{
  "type": "URL",
  "indicator": "https://winlog02.micnosoftupdates.com/css/jquery.min.js",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://winlog02.micnosoftupdates.com/css/jquery.min.js",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 3634343424,
      "indicator": "https://winlog02.micnosoftupdates.com/css/jquery.min.js",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 11,
      "pulses": [
        {
          "id": "69e1d9cd805ecfc463bed935",
          "name": "BlackNet RAT clone credit octoseek",
          "description": "",
          "modified": "2026-04-18T00:51:09.427000",
          "created": "2026-04-17T06:57:17.378000",
          "tags": [
            "united",
            "heur",
            "bank",
            "covid19 scam",
            "anonymizer",
            "malicious site",
            "telefonica peru",
            "cyber threat",
            "proxy",
            "malware",
            "phishing",
            "zbot",
            "suppobox",
            "team",
            "trojanx",
            "service",
            "facebook",
            "win64",
            "trojan",
            "artemis",
            "cisco umbrella",
            "site",
            "alexa top",
            "million",
            "safe site",
            "engineering",
            "download",
            "microsoft",
            "generic",
            "union",
            "bazaloader",
            "media",
            "runescape",
            "blacklist https",
            "generic malware",
            "metro",
            "tmobile",
            "on us",
            "mls season",
            "home internet",
            "shop",
            "autopay",
            "free",
            "metro store",
            "limit",
            "pass",
            "close",
            "galaxy",
            "easy",
            "back",
            "stream",
            "find",
            "twitter",
            "intnavfnav",
            "conditions",
            "service url",
            "search live",
            "api blog",
            "docs pricing",
            "september",
            "instagram url",
            "facebook url",
            "value",
            "variables",
            "visitor object",
            "alpine object",
            "cookies",
            "taq boolean",
            "get h2",
            "kb script",
            "b xhr",
            "post h2",
            "frame",
            "b image",
            "kb image",
            "redirect chain",
            "frame c0bc",
            "kb stylesheet",
            "covid19",
            "phishing site",
            "malicious",
            "cve201711882",
            "cobalt strike",
            "squirrelwaffle",
            "pony",
            "binder",
            "virut",
            "ramnit",
            "dropper",
            "formbook",
            "azorult",
            "bambernek",
            "alexa",
            "unsafe",
            "opencandy",
            "downldr",
            "irata",
            "dbatloader",
            "vidar",
            "outbreak",
            "downloader",
            "blocker",
            "ransom",
            "autoit",
            "bladabindi",
            "emotet",
            "blacknet rat",
            "stealer",
            "presenoker",
            "fusioncore",
            "cleaner",
            "wacatac",
            "riskware",
            "coinminer",
            "xrat",
            "swrort",
            "installcore",
            "trojanspy",
            "mbydkqdhtu0h",
            "pbiptbmvd0k4",
            "pbzpdldtg",
            "detection list",
            "glelexoputyh",
            "linkid252669",
            "s2okorbdpt2x",
            "el9km",
            "mtap2vnnnpj",
            "blacklist",
            "x22x22",
            "x22scriptx22",
            "x22dntx22",
            "date",
            "u002d2",
            "linkcode u002d",
            "srclang",
            "urllang",
            "srcurl",
            "qzid",
            "pattern match",
            "intnavtnav",
            "q0o0mahttp",
            "login",
            "windows nt",
            "bad traffic",
            "et info",
            "tls handshake",
            "failure",
            "http traffic",
            "http",
            "suricata alerts",
            "event category",
            "description sid",
            "external",
            "logo",
            "av detection",
            "default browser",
            "guest system",
            "professional",
            "general",
            "file",
            "get fwlink",
            "geckohost",
            "suidm",
            "edgev1",
            "srchdafnoform",
            "srchuidv2",
            "edgesf1",
            "malware site",
            "agent",
            "exploit",
            "mimikatz",
            "quasar rat",
            "iframe",
            "beach research",
            "sgeneric",
            "static engine",
            "umbrella",
            "malware service",
            "exploit source",
            "scanning host",
            "Command and Control",
            "malicious url",
            "team malicious",
