{ "type": "URL", "indicator": "https://webssl.kddi-cloud.com/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://webssl.kddi-cloud.com/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4084203084, "indicator": "https://webssl.kddi-cloud.com/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "69bf8e2663d5480917ddb699", "name": "Pegasus - https://house.mo.gov/ | Brian Sabey HallRender [i cloned OctoSeek] T8", "description": "", "modified": "2026-03-22T08:35:26.266000", "created": "2026-03-22T06:37:26.233000", "tags": [ "united", "as393601 state", "a domains", "passive dns", "as397241", "certificate", "urls", "search", "showing", "entries", "algorithm", "full name", "data", "v3 serial", "number", "cus cndigicert", "global g2", "tls rsa", "sha256", "ca1 odigicert", "info", "record type", "ttl value", "all txt", "ssl certificate", "whois record", "contacted", "referrer", "resolutions", "historical ssl", "communicating", "problems", "parent domain", "njrat", "ransomware", "startpage", "historical", "malware", "execution", "threat roundup", "april", "september", "remcos rat", "august", "june", "qakbot", "push", "service", "privateloader", "amadey", "powershell", "qbot", "cobalt strike", "core", "hacktool", "november", "october", "roundup", "threat network", "cellbrite", "february", "emotet", "maze", "metro", "dark", "malicious", "team", "critical", "copy", "awful", "parallax rat", "banker", "keylogger", "dns replication", "date", "csc corporate", "domains", "code", "server", "registrar abuse", "registrar iana", "registry domain", "registrar url", "registrar", "contact phone", "apple ios", "quasar", "remcos", "ursnif", "chaos", "ransomexx", "azorult", "agent tesla", "evilnum", "asyncrat", "win32 exe", "wininit", "beta version", "cmstp", "taskscheduler", "ieudinit", "nat32", "certsentry", "type name", "wc3 rpg", "pegasus", "unknown", "domain", "servers", "germany unknown", "name servers", "status", "next", "as29066 host", "as133618", "cname", "as47846", "scan endpoints", "all octoseek", "pulse pulses", "encrypt", "china unknown", "as38365 beijing", "as134175 unit", "707713", "hong kong", "virgin islands", "as6461 zayo", "ransom", "exploit", "ipv4", "pulse submit", "url analysis", "trojan", "body", "click", "creation date", "emails", "expiration date", "domain privacy", "hostname", "dynamicloader", "state", "medium", "msie", "windows nt", "wow64", "show", "slcc2", "media center", "error", "delphi", "guard", "write", "win32", "target", "redir", "facebook", "dcom", "local", "delete", "utf8", "unicode text", "crlf line", "rgba", "yara detections", "default", "asnone", "get na", "dns lookup", "probe ms17010", "eternalblue", "playgame", "high", "related pulses", "yara rule", "anomalous file", "dynamic", "malware infection", "cnc", "procmem_yara", "antivm_generic_disk", "modify_proxy infostealer_cookies", "network_http", "anomalous_deletefile", "antidebug_guardpages", "powershell_request", "powershell_download", "as63949 linode", "mtb feb", "open ports", "backdoor", "gmt content", "trojandropper", "simda", "lockbit", "win.trojan", "midia-4", "floxif", "cryptowall", "brontok", "check in", "record value", "files", "location united", "america asn", "as16509", "download", "threat", "paste", "iocs", "analyze", "hostnames", "urls http", "samples", "tsara brashears", "2nd corintnthians 4:8-9", "injection_inter_process", "injection_create_remote_thread", "persistence_autorun", "bypass_firewall", "disables_windowsupdate", "dynamic_function_loading", "http_request", "query", "delete c", "activity dns", "components", "file execution", "observed dns", "as4837 china", "nxdomain", "a nxdomain", "wannacry", "missouri", "safebae", "hallrender", "house.mo.gov", "typosquatting", "tactics", "google", "win64", "khtml", "gecko", "veryhigh", "aes256gcm", "dalles", "cookie", "urls https", "xpcegvo2adsnq", "mhkz", "mvi2", "keepaliveyes", "fexp24007246", "nsyt", "eva reimer", "daisy coleman", "brian sabey", "https://lawlink.com/documents/10935/blackbag-technologies-announ" ], "references": [ "https://house.mo.gov/ \u2022 house.mo.gov \u2022 mo.gov", "dns.msftncsi.com", "NSO Group - Pegasus: enterprise.cellebrite.com \u2022 cellebrite.com \u2022 erp002.blackbagtech.com \u2022 140.108.21.184", "Target\u2193\u2192 Tsara Brashears: https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "23.216.147.64", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [Apple/ iOS unlocker password decryption]", "http://alohatube.xyz/search/tsara-brashears [Telecom \u2022 Brashears Telecom services modified (malicious)]", "alohatube.xyz [BotNetwork]", "facebooksunglassshop.com", "iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com - Lockbit Black 3.0, Observed AridViper CnC