386_2.30-0ubuntu2.1_amd64.symbols", "get-identity.js", "stage2 (2)", "libc6-i386_2.11.1-0ubuntu7.21_amd64.info", "gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.xtrace.log", "libc6-i386_2.23-0ubuntu3_amd64.info", "libc6-i386_2.19-10ubuntu2_amd64.symbols", "npm-edit.md", "version.js", "libc6-i386_2.13-20ubuntu5.2_amd64.symbols", "lifecycle-cmd.js", "npm-doctor.md", "libc6-i386_2.21-0ubuntu4_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.symbols", "major.js", "search.js", "gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.xtrace.log", "libc6-i386_2.24-9ubuntu2.2_amd64.info", "HOSTNAME (2)", "folders.md", "libc6-i386_2.4-1ubuntu12.3_amd64.info", "libc6-i386_2.6.1-1ubuntu9_amd64.info", "pytest-of-mrkd", "modules.generic_string", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.xtrace.log", "login.defs", ".zcompdump", "npm-root.md", "disk2", "https://hybrid-analysis.com/sample/a55c43184ee4ec03a636b357e8fef5ce2e8fde34f61a28610d4ca285db9b07e4", "fish.root", "npm-login.md", "libc6-i386_2.31-0ubuntu6_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.url", "makedevs (2).sh", "syslog (2).conf", "libc6-i386_2.12.1-0ubuntu10.4_amd64.url", "libc6-i386_2.30-4_amd64.info", "npm-view.md", "NetworkManager-ovs.conf", "help-search.js", "vt100 (3)", "version (2).py", "inc.js", "npm.md", "libc6-i386_2.11.1-0ubuntu7_amd64.url", "shquote.py", "slackinstall (2)", "scope.md", "libc6-i386_2.13-20ubuntu5.3_amd64.url", "stage2", "gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.daemon.log", "empty (3)", "libc6-i386_2.13-20ubuntu5_amd64.info", "strlcatmMvE1V.c", "libc6-i386_2.10.1-0ubuntu15_amd64.info", "npm-owner.md", "parse.js", "npm-test.md", "SeTfdHELP (2)", "libc6-i386_2.11.1-0ubuntu7.11_amd64.url", "b529967783", "INSNFS", "outdated.js", "options.py", "https://tria.ge/230825-pdyvdabe74", "npm-token.md", "developers.md", "fsck.ext2", "gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.xtrace.log", "auth.js", "gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.daemon.log", "open-url.js", "midx (2).py", "drecurse (2).py", "b3336837578", "runtime-root", "gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.daemon.log", "makedevs.sh", "gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.xtrace.log", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-power-profiles-daemon.service-hSCDr7", "min-version.js", "gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.daemon.log", "semver.js", "libssl.pc", "MozillaUpdateLock-7A4D7A8EFFB43502", "npm-access.md", "sendcmd.rc", "85-nm-unmanaged.rules", "random.py", "fsck.py", "duktape.h", "libc6-i386_2.23-0ubuntu3_amd64.url", "gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.daemon.log", "compare-build.js", "neq.js", "gitstatus.POWERLEVEL9K.1000.317097.1692240795.1.xtrace.log", "yara.pc", "libc6-i386_2.26-0ubuntu2_amd64.url", "explore.js", "libc6-i386_2.27-3ubuntu1_amd64.url", "lt.js", "https://www.virustotal.com/gui/file/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/details", "dependency-selectors.md", "nopartHELP (2)", "stdcrt", "removal.md", "SeTPKG (2)", "SeTmedia (2)", "gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.daemon.log", "profile", "libc6-i386_2.9-4ubuntu6.3_amd64.url", "gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.daemon.log", "https://hybrid-analysis.com/sample/db47ed2f22009cab171b7d16ec3462258ddf7bed0a6a9af198e5394e783198c0", "did-you-mean.js", "libc6-i386_2.28-10_amd64.symbols", "SeTfull (2)", "org.js", "find-dupes.js", "diff.js", "libc6-i386_2.24-3ubuntu1_amd64.symbols", "tribool_io.hpp", "removepkg", "@tmp", "index.js", "npm-link.md", "libc6-i386_2.13-20ubuntu5.2_amd64.url", "workspaces.md", "npm-install-ci-test.md", "install-ci-test.js", "completion.sh", "login (2).defs", "libc6-i386_2.10.1-0ubuntu19_amd64.info", "index (2).py", "networks (2)", "https://hybrid-analysis.com/sample/2eaba531c48445e241c116f61653649e403d4b1ef07bfc96390e986e1eeb5b83/6604e230edf88ab15b0d83fc", "itl-logo.txt", "package.json", "color-support", "features.py", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-ananicy-cpp.service-U5RKxp", "v8-compile-cache-0", "gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.daemon.log", "libc6-i386_2.23-0ubuntu10_amd64.info", "npm-dist-tag.md", "open-url-prompt.js", "libc6-i386_2.21-0ubuntu4.3_amd64.url", "zgrep", "https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/64dff1fbeab7dc252b0e56a6", "libnm-device-plugin-bluetooth.la", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-iwd.service-jnpcHR", "fstab (2)", "NetworkManager-wait-online.service", "libc6-i386_2.24-3ubuntu1_amd64.url", "inittab (2)", "libc6-i386_2.24-3ubuntu2.2_amd64.url", "libc6-i386_2.7-10ubuntu8.3_amd64.symbols", "explain-eresolve.js", "orgs.md", "nm-priv-helper.service", "lte.js", "libnm-device-plugin-ovs.la", "libc6-i386_2.8~20080505-0ubuntu7_amd64.url", "log-file.js", "https://hybrid-analysis.com/sample/27c46f4f186b2168b1d37057378b58667151088cea24c8944d539d251d0b7f6d/64e678fba4a2aff1640fc39a", "gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.daemon.log", "npm-adduser.md", "modules.usbmap", "libc6-i386_2.15-0ubuntu10_amd64.symbols", "rsort.js", "yallist.js", "format-search-stream.js", "libc6-i386_2.26-0ubuntu2.1_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.info", "libc6-i386_2.17-93ubuntu4_amd64.symbols", "libc6-i386_2.13-20ubuntu5_amd64.symbols", "INSCD (2)", "gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.xtrace.log", "libc6-i386_2.24-9ubuntu2_amd64.info", "SeTmedia", "libc6-i386_2.27-3ubuntu1_amd64.info", "installpkg (2)", "https://otx.alienvault.com/indicator/file/5820da0bbae4f091dc0248e566d8f1076fd81485d1893effa14cdc1dc122f1fd", "a1676298638", "installed-deep.js", "mtools.conf", "install.js", "audit.js", "gitstatus.POWERLEVEL9K.1000.241161.1692238939.1.xtrace.log", "libc6-i386_2.28-0ubuntu1_amd64.symbols", "server.py", "npm-star.md", "gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.xtrace.log", "libc6-i386_2.13-0ubuntu13_amd64.url", "libc6-i386_2.13-0ubuntu13.2_amd64.symbols", "pkgtool", "libc6-i386_2.24-11+deb9u4_amd64.symbols", "tag.py", "gc.py", "comparator.js", "pcmcia", "securetty", "config.md", "cmd-list.js", "otplease.js", "unpublish.js", "gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.daemon.log", "removepkg (2)", "libc6-i386_2.15-0ubuntu10_amd64.url", "gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.xtrace.log", "nm-shared.xml", "SeTkernel", "gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.xtrace.log", "empty (2)", "SeTpartitions", "libc6-i386_2.17-0ubuntu5_amd64.info", "SeTpartitions (2)", "passwd (2)", "20230816_202710-scantemp.b14ff4bc3a", "xstat (2).py", "reify-finish.js", "libc6-i386_2.8~20080505-0ubuntu9_amd64.symbols", "issue", "gitstatus.POWERLEVEL9K.1000.13309.1692233456.1.daemon.log", "libc6-i386_2.10.1-0ubuntu19_amd64.url", "drecurse.py", "mux.py", "gitstatus.POWERLEVEL9K.1000.345673.1692241474.1.daemon.log", "npm-pack.md", "libc6-i386_2.13-20ubuntu5.2_amd64.info", "obexstress", "npm-fund.md", "cat_file.py", "npx.md", "OpenSSLConfig.cmake", "libc6-i386_2.12.1-0ubuntu10.4_amd64.info", "libc6-i386_2.6.1-1ubuntu10_amd64.url", "gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.xtrace.log", "npm-explore.md", "https://hybrid-analysis.com/sample/8c7c7246468ffeffe01617b597622cd237fa334fb24dc4977fcac398bbe0df80", "https://otx.alienvault.com/indicator/file/0630d8faa930aa80f7fb6b27ff51e082151b64882c69319eba561280da3064ec", "dnsspider", "checkout_info.py", ".:ads.txt", "INShd (2)", "pack.js", "exit-handler.js", "prefix.js", "vt300 (2)", "libc6-i386_2.9-4ubuntu6.3_amd64.info", "fsck (2).ext2", ".org.chromium.Chromium.8GBhMA", "shells (2)", "gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.daemon.log", "termcap (2)", "libc6-i386_2.19-10ubuntu2.3_amd64.url", "gtr.js", "update.js", "npm-query.md", "gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.daemon.log", "libc6-i386_2.9-4ubuntu6_amd64.symbols", "on__server.py", "get.js", "min-satisfying.js", "get-workspaces.js", "dir:ads.txt", "libc6-i386_2.23-0ubuntu10_amd64.symbols", "gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.xtrace.log", "libnm-device-plugin-wifi.la", "libc6-i386_2.23-0ubuntu11_amd64.symbols", "https://hybrid-analysis.com/sample/d714e2a850645f9a0f8f3785dd0eedd47a417417bed470b968e0f6a1a2e746e6/652cf1f4243d9d03b90f74a1", "SeTconfig (2)", "gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.daemon.log", "rebuild.js", "libnm-device-plugin-team.la", "SeTconfig", "empty.lock~", "libc6-i386_2.24-3ubuntu2.2_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.21_amd64.url", "README.md", "repo.py", "qtsingleapp-Octopi-1d88-3e8", "npm-search.md", "libc6-i386_2.9-4ubuntu6_amd64.url", "range.js", "libc6-i386_2.15-0ubuntu20_amd64.info", "gitstatus.POWERLEVEL9K.1000.10291.1692217508.1.daemon.log", "debug.js", "help.js", "to-comparators.js", "installpkg", "qtsingleapp-Notifi-4c42-3e8-lockfile", "npm-publish.md", "LICENSE", "desktop.ini", "coerce.js", "libnm.pc", "plasma-csd-generator.LTvjbT", "io.py", "test.js", "mtools (2).conf", "SeTfull", "shells", "import_duplicity.py", "bloom.py", "validate-lockfile.js", "libc6-i386_2.8~20080505-0ubuntu7_amd64.info", "libc6-i386_2.24-9ubuntu2.2_amd64.symbols", "FDhelp", "empty.exe", "npm-stars.md", "asyncrecv.rc", "gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.daemon.log", "npm-shrinkwrap.md", "libc6-i386_2.24-9ubuntu2_amd64.symbols", "gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.daemon.log", "npmrc", "index.py", "gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.daemon.log", "rm (2).py", "libc6-i386_2.19-18+deb8u10_amd64.url", "view.js", "https://hybrid-analysis.com/sample/0d4a7cda209c9701bc4cd19aac861d2be8aa1ce6258922d64e711de3d9bad2ae/64e679f61825d88cf802a74d", "update-notifier.js", "libc6-i386_2.23-0ubuntu11_amd64.url", "stdbool.hcc0B2j.c", "libc6-i386_2.4-1ubuntu12.3_amd64.symbols", "gitstatus.POWERLEVEL9K.1000.268412.1692240156.1.xtrace.log", "syslinux (2).cfg", "daemon.py", "SeTswap", ".X11-unix", "query.js", "sbom-cyclonedx.js", "npm-prefix.md", "libc6-i386_2.29-0ubuntu2_amd64.symbols", "start.js", "gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.daemon.log", "compare.js", "login.js", "npmrc.md", ".X0-lock", "bup-import-rdiff-backup", "https://otx.alienvault.com/indicator/file/cbb9ab5848535b5ff8c79badc80efc77e7dd4200b192c14c5990993919b3b156", "re.js", "libc6-i386_2.17-0ubuntu5.1_amd64.info", "gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.xtrace.log", "libc6-i386_2.30-0ubuntu2.1_amd64.url", "exec.js", "error-message.js", "package-lock-json.md", "brc", "a.txt", "gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.xtrace.log", "completion.fish", "package-json.md", "gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.xtrace.log", "helpers.py", "npm-diff.md", "libc6-i386_2.6.1-1ubuntu9_amd64.symbols", "libc6-i386_2.4-1ubuntu12.3_amd64.url", "INSCD", "bup-import-rsnapshot", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/65fcd2b1519a5f86d60eed63", "notes.txt:ads", "deprecate.js", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.daemon.log", "libc6-i386_2.15-0ubuntu10_amd64.info", "vdecmd", "https://hybrid-analysis.com/sample/bad3965a417d2fd936116414be04591aedc9275d3c545b3709334d3805d69bef/64e3ffbd15668ff65803bf54", "gitstatus.POWERLEVEL9K.1000.11270.1692217597.1.daemon.log", "range.bnf", "closemachine.rc", "eq.js", "libc6-i386_2.23-0ubuntu10_amd64.url", "npm-whoami.md", "npm-run-script.md", "libc6-i386_2.13-20ubuntu5.3_amd64.symbols", "84-nm-drivers.rules", "imurmurhash.min.js", "publish.js", "libc6-i386_2.24-3ubuntu2.2_amd64.info", "install.md", "package-url-cmd.js", "sunjava_map.xml", "pulse-till-done.js", "SeTPKG", "modules.pcimap", ".org.chromium.Chromium.12ZdF3", "lorem.txt", "libc6-i386_2.13-0ubuntu13_amd64.symbols", "uninstall.js", "SeTDOS", "libc6-i386_2.15-0ubuntu20.2_amd64.info", "display.js", "gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.daemon.log", "shadow", "shadow (2)", "stop.js", "profile (2)", "NetworkManager.service", "npm-docs.md", "node-which", "ls.py", "npm-pkg.md", "modules.pnpbiosmap", "gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.xtrace.log", "INSdir (2)", "libc6-i386_2.3.6-0ubuntu20_amd64.url", "intersects.js", "gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.xtrace.log", "libc6-i386_2.17-0ubuntu5.1_amd64.symbols", "npm-install-test.md", ".ICE-unix", "libc6-i386_2.19-0ubuntu6.15_amd64.symbols", "arborist-cmd.js", "https://hybrid-analysis.com/sample/4db808dc54c9ef1fdad38f1fb7b1ea11be64dbadd8c38d02fa1e66c6eb3c1ed2", "setup (2)", "npm-org.md", "logging.md", "styles.css", "PROMPThelp", "libc6-i386_2.28-0ubuntu1_amd64.url", "libc6-i386_2.19-18+deb8u10_amd64.symbols", "libc6-i386_2.19-10ubuntu2.3_amd64.info", "npm-profile.md", "get.py", "vt100", "ldd", "https://hybrid-analysis.com/sample/b2efd5e0c2f695063a8bce40c8182aa70f33c4b1b77d232b7530d89fb9646f0c/64e52411dbff7da2f4065fe7", "gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.xtrace.log", "unmigrate (2).sh", "margin.py", "libc6-i386_2.17-0ubuntu5_amd64.url", "qtsingleapp-Notifi-4c42-3e8", "libc6-i386_2.29-0ubuntu2_amd64.url", "bugs.js", "libc6-i386_2.5-0ubuntu14_amd64.symbols", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.1.daemon.log" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "TBD", "N/A" ], "malware_families": [ "Sf:shellcode-dz\\ [trj]", "Poet rat", "Trojandropper:win32/fakeflexnet.a", "Trojanspy:win32/warpp", "Slf:mamacsemacro.a", "Netexecutablemicrosoft", "Irontiger", "Shylock", "Backdoor:win32/r2d2.a", "Trojandownloader:linux/morila!mtb", "Ransom:linux/darkradiation.a!mtb", "Trojan:linux/rootkit", "Lsadump", "Surtr", "Virus:win95/cerebrus", "Cobalt strike", "Trojandropper:win32/ponmocup", "Bv:telegrambot-a\\ [trj]", "Delphi", "Spyeye", "Wimmie" ], "industries": [ "Individuals" ], "unique_indicators": 45718 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/msftc0nnecttest.com", "whois": "http://whois.domaintools.com/msftc0nnecttest.com", "domain": "msftc0nnecttest.com", "hostname": "w.msftc0nnecttest.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "6608aaf7ca0e965e593ed1d4", "name": "MUI programu Microsoft Office Access (w j\u0119zyku angielskim) zosta\u0142o u\u017cyte do wys\u0142ania z\u0142o\u015bliwego oprogramowania na serwer w Czechach jest to pierwszy tego typu atak na komputer. e", "description": "A look back at some of the key words and phrases used to describe the situation in Italy, as \"probacja\" (or \"democrata), as they were translated into English.", "modified": "2025-10-17T11:03:07.034000", "created": "2024-03-31T00:14:47.183000", "tags": [ "sha256", "ssdeep", "reputacja", "tworzy pliki", "informacje", "bardzo duga", "tworzy", "adresy url", "tworzy katalog", "win64", "ameryki", "typ pliku", "serwer nazw", "san jose", "adres", "digital", "data wyganicia", "csc corporate", "domains", "ca data", "data utworzenia", "dnssec" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6432, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2140, "hostname": 5874, "FileHash-SHA256": 12539, "FileHash-MD5": 3686, "FileHash-SHA1": 2751, "IPv4": 503, "URL": 10770, "email": 26, "CVE": 88, "YARA": 6, "JA3": 2, "IPv6": 28, "SSLCertFingerprint": 5, "BitcoinAddress": 3, "CIDR": 1 }, "indicator_count": 38422, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "225 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6605781ad51380e5b1c22815", "name": "haul from the last two weeks of wrangling - presumed malware and IOC's found on my personal devices", "description": "nearing the two year mark of the first initial attack - unfortunately OTX was only able to pull domains from the large majority of files uploaded which seems to be a built in anti-debug feature and goes with the theme and \"look & feel\" of this latest iteration being that most of them were somehow someway remote and acting as a net file system on my machine", "modified": "2024-04-27T02:04:29.606000", "created": "2024-03-28T14:00:58.809000", "tags": [ "dddf", "target", "dddj", "path", "base o", "base", "backupfile", "base rw", "exit", "date", "hell", "gnu libtool", "please do", "linker", "lsmime3 lnss3", "lplc4 lnspr4", "ludev", "directory", "lmagic ljansson", "feugiat", "lorem ipsum", "nulla facilisi", "malesuada", "etiam tempor", "suspendisse", "consectetur", "bibendum", "amet", "eget aliquet", "basesectors", "date echo", "default", "label", "kernel", "append rhgb", "clsid", "systemroot", "webbrowser", "ispell", "imagemagick", "flex", "zle c", "whois", "locate", "rubber", "chown", "ruby", "ninja", "pacman", "restart", "kill", "django", "mark", "repl", "service", "term", "mkdir", "borg", "black", "conan", "dolphin", "dotnet", "hello", "john", "generic", "find", "shutdown", "mozilla", "first", "subsystem", "action", "goto", "load", "devtype", "idnetdriver", "drivers", "program", "interface", "nmunmanaged", "ethernet", "mac prefix", "attr", "virtualbox host", "mac address", "interface name", "hello world", "unit", "timer", "onbootsec5min", "install", "wait online", "networkmanager", "edit", "note", "typeoneshot", "cloud", "optin", "helper", "for testing", "only", "restrict", "grant", "enable debug", "trace", "killmodeprocess", "typedbus", "reload", "capdacoverride", "dhcp etc", "include", "yara", "cflags", "libs", "xxx remove", "the author", "this software", "isc license", "copyright", "schlueter", "permission", "software is", "provided", "as is", "disclaims all", "direct", "require", "semver", "comparator", "range", "releasetypes", "simple", "tilde", "09azaz", "prerelease", "same", "beta", "semverrangesgtr", "semverrangesltr", "coerce version", "ranges", "alpha", "standalone", "exits", "null", "false", "reverse", "compare", "a javascript", "copyright isaac", "typeerror", "maxsafeinteger", "maxlength", "break", "error", "number", "drop", "same direction", "symbol", "comp", "const", "caret", "flagloose", "xrange", "parse", "identifier", "object", "match", "string", "walk", "manually", "stop", "highhaspre", "major", "minor", "patch", "istanbul", "preminor", "index", "regexp", "build metadata", "meaning", "replace", "token", "zero", "star", "infinity", "return", "a cache", "build status", "coverage status", "the same", "options", "before", "lrulist", "cache", "length", "dispose", "maxage", "allowstale", "nodisposeonset", "yallist", "node", "array", "head", "function", "tail", "start", "insert", "just", "node object", "barbar", "array method", "default export", "any comparator", "complex range", "simple range", "c1 c2", "outer", "every simple", "ecomp", "must", "clone", "case", "ignore", "setmin", "determine", "version", "typeof", "contribute", "status", "node package", "manager", "benchmark suite", "installation", "direct download", "ql https", "node version", "usage", "project", "calendar", "package", "source", "license", "source form", "perl foundation", "distributor