            "tor known",
            "tor relayrouter",
            "exit",
            "node tcp",
            "traffic",
            "bad traffic"
          ],
          "references": [
            "https://metro-tmo.com/",
            "Hybrid Analysis",
            "Alienvault OTX",
            "Data Analysis"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "South Africa",
            "Japan"
          ],
          "malware_families": [
            {
              "id": "TrojanDownloader:O97M/BazaLoader",
              "display_name": "TrojanDownloader:O97M/BazaLoader",
              "target": "/malware/TrojanDownloader:O97M/BazaLoader"
            },
            {
              "id": "SuppoBox",
              "display_name": "SuppoBox",
              "target": null
            },
            {
              "id": "Backdoor:Win32/Zbot",
              "display_name": "Backdoor:Win32/Zbot",
              "target": "/malware/Backdoor:Win32/Zbot"
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            },
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Beach Research",
              "display_name": "Beach Research",
              "target": null
            },
            {
              "id": "BlackNET RAT",
              "display_name": "BlackNET RAT",
              "target": null
            },
            {
              "id": "Backdoor:MSIL/Bladabindi",
              "display_name": "Backdoor:MSIL/Bladabindi",
              "target": "/malware/Backdoor:MSIL/Bladabindi"
            },
            {
              "id": "FormBook",
              "display_name": "FormBook",
              "target": null
            },
            {
              "id": "MimiKatz",
              "display_name": "MimiKatz",
              "target": null
            },
            {
              "id": "Squirrelwaffle",
              "display_name": "Squirrelwaffle",
              "target": null
            },
            {
              "id": "Pony - S0453",
              "display_name": "Pony - S0453",
              "target": null
            },
            {
              "id": "TrojanDropper:VBS/Swrort",
              "display_name": "TrojanDropper:VBS/Swrort",
              "target": "/malware/TrojanDropper:VBS/Swrort"
            },
            {
              "id": "Quasar RAT",
              "display_name": "Quasar RAT",
              "target": null
            },
            {
              "id": "Virus:DOS/Metro",
              "display_name": "Virus:DOS/Metro",
              "target": "/malware/Virus:DOS/Metro"
            },
            {
              "id": "Metro",
              "display_name": "Metro",
              "target": null
            },
            {
              "id": "Virut",
              "display_name": "Virut",
              "target": null
            },
            {
              "id": "Vidar",
              "display_name": "Vidar",
              "target": null
            },
            {
              "id": "AZORult",
              "display_name": "AZORult",
              "target": null
            },
            {
              "id": "Ramnit",
              "display_name": "Ramnit",
              "target": null
            },
            {
              "id": "Backdoor:Win32/Outbreak",
              "display_name": "Backdoor:Win32/Outbreak",
              "target": "/malware/Backdoor:Win32/Outbreak"
            },
            {
              "id": "ALF:PUA:Win32/OpenCandy",
              "display_name": "ALF:PUA:Win32/OpenCandy",
              "target": null
            },
            {
              "id": "IRATA",
              "display_name": "IRATA",
              "target": null
            },
            {
              "id": "Artemis",
              "display_name": "Artemis",
              "target": null
            },
            {
              "id": "Cobalt Strike - S0154",
              "display_name": "Cobalt Strike - S0154",
              "target": null
            },
            {
              "id": "ALF:PUA:Win32/FusionCore",
              "display_name": "ALF:PUA:Win32/FusionCore",
              "target": null
            },
            {
              "id": "ALF:Trojan:O97M/Emotet",
              "display_name": "ALF:Trojan:O97M/Emotet",
              "target": null
            },
            {
              "id": "Trojan:Win32/InstallCore",
              "display_name": "Trojan:Win32/InstallCore",
              "target": "/malware/Trojan:Win32/InstallCore"
            }
          ],
          "attack_ids": [
            {
              "id": "T1550",
              "name": "Use Alternate Authentication Material",
              "display_name": "T1550 - Use Alternate Authentication Material"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1059.007",
              "name": "JavaScript",
              "display_name": "T1059.007 - JavaScript"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1071.003",
              "name": "Mail Protocols",
              "display_name": "T1071.003 - Mail Protocols"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            }
          ],
          "industries": [
            "Food",
            "Gas",