Domain, Win.Trojan.Midia-4", "oooooooooo.ga \u2022 rallypoint.com \u2022 pornhub.dev \u2022 chats.pornhub.dev \u2022 https://twitter.com/PORNO_SEXYBABES \u2022 https://matrix.pornhub.dev \u2022 https://git.pornhub.dev", "http://dobkinfamily.com/__media__/js/netsoltrademark.php?d=www.fap18pgals.eu/cum-on-ass-porn/", "government.westlaw.com \u2022 hero9780.duckdns.org \u2022 hallrender.com \u2022 miles-andmore.duckdns.org", "https://otx.alienvault.com/indicator/url/https://miles-andmore.duckdns.org/ihFKGyel4wizIPNVvHHQQIuHfl4hEb2F6gWEXupmNDuiMJgJtshSlLFmilf3zCT2EF/index.html", "remote.utorrent.com [remote router logins]", "Tracking: http://www.trackip.net/ip \u2022 gfx.ms \u2022 dssruletracker.mo.gov [network] \u2022 earlyconnections.mo.gov \u2022 www77.trackerspy.com \u2022 ww38.track.updatevideos.com", "http://tracking.studyportalsmail.com/about/privacy/?cdmtw=BAAAIAEAIGmGCaIK4E8-IsDv \u2022 tracking.studyportalsmail.com \u2022 plugtrack.online", "http://images.startappservice.com/image/fetch/f_auto \u2022 track.smtpsendemail.com \u2022 nr-data.net [apple] \u2022 lg.as35280.net \u2022 leaseway.damstracking.com", "http://tvm77.fashiongup.in/tracking/track-open", "https://www.house.mo.gov:80/messageboard/ \u2022 extranet16.mo.gov \u2022 login.mo.gov \u2022 witness.house.mo.gov \u2022 dps.mo.gov \u2022 dev-publicdefender.mo.gov", "https://www.hallrender.com/wp-content/uploads/2016/02/Denver-150x150.jpg", "http://hallrender.com/attorney/brian-sabey \u2022 https://hallrender.com/attorney/brian-sabey \u2022 https://www.hallrender.com/attorney/brian-sabey/Accept", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-150x150.png", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-266x266.png", "https://www.hallrender.com/wp-json/oembed/1.0/embed?url=https://www.hallrender.com/attorney/brian-sabey/&", "https://www.hallrender.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.hallrender.com%2Fattorney%2Fbrian-sabey%2F&", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-48x48.png \u2022 http://2fwww.hallrender.com/", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-406x406.png \u2022 https://vcards.hallrender.com/", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-300x300.png \u2022 http://mail2.hallrender.com/", "hallrender.com \u2022 government.westlaw.com \u2022 http://dev.hallrender.com/ \u2022 https://mercy.hallrender.com/ \u2022 autodiscover.hallrender.com", "http://web2.westlaw.com/find/default.wl?tf=-1&rs=WLW9.10&referencepositiontype=S&serialnum=1987042953&fn=_top&sv=Split&referenceposition=1555&pbc=D5845283&tc=-1&ordoc=1989026578&findtype=Y&db=708&vr=2.0&rp=/find/default.wl&mt=208", "https://otx.alienvault.com/indicator/ip/45.56.79.23 \u2022 batchcourtexpressservices.westlaw.com \u2022 courtexpress.westlaw.com", "safebae.org \u2022 rp.dudaran2.com \u2022 www.safebae.org \u2022 https://safebae.org/%20%5B \u2022 https://safebae.org/about/ \u2022 https://safebae.org/", "https://safebae.org/wp-content/plugins/addons-for-visual-composer/assets/js/slick.min.js?ver=2.9.2 \u2022 https://api.w.org/ \u2022 247.0.198.104.bc.googleusercontent.com", "https://safebae.org/wp-json/ \u2022 https://safebae.org/wp-content/plugins/embed-any-document/css/embed-public.min.css?ver=2.7.4", "Malware Hosting: http://81.5.88.13/dbreader.exe \u2022 http://utasoft.ru/catalog/view/javascript/jquery/ui/jquery-ui-1.8.16.custom.min.js", "Apple Malware: http://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel [ Apple unlocker, decryption via media]", "Malware Hosting: deviceinbox.com \u2022 http://www.hakoonportal.net/240714d/240714_t2.exe \u2022103.246.145.111 \u2022 Spyware: stream.ntpserver.store", "https://nl.toyota.be/tme [vehicle spyware, camera, data, speakers]", "http://link.mcsa.org/api/LinkHandler/getaction?redirectParam2=K09weU5vMDBKWW90Wk1hcHl4SmF4NGtHbnBGbjJaVElud2tpMlBaUGhseXZNM0JLaHRaUnJZOVh1bmMvSVhYWDZhb0UwY2hPaGVuSGNDRUFYeHNzWWFQL0dBNVlRVmlTSGpXa016bUQzWUZ6cVZRcktRTmRyZHJPYlBrY1NpSyt6ZzBrS0FjWk9EYSs4WmdOc2RBU09CR1RjWVNiTUZpYkhNV1lvNzkwbzhLMUxDUzQzS0FaVU5LYTZWSUZoS1Vt", "sexuallybroken.info \u2022 sinful-bordello.top-sex.us \u2022 crackedtool.com \u2022 kddi-cloud.com \u2022 http://tuksex.duckdns.org/bb/login.php", "https://lawlink.com/documents/10935/blackbag-technologies-announces-new-release-of-blacklight-forensic-software" ], "public": 1, "adversary": "NSO Group", "targeted_countries": [ "United States of America", "China", "Australia", "Hong Kong" ], "malware_families": [ { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "Amadey", "display_name": "Amadey", "target": null }, { "id": "AsyncRAT", "display_name": "AsyncRAT", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Chaos", "display_name": "Chaos", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "EVILNUM", "display_name": "EVILNUM", "target": null }, { "id": "Dark", "display_name": "Dark", "target": null }, { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "Keylogger", "display_name": "Keylogger", "target": null }, { "id": "Maze", "display_name": "Maze", "target": null }, { "id": "NjRAT", "display_name": "NjRAT", "target": null }, { "id": "Parallax RAT", "display_name": "Parallax RAT", "target": null }, { "id": "Pegasus", "display_name": "Pegasus", "target": null }, { "id": "QakBot", "display_name": "QakBot", "target": null }, { "id": "QBot", "display_name": "QBot", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "Ransomware", "display_name": "Ransomware", "target": null }, { "id": "Remcos RAT", "display_name": "Remcos RAT", "target": null }, { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "Win.Trojan.Agent-336074", "display_name": "Win.Trojan.Agent-336074", "target": null }, { "id": "Arid.Viper_CnC", "display_name": "Arid.Viper_CnC", "target": null }, { "id": "WininiCrypt", "display_name": "WininiCrypt", "target": null }, { "id": "PWS:Win32/QQpass.CI", "display_name": "PWS:Win32/QQpass.CI", "target": "/malware/PWS:Win32/QQpass.CI" }, { "id": "Win.Trojan.Midia-4", "display_name": "Win.Trojan.Midia-4", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null }, { "id": "Win32/SocStealer!rfn", "display_name": "Win32/SocStealer!rfn", "target": null }, { "id": "Backdoor.Win32.Shiz.ufj", "display_name": "Backdoor.Win32.Shiz.ufj", "target": null }, { "id": "Email-Worm.Win32.Brontok.n", "display_name": "Email-Worm.Win32.Brontok.n", "target": null }, { "id": "ETERNALBLUE", "display_name": "ETERNALBLUE", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "ALF:HeraklezEval:Trojan:Win32/Ymacco.AA47", "display_name": "ALF:HeraklezEval:Trojan:Win32/Ymacco.AA47", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": "65c91f2b7c03b480379ae4d1", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2668, "FileHash-SHA1": 2469, "FileHash-SHA256": 8054, "URL": 6185, "domain": 2421, "hostname": 3042, "CVE": 5, "email": 15, "CIDR": 1, "IPv4": 18 }, "indicator_count": 24878, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "686ab98ff0cb9baa4e2b2000", "name": "https://house.mo.gov/ Palantir Technologies HARMFUL (copied OctoseekPulse) Attacks SA victims?", "description": "", "modified": "2025-08-05T21:02:46.419000", "created": "2025-07-06T17:59:43.440000", "tags": [ "runtime process", "localappdata", "size", "sha256", "sha1", "temp", "prefetch8", "prefetch1", "unicode text", "type data", "hybrid", "general", "click", "strings", "contact", "mitre", "writes a pe file header to disc", "show process", "date", "document file", "v2 document", "ascii text", "malicious", "local", "path", "found", "ssl certificate", "whois record", "threat roundup", "contacted", "october", "resolutions", "apple ios", "referrer", "communicating", "execution", "june", "august", "emotet", "qakbot", "agent tesla", "azorult", "core", "maze", "metro", "dark", "team", "critical", "copy", "awful", "ursnif", "hacktool", "info", "qbot", "april", "njrat", "nokoyawa", "djvu", "flubot", "ransomware", "bandit stealer", "hallrender", "spyware", "safebae", "tsara brashears", "westlaw", "river.rocks", "brian sabey", "targeting", "dnspionage", "united", "unknown", "search", "aaaa", "showing", "domain", "creation date", "record value", "dnssec", "body", "passive dns", "encrypt", "as14061", "germany unknown", "as397240", "gmt server", "443 ma2592000", "scan endpoints", "all octoseek", "ipv4", "pulse pulses", "urls", "files", "main", "installing", "as16276", "france unknown", "name servers", "as8075", "servers", "next", "as63949 linode", "as206834 team", "canada unknown", "status", "as61969 team", "msie", "chrome", "ransom", "gone", "title", "head body", "malware" ], "references": [ "\u2193\u2192Found in: https://house.mo.gov/\u2193", "dns.msftncsi.com \u2022 https://dns.msftncsi.com/ \u2022 http://dns.msftncsi.com/", "demo.auth.civicalg.com.sni.cloudflaressl.com", "happyrabbit.kr [Apple iOS threat]", "https://appletoncdn.xyz/l/26422915e0d4f6f88646?sub=5eafeec1af7c0a0001960f44&source=81 \u2022 appletoncdn.xyz", "https://tracking.s-unlock.com \u2022 https://ignaciob.com/track/click/v2-318692303 \u2022 adepttracker.com \u2022", "https://your-sugar-girls.com/cams/default/adult/5277/index.html?p1=https://bongacams10.com/track?c=621661&subid=1a1d33f51a7179480c6d4aeb40d3a5a1&subid2=16969639", "https://click.stecloud.us/campaign/track-email/384458660__3339__6837152__393", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://enter.private.com/track/MTIxODEuNjEuMi41MjEuMTAxMC4wLjAuMC4w/join", "http://nudeteenporn.site" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Nokoyawa