fee", "distribute", "standard", "neither", "module", "basecommand", "lifecyclecmd", "base command", "pacote", "browser", "workspace", "pkgname", "await", "boolean", "base class", "wrapwidth", "chalk", "command", "config", "npmcliconfig", "logfile", "timers", "display", "location", "audit", "arboristcmd", "arborist", "global", "whoami", "async", "json", "view", "pref", "pckmnt", "resolve", "utf8", "libnpmversion", "unstar", "update", "save", "omit", "packagelock", "dryrun", "force", "libnpmaccess", "spec", "uninstall", "todo", "enoent", "enotdir", "test", "scriptshell", "scope", "team", "create", "user", "libnpmteam", "destroy", "table", "list", "cidr", "stars", "eneedauth", "shrinkwrap", "rename", "npmcliarborist", "value", "unicode", "sbom", "cyclonedx", "build", "sbomformats", "response", "software bill", "look", "script", "runscript", "indent", "root", "minipass", "search", "pipeline", "filterstream", "libnpmsearch", "long", "grab", "packageurlcmd", "repo", "info", "repo const", "rebuild", "reifycmd", "publish", "libnpmpack", "npmclirunscript", "prune", "remove", "prefix", "args", "queryable", "packagejson", "pong", "cleanurl", "registry", "pack", "load tarball", "noise", "query", "edge", "etarget", "e403", "e404", "outdated", "homepage", "developer", "admin", "owner", "libnpmorg", "npmfetch", "logout", "getauth", "invalid", "parent", "depth", "type", "filteredby", "dedupe", "problems", "login", "link", "util", "installcitest", "runs", "prop", "password", "profile", "mode", "email", "twitter", "hook", "libnpmhook", "init", "wpath", "installtest", "complete", "globaltop", "help", "viewer", "glob", "pattern", "file", "globify", "explore", "shell", "handle", "fund", "which", "fundingsource", "archy", "explain", "helpsearch", "text", "part", "editor", "editor const", "childprocess", "check", "nodemodules", "docs", "promisify", "doctor", "cacache", "mask", "win32", "disttag", "packagespec", "semver range", "delete", "diff", "workspacepath", "actualtree", "libnpmdiff", "deprecate", "message", "write", "clean", "spawn", "compline", "comppoint", "compcword", "epipe", "completion", "compfish", "os x", "bugs", "report", "adduser", "exec", "libnpmexec", "localprefix", "runpath", "skip", "public key", "npmauditreport", "access", "item", "finddupes", "syntaxerror", "getcli", "eventemitter", "abort", "ssri", "columnify", "bundled", "tarball details", "sha1", "daily", "latest", "check daily", "weekly", "cyclonedxschema", "cyclonedxformat", "proppath", "propbundled", "propdevelopment", "propextraneous", "propprivate", "refvcs", "refwebsite", "crypto", "readpassword", "readusername", "reademail", "enter", "enter otp", "otpprompt", "afaf09", "passwordprompt", "auditerror", "getfundinginfo", "json output", "data", "append", "maybeindex", "ontimeend", "name", "returns", "noassertion", "spdxidentifer", "spdxdatalicense", "reldescribes", "reldep", "reftypepurl", "spdxid", "eotp", "e401", "setinterval", "npmlog", "proclog", "maxlogsperfile", "fsminipass", "open", "colmax", "colmin", "colgutter", "quick help", "convert", "b return", "mb return", "gb return", "sigint", "readline", "prompt", "promise", "eresolve error", "overridden", "peer", "extraneous", "optional", "isworkspace", "maxlen", "code", "unfinished", "notice", "isshellout", "matcherrorcode", "devnull", "npmcompletion", "compwords", "compreply", "o default", "f npmcompletion", "ifs compadd", "fish shell", "l cmd", "taken", "comp stuff", "lx compline", "abbrev", "please", "enyi", "json version", "cygwin", "c1 control", "numbers", "x09 x0a", "10000", "nodemodulesnpm", "builtin", "npmrc", "notsup", "notarget", "nospc", "rofs", "author", "npmclifs", "minimatch", "pathtofoo", "relative", "synopsis", "description", "field", "person", "configuration", "whether", "premajor", "prepatch", "prevents", "run git", "upgrade", "examples", "will", "shareman", "cidr whitelist", "please refer", "tokenid", "eslint", "c eslint", "compatibility", "older", "versions", "nodeoptions", "details", "output", "example", "posix", "unstarring", "lcall", "starring", "lock", "materials", "spdx", "lodash", "nodeenv", "initcwd", "boolean set", "boolean tells", "windows", "unix", "selector", "use cases", "queries", "equivalent", "boolean show", "nocolor environ", "cli look", "boolean force", "dependency", "json object", "production", "files", "cicd system", "property", "change", "url opener", "basic auth", "allow", "description a", "removes", "semvermajor", "ping https", "ping http", "found", "get http", "example add", "json format", "handy", "display prefix", "g usrlocal", "mycorp", "associate", "deprecated", "libnodemodules", "caveat note", "workspace usage", "string override", "tarball", "githubrepo", "initializer", "usrfoo", "forwarding", "suppose", "commandsnpm", "hooks", "url endpoint", "browse", "consider", "ci environment", "string optional", "promzard", "top level", "expect", "javascript", "it staff", "https", "cli team", "ecmascript", "readme", "package current", "latest location", "depended", "git repos", "git dependency", "newest version", "modify package", "description add", "show", "purpose tags", "tags", "keyvalue", "16 16", "boolean ignore", "boolean do", "string source", "treat", "example make", "grep", "travis ci", "details npm", "localappdata", "tab completion", "bulk advisory", "sha256publickey", "endpoint", "quick audit", "set access", "that user", "scoped", "python", "description npm", "node javascript", "important npm", "introduction", "c code", "unix system", "integrity", "provide", "facilitate", "cli tool", "handling old", "lockfiles", "file format", "legacy", "urls", "spdx license", "most", "barney rubble", "specify", "github", "dependencies", "github urls", "node installer", "linux", "overview", "windows node", "prefixetcnpmrc", "variablename", "home", "comments", "peruser config", "global config", "builtin config", "auth", "cycles", "local install", "global install", "appdata", "below", "please note", "stage", "after", "life cycle", "runs after", "post scripts", "scripts", "slate", "synopsis so", "rf usrlocal", "modules", "with", "laf usrlocal", "l npm", "description all", "installing", "myorgmypackage", "requiring", "publishing", "private modules", "scopes", "apis", "auth related", "does", "package name", "aliases", "folders", "os equivalent", "tarballs", "teams", "orgs", "super admin", "team admins", "developer guide", "description so", "be explicit", "blank", "standard glob", "link packages", "syntax", "selectors", "querying", "log file", "location all", "log levels", "information", "headers", "logs", "alias", "certificate", "format", "docext", "content", "descriptions", "shorthands", "keyb", "print", "dir1", "manual", "input", "line", "process", "display help", "dirs", "get contents", "maxdepth", "contents", "u2665 bxe5r", "ud834udf06 baz", "single", "cssesc", "usage arborist", "commands", "options most", "npm install", "npm rm", "time", "silent", "fetch", "conf", "handler", "extract", "additional", "jackspeak", "jack", "glob v", "expand", "drive letter", "never", "true", "rob browning", "gnu library", "general", "public license", "license file", "future import", "adderror", "cdfq", "charles levert", "egrep", "egrepegrep", "fgrepfgrep", "grepgrep", "svr4 grepegrep", "times", "attributeerror", "fixcygwinid", "enhanced", "false try", "false assert", "tsns", "inetaddress", "none", "return value", "unixaddress", "localrepo", "httpserver", "valueerror", "resourcepath", "exception", "eoferror", "c version", "bytesio", "offset", "binary", "ascii", "baseversion", "commit", "throw", "in n", "send", "data end", "if 10", "copy", "send logoutn", "exitatoi", "tmplink", "lcallc binls", "varlogsetup rm", "sf tmp", "slackware", "system console", "entry", "ansi mode", "b007e", "slackware ftp", "cdrom", "miquel van", "smoorenburg", "okay", "minix", "fixme", "overwrite", "connect", "ssh connection", "subcmd", "bbupttywidth", "bupforcetty", "hashsplitter", "b options", "false def", "hack", "kbytesr", "srcpath", "tmptagfiles", "device", "tmpreply", "reply", "including", "but not", "quotesplit", "quoteerror", "not word", "split line", "mainselect", "tpxetcfstab", "select", "slackware linux", "varlogmount", "anything", "tmpswapmsg", "swappart", "ndir", "swaplist", "tmpsetswap", "linux swap", "swap space", "redir", "linux fdisk", "tmptmpscript", "eof fi", "instsets", "gnome", "tmpsetds", "tmpsetseries", "gnu emacs", "gnome desktop", "linux kernel", "k desktop", "uucp", "tmp fi", "tmpsettpx", "tpxetcshadow", "root password", "detected", "internet", "press", "linux native", "partitions", "tmpreturn", "nodes", "nextpartition", "rootdevice", "mtpt", "size", "formatting", "doformat", "main", "done", "sourcemedia", "tmpmedia", "source media", "selection", "slackware cd", "network file", "tmpsetreturn", "maketag", "choice", "mount", "tagext", "tmpsetnewtag", "tmpsettagmake", "sorry", "tmpsetkeymap", "mapname", "moorhead", "keyboard map", "us keyboard", "updown", "copying", "kernel chmod", "kernel rdev", "lilo", "fullerr", "tmpsettestfull", "partition full", "setup", "altf2", "slackware setup", "dospart", "newdir", "tmptempscript", "tmpsetdos", "partition", "ntfs", "doslist", "installscripts", "tpxproc", "atapi cd", "kerberos", "file transfer", "iana", "appletalk", "network", "control", "secure shell", "chat", "contact", "prospero", "outtag", "outshift", "if 30", "conn", "setmode", "dumb", "smart", "clienterror", "rather", "stopiteration", "firstexclusion", "appendcommit", "firstbranchitem", "filterbranch", "origtip", "oldnew", "remoterepo", "group", "prevpath", "sisdir