            "Entertainment"
          ],
          "TLP": "white",
          "cloned_from": "650d0c66e0b02a6dde4a8b7a",
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 781,
            "FileHash-SHA256": 3085,
            "domain": 528,
            "URL": 3130,
            "CVE": 6,
            "FileHash-MD5": 610,
            "FileHash-SHA1": 368
          },
          "indicator_count": 8508,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 49,
          "modified_text": "1 day ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570a5cb329096398f3411f4",
          "name": "Virus:DOS/Metro",
          "description": "",
          "modified": "2023-12-06T16:48:11.311000",
          "created": "2023-12-06T16:48:11.311000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 8,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CVE": 6,
            "FileHash-SHA256": 3085,
            "hostname": 780,
            "domain": 527,
            "FileHash-MD5": 610,
            "FileHash-SHA1": 368,
            "URL": 3128
          },
          "indicator_count": 8504,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 110,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570a5ba6d66424b1992092e",
          "name": "BlackNet RAT",
          "description": "",
          "modified": "2023-12-06T16:47:54.897000",
          "created": "2023-12-06T16:47:54.897000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 8,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CVE": 6,
            "FileHash-SHA256": 3085,
            "hostname": 780,
            "domain": 527,
            "FileHash-MD5": 610,
            "FileHash-SHA1": 368,
            "URL": 3128
          },
          "indicator_count": 8504,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 111,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570a5b2ff4216fe9cd82624",
          "name": "Metro T-Mobile Command & Control. Cyber Threat",
          "description": "",
          "modified": "2023-12-06T16:47:46.826000",
          "created": "2023-12-06T16:47:46.826000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 8,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CVE": 6,
            "FileHash-SHA256": 3085,
            "hostname": 780,
            "domain": 527,
            "FileHash-MD5": 610,
            "FileHash-SHA1": 368,
            "URL": 3128
          },
          "indicator_count": 8504,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 110,
          "modified_text": "865 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "650d0c39523aa8a52fdb1fa1",
          "name": "Metro T-Mobile Command & Control. Cyber Threat",
          "description": "",
          "modified": "2023-10-21T23:02:19.178000",
          "created": "2023-09-22T03:38:33.405000",
          "tags": [
            "united",
            "heur",
            "bank",
            "covid19 scam",
            "anonymizer",
            "malicious site",
            "telefonica peru",
            "cyber threat",
            "proxy",
            "malware",
            "phishing",
            "zbot",
            "suppobox",
            "team",
            "trojanx",
            "service",
            "facebook",
            "win64",
            "trojan",
            "artemis",
            "cisco umbrella",
            "site",
            "alexa top",
            "million",
            "safe site",
            "engineering",
            "download",
            "microsoft",
            "generic",
            "union",
            "bazaloader",
            "media",
            "runescape",
            "blacklist https",
            "generic malware",
            "metro",
            "tmobile",
            "on us",
            "mls season",
            "home internet",
            "shop",
            "autopay",
            "free",
            "metro store",
            "limit",
            "pass",
            "close",
            "galaxy",
            "easy",
            "back",
            "stream",
            "find",
            "twitter",
            "intnavfnav",
            "conditions",
            "service url",
            "search live",
            "api blog",
            "docs pricing",
            "september",
            "instagram url",
            "facebook url",
            "value",
            "variables",
            "visitor object",
            "alpine object",
            "cookies",
            "taq boolean",
            "get h2",
            "kb script",
            "b xhr",
            "post h2",
            "frame",
            "b image",
            "kb image",
            "redirect chain",
            "frame c0bc",
            "kb stylesheet",
            "covid19",
            "phishing site",
            "malicious",
            "cve201711882",
            "cobalt strike",
            "squirrelwaffle",
            "pony",
            "binder",
            "virut",
            "ramnit",
            "dropper",
            "formbook",
            "azorult",
            "bambernek",
            "alexa",
            "unsafe",
            "opencandy",
            "downldr",
            "irata",
            "dbatloader",
            "vidar",