Ransomware", "display_name": "Nokoyawa Ransomware", "target": null }, { "id": "Bandit Stealer", "display_name": "Bandit Stealer", "target": null }, { "id": "FluBot", "display_name": "FluBot", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "QBot", "display_name": "QBot", "target": null }, { "id": "QakBot", "display_name": "QakBot", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Djvu", "display_name": "Djvu", "target": null }, { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "Maze", "display_name": "Maze", "target": null }, { "id": "Dark", "display_name": "Dark", "target": null }, { "id": "NjRAT", "display_name": "NjRAT", "target": null }, { "id": "HallRender", "display_name": "HallRender", "target": null }, { "id": "Tulach", "display_name": "Tulach", "target": null } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1065", "name": "Uncommonly Used Port", "display_name": "T1065 - Uncommonly Used Port" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" } ], "industries": [], "TLP": "green", "cloned_from": "65c96df8fe0657d56a206a49", "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 251, "FileHash-SHA1": 211, "FileHash-SHA256": 3226, "domain": 1867, "URL": 10030, "hostname": 2919, "CVE": 7, "email": 6 }, "indicator_count": 18517, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "257 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "alohatube.xyz [BotNetwork]", "Malware Hosting: deviceinbox.com \u2022 http://www.hakoonportal.net/240714d/240714_t2.exe \u2022103.246.145.111 \u2022 Spyware: stream.ntpserver.store", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-266x266.png", "Tracking: http://www.trackip.net/ip \u2022 gfx.ms \u2022 dssruletracker.mo.gov [network] \u2022 earlyconnections.mo.gov \u2022 www77.trackerspy.com \u2022 ww38.track.updatevideos.com", "https://otx.alienvault.com/indicator/ip/45.56.79.23 \u2022 batchcourtexpressservices.westlaw.com \u2022 courtexpress.westlaw.com", "https://www.hallrender.com/wp-content/uploads/2016/02/Denver-150x150.jpg", "http://alohatube.xyz/search/tsara-brashears [Telecom \u2022 Brashears Telecom services modified (malicious)]", "sexuallybroken.info \u2022 sinful-bordello.top-sex.us \u2022 crackedtool.com \u2022 kddi-cloud.com \u2022 http://tuksex.duckdns.org/bb/login.php", "https://otx.alienvault.com/indicator/url/https://miles-andmore.duckdns.org/ihFKGyel4wizIPNVvHHQQIuHfl4hEb2F6gWEXupmNDuiMJgJtshSlLFmilf3zCT2EF/index.html", "https://tracking.s-unlock.com \u2022 https://ignaciob.com/track/click/v2-318692303 \u2022 adepttracker.com \u2022", "https://enter.private.com/track/MTIxODEuNjEuMi41MjEuMTAxMC4wLjAuMC4w/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [Apple/ iOS unlocker password decryption]", "https://safebae.org/wp-json/ \u2022 https://safebae.org/wp-content/plugins/embed-any-document/css/embed-public.min.css?ver=2.7.4", "Apple Malware: http://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel [ Apple unlocker, decryption via media]", "https://www.hallrender.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.hallrender.com%2Fattorney%2Fbrian-sabey%2F&", "https://your-sugar-girls.com/cams/default/adult/5277/index.html?p1=https://bongacams10.com/track?c=621661&subid=1a1d33f51a7179480c6d4aeb40d3a5a1&subid2=16969639", "https://house.mo.gov/ \u2022 house.mo.gov \u2022 mo.gov", "http://link.mcsa.org/api/LinkHandler/getaction?redirectParam2=K09weU5vMDBKWW90Wk1hcHl4SmF4NGtHbnBGbjJaVElud2tpMlBaUGhseXZNM0JLaHRaUnJZOVh1bmMvSVhYWDZhb0UwY2hPaGVuSGNDRUFYeHNzWWFQL0dBNVlRVmlTSGpXa016bUQzWUZ6cVZRcktRTmRyZHJPYlBrY1NpSyt6ZzBrS0FjWk9EYSs4WmdOc2RBU09CR1RjWVNiTUZpYkhNV1lvNzkwbzhLMUxDUzQzS0FaVU5LYTZWSUZoS1Vt", "https://lawlink.com/documents/10935/blackbag-technologies-announces-new-release-of-blacklight-forensic-software", "Malware Hosting: http://81.5.88.13/dbreader.exe \u2022 http://utasoft.ru/catalog/view/javascript/jquery/ui/jquery-ui-1.8.16.custom.min.js", "http://tvm77.fashiongup.in/tracking/track-open", "safebae.org \u2022 rp.dudaran2.com \u2022 www.safebae.org \u2022 https://safebae.org/%20%5B \u2022 https://safebae.org/about/ \u2022 https://safebae.org/", "NSO Group - Pegasus: enterprise.cellebrite.com \u2022 cellebrite.com \u2022 erp002.blackbagtech.com \u2022 140.108.21.184", "government.westlaw.com \u2022 hero9780.duckdns.org \u2022 hallrender.com \u2022 miles-andmore.duckdns.org", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-48x48.png \u2022 http://2fwww.hallrender.com/", "oooooooooo.ga \u2022 rallypoint.com \u2022 pornhub.dev \u2022 chats.pornhub.dev \u2022 https://twitter.com/PORNO_SEXYBABES \u2022 https://matrix.pornhub.dev \u2022 https://git.pornhub.dev", "hallrender.com \u2022 government.westlaw.com \u2022 http://dev.hallrender.com/ \u2022 