import", "dangerous", "count", "subcount", "ioerror", "oserror", "gitmodetree", "gitmodefile", "gitmodesymlink", "stack", "nonlocal", "revision", "presdir", "admdirpackages", "warn", "tmprequiredlist", "trigger", "arch", "procscsiscsi", "luns", "scsi", "ax1b", "skript", "scsi bus", "kurt garloff", "gnu gpl", "ieee1394", "l found0", "nextrepoid", "repoid", "realpath", "usb keyboard", "d libmodules", "nousb", "procbususb a", "procbususb fi", "load input", "q input", "inet system", "hostname", "attach", "etcmotd", "newdisk", "scan", "slackkernel", "ram disk", "r sbp2", "r ieee1394", "firewire", "noieee1394", "q ieee1394", "attempt", "use f", "none def", "return password", "return none", "passwd", "nametopwdcache", "gidtogrpcache", "nametogrpcache", "tagfile", "prompt mode", "help software", "less", "removepkg", "gnu cc", "linux source", "pkgtool", "proccmdline", "termvt100", "termlinux", "homeroot lessmm", "ps1u", "home path", "display less", "term ps1", "kind", "branch", "period", "tmpsetfdisk", "minor elif", "smashedline", "l dev", "tmpsetfdisk fi", "probe", "mylex", "raid", "disksets", "packagedir", "blurb", "sourcedir", "tmptmpmsg", "tmptagfile", "media", "pcmcia", "umountcdrom", "o ro", "floppy", "pcmcia andor", "cardbus", "usedflopfalse", "libdir", "libdir exedir", "bcmd", "exedir", "openssl set", "packageversion", "versiongreater", "invert", "optdict", "intify", "limited to", "sockets layer", "argv", "normally", "shutwr", "sigexception", "demuxconn", "pipe import", "demultiplex", "openssl", "debug", "opensslversion", "static imported", "target openssl", "cmake", "shared imported", "fatalerror", "obex", "import", "stringio import", "obex service", "bdaddr channeln", "ascii character", "alength", "notfoundreturn", "use nis", "nis version", "name service", "switch config", "legal", "use dns", "domain name", "os2 boot", "os2 fdisk", "partition magic", "boot manager", "tcpip subsystem", "nfs install", "network support", "make", "sample file", "zip disk", "zip drive", "first scsi", "first ide", "atari", "solaris", "drive x", "zip100", "linkdir", "linkdir fi", "tmp directory", "asap", "linkdir tmp", "indexerror", "want", "midxversion", "wrapper", "multiple index", "filename", "desiredhwm", "domidx", "exitstack", "total", "option", "c option", "vmsize", "vmrss", "vmdata", "vmstk", "majflt", "september", "guess object", "longmatch", "raid device", "devrd", "devname", "concord", "applyerror", "metadata", "einval", "macos", "frozen", "fifo", "common code", "faildelay", "faillogenab", "logunkfailenab", "logoklogins", "lastlogenab", "mailcheckenab", "quotasenab", "syslogsuenab", "syslogsgenab", "console console", "ttywidth", "baseexception", "pythonpath", "pipe", "sigismember", "xdropaqueauth", "libcpvalloc", "rtld", "gnu c", "library", "free software", "foundation", "gnu lesser", "general public", "merchantability", "refs", "keyerror", "important", "carefully", "kwargs", "super", "true result", "priority", "pmsg", "crunch", "tmptempmsg", "localnetmask", "localipaddr", "upnrun", "ip address", "localgateway", "kversion", "eof dialog", "tmpmask", "localnetwork", "slackdevice", "fgrep", "ftp site", "tmpsetmount", "reboot machine", "tmpwhichdrv", "tmpsetmount cat", "select floppy", "drive", "tmptempmsg exit", "tmptempmsg mv", "tmpsourcedir", "drivefound", "cddvd", "rdir", "cddvd drive", "tmpsetcddev", "ide bus", "tmperrordo exit", "third", "login binsh", "l ttys0", "l ttys1", "x0 s", "reboot", "stuff", "bupdir", "iterhelper", "next", "none d", "indexhdr", "ixexists", "ixhashvalid", "ixshamissing", "indexsig", "entlen", "footersig", "tmpdir", "experimental", "bdupcache", "brestore", "bindex", "agulbra", "tcpip", "linux box", "hlinkdb", "verify", "maxpertree", "bupblobbits", "buptreeblobbits", "giterror", "mpicount", "bupnormal", "bupchunked", "refresh", "close", "dump", "dest", "commonargs", "ref dest", "pick", "btree", "missingobject", "bloom filter", "existingcount", "idxlivecount", "ram budget", "bupfs", "importerror", "fuse", "verbose", "fakemetadata", "fsdecode", "ptraceerror", "ptracesetregs", "cpu64bits", "ptraceattach", "ptracedetach", "ptracesyscall", "cpuwordsize", "runningbsd", "ext2", "proc proc", "commanderror", "optionerror", "lcctype", "iso88591", "localrepo repo", "sbine2fsck", "bfailed", "elif", "bcanary", "posix acls", "linux partition", "move", "pgdnspace", "olargefile", "onofollow", "xdev", "xdevxdev", "dirlist", "prepend", "cyan", "white", "blue", "dialog box", "yellow", "active button", "inactive button", "search box", "input box", "green", "excluderxs", "doit", "s seed", "this command", "is extremely", "dangerous n", "chunksize", "socket", "return hex", "supports python", "rethrow", "hostrs", "bnone", "bload", "branchpath", "snapshotroot", "snapshot", "tmpidx", "bashsource", "bashlineno", "int dryrun", "importing", "ux f", "sbinbrc", "eof binsync", "unmounting file", "devnull echo", "rest", "first assert", "existing", "restcount", "none path", "maxbloombits", "bloomversion", "maxbitseach", "discussion", "k4 k5", "k6 k7", "k8 k9", "rvatoi", "exitrv", "exit 1", "noblock", "sisdir", "sislnk", "writetree", "rawtreeitem", "splittreeitem", "metadataro", "meta", "builtmodulename", "dkms", "packagename", "autoinstall", "kernelrelease", "kbuild", "kerneluname", "implementation", "murmurhash3", "jens taylor", "gary court", "austin appleby", "typeof h", "later", "tls1", "fbtfr", "fbfr", "apache http", "fbefr", "fbhfr", "fbabfr", "http", "keepalive", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "getprocaddress", "access type", "ck id", "observed ja3", "mitre att", "show technique", "suspicious", "hybrid", "click", "delphi", "strings", "malicious", "february", "middle", "exploit", "gameover", "hybrid analysis", "api key", "vetting process", "ck matrix", "accept", "memoryfile scan", "invalid octet", "falcon sandbox", "tmpp59thrck", "informative", "name tactics" ], "references": [ "itl-logo.txt", "empty.exe", "libnm.la", "libyara.la", "sunjava_map.xml", "lorem.txt", "stage2", "q\u00e9\u00d5?e\u00ac\u00d2\u00b6.\u000f\u001c\u00cc", "syslinux.cfg", "x.jnlp", "desktop.ini", "a.txt", "a.txt:ads.txt", "dir:ads.txt", "b.txt:ads.txt", "no_ads.txt", ".:ads.txt", "b.txt", "nm-shared.xml", ".zcompdump-m1904-5.9", ".zcompdump", "90-nm-thunderbolt.rules", "84-nm-drivers.rules", "85-nm-unmanaged.rules", "???? ????????.txt", "notes.txt", "notes.txt:ads", "nm-cloud-setup.timer", "NetworkManager-wait-online.service", "nm-cloud-setup.service", "nm-priv-helper.service", "NetworkManager-dispatcher.service", "NetworkManager.service", "NetworkManager-ovs.conf", "nm-pppd-plugin.la", "yara.pc", "libnm.pc", "preload.js", "LICENSE", "index.js", "range.bnf", "package.json", "README.md", "semver.js", "comparator.js", "range.js", "valid.js", "sort.js", "satisfies.js", "rsort.js", "rcompare.js", "prerelease.js", "patch.js", "neq.js", "minor.js", "major.js", "lt.js", "inc.js", "parse.js", "gt.js", "eq.js", "gte.js", "compare-loose.js", "compare.js", "clean.js", "cmp.js", "coerce.js", "compare-build.js", "diff.js", "lte.js", "parse-options.js", "identifiers.js", "debug.js", "constants.js", "re.js", "yallist.js", "iterator.js", "subset.js", "to-comparators.js", "outside.js", "min-version.js", "min-satisfying.js", "max-satisfying.js", "ltr.js", "simplify.js", "intersects.js", "gtr.js", "npmrc", "cli.js", "lifecycle-cmd.js", "cli-entry.js", "package-url-cmd.js", "base-command.js", "npm.js", "arborist-cmd.js", "whoami.js", "view.js", "version.js", "unstar.js", "update.js", "unpublish.js", "uninstall.js", "test.js", "team.js", "stop.js", "start.js", "token.js", "stars.js", "shrinkwrap.js", "set.js", "star.js", "sbom.js", "run-script.js", "root.js", "search.js", "repo.js", "restart.js", "rebuild.js", "publish.js", "prune.js", "prefix.js", "pkg.js", "ping.js", "pack.js", "query.js", "outdated.js", "org.js", "owner.js", "logout.js", "ls.js", "ll.js", "login.js", "link.js", "install-ci-test.js", "profile.js", "hook.js", "init.js", "install-test.js", "install.js", "help.js", "explore.js", "fund.js", "explain.js", "help-search.js", "get.js", "edit.js", "docs.js", "doctor.js", "dist-tag.js", "dedupe.js", "deprecate.js", "ci.js", "config.js", "completion.js", "bugs.js", "adduser.js", "exec.js", "audit.js", "access.js", "cache.js", "find-dupes.js", "validate-engines.js", "web-auth.js", "tar.js", "update-notifier.js", "sbom-cyclonedx.js", "replace-info.js", "read-user-info.js", "reify-output.js", "queryable.js", "timers.js", "validate-lockfile.js", "sbom-spdx.js", "otplease.js", "pulse-till-done.js", "log-shim.js", "log-file.js", "npm-usage.js", "get-identity.js", "format-bytes.js", "open-url-prompt.js", "explain-eresolve.js", "explain-dep.js", "exit-handler.js", "open-url.js", "did-you-mean.js", "completion.sh", "completion.fish", "cmd-list.js", "auth.js", "audit-error.js", "is-windows.js", "display.js", "reify-finish.js", "error-message.js", "format-search-stream.js", "installed-shallow.js", "installed-deep.js", "update-workspaces.js", "get-workspaces.js", "npm-view.md", "npm-version.md", "npm-uninstall.md", "npm-token.md", "npx.md", "npm-team.md", "npm-stop.md", "npm-unstar.md", "npm-start.md", "npm-star.md", "npm-test.md", "npm-shrinkwrap.md", "npm-stars.md", "npm-sbom.md", "npm-root.md", "npm-run-script.md", "npm-restart.md", "npm-rebuild.md", "npm-query.md", "npm-search.md", "npm-prune.md", "npm-publish.md", "npm-profile.md", "npm-repo.md", "npm-whoami.md", "npm-pkg.md", "npm-pack.md", "npm-ping.md", "npm-org.md", "npm-owner.md", "npm-prefix.md", "npm-login.md", "npm-logout.md", "npm-link.md", "npm-install-ci-test.md", "npm-install.md", "npm-init.md", "npm-update.md", "npm-help-search.md", "npm-hook.md", "npm-help.md", "npm-find-dupes.md", "npm-explore.md", "npm-unpublish.md", "npm-exec.md", "npm-ls.md", "npm-edit.md", "npm-doctor.md", "npm-fund.md", "npm-outdated.md", "npm-docs.md", "npm-dist-tag.md", "npm-config.md", "npm-diff.md", "npm-ci.md", "npm-cache.md", "npm-bugs.md", "npm-completion.md", "npm-audit.md", "npm-access.md", "npm.md", "npm-install-test.md", "npm-adduser.md", "npm-dedupe.md", "package-lock-json.md", "package-json.md", "npm-shrinkwrap-json.md", "install.md", "npmrc.md", "folders.md", "workspaces.md", "scripts.md", "removal.md", "scope.md", "registry.md", "package-spec.md", "orgs.md", "developers.md", "dependency-selectors.md", "logging.md", "config.md", "node-which", "mkdirp", "qrcode-terminal", "installed-package-contents", "cssesc", "color-support", "arborist", "pacote", "glob", "empty", "xstat (2).py", "zgrep", "xstat.py", "wtmp", "web.py", "vt300", "vt300 (2)", "vt100 (3)", "vt100", "vint.py", "version (2).py", "version.py", "vdecmd", "unmigrate (2).sh", "unmigrate.sh", "tick.py", "termcap (2)", "termcap", "tag.py", "syslinux (2).cfg", "syslog.conf", "syslog (2).conf", "styles.css", "stdcrt (2)", "std (2)", "stage2 (3)", "stage2 (2)", "std", "ssh.py", "source_info.py", "split.py", "slackinstall", "stdcrt", "shells", "shells (2)", "shquote.py", "shadow (2)", "shadow", "setup (2)", "SeTswap (2)", "SeTPKG (2)", "setup", "SeTswap", "SeTpasswd (2)", "SeTpasswd", "SeTnopart (2)", "SeTpartitions (2)", "SeTnopart", "SeTPKG", "SeTmedia (2)", "SeTpartitions", "SeTmedia", "SeTmaketag", "slackinstall (2)", "SeTkeymap (2)", "SeTmaketag (2)", "SeTkernel", "SeTfull (2)", "SeTkernel (2)", "SeTfull", "SeTfdHELP", "SeTfdHELP (2)", "SeTkeymap", "SeTDOS (2)", "SeTconfig (2)", "services (2)", "SeTDOS", "SeTconfig", "services", "sendcmd.rc", "securetty (2)", "securetty", "server.py", "rm.py", "restore.py", "rm (2).py", "save.py", "removepkg", "rescan-scsi-bus", "removepkg (2)", "README (2)", "README", "repo.py", "rc.usb", "rc.inet1", "rc.S", "rc.ieee1394", "random.py", "pwdgrp.py", "PROMPThelp (2)", "profile (2)", "prune_older.py", "profile", "probe (2)", "probe", "pkgtool", "pkgtool (2)", "pcmcia", "path.py", "passwd (2)", "passwd", "OpenSSLConfigVersion.cmake", "options.py", "PROMPThelp", "openssl.pc", "openmachine.rc", "on__server.py", "on.py", "OpenSSLConfig.cmake", "obexstress", "nsswitch (2).conf", "nsswitch.conf", "nopartHELP (2)", "nopartHELP", "networks (2)", "networks", "network", "mux.py", "mtools (2).conf", "mtools.conf", "mtab (2)", "mtab", "motd (2)", "motd", "modules.pcimap", "modules.pnpbiosmap", "modules.parportmap", "modules.usbmap", "modules.isapnpmap", "modules.ieee1394map", "modules.generic_string", "modules.dep", "migrate (2).sh", "migrate.sh", "midx.py", "midx (2).py", "meta.py", "memtest.py", "margin.py", "makedevs (2).sh", "makedevs.sh", "metadata.py", "ls (2).py", "ls.py", "login (2).defs", "main.py", "login.defs", "list_idx.py", "libssl.pc", "libnm-wwan.la", "libnm-ppp-plugin.la", "libnm-device-plugin-wwan.la", "libnm-device-plugin-wifi.la", "libnm-device-plugin-team.la", "libnm-device-plugin-bluetooth.la", "libnm-device-plugin-ovs.la", "libnm-device-plugin-adsl.la", "libcrypto.pc", "libc6-i386_2.31-0ubuntu6_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.info", "libc6-i386_2.30-4_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.symbols", "libc6-i386_2.30-4_amd64.info", "libc6-i386_2.30-4_amd64.symbols", "libc6-i386_2.30-0ubuntu2_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.info", "libc6-i386_2.30-0ubuntu2.1_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.symbols", "libc6-i386_2.30-0ubuntu2.1_amd64.info", "libc6-i386_2.29-0ubuntu2_amd64.url", "libc6-i386_2.29-0ubuntu2_amd64.symbols", "libc6-i386_2.29-0ubuntu2_amd64.info", "libc6-i386_2.28-10_amd64.url", "libc6-i386_2.28-10_amd64.info", "libc6-i386_2.28-10_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.info", "libc6-i386_2.27-3ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.url", "libc6-i386_2.26-0ubuntu2_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.url", "libc6-i386_2.26-0ubuntu2.1_amd64.info", "libc6-i386_2.24-11+deb9u4_amd64.url", "libc6-i386_2.30-0ubuntu2.1_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.url", "libc6-i386_2.24-9ubuntu2_amd64.info", "libc6-i386_2.24-9ubuntu2.2_amd64.url", "libc6-i386_2.24-9ubuntu2.2_amd64.symbols", "libc6-i386_2.24-9ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.url", "libc6-i386_2.24-3ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.url", "libc6-i386_2.23-0ubuntu11_amd64.url", "libc6-i386_2.24-3ubuntu1_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.info", "libc6-i386_2.23-0ubuntu11_amd64.symbols", "libc6-i386_2.23-0ubuntu11_amd64.info", "libc6-i386_2.23-0ubuntu10_amd64.url", "libc6-i386_2.23-0ubuntu10_amd64.symbols", "libc6-i386_2.23-0ubuntu10_amd64.info", "libc6-i386_2.23-0ubuntu3_amd64.symbols", "libc6-i386_2.23-0ubuntu3_amd64.info", "libc6-i386_2.21-0ubuntu4_amd64.url", "libc6-i386_2.23-0ubuntu3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.info", "libc6-i386_2.21-0ubuntu4.3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.info", "libc6-i386_2.19-18+deb8u10_amd64.url", "libc6-i386_2.19-18+deb8u10_amd64.symbols", "libc6-i386_2.19-18+deb8u10_amd64.info", "libc6-i386_2.19-10ubuntu2_amd64.url", "libc6-i386_2.19-10ubuntu2_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.symbols", "libc6-i386_2.19-10ubuntu2_amd64.info", "libc6-i386_2.19-10ubuntu2.3_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.symbols", "libc6-i386_2.19-0ubuntu6.15_amd64.info", "libc6-i386_2.19-0ubuntu6.15_amd64.url", "libc6-i386_2.19-0ubuntu6.15_amd64.symbols", "libc6-i386_2.17-93ubuntu4_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.info", "libc6-i386_2.17-0ubuntu5_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.symbols", "libc6-i386_2.17-0ubuntu5_amd64.info", "libc6-i386_2.17-0ubuntu5.1_amd64.url", "libc6-i386_2.17-0ubuntu5_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.info", "libc6-i386_2.15-0ubuntu20_amd64.url", "libc6-i386_2.15-0ubuntu20.2_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.symbols", "libc6-i386_2.15-0ubuntu20.2_amd64.info", "libc6-i386_2.15-0ubuntu20.2_amd64.symbols", "libc6-i386_2.15-0ubuntu10_amd64.info", "libc6-i386_2.15-0ubuntu10_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.info", "libc6-i386_2.15-0ubuntu10.18_amd64.url", "libc6-i386_2.15-0ubuntu10_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.url", "libc6-i386_2.13-20ubuntu5_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.symbols", "libc6-i386_2.13-20ubuntu5.3_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.symbols", "libc6-i386_2.13-20ubuntu5.2_amd64.info", "libc6-i386_2.13-0ubuntu13_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.symbols", "libc6-i386_2.13-0ubuntu13.2_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.url", "libc6-i386_2.13-0ubuntu13.2_amd64.info", "libc6-i386_2.12.1-0ubuntu10.4_amd64.info", "libc6-i386_2.13-0ubuntu13.2_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.info", "libc6-i386_2.11.1-0ubuntu7_amd64.url", "libc6-i386_2.12.1-0ubuntu6_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.url", "libc6-i386_2.11.1-0ubuntu7.21_amd64.url", "libc6-i386_2.11.1-0ubuntu7.12_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.info", "libc6-i386_2.11.1-0ubuntu7.11_amd64.symbols", "libc6-i386_2.10.1-0ubuntu19_amd64.url", "libc6-i386_2.10.1-0ubuntu19_amd64.info", "libc6-i386_2.10.1-0ubuntu19_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.info", "libc6-i386_2.10.1-0ubuntu15_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.url", "libc6-i386_2.9-4ubuntu6_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.symbols", "libc6-i386_2.9-4ubuntu6.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu9_amd64.info", "libc6-i386_2.8~20080505-0ubuntu7_amd64.url", "libc6-i386_2.7-10ubuntu8.