            "outbreak",
            "downloader",
            "blocker",
            "ransom",
            "autoit",
            "bladabindi",
            "emotet",
            "blacknet rat",
            "stealer",
            "presenoker",
            "fusioncore",
            "cleaner",
            "wacatac",
            "riskware",
            "coinminer",
            "xrat",
            "swrort",
            "installcore",
            "trojanspy",
            "mbydkqdhtu0h",
            "pbiptbmvd0k4",
            "pbzpdldtg",
            "detection list",
            "glelexoputyh",
            "linkid252669",
            "s2okorbdpt2x",
            "el9km",
            "mtap2vnnnpj",
            "blacklist",
            "x22x22",
            "x22scriptx22",
            "x22dntx22",
            "date",
            "u002d2",
            "linkcode u002d",
            "srclang",
            "urllang",
            "srcurl",
            "qzid",
            "pattern match",
            "intnavtnav",
            "q0o0mahttp",
            "login",
            "windows nt",
            "bad traffic",
            "et info",
            "tls handshake",
            "failure",
            "http traffic",
            "http",
            "suricata alerts",
            "event category",
            "description sid",
            "external",
            "logo",
            "av detection",
            "default browser",
            "guest system",
            "professional",
            "general",
            "file",
            "get fwlink",
            "geckohost",
            "suidm",
            "edgev1",
            "srchdafnoform",
            "srchuidv2",
            "edgesf1",
            "malware site",
            "agent",
            "exploit",
            "mimikatz",
            "quasar rat",
            "iframe",
            "beach research",
            "sgeneric",
            "static engine",
            "umbrella",
            "malware service",
            "exploit source",
            "scanning host",
            "Command and Control",
            "malicious url",
            "team malicious",
            "tor known",
            "tor relayrouter",
            "exit",
            "node tcp",
            "traffic",
            "bad traffic"
          ],
          "references": [
            "https://metro-tmo.com/",
            "Hybrid Analysis",
            "Alienvault OTX",
            "Data Analysis"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "South Africa",
            "Japan"
          ],
          "malware_families": [
            {
              "id": "TrojanDownloader:O97M/BazaLoader",
              "display_name": "TrojanDownloader:O97M/BazaLoader",
              "target": "/malware/TrojanDownloader:O97M/BazaLoader"
            },
            {
              "id": "SuppoBox",
              "display_name": "SuppoBox",
              "target": null
            },
            {
              "id": "Backdoor:Win32/Zbot",
              "display_name": "Backdoor:Win32/Zbot",
              "target": "/malware/Backdoor:Win32/Zbot"
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            },
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Beach Research",
              "display_name": "Beach Research",
              "target": null
            },
            {
              "id": "BlackNET RAT",
              "display_name": "BlackNET RAT",
              "target": null
            },
            {
              "id": "Backdoor:MSIL/Bladabindi",
              "display_name": "Backdoor:MSIL/Bladabindi",
              "target": "/malware/Backdoor:MSIL/Bladabindi"
            },
            {
              "id": "FormBook",
              "display_name": "FormBook",
              "target": null
            },
            {
              "id": "MimiKatz",
              "display_name": "MimiKatz",
              "target": null
            },
            {
              "id": "Squirrelwaffle",
              "display_name": "Squirrelwaffle",
              "target": null
            },
            {
              "id": "Pony - S0453",
              "display_name": "Pony - S0453",
              "target": null
            },
            {
              "id": "TrojanDropper:VBS/Swrort",
              "display_name": "TrojanDropper:VBS/Swrort",
              "target": "/malware/TrojanDropper:VBS/Swrort"
            },
            {
              "id": "Quasar RAT",
              "display_name": "Quasar RAT",
              "target": null
            },
            {
              "id": "Virus:DOS/Metro",
              "display_name": "Virus:DOS/Metro",
              "target": "/malware/Virus:DOS/Metro"
            },
            {
              "id": "Metro",
              "display_name": "Metro",
              "target": null
            },
            {
              "id": "Virut",
              "display_name": "Virut",
              "target": null
            },
            {
              "id": "Vidar",
              "display_name": "Vidar",
              "target": null
            },
            {
              "id": "AZORult",
              "display_name": "AZORult",