https://mercy.hallrender.com/ \u2022 autodiscover.hallrender.com", "demo.auth.civicalg.com.sni.cloudflaressl.com", "http://hallrender.com/attorney/brian-sabey \u2022 https://hallrender.com/attorney/brian-sabey \u2022 https://www.hallrender.com/attorney/brian-sabey/Accept", "23.216.147.64", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-150x150.png", "dns.msftncsi.com \u2022 https://dns.msftncsi.com/ \u2022 http://dns.msftncsi.com/", "https://click.stecloud.us/campaign/track-email/384458660__3339__6837152__393", "http://dobkinfamily.com/__media__/js/netsoltrademark.php?d=www.fap18pgals.eu/cum-on-ass-porn/", "Target\u2193\u2192 Tsara Brashears: https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "dns.msftncsi.com", "http://tracking.studyportalsmail.com/about/privacy/?cdmtw=BAAAIAEAIGmGCaIK4E8-IsDv \u2022 tracking.studyportalsmail.com \u2022 plugtrack.online", "http://images.startappservice.com/image/fetch/f_auto \u2022 track.smtpsendemail.com \u2022 nr-data.net [apple] \u2022 lg.as35280.net \u2022 leaseway.damstracking.com", "https://appletoncdn.xyz/l/26422915e0d4f6f88646?sub=5eafeec1af7c0a0001960f44&source=81 \u2022 appletoncdn.xyz", "https://www.hallrender.com/wp-json/oembed/1.0/embed?url=https://www.hallrender.com/attorney/brian-sabey/&", "iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com - Lockbit Black 3.0, Observed AridViper CnC Domain, Win.Trojan.Midia-4", "happyrabbit.kr [Apple iOS threat]", "facebooksunglassshop.com", "https://www.house.mo.gov:80/messageboard/ \u2022 extranet16.mo.gov \u2022 login.mo.gov \u2022 witness.house.mo.gov \u2022 dps.mo.gov \u2022 dev-publicdefender.mo.gov", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-406x406.png \u2022 https://vcards.hallrender.com/", "http://nudeteenporn.site", "https://safebae.org/wp-content/plugins/addons-for-visual-composer/assets/js/slick.min.js?ver=2.9.2 \u2022 https://api.w.org/ \u2022 247.0.198.104.bc.googleusercontent.com", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-300x300.png \u2022 http://mail2.hallrender.com/", "http://web2.westlaw.com/find/default.wl?tf=-1&rs=WLW9.10&referencepositiontype=S&serialnum=1987042953&fn=_top&sv=Split&referenceposition=1555&pbc=D5845283&tc=-1&ordoc=1989026578&findtype=Y&db=708&vr=2.0&rp=/find/default.wl&mt=208", "https://nl.toyota.be/tme [vehicle spyware, camera, data, speakers]", "remote.utorrent.com [remote router logins]", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "\u2193\u2192Found in: https://house.mo.gov/\u2193" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "NSO Group" ], "malware_families": [ "Win.trojan.agent-336074", "Wininicrypt", "Nokoyawa ransomware", "Ransomexx", "Lockbit", "Tulach", "Cobalt strike", "Amadey", "Pegasus", "Asyncrat", "Parallax rat", "Win.trojan.midia-4", "Alf:heraklezeval:trojan:win32/ymacco.aa47", "Hallrender", "Azorult", "Keylogger", "Emotet", "Hacktool", "Evilnum", "Njrat", "Backdoor.win32.shiz.ufj", "Maze", "Quasar rat", "Wannacry", "Remcos rat", "Djvu", "Pws:win32/qqpass.ci", "Flubot", "Ursnif", "Agent tesla", "Qbot", "Arid.viper_cnc", "Eternalblue", "Ransomware", "Chaos", "Dark", "Qakbot", "Bandit stealer", "Email-worm.win32.brontok.n", "Win32/socstealer!rfn" ], "industries": [], "unique_indicators": 32749 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/kddi-cloud.com", "whois": "http://whois.domaintools.com/kddi-cloud.com", "domain": "kddi-cloud.com", "hostname": "webssl.kddi-cloud.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "69bf8e2663d5480917ddb699", "name": "Pegasus - https://house.mo.gov/ | Brian Sabey HallRender [i cloned OctoSeek] T8", "description": "", "modified": "2026-03-22T08:35:26.266000", "created": "2026-03-22T06:37:26.233000", "tags": [ "united", "as393601 state", "a domains", "passive dns", "as397241", "certificate", "urls", "search", "showing", "entries", "algorithm", "full name", "data", "v3 serial", "number", "cus cndigicert", "global g2", "tls rsa", "sha256", "ca1 odigicert", "info", "record type", "ttl value", "all txt", "ssl certificate", "whois record", "contacted", "referrer", "resolutions", "historical ssl", "communicating", "problems", "parent domain", "njrat", "ransomware", "startpage", "historical", "malware", "execution", "threat roundup", "april", "september", "remcos rat", "august", "june", "qakbot", "push", "service", "privateloader", "amadey", "powershell", "qbot", "cobalt strike", "core", "hacktool", "november", "october", "roundup", "threat network", "cellbrite", "february", "emotet", "maze", "metro", "dark", "malicious", "team", "critical", "copy", "awful", "parallax rat", "banker", "keylogger", "dns replication", "date", "csc corporate", "domains", "code", "server", "registrar abuse", "registrar iana", "registry domain", "registrar