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.info", "libc6-i386_2.7-10ubuntu3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.info", "libc6-i386_2.6.1-1ubuntu10_amd64.url", "libc6-i386_2.6.1-1ubuntu10_amd64.symbols", "libc6-i386_2.6.1-1ubuntu10_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.symbols", "libc6-i386_2.6.1-1ubuntu9_amd64.url", "libc6-i386_2.6.1-1ubuntu9_amd64.info", "libc6-i386_2.6.1-1ubuntu9_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.info", "libc6-i386_2.4-1ubuntu12_amd64.url", "libc6-i386_2.4-1ubuntu12_amd64.symbols", "libc6-i386_2.4-1ubuntu12_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.symbols", "libc6-i386_2.4-1ubuntu12.3_amd64.url", "libc6-i386_2.4-1ubuntu12.3_amd64.info", "libc6-i386_2.5-0ubuntu14_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.symbols", "libc6-i386_2.3.6-0ubuntu20_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.url", "libc6-i386_2.3.6-0ubuntu20.6_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.symbols", "ldd", "libc6-i386_2.4-1ubuntu12.3_amd64.symbols", "ld.so (2).conf", "ld.so.conf", "join.py", "itl-logo (3).txt", "itl-logo (2).txt", "issue", "issue (2)", "io.py", "installpkg", "INSNFS (2)", "installpkg (2)", "INSNFS", "INShd", "INShd (2)", "INSfd (2)", "INSfd", "INSdir (2)", "INSdir", "INSCD", "INSCD (2)", "inittab (2)", "inittab", "init.py", "__init__ (2).py", "__init__.py", "index (2).py", "index.py", "import_duplicity.py", "hosts (2)", "hosts", "host (2).conf", "host.conf", "HOSTNAME", "hlinkdb.py", "help.py", "helpers.py", "HOSTNAME (2)", "hashsplit.py", "group (2)", "group", "gc (2).py", "git.py", "get.py", "gc.py", "fuse.py", "func.py", "fstab (2)", "fstab", "ftp.py", "fsck (2).ext2", "fsck (2).ext3", "fsck.ext3", "fsck.ext2", "fsck.py", "filesize", "features.py", "fdisk (2)", "fdisk", "FDhelp (2)", "FDhelp", "empty (3)", "empty (2)", "drecurse.py", "dialogrc", "dialogrc (2)", "disk2 (2)", "drecurse (2).py", "disk2", "damage.py", "daemon.py", "compat.py", "closemachine.rc", "checkout_info.py", "cfdisk (2)", "client.py", "cfdisk", "cat_file.py", "bup-import-rsnapshot", "bup-import-rdiff-backup", "brc (2)", "brc", "bloom (2).py", "bloom.py", "asyncrecv.rc", "90-nm-cloud-setup.sh", "vfs.py", "tree.py", "template-WaR2X6", "a1676298638", "a4033901479", ".X1-lock", ".X0-lock", ".X1024-lock", "b3336837578", "MozillaUpdateLock-7A4D7A8EFFB43502", "imurmurhash.min.js", ".X1025-lock", "murmur2", "b529967783", "empty.lock~", "ab.1", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/65fcd2b1519a5f86d60eed63", "https://hybrid-analysis.com/file-collection/6604df33503d4a306e01c776", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/6604e16b6b94878cbb062194", "https://hybrid-analysis.com/file-collection/6604df4bb797f028b4065601", "https://hybrid-analysis.com/sample/2eaba531c48445e241c116f61653649e403d4b1ef07bfc96390e986e1eeb5b83/6604e230edf88ab15b0d83fc", "https://hybrid-analysis.com/file-collection/66057525d9b81759df06c4b5", "https://hybrid-analysis.com/sample/d714e2a850645f9a0f8f3785dd0eedd47a417417bed470b968e0f6a1a2e746e6/652cf1f4243d9d03b90f74a1", "https://www.virustotal.com/gui/file/ea8490563a229b89f2b779217938f9eb2bcf93dd89de9f7fc5c035632f0934b5/relations" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 297, "email": 8, "hostname": 204, "URL": 382, "FileHash-SHA1": 7, "CVE": 2, "FileHash-MD5": 45, "FileHash-SHA256": 5 }, "indicator_count": 950, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "764 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64e298af236c03fdd49226dd", "name": "IOC's from my personal devices for the week starting 08/21/23 - Pure Linux", "description": "It's becoming quite the wrestling match trying to get these pulses's created especially trying to utilize OTX's native uploader for the actual pulse; but after taking another persistent OS instance as a casualty I'm finally getting a workflow down. \n\nThis is all Linux starting this week; with a metric f*ck ton and frankly overwhelming amount of Yara matches I could only get a few to play outside of local analysis. But those include an apprently rooted libgo that landed on an Arch ISO as well as a CAchyOS ISO; a Dockerd that was hiding in the source {~/docker/bundles/binary) directory after cloning from gtihub earlier today as well as an unsolicited dsniff executable. Whatever this is also decided to leech off of and make a home out of the Cuda lib (/opt/cuda/ --- and as soon as I can get it uploaded a malicious ISO, and kernel out of the docker-desktop (/opt/docker-desktop) directory. Never a dull moment.", "modified": "2024-02-14T21:44:03.410000", "created": "2023-08-20T22:50:23.225000", "tags": [ "dukexternaldecl", "dukfilemacro", "duklinemacro", "duktape", "dukapinoreturn", "dukcompileeval", "dukcompilesafe", "null", "vaargs", "ecmascript", "date", "error", "push", "local", "internal", "returns", "value", "boostnocwchar", "indeterminate", "boostusefacet", "brief returns", "boosthasfacet", "gregor", "boost software", "license", "banner", "ipaddr", "author", "usage", "version", "anhth", "atlassian2", "cdn2", "devadmin", "haproxy3", "false", "team", "abba", "abcd", "acid", "adonis", "aeon", "afrodita", "agent", "akira", "alabama", "aldebaran", "aleph", "alex", "alexa", "alfa", "alien", "alina", "alisa", "alma", "alpha", "amigo", "amos", "anarchy", "andromeda", "angela", "anime", "anis", "anna", "anubis", "apache", "apollo", "april", "arch", "archie", "argos", "argus", "aria", "aris", "armageddon", "artemis", "asahi", "ashley", "assassin", "astra", "atom", "atomic", "august", "auriga", "aurora", "austin", "autorun", "avalanche", "avalon", "avenger", "aviator", "avril", "azrael", "baba", "babe", "baby", "babylon", "bach", "baidu", "bandung", "bank", "baobab", "bara", "baran", "baron", "barry", "bart", "basket", "batman", "bazar", "beer", "belarus", "belka", "belle", "benchmark", "benjamin", "benny", "bill", "bingo", "blackbox", "blackcat", "blackhole", "blacksun", "blaze", "blizzard", "blondie", "blood", "bluesky", "bnet", "bobo", "bomb", "bomber", "boom", "borg", "bounce", "bouncer", "boxer", "bridge", "buddy", "bullet", "bumblebee", "bunny", "burn", "caca", "caesar", "calendar", "calgary", "camel", "candle", "canvas", "cardinal", "cargo", "carpediem", "carrier", "casino", "casper", "cassini", "celine", "cerberus", "cetus", "chacha", "chantal", "cheap", "chester", "chewbacca", "chin", "citadel", "clarity", "class", "click", "clock", "cluster", "cobalt", "cobra", "coco", "coconut", "code", "coke", "combo", "comet", "comment", "comp", "conan", "config", "connector", "contact", "cookie", "cool", "corona", "cracker", "crash", "crawl", "crazy", "crew", "crime", "crimson", "crypton", "crystal", "cuba", "cyber", "cyrus", "dada", "dani", "daniel", "dark", "darkman", "darkness", "darkside", "darkstar", "daum", "david", "davis", "dbase", "death", "deimos", "delphi", "delta", "demo", "democracy", "dennis", "depot", "derek", "designer", "desktop", "dexter", "dharma", "diablo", "dialer", "diego", "diesel", "digi", "dima", "dino", "direct", "divine", "django", "dock", "dodo", "dolphin", "domino", "donald", "doom", "dora", "dotnet", "dracula", "dragon", "drop", "drweb", "dude", "duke", "dummy", "dump", "dune", "dust", "duster", "easy", "echelon", "eclipse", "eddie", "eddy", "elaine", "eleanor", "elisa", "elite", "emilia", "emma", "empire", "encrypt", "energy", "epsilon", "equinox", "eris", "esmeralda", "esupport", "eternal", "eternity", "euclid", "evil", "excalibur", "exodus", "experiment", "explorer", "express", "face", "facebook", "factory", "faisal", "fastcash", "feedme", "fenrir", "feri", "fiesta", "final", "finger", "firebird", "firefly", "first", "flamingo", "flash", "flex", "floyd", "flux", "fortune", "foryou", "foxy", "freddy", "freedom", "freeweb", "frodo", "frog", "front", "frozen", "fruit", "funky", "fury", "gaga", "galaxy", "galileo", "gamma", "gate", "gauss", "general", "generator", "genome", "giga", "gigi", "ginger", "girls", "glacier", "globe", "gloria", "goblin", "gogo", "golf", "gollum", "gondor", "gotcha", "graphite", "groove", "guard", "habbo", "hair", "hale", "hamster", "happytime", "harmony", "harrier", "havoc", "hawk", "hehe", "hell", "hello", "helpme", "hermit", "hino", "hippo", "honeypot", "hook", "horror", "hoster", "hotmail", "hunter", "hydra", "ibank", "icarus", "ident", "igloo", "iloveyou", "immortal", "impact", "import", "incom", "incubator", "indra", "inex", "inferno", "infinity", "info", "infra", "insane", "inside", "inter", "iowa", "iron", "iservice", "istanbul", "ivan", "jackson", "jaka", "jason", "jedi", "jeff", "jigsaw", "jimmy", "jinx", "john", "johnny", "joker", "joshi", "jquery", "judy", "julia", "juliet", "julius", "june", "juno", "justin", "kaiser", "kala", "kali", "kami", "kamikaze", "kamil", "kappa", "karin", "karina", "karma", "kato", "katy", "keeper", "kevin", "kiev", "killer", "kilo", "kiwi", "koko", "krasnodar", "krypton", "kurgan", "lana", "landmark", "lapis", "larry", "lazarus", "lazy", "leda", "legacy", "leon", "levi", "leviathan", "light", "lilith", "lilo", "lime", "little", "liza", "lizard", "logger", "logic", "loke", "loki", "lola", "loli", "lolita", "lolol", "look", "loulou", "love", "lucia", "lucky", "lucy", "luna", "lust", "madmax", "mafia", "magazine", "magento", "maggie", "magic", "magnum", "mailto", "maker", "mamba", "mami", "mandrake", "mania", "manuel", "marina", "mario", "mark", "markus", "marlboro", "martin", "maru", "mask", "massmail", "matrix", "maverick", "maximus", "maya", "mayak", "maze", "media", "medusa", "mensa", "mercurial", "mercury", "merlin", "meta", "metal", "metallica", "meteor", "metro", "mexico", "michael", "mikey", "mine", "mini", "minotaur", "minsk", "mint", "mira", "miso", "mission", "model", "monster", "moran", "mordor", "mozart", "multi", "murphy", "mylove", "nazgul", "nebula", "neko", "netmail", "neuro", "neuron", "nevada", "nexus", "night", "nightmare", "nikita", "niko", "nina", "ninja", "nirvana", "nitro", "nomad", "nono", "noob", "northstar", "nova", "nuke", "oblivion", "octopus", "ogre", "olga", "olivia", "omni", "ontario", "open", "orinoco", "oscar", "otto", "outside", "ozzy", "pacman", "pamela", "panama", "panda", "pandora", "panic", "paradox", "paraguay", "paranoia", "paris", "pass", "passmark", "path", "payment", "pedro", "pepe", "pepper", "perseus", "phantom", "philadelphia", "phoenix", "phpbb", "picasso", "pigeon", "pikachu", "pinger", "pingpong", "pinky", "pioneer", "pirate", "piter", "pixel", "pizza", "plasma", "pluto", "police", "pony", "porno", "posta", "prague", "predator", "prestige", "primus", "prism", "privat", "probe", "problem", "proj", "project", "prometheus", "prophet", "protect", "proteus", "proton", "puma", "punk", "python", "quake", "quartz", "quasar", "r2