              "target": null
            },
            {
              "id": "Ramnit",
              "display_name": "Ramnit",
              "target": null
            },
            {
              "id": "Backdoor:Win32/Outbreak",
              "display_name": "Backdoor:Win32/Outbreak",
              "target": "/malware/Backdoor:Win32/Outbreak"
            },
            {
              "id": "ALF:PUA:Win32/OpenCandy",
              "display_name": "ALF:PUA:Win32/OpenCandy",
              "target": null
            },
            {
              "id": "IRATA",
              "display_name": "IRATA",
              "target": null
            },
            {
              "id": "Artemis",
              "display_name": "Artemis",
              "target": null
            },
            {
              "id": "Cobalt Strike - S0154",
              "display_name": "Cobalt Strike - S0154",
              "target": null
            },
            {
              "id": "ALF:PUA:Win32/FusionCore",
              "display_name": "ALF:PUA:Win32/FusionCore",
              "target": null
            },
            {
              "id": "ALF:Trojan:O97M/Emotet",
              "display_name": "ALF:Trojan:O97M/Emotet",
              "target": null
            },
            {
              "id": "Trojan:Win32/InstallCore",
              "display_name": "Trojan:Win32/InstallCore",
              "target": "/malware/Trojan:Win32/InstallCore"
            }
          ],
          "attack_ids": [
            {
              "id": "T1550",
              "name": "Use Alternate Authentication Material",
              "display_name": "T1550 - Use Alternate Authentication Material"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1059.007",
              "name": "JavaScript",
              "display_name": "T1059.007 - JavaScript"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1071.003",
              "name": "Mail Protocols",
              "display_name": "T1071.003 - Mail Protocols"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            }
          ],
          "industries": [
            "Food",
            "Gas",
            "Entertainment"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 40,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 780,
            "FileHash-SHA256": 3085,
            "domain": 527,
            "URL": 3128,
            "CVE": 6,
            "FileHash-MD5": 610,
            "FileHash-SHA1": 368
          },
          "indicator_count": 8504,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 218,
          "modified_text": "910 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "650d0c66e0b02a6dde4a8b7a",
          "name": "BlackNet RAT",
          "description": "",
          "modified": "2023-10-21T23:02:19.178000",
          "created": "2023-09-22T03:39:18.306000",
          "tags": [
            "united",
            "heur",
            "bank",
            "covid19 scam",
            "anonymizer",
            "malicious site",
            "telefonica peru",
            "cyber threat",
            "proxy",
            "malware",
            "phishing",
            "zbot",
            "suppobox",
            "team",
            "trojanx",
            "service",
            "facebook",
            "win64",
            "trojan",
            "artemis",
            "cisco umbrella",
            "site",
            "alexa top",
            "million",
            "safe site",
            "engineering",
            "download",
            "microsoft",
            "generic",
            "union",
            "bazaloader",
            "media",
            "runescape",
            "blacklist https",
            "generic malware",
            "metro",
            "tmobile",
            "on us",
            "mls season",
            "home internet",
            "shop",
            "autopay",
            "free",
            "metro store",
            "limit",
            "pass",
            "close",
            "galaxy",
            "easy",
            "back",
            "stream",
            "find",
            "twitter",
            "intnavfnav",
            "conditions",
            "service url",
            "search live",
            "api blog",
            "docs pricing",
            "september",
            "instagram url",
            "facebook url",
            "value",
            "variables",
            "visitor object",
            "alpine object",
            "cookies",
            "taq boolean",
            "get h2",
            "kb script",
            "b xhr",
            "post h2",
            "frame",
            "b image",
            "kb image",
            "redirect chain",
            "frame c0bc",
            "kb stylesheet",
            "covid19",
            "phishing site",
            "malicious",
            "cve201711882",
            "cobalt strike",
            "squirrelwaffle",
            "pony",
            "binder",
            "virut",
            "ramnit",
            "dropper",
            "formbook",
            "azorult",
            "bambernek",
            "alexa",
            "unsafe",
            "opencandy",
            "downldr",
            "irata",
