{ "type": "URL", "indicator": "https://wiki.znc.in/Configuration", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://wiki.znc.in/Configuration", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3397464945, "indicator": "https://wiki.znc.in/Configuration", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "657081d392795e7bbfc4d58a", "name": "emotet darkside tesla - mobiles on ballons - clean file but api calls out throu ads, fake analytics etc", "description": "", "modified": "2023-12-06T14:14:43.530000", "created": "2023-12-06T14:14:43.530000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 630, "domain": 195, "hostname": 291, "URL": 778, "FileHash-MD5": 29, "FileHash-SHA1": 29 }, "indicator_count": 1952, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "623006564b5ff3ac30a42a94", "name": "emotet darkside tesla - mobiles on ballons - clean file but api calls out throu ads, fake analytics etc", "description": "consumers use copycat accounts whilst attackers use the consumer accounts to ruin the world\nhttps://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc9c1646349961fa43bcb4049a0aaddcc3d9", "modified": "2022-05-18T09:43:31.827000", "created": "2022-03-15T03:21:58.058000", "tags": [ "qakbot agent", "tesla emotet", "agent tesla", "urls", "url3 test", "public mass", "md5 cookietheft", "brute force", "synaptics", "collection ii", "https://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc" ], "references": [ "https://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc9c1646349961fa43bcb4049a0aaddcc3d9" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 195, "URL": 778, "FileHash-SHA256": 630, "hostname": 291, "FileHash-MD5": 29, "FileHash-SHA1": 29 }, "indicator_count": 1952, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622e45a60eb0aade25830515", "name": "habhub tracker (high altitude balloons) nasty little f.ckers live here", "description": "habhub.org/zeusbot/logs/highalritude.log.20191220", "modified": "2022-04-12T00:02:34.248000", "created": "2022-03-13T19:27:34.906000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "qaexxz", "qbenxz", "avqstring", "qaeaav0", "qmetaobject", "qbehxz", "hpapax", "abv0", "locale", "delphi", "path", "qscreen", "suspicious", "sini", "hybrid", "general", "close", "click", "strings", "write", "windows10", "compiler", "malicious", "asyncrat", "redline stealer", "emotet agent", "nanocore", "netwire y", "async nanocore", "netwire", "netwire and", "asyncrat via", "public cloud", "embed tracker", "hab project", "habhub.org/zeusbot/logs/highalritude.log.20191220" ], "references": [ "https://tracker.habhub.org/#!qm=All&q=NT6T-12", "https://tracker.habhub.org/#!qm=All&q=SQ9GOL-6", "https://tracker.habhub.org/#!qm=All&q=XX", "https://tracker.habhub.org/#!qm=All&q=K6RPT", "https://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc9c1646349961fa43bcb4049a0aaddcc3d9", "https://tracker.habhub.org/js/mobile.js = TarCA5.tmp", "https://hybrid-analysis.com/sample/2fb8f4a260441e56294bf292553427cce9baef418c021d1eb70e77f6babf813b/622e22b2de16da7c6e7fb05b" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 273, "CVE": 1, "domain": 50, "FileHash-SHA256": 743, "hostname": 104, "FileHash-MD5": 494, "FileHash-SHA1": 185, "email": 1 }, "indicator_count": 1851, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1510 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/2fb8f4a260441e56294bf292553427cce9baef418c021d1eb70e77f6babf813b/622e22b2de16da7c6e7fb05b", "https://tracker.habhub.org/#!qm=All&q=K6RPT", "https://tracker.habhub.org/#!qm=All&q=XX", "https://tracker.habhub.org/#!qm=All&q=SQ9GOL-6", "https://tracker.habhub.org/js/mobile.js = TarCA5.tmp", "https://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc9c1646349961fa43bcb4049a0aaddcc3d9", "https://tracker.habhub.org/#!qm=All&q=NT6T-12" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 3685 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/znc.in", "whois": "http://whois.domaintools.com/znc.in", "domain": "znc.in", "hostname": "wiki.znc.in" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "657081d392795e7bbfc4d58a", "name": "emotet darkside tesla - mobiles on ballons - clean file but api calls out throu ads, fake analytics etc", "description": "", "modified": "2023-12-06T14:14:43.530000", "created": "2023-12-06T14:14:43.530000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 630, "domain": 195, "hostname": 291, "URL": 778, "FileHash-MD5": 29, "FileHash-SHA1": 29 }, "indicator_count": 1952, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "623006564b5ff3ac30a42a94", "name": "emotet darkside tesla - mobiles on ballons - clean file but api calls out throu ads, fake analytics etc", "description": "consumers use copycat accounts whilst attackers use the consumer accounts to ruin the world\nhttps://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc9c1646349961fa43bcb4049a0aaddcc3d9", "modified": "2022-05-18T09:43:31.827000", "created": "2022-03-15T03:21:58.058000", "tags": [ "qakbot agent", "tesla emotet", "agent tesla", "urls", "url3 test", "public mass", "md5 cookietheft", "brute force", "synaptics", "collection ii", "https://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc" ], "references": [ "https://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc9c1646349961fa43bcb4049a0aaddcc3d9" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 195, "URL": 778, "FileHash-SHA256": 630, "hostname": 291, "FileHash-MD5": 29, "FileHash-SHA1": 29 }, "indicator_count": 1952, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622e45a60eb0aade25830515", "name": "habhub tracker (high altitude balloons) nasty little f.ckers live here", "description": "habhub.org/zeusbot/logs/highalritude.log.20191220", "modified": "2022-04-12T00:02:34.248000", "created": "2022-03-13T19:27:34.906000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "qaexxz", "qbenxz", "avqstring", "qaeaav0", "qmetaobject", "qbehxz", "hpapax", "abv0", "locale", "delphi", "path", "qscreen", "suspicious", "sini", "hybrid", "general", "close", "click", "strings", "write", "windows10", "compiler", "malicious", "asyncrat", "redline stealer", "emotet agent", "nanocore", "netwire y", "async nanocore", "netwire", "netwire and", "asyncrat via", "public cloud", "embed tracker", "hab project", "habhub.org/zeusbot/logs/highalritude.log.20191220" ], "references": [ "https://tracker.habhub.org/#!qm=All&q=NT6T-12", "https://tracker.habhub.org/#!qm=All&q=SQ9GOL-6", "https://tracker.habhub.org/#!qm=All&q=XX", "https://tracker.habhub.org/#!qm=All&q=K6RPT", "https://www.virustotal.com/graph/g0bda73c9c42e48f9b6615e78ac70dc9c1646349961fa43bcb4049a0aaddcc3d9", "https://tracker.habhub.org/js/mobile.js = TarCA5.tmp", "https://hybrid-analysis.com/sample/2fb8f4a260441e56294bf292553427cce9baef418c021d1eb70e77f6babf813b/622e22b2de16da7c6e7fb05b" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 273, "CVE": 1, "domain": 50, "FileHash-SHA256": 743, "hostname": 104, "FileHash-MD5": 494, "FileHash-SHA1": 185, "email": 1 }, "indicator_count": 1851, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1510 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://wiki.znc.in/Configuration", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://wiki.znc.in/Configuration", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780255066.6123598 }