d2", "race", "ragnarok", "raid", "rainbow", "rambo", "rana", "ranger", "rape", "rapid", "raptor", "ravi", "razor", "reboot", "recon", "rector", "reda", "redir", "redirector", "redline", "refresh", "reklam", "relax", "rescue", "retro", "rhino", "rigel", "riot", "robin", "robinhood", "robo", "rock", "rocket", "rogue", "roma", "rosebud", "roxy", "ruby", "runner", "rush", "sadmin", "saigon", "sailor", "sakura", "salsa", "samurai", "sanctuary", "sandbox", "sandra", "sandy", "sapphire", "sara", "sarah", "satan", "saturn", "sauron", "savenow", "school", "seeker", "sentinel", "seraph", "serena", "serg", "service", "servidor", "sexy", "shadow", "shaggy", "shaman", "shane", "sharepoint", "shark", "shell", "sherlock", "silent", "simba", "simplex", "sirius", "skinner", "skipper", "skynet", "slash", "slice", "slim", "smash", "smog", "snake", "sniper", "snow", "snowflake", "sochi", "solid", "sonic", "sora", "soul", "spark", "sparkle", "sparta", "spartacus", "spawn", "spectre", "sphinx", "spice", "spin", "spirit", "splash", "spooky", "sport", "squirrel", "star", "stark", "stealth", "steel", "stop", "story", "striker", "stub", "styx", "sugar", "sunny", "sunset", "super", "supernova", "supervisor", "supra", "suri", "survey", "sweet", "sword", "sysadmin", "target", "tarot", "taurus", "teamo", "techno", "telecom", "template", "terminal", "terra", "terre", "testapi", "tetris", "thebe", "theta", "thor", "tibia", "tick", "ticker", "tiger", "tigger", "tiny", "titan", "titanic", "tokyo", "toolbar", "torun", "trace", "trailer", "trash", "trident", "trigger", "trinity", "tripoli", "triton", "troll", "tron", "troy", "tsunami", "tula", "twister", "twitter", "ultimate", "uranus", "uruguay", "valencia", "valentine", "valeria", "vampire", "vanguard", "venus", "victor", "vidar", "vienna", "viper", "voice", "voodoo", "voronezh", "vortex", "voyager", "vulcano", "waffle", "wagner", "walker", "wallpaper", "walrus", "wanderer", "warrior", "webadmin", "webdav", "websearch", "webview", "wedge", "westnet", "whiterose", "wide", "widget", "willow", "win4", "window", "winnie", "winnt", "wolf", "wraith", "write", "wuhan", "xanadu", "xena", "xenon", "xmail", "xpress", "yang", "youth", "yoyo", "yume", "zeppelin", "zero", "zeus", "zhang", "zimbra", "zion", "zombie", "zona", "zorro", "zulu", "NativeAPI" ], "references": [ "duktape.h", "tribool_io.hpp", "dnsspider", "libgo.so.22.0.0", "https://hybrid-analysis.com/sample/a55c43184ee4ec03a636b357e8fef5ce2e8fde34f61a28610d4ca285db9b07e4/64e43114272b03328005b88b", "/opt/cuda", "https://hybrid-analysis.com/sample/db47ed2f22009cab171b7d16ec3462258ddf7bed0a6a9af198e5394e783198c0/64e3ff9747b24214820d5c1a", "https://hybrid-analysis.com/sample/32bc49b0d1d7aba6742b0e81dc0105c54bd5c9f32321f96b1594fbbe36692880", "https://hybrid-analysis.com/sample/bad3965a417d2fd936116414be04591aedc9275d3c545b3709334d3805d69bef/64e3ffbd15668ff65803bf54", "dockerd", "https://hybrid-analysis.com/sample/a55c43184ee4ec03a636b357e8fef5ce2e8fde34f61a28610d4ca285db9b07e4", "https://hybrid-analysis.com/sample/db47ed2f22009cab171b7d16ec3462258ddf7bed0a6a9af198e5394e783198c0", "https://hybrid-analysis.com/sample/0d4a7cda209c9701bc4cd19aac861d2be8aa1ce6258922d64e711de3d9bad2ae/64e679f61825d88cf802a74d", "https://hybrid-analysis.com/sample/b2efd5e0c2f695063a8bce40c8182aa70f33c4b1b77d232b7530d89fb9646f0c/64e52411dbff7da2f4065fe7", "https://hybrid-analysis.com/sample/bad3965a417d2fd936116414be04591aedc9275d3c545b3709334d3805d69bef", "https://hybrid-analysis.com/sample/1ba7314785f705d0a3db7a3a8ae1da4fe11a2f776287ce3aabc3f3931469447b/64e67888f8d1145b63007ad1", "https://hybrid-analysis.com/sample/27c46f4f186b2168b1d37057378b58667151088cea24c8944d539d251d0b7f6d/64e678fba4a2aff1640fc39a" ], "public": 1, "adversary": "TBD", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1573.001", "name": "Symmetric Cryptography", "display_name": "T1573.001 - Symmetric Cryptography" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003.008", "name": "/etc/passwd and /etc/shadow", "display_name": "T1003.008 - /etc/passwd and /etc/shadow" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1547.009", "name": "Shortcut Modification", "display_name": "T1547.009 - Shortcut Modification" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1055.003", "name": "Thread Execution Hijacking", "display_name": "T1055.003 - Thread Execution Hijacking" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1560.002", "name": "Archive via Library", "display_name": "T1560.002 - Archive via Library" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056.004", "name": "Credential API Hooking", "display_name": "T1056.004 - Credential API Hooking" }, { "id": "T1074.001", "name": "Local Data Staging", "display_name": "T1074.001 - Local Data Staging" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1546.015", "name": "Component Object Model Hijacking", "display_name": "T1546.015 - Component Object Model Hijacking" }, { "id": "T1059.005", "name": "Visual Basic", "display_name": "T1059.005 - Visual Basic" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" } ], "industries": [ "individuals" ], "TLP": "white", "cloned_from": null, "export_count": 152, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 676, "URL": 1068, "domain": 11442, "email": 36, "hostname": 1862, "FileHash-MD5": 2000, "FileHash-SHA256": 1082 }, "indicator_count": 18166, "is_author": false, "is_subscribing": null, "subscriber_count": 79, "modified_text": "836 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dd9c1d76a7807782a691d3", "name": "IOC's found on my pesonal devices; week starting 08/14/23", "description": "I had wrapped the majority of the files i'd run since the 14th into the Pulse of the same date, but at over 17k indicators i think it was time to put that one to rest. Obviously time and life allowing my intention is to keep updating and creating more of these as long as i'm kept flush with content. At current i'm pretty damned flush. This is just a preliminary dump of my /tmp folder on Arch. part of the infection chain is process hallowing and then hijacking a program close to the user, with decent call ability to the rest of the system.", "modified": "2024-02-14T21:44:02.852000", "created": "2023-08-17T04:03:41.985000", "tags": [ "o cloexec", "r procversion", "cachyos", "gnu ld", "gnu binutils", "microsoft", "f lockfd", "cygwin", "u respfd", "procselffd13", "procselffd14", "x8664", "uname", "linux", "getconf", "cpus32", "case", "m x8664", "s linux", "x8664 o", "z linux", "z x8664", "replying", "timing", "successfully", "shift", "procselffd16", "empty", "head", "dirty", "found", "splitting", "license", "index", "kill", "zfrm", "argv" ], "references": [ ".ICE-unix", ".org.chromium.Chromium.12ZdF3", ".vbox-mrkd-ipc", "@tmp", ".org.chromium.Chromium.T2jdbS", ".X11-unix", "albert_yt_ynb2tftv", "fish.root", "20230816_202710-scantemp.b14ff4bc3a", "plasma-csd-generator.LTvjbT", "pytest-of-mrkd", "runtime-root", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-ananicy-cpp.service-U5RKxp", ".org.chromium.Chromium.coQnti", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-bluetooth.service-7fh2tg", "bauh@mrkd", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-iwd.service-jnpcHR", ".org.chromium.Chromium.8GBhMA", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-polkit.service-CfCUQZ", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-systemd-logind.service-Q9OYbj", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-power-profiles-daemon.service-hSCDr7", ".org.chromium.Chromium.HMzFxo", "Temp-0c3dc677-7d66-4234-b14e-f604605b2d0c", "tmp.D4NXyZ3U4J", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-uksmd.service-oAjI9s", "Temp-0148ee46-b3e0-4c4b-aa55-b60c6b63eb6f", "tmp.ziktUZeKXL", "v8-compile-cache-0", "tmp90lfbdek", "tst-bz26353KOtJVp", "v8-compile-cache-1000", ".X0-lock", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.xtrace.log", "Temp-4d7e99a7-2d45-4347-a3b6-b64e3ae65e2e", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.xtrace.log", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.daemon.log", "gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.10291.1692217508.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.11270.1692217597.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.daemon.log", "gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.12928.1692233448.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.13309.1692233456.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.28823.1692223670.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.23930.1692220492.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.241161.1692238939.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.240792.1692238921.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.268412.1692240156.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.317097.1692240795.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.345673.1692241474.