            "dbatloader",
            "vidar",
            "outbreak",
            "downloader",
            "blocker",
            "ransom",
            "autoit",
            "bladabindi",
            "emotet",
            "blacknet rat",
            "stealer",
            "presenoker",
            "fusioncore",
            "cleaner",
            "wacatac",
            "riskware",
            "coinminer",
            "xrat",
            "swrort",
            "installcore",
            "trojanspy",
            "mbydkqdhtu0h",
            "pbiptbmvd0k4",
            "pbzpdldtg",
            "detection list",
            "glelexoputyh",
            "linkid252669",
            "s2okorbdpt2x",
            "el9km",
            "mtap2vnnnpj",
            "blacklist",
            "x22x22",
            "x22scriptx22",
            "x22dntx22",
            "date",
            "u002d2",
            "linkcode u002d",
            "srclang",
            "urllang",
            "srcurl",
            "qzid",
            "pattern match",
            "intnavtnav",
            "q0o0mahttp",
            "login",
            "windows nt",
            "bad traffic",
            "et info",
            "tls handshake",
            "failure",
            "http traffic",
            "http",
            "suricata alerts",
            "event category",
            "description sid",
            "external",
            "logo",
            "av detection",
            "default browser",
            "guest system",
            "professional",
            "general",
            "file",
            "get fwlink",
            "geckohost",
            "suidm",
            "edgev1",
            "srchdafnoform",
            "srchuidv2",
            "edgesf1",
            "malware site",
            "agent",
            "exploit",
            "mimikatz",
            "quasar rat",
            "iframe",
            "beach research",
            "sgeneric",
            "static engine",
            "umbrella",
            "malware service",
            "exploit source",
            "scanning host",
            "Command and Control",
            "malicious url",
            "team malicious",
            "tor known",
            "tor relayrouter",
            "exit",
            "node tcp",
            "traffic",
            "bad traffic"
          ],
          "references": [
            "https://metro-tmo.com/",
            "Hybrid Analysis",
            "Alienvault OTX",
            "Data Analysis"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "South Africa",
            "Japan"
          ],
          "malware_families": [
            {
              "id": "TrojanDownloader:O97M/BazaLoader",
              "display_name": "TrojanDownloader:O97M/BazaLoader",
              "target": "/malware/TrojanDownloader:O97M/BazaLoader"
            },
            {
              "id": "SuppoBox",
              "display_name": "SuppoBox",
              "target": null
            },
            {
              "id": "Backdoor:Win32/Zbot",
              "display_name": "Backdoor:Win32/Zbot",
              "target": "/malware/Backdoor:Win32/Zbot"
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            },
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Beach Research",
              "display_name": "Beach Research",
              "target": null
            },
            {
              "id": "BlackNET RAT",
              "display_name": "BlackNET RAT",
              "target": null
            },
            {
              "id": "Backdoor:MSIL/Bladabindi",
              "display_name": "Backdoor:MSIL/Bladabindi",
              "target": "/malware/Backdoor:MSIL/Bladabindi"
            },
            {
              "id": "FormBook",
              "display_name": "FormBook",
              "target": null
            },
            {
              "id": "MimiKatz",
              "display_name": "MimiKatz",
              "target": null
            },
            {
              "id": "Squirrelwaffle",
              "display_name": "Squirrelwaffle",
              "target": null
            },
            {
              "id": "Pony - S0453",
              "display_name": "Pony - S0453",
              "target": null
            },
            {
              "id": "TrojanDropper:VBS/Swrort",
              "display_name": "TrojanDropper:VBS/Swrort",
              "target": "/malware/TrojanDropper:VBS/Swrort"
            },
            {
              "id": "Quasar RAT",
              "display_name": "Quasar RAT",
              "target": null
            },
            {
              "id": "Virus:DOS/Metro",
              "display_name": "Virus:DOS/Metro",
              "target": "/malware/Virus:DOS/Metro"
            },
            {
              "id": "Metro",
              "display_name": "Metro",
              "target": null
            },
            {
              "id": "Virut",
              "display_name": "Virut",
              "target": null
            },
            {
              "id": "Vidar",
              "display_name": "Vidar",
              "target": null
            },
            {
              "id": "AZORult",