url", "registrar", "contact phone", "apple ios", "quasar", "remcos", "ursnif", "chaos", "ransomexx", "azorult", "agent tesla", "evilnum", "asyncrat", "win32 exe", "wininit", "beta version", "cmstp", "taskscheduler", "ieudinit", "nat32", "certsentry", "type name", "wc3 rpg", "pegasus", "unknown", "domain", "servers", "germany unknown", "name servers", "status", "next", "as29066 host", "as133618", "cname", "as47846", "scan endpoints", "all octoseek", "pulse pulses", "encrypt", "china unknown", "as38365 beijing", "as134175 unit", "707713", "hong kong", "virgin islands", "as6461 zayo", "ransom", "exploit", "ipv4", "pulse submit", "url analysis", "trojan", "body", "click", "creation date", "emails", "expiration date", "domain privacy", "hostname", "dynamicloader", "state", "medium", "msie", "windows nt", "wow64", "show", "slcc2", "media center", "error", "delphi", "guard", "write", "win32", "target", "redir", "facebook", "dcom", "local", "delete", "utf8", "unicode text", "crlf line", "rgba", "yara detections", "default", "asnone", "get na", "dns lookup", "probe ms17010", "eternalblue", "playgame", "high", "related pulses", "yara rule", "anomalous file", "dynamic", "malware infection", "cnc", "procmem_yara", "antivm_generic_disk", "modify_proxy infostealer_cookies", "network_http", "anomalous_deletefile", "antidebug_guardpages", "powershell_request", "powershell_download", "as63949 linode", "mtb feb", "open ports", "backdoor", "gmt content", "trojandropper", "simda", "lockbit", "win.trojan", "midia-4", "floxif", "cryptowall", "brontok", "check in", "record value", "files", "location united", "america asn", "as16509", "download", "threat", "paste", "iocs", "analyze", "hostnames", "urls http", "samples", "tsara brashears", "2nd corintnthians 4:8-9", "injection_inter_process", "injection_create_remote_thread", "persistence_autorun", "bypass_firewall", "disables_windowsupdate", "dynamic_function_loading", "http_request", "query", "delete c", "activity dns", "components", "file execution", "observed dns", "as4837 china", "nxdomain", "a nxdomain", "wannacry", "missouri", "safebae", "hallrender", "house.mo.gov", "typosquatting", "tactics", "google", "win64", "khtml", "gecko", "veryhigh", "aes256gcm", "dalles", "cookie", "urls https", "xpcegvo2adsnq", "mhkz", "mvi2", "keepaliveyes", "fexp24007246", "nsyt", "eva reimer", "daisy coleman", "brian sabey", "https://lawlink.com/documents/10935/blackbag-technologies-announ" ], "references": [ "https://house.mo.gov/ \u2022 house.mo.gov \u2022 mo.gov", "dns.msftncsi.com", "NSO Group - Pegasus: enterprise.cellebrite.com \u2022 cellebrite.com \u2022 erp002.blackbagtech.com \u2022 140.108.21.184", "Target\u2193\u2192 Tsara Brashears: https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing", "23.216.147.64", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [Apple/ iOS unlocker password decryption]", "http://alohatube.xyz/search/tsara-brashears [Telecom \u2022 Brashears Telecom services modified (malicious)]", "alohatube.xyz [BotNetwork]", "facebooksunglassshop.com", "iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com - Lockbit Black 3.0, Observed AridViper CnC Domain, Win.Trojan.Midia-4", "oooooooooo.ga \u2022 rallypoint.com \u2022 pornhub.dev \u2022 chats.pornhub.dev \u2022 https://twitter.com/PORNO_SEXYBABES \u2022 https://matrix.pornhub.dev \u2022 https://git.pornhub.dev", "http://dobkinfamily.com/__media__/js/netsoltrademark.php?d=www.fap18pgals.eu/cum-on-ass-porn/", "government.westlaw.com \u2022 hero9780.duckdns.org \u2022 hallrender.com \u2022 miles-andmore.duckdns.org", "https://otx.alienvault.com/indicator/url/https://miles-andmore.duckdns.org/ihFKGyel4wizIPNVvHHQQIuHfl4hEb2F6gWEXupmNDuiMJgJtshSlLFmilf3zCT2EF/index.html", "remote.utorrent.com [remote router logins]", "Tracking: http://www.trackip.net/ip \u2022 gfx.ms \u2022 dssruletracker.mo.gov [network] \u2022 earlyconnections.mo.gov \u2022 www77.trackerspy.com \u2022 ww38.track.updatevideos.com", "http://tracking.studyportalsmail.com/about/privacy/?cdmtw=BAAAIAEAIGmGCaIK4E8-IsDv \u2022 tracking.studyportalsmail.com \u2022 plugtrack.online", "http://images.startappservice.com/image/fetch/f_auto \u2022 track.smtpsendemail.com \u2022 nr-data.net [apple] \u2022 lg.as35280.net \u2022 leaseway.damstracking.com", "http://tvm77.fashiongup.in/tracking/track-open", "https://www.house.mo.gov:80/messageboard/ \u2022 extranet16.mo.gov \u2022 login.mo.gov \u2022 witness.house.mo.gov \u2022 dps.mo.gov \u2022 dev-publicdefender.mo.gov", "https://www.hallrender.com/wp-content/uploads/2016/02/Denver-150x150.jpg", "http://hallrender.com/attorney/brian-sabey \u2022 https://hallrender.com/attorney/brian-sabey \u2022 https://www.hallrender.com/attorney/brian-sabey/Accept", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-150x150.png", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-266x266.png", "https://www.hallrender.com/wp-json/oembed/1.0/embed?url=https://www.hallrender.com/attorney/brian-sabey/&", "https://www.hallrender.