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.daemon.log", "qtsingleapp-Notifi-4c42-3e8", "gitstatus.POWERLEVEL9K.1000.2588447.1692243345.1.xtrace.log", "memmemY_2MMv.c", "gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.xtrace.log", "qtsingleapp-Notifi-4c42-3e8-lockfile", "stdbool.hcc0B2j.c", "strlcatmMvE1V.c", "qtsingleapp-Octopi-1d88-3e8-lockfile", "strlcpydb8x03.c", "stdbool.ht64kj6qw.c", "qtsingleapp-Octopi-1d88-3e8", "gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.daemon.log", "https://hybrid-analysis.com/sample/43b03483bf2b292ebb1b33469ab4b19e2ac84b1c86c0f34f60adab4bc64176b9", "https://hybrid-analysis.com/sample/320a60044adeccec22937423e859d2b095e976698133e37a83e019ce08c8bc0c", "https://hybrid-analysis.com/file-collection/64dfee6a3329552c91026445", "https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca", "https://hybrid-analysis.com/sample/8c7c7246468ffeffe01617b597622cd237fa334fb24dc4977fcac398bbe0df80", "https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/64dff1fbeab7dc252b0e56a6", "https://www.virustotal.com/gui/file/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/details", "https://otx.alienvault.com/indicator/file/5820da0bbae4f091dc0248e566d8f1076fd81485d1893effa14cdc1dc122f1fd" ], "public": 1, "adversary": "N/A", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BV:TelegramBot-A\\ [Trj]", "display_name": "BV:TelegramBot-A\\ [Trj]", "target": null }, { "id": "Ransom:Linux/DarkRadiation.A!MTB", "display_name": "Ransom:Linux/DarkRadiation.A!MTB", "target": "/malware/Ransom:Linux/DarkRadiation.A!MTB" }, { "id": "SLF:MamacseMacro.A", "display_name": "SLF:MamacseMacro.A", "target": null }, { "id": "TrojanDownloader:Linux/Morila!MTB", "display_name": "TrojanDownloader:Linux/Morila!MTB", "target": "/malware/TrojanDownloader:Linux/Morila!MTB" }, { "id": "Backdoor:Win32/R2d2.A", "display_name": "Backdoor:Win32/R2d2.A", "target": "/malware/Backdoor:Win32/R2d2.A" }, { "id": "Sf:ShellCode-DZ\\ [Trj]", "display_name": "Sf:ShellCode-DZ\\ [Trj]", "target": null }, { "id": "NETexecutableMicrosoft", "display_name": "NETexecutableMicrosoft", "target": null }, { "id": "TrojanDropper:Win32/FakeFlexnet.A", "display_name": "TrojanDropper:Win32/FakeFlexnet.A", "target": "/malware/TrojanDropper:Win32/FakeFlexnet.A" }, { "id": "Delphi", "display_name": "Delphi", "target": null } ], "attack_ids": [], "industries": [ "individuals" ], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 206, "domain": 5129, "FileHash-MD5": 177, "FileHash-SHA1": 114, "URL": 646, "hostname": 2078, "CVE": 412, "email": 4 }, "indicator_count": 8766, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "836 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ee2668cad3bfce7a474d79", "name": "IOC's from my personal devices for the week starting 08/28/23 - leveraging Yara, overwhelmed", "description": "placeholder\n\nAt current I have well over 2000 detentions just on this one device - I'm working on getting everything presentable.", "modified": "2024-02-10T03:37:00.560000", "created": "2023-08-29T17:10:00.158000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "indicator", "file", "ck id", "mitre att", "show technique", "ck matrix", "hybrid analysis", "suspicious", "hybrid", "close", "click", "august", "crypto", "strings", "malicious", "podcast", "team", "june", "error", "virtual size", "fail", "media", "path", "entropy", "alienvault", "open threat" ], "references": [ "https://hybrid-analysis.com/sample/2a061121e90f3354504a1546b1ca4c71252d02c99b7f677f29602aaa95f91c9e/64e8955eca839267790e3ef3", "https://hybrid-analysis.com/sample/f0da979013dc3adf7841d93af10dd5d12907752954bde8ca0bb2f027e869f086/6463a5722450ab7d6c0b893e", "https://otx.alienvault.com/indicator/file/0630d8faa930aa80f7fb6b27ff51e082151b64882c69319eba561280da3064ec", "https://otx.alienvault.com/indicator/file/5987131af62bc75d60f1f8894be2f75d709d8a328570259457063ccfac7f59ca", "https://otx.alienvault.com/indicator/file/4db808dc54c9ef1fdad38f1fb7b1ea11be64dbadd8c38d02fa1e66c6eb3c1ed2", "https://otx.alienvault.com/indicator/file/cbb9ab5848535b5ff8c79badc80efc77e7dd4200b192c14c5990993919b3b156", "https://tria.ge/230825-pdyvdabe74", "https://hybrid-analysis.com/sample/4db808dc54c9ef1fdad38f1fb7b1ea11be64dbadd8c38d02fa1e66c6eb3c1ed2", "https://hybrid-analysis.com/sample/f0da979013dc3adf7841d93af10dd5d12907752954bde8ca0bb2f027e869f086" ], "public": 1, "adversary": "N/A", "targeted_countries": [], "malware_families": [ { "id": "SpyEye", "display_name": "SpyEye", "target": null }, { "id": "Trojan:Linux/Rootkit", "display_name": "Trojan:Linux/Rootkit", "target": "/malware/Trojan:Linux/Rootkit" }, { "id": "Poet RAT", "display_name": "Poet RAT", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "TrojanDropper:Win32/Ponmocup", "display_name": "TrojanDropper:Win32/Ponmocup", "target": "/malware/TrojanDropper:Win32/Ponmocup" }, { "id": "Shylock", "display_name": "Shylock", "target": null }, { "id": "Virus:Win95/Cerebrus", "display_name": "Virus:Win95/Cerebrus", "target": "/malware/Virus:Win95/Cerebrus" }, { "id": "TrojanSpy:Win32/Warpp", "display_name": "TrojanSpy:Win32/Warpp", "target": "/malware/TrojanSpy:Win32/Warpp" }, { "id": "IronTiger", "display_name": "IronTiger", "target": null }, { "id": "wimmie", "display_name": "wimmie", "target": null }, { "id": "lsadump", "display_name": "lsadump", "target": null }, { "id": "SURTR", "display_name": "SURTR", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" } ], "industries": [ "individuals" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 79, "FileHash-SHA1": 46, "FileHash-SHA256": 68, "URL": 119, "domain": 36, "hostname": 88, "email": 1, "SSLCertFingerprint": 5 }, "indicator_count": 442, "is_author": false, "is_subscribing": null, "subscriber_count": 75, "modified_text": "841 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a05f90fecc8ca5ef695c", "name": "IOC's from my personal devices for the week starting 08/21/23 - Pure Linux", "description": "", "modified": "2023-12-06T16:25:02.930000", "created": "2023-12-06T16:25:02.930000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2821, "hostname": 464, "email": 26, "URL": 978, "FileHash-MD5": 1139, "FileHash-SHA1": 541, "FileHash-SHA256": 839 }, "indicator_count": 6808, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709ffcf3ffe737f8cb8dfd", "name": "IOC's found on my pesonal devices; week starting 08/14/23", "description": "", "modified": "2023-12-06T16:23:24.919000", "created": "2023-12-06T16:23:24.919000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 103, "hostname": 524, "domain": 1292, "FileHash-SHA256": 95, "FileHash-MD5": 54, "FileHash-SHA1": 39, "URL": 169, "email": 1 }, "indicator_count": 2277, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64f379639e77ae81f51fb1a6", "name": "IOC's from my personal devices for the week starting 08/28/23 (byMeekd1904) hmm?", "description": "", "modified": "2023-09-02T18:05:23.864000", "created": "2023-09-02T18:05:23.864000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "indicator", "file", "ck id", "mitre att", "show technique", "ck matrix", "hybrid analysis", "suspicious", "hybrid", "close", "click", "august", "crypto", "strings", "malicious", "podcast", "team", "june", "error", "virtual size", "fail", "media", "path", "entropy", "alienvault", "open threat" ], "references": [ "https://hybrid-analysis.com/sample/2a061121e90f3354504a1546b1ca4c71252d02c99b7f677f29602aaa95f91c9e/64e8955eca839267790e3ef3", "https://hybrid-analysis.com/sample/f0da979013dc3adf7841d93af10dd5d12907752954bde8ca0bb2f027e869f086/6463a5722450ab7d6c0b893e", "https://otx.alienvault.com/indicator/file/0630d8faa930aa80f7fb6b27ff51e082151b64882c69319eba561280da3064ec", "https://otx.alienvault.com/indicator/file/5987131af62bc75d60f1f8894be2f75d709d8a328570259457063ccfac7f59ca", "https://otx.alienvault.com/indicator/file/4db808dc54c9ef1fdad38f1fb7b1ea11be64dbadd8c38d02fa1e66c6eb3c1ed2", "https://otx.alienvault.com/indicator/file/cbb9ab5848535b5ff8c79badc80efc77e7dd4200b192c14c5990993919b3b156", "https://tria.ge/230825-pdyvdabe74", "https://hybrid-analysis.com/sample/4db808dc54c9ef1fdad38f1fb7b1ea11be64dbadd8c38d02fa1e66c6eb3c1ed2", "https://hybrid-analysis.com/sample/f0da979013dc3adf7841d93af10dd5d12907752954bde8ca0bb2f027e869f086" ], "public": 1, "adversary": "N/A", "targeted_countries": [], "malware_families": [ { "id": "SpyEye", "display_name": "SpyEye", "target": null }, { "id": "Trojan:Linux/Rootkit", "display_name": "Trojan:Linux/Rootkit", "target": "/malware/Trojan:Linux/Rootkit" }, { "id": "Poet RAT", "display_name": "Poet RAT", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "TrojanDropper:Win32/Ponmocup", "display_name": "TrojanDropper:Win32/Ponmocup", "target": "/malware/TrojanDropper:Win32/Ponmocup" }, { "id": "Shylock", "display_name": "Shylock", "target": null }, { "id": "Virus:Win95/Cerebrus", "display_name": "Virus:Win95/Cerebrus", "target": "/malware/Virus:Win95/Cerebrus" }, { "id": "TrojanSpy:Win32/Warpp", "display_name": "TrojanSpy:Win32/Warpp", "target": "/malware/TrojanSpy:Win32/Warpp" }, { "id": "IronTiger", "display_name": "IronTiger", "target": null }, { "id": "wimmie", "display_name": "wimmie", "target": null }, { "id": "lsadump", "display_name": "lsadump", "target": null }, { "id": "SURTR", "display_name": "SURTR", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" } ], "industries": [ "individuals" ], "TLP": "white", "cloned_from": "64ee2668cad3bfce7a474d79", "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 79, "FileHash-SHA1": 46, "FileHash-SHA256": 68, "URL": 119, "domain": 36, "hostname": 88, "email": 1, "SSLCertFingerprint": 5 }, "indicator_count": 442, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "1001 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://w.msftc0nnecttest.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://w.msftc0nnecttest.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780211342.4436505 }