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.hallrender.com%2Fattorney%2Fbrian-sabey%2F&", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-48x48.png \u2022 http://2fwww.hallrender.com/", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-406x406.png \u2022 https://vcards.hallrender.com/", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-300x300.png \u2022 http://mail2.hallrender.com/", "hallrender.com \u2022 government.westlaw.com \u2022 http://dev.hallrender.com/ \u2022 https://mercy.hallrender.com/ \u2022 autodiscover.hallrender.com", "http://web2.westlaw.com/find/default.wl?tf=-1&rs=WLW9.10&referencepositiontype=S&serialnum=1987042953&fn=_top&sv=Split&referenceposition=1555&pbc=D5845283&tc=-1&ordoc=1989026578&findtype=Y&db=708&vr=2.0&rp=/find/default.wl&mt=208", "https://otx.alienvault.com/indicator/ip/45.56.79.23 \u2022 batchcourtexpressservices.westlaw.com \u2022 courtexpress.westlaw.com", "safebae.org \u2022 rp.dudaran2.com \u2022 www.safebae.org \u2022 https://safebae.org/%20%5B \u2022 https://safebae.org/about/ \u2022 https://safebae.org/", "https://safebae.org/wp-content/plugins/addons-for-visual-composer/assets/js/slick.min.js?ver=2.9.2 \u2022 https://api.w.org/ \u2022 247.0.198.104.bc.googleusercontent.com", "https://safebae.org/wp-json/ \u2022 https://safebae.org/wp-content/plugins/embed-any-document/css/embed-public.min.css?ver=2.7.4", "Malware Hosting: http://81.5.88.13/dbreader.exe \u2022 http://utasoft.ru/catalog/view/javascript/jquery/ui/jquery-ui-1.8.16.custom.min.js", "Apple Malware: http://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel [ Apple unlocker, decryption via media]", "Malware Hosting: deviceinbox.com \u2022 http://www.hakoonportal.net/240714d/240714_t2.exe \u2022103.246.145.111 \u2022 Spyware: stream.ntpserver.store", "https://nl.toyota.be/tme [vehicle spyware, camera, data, speakers]", "http://link.mcsa.org/api/LinkHandler/getaction?redirectParam2=K09weU5vMDBKWW90Wk1hcHl4SmF4NGtHbnBGbjJaVElud2tpMlBaUGhseXZNM0JLaHRaUnJZOVh1bmMvSVhYWDZhb0UwY2hPaGVuSGNDRUFYeHNzWWFQL0dBNVlRVmlTSGpXa016bUQzWUZ6cVZRcktRTmRyZHJPYlBrY1NpSyt6ZzBrS0FjWk9EYSs4WmdOc2RBU09CR1RjWVNiTUZpYkhNV1lvNzkwbzhLMUxDUzQzS0FaVU5LYTZWSUZoS1Vt", "sexuallybroken.info \u2022 sinful-bordello.top-sex.us \u2022 crackedtool.com \u2022 kddi-cloud.com \u2022 http://tuksex.duckdns.org/bb/login.php", "https://lawlink.com/documents/10935/blackbag-technologies-announces-new-release-of-blacklight-forensic-software" ], "public": 1, "adversary": "NSO Group", "targeted_countries": [ "United States of America", "China", "Australia", "Hong Kong" ], "malware_families": [ { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "Amadey", "display_name": "Amadey", "target": null }, { "id": "AsyncRAT", "display_name": "AsyncRAT", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Chaos", "display_name": "Chaos", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "EVILNUM", "display_name": "EVILNUM", "target": null }, { "id": "Dark", "display_name": "Dark", "target": null }, { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "Keylogger", "display_name": "Keylogger", "target": null }, { "id": "Maze", "display_name": "Maze", "target": null }, { "id": "NjRAT", "display_name": "NjRAT", "target": null }, { "id": "Parallax RAT", "display_name": "Parallax RAT", "target": null }, { "id": "Pegasus", "display_name": "Pegasus", "target": null }, { "id": "QakBot", "display_name": "QakBot", "target": null }, { "id": "QBot", "display_name": "QBot", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "Ransomware", "display_name": "Ransomware", "target": null }, { "id": "Remcos RAT", "display_name": "Remcos RAT", "target": null }, { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "Win.Trojan.Agent-336074", "display_name": "Win.Trojan.Agent-336074", "target": null }, { "id": "Arid.Viper_CnC", "display_name": "Arid.Viper_CnC", "target": null }, { "id": "WininiCrypt", "display_name": "WininiCrypt", "target": null }, { "id": "PWS:Win32/QQpass.CI", "display_name": "PWS:Win32/QQpass.CI", "target": "/malware/PWS:Win32/QQpass.CI" }, { "id": "Win.Trojan.Midia-4", "display_name": "Win.Trojan.Midia-4", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null }, { "id": "Win32/SocStealer!rfn", "display_name": "Win32/SocStealer!rfn", "target": null }, { "id": "Backdoor.Win32.Shiz.ufj", "display_name": "Backdoor.Win32.Shiz.ufj", "target": null }, { "id": "Email-Worm.Win32.Brontok.n", "display_name": "Email-Worm.Win32.Brontok.n", "target": null }, { "id": "ETERNALBLUE", "display_name": "ETERNALBLUE", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "ALF:HeraklezEval:Trojan:Win32/Ymacco.AA47", "display_name": "ALF:HeraklezEval:Trojan:Win32/Ymacco.AA47", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": "65c91f2b7c03b480379ae4d1", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2668, "FileHash-SHA1": 2469, "FileHash-SHA256": 8054, "URL": 6185, "domain": 2421, "hostname": 3042, "CVE": 5, "email": 15, "CIDR": 1, "IPv4": 18 }, "indicator_count": 24878, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "686ab98ff0cb9baa4e2b2000", "name": "https://house.mo.gov/ Palantir Technologies HARMFUL (copied OctoseekPulse) Attacks SA victims?", "description": "", "modified": "2025-08-05T21:02:46.419000", "created": "2025-07-06T17:59:43.440000", "tags": [ "runtime process", "localappdata", "size", "sha256", "sha1", "temp", "prefetch8", "prefetch1", "unicode text", "type data", "hybrid", "general", "click", "strings", "contact", "mitre", "writes a pe file header to disc", "show process", "date", "document file", "v2 document", "ascii text", "malicious", "local", "path", "found", "ssl certificate", "whois record", "threat roundup", "contacted", "october", "resolutions", "apple ios", "referrer", "communicating", "execution", "june", "august", "emotet", "qakbot", "agent tesla", "azorult", "core", "maze", "metro", "dark", "team", "critical", "copy", "awful", "ursnif", "hacktool", "info", "qbot", "april", "njrat", "nokoyawa", "djvu", "flubot", "ransomware", "bandit stealer", "hallrender", "spyware", "safebae", "tsara brashears", "westlaw", "river.rocks", "brian sabey", "targeting", "dnspionage", "united", "unknown", "search", "aaaa", "showing", "domain", "creation date", "record value", "dnssec", "body", "passive dns", "encrypt", "as14061", "germany unknown", "as397240", "gmt server", "443 ma2592000", "scan endpoints", "all octoseek", "ipv4", "pulse pulses", "urls", "files", "main", "installing", "as16276", "france unknown", "name servers", "as8075", "servers", "next", "as63949 linode", "as206834 team", "canada unknown", "status", "as61969 team", "msie", "chrome", "ransom", "gone", "title", "head body", "malware" ], "references": [ "\u2193\u2192Found in: https://house.mo.gov/\u2193", "dns.msftncsi.com \u2022 https://dns.msftncsi.com/ \u2022 http://dns.msftncsi.com/", "demo.auth.civicalg.com.sni.cloudflaressl.com", "happyrabbit.kr [Apple iOS threat]", "https://appletoncdn.xyz/l/26422915e0d4f6f88646?sub=5eafeec1af7c0a0001960f44&source=81 \u2022 appletoncdn.xyz", "https://tracking.s-unlock.com \u2022 https://ignaciob.com/track/click/v2-318692303 \u2022 adepttracker.com \u2022", "https://your-sugar-girls.com/cams/default/adult/5277/index.html?p1=https://bongacams10.com/track?c=621661&subid=1a1d33f51a7179480c6d4aeb40d3a5a1&subid2=16969639", "https://click.stecloud.us/campaign/track-email/384458660__3339__6837152__393", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://enter.private.com/track/MTIxODEuNjEuMi41MjEuMTAxMC4wLjAuMC4w/join", "http://nudeteenporn.site" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Nokoyawa Ransomware", "display_name": "Nokoyawa Ransomware", "target": null }, { "id": "Bandit Stealer", "display_name": "Bandit Stealer", "target": null }, { "id": "FluBot", "display_name": "FluBot", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "QBot", "display_name": "QBot", "target": null }, { "id": "QakBot", "display_name": "QakBot", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Djvu", "display_name": "Djvu", "target": null }, { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "Maze", "display_name": "Maze", "target": null }, { "id": "Dark", "display_name": "Dark", "target": null }, { "id": "NjRAT", "display_name": "NjRAT", "target": null }, { "id": "HallRender", "display_name": "HallRender", "target": null }, { "id": "Tulach", "display_name": "Tulach", "target": null } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1065", "name": "Uncommonly Used Port", "display_name": "T1065 - Uncommonly Used Port" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" } ], "industries": [], "TLP": "green", "cloned_from": "65c96df8fe0657d56a206a49", "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 251, "FileHash-SHA1": 211, "FileHash-SHA256": 3226, "domain": 1867, "URL": 10030, "hostname": 2919, "CVE": 7, "email": 6 }, "indicator_count": 18517, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "257 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://webssl.kddi-cloud.com/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://webssl.kddi-cloud.com/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776642542.1438577 }