              "display_name": "AZORult",
              "target": null
            },
            {
              "id": "Ramnit",
              "display_name": "Ramnit",
              "target": null
            },
            {
              "id": "Backdoor:Win32/Outbreak",
              "display_name": "Backdoor:Win32/Outbreak",
              "target": "/malware/Backdoor:Win32/Outbreak"
            },
            {
              "id": "ALF:PUA:Win32/OpenCandy",
              "display_name": "ALF:PUA:Win32/OpenCandy",
              "target": null
            },
            {
              "id": "IRATA",
              "display_name": "IRATA",
              "target": null
            },
            {
              "id": "Artemis",
              "display_name": "Artemis",
              "target": null
            },
            {
              "id": "Cobalt Strike - S0154",
              "display_name": "Cobalt Strike - S0154",
              "target": null
            },
            {
              "id": "ALF:PUA:Win32/FusionCore",
              "display_name": "ALF:PUA:Win32/FusionCore",
              "target": null
            },
            {
              "id": "ALF:Trojan:O97M/Emotet",
              "display_name": "ALF:Trojan:O97M/Emotet",
              "target": null
            },
            {
              "id": "Trojan:Win32/InstallCore",
              "display_name": "Trojan:Win32/InstallCore",
              "target": "/malware/Trojan:Win32/InstallCore"
            }
          ],
          "attack_ids": [
            {
              "id": "T1550",
              "name": "Use Alternate Authentication Material",
              "display_name": "T1550 - Use Alternate Authentication Material"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1059.007",
              "name": "JavaScript",
              "display_name": "T1059.007 - JavaScript"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1071.003",
              "name": "Mail Protocols",
              "display_name": "T1071.003 - Mail Protocols"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            }
          ],
          "industries": [
            "Food",
            "Gas",
            "Entertainment"
          ],
          "TLP": "white",
          "cloned_from": "650d0c39523aa8a52fdb1fa1",
          "export_count": 41,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 780,
            "FileHash-SHA256": 3085,
            "domain": 527,
            "URL": 3128,
            "CVE": 6,
            "FileHash-MD5": 610,
            "FileHash-SHA1": 368
          },
          "indicator_count": 8504,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 219,
          "modified_text": "910 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "650d0c8adc78d892cadd250a",
          "name": "Virus:DOS/Metro",
          "description": "",
          "modified": "2023-10-21T23:02:19.178000",
          "created": "2023-09-22T03:39:54.432000",
          "tags": [
            "united",
            "heur",
            "bank",
            "covid19 scam",
            "anonymizer",
            "malicious site",
            "telefonica peru",
            "cyber threat",
            "proxy",
            "malware",
            "phishing",
            "zbot",
            "suppobox",
            "team",
            "trojanx",
            "service",
            "facebook",
            "win64",
            "trojan",
            "artemis",
            "cisco umbrella",
            "site",
            "alexa top",
            "million",
            "safe site",
            "engineering",
            "download",
            "microsoft",
            "generic",
            "union",
            "bazaloader",
            "media",
            "runescape",
            "blacklist https",
            "generic malware",
            "metro",
            "tmobile",
            "on us",
            "mls season",
            "home internet",
            "shop",
            "autopay",
            "free",
            "metro store",
            "limit",
            "pass",
            "close",
            "galaxy",
            "easy",
            "back",
            "stream",
            "find",
            "twitter",
            "intnavfnav",
            "conditions",
            "service url",
            "search live",
            "api blog",
            "docs pricing",
            "september",
            "instagram url",
            "facebook url",
            "value",
            "variables",
            "visitor object",
            "alpine object",
            "cookies",
            "taq boolean",
            "get h2",
            "kb script",
            "b xhr",
            "post h2",
            "frame",
            "b image",
            "kb image",
            "redirect chain",
            "frame c0bc",
            "kb stylesheet",
            "covid19",
            "phishing site",
            "malicious",
            "cve201711882",
            "cobalt strike",
            "squirrelwaffle",
            "pony",
            "binder",
            "virut",
            "ramnit",
            "dropper",
            "formbook",
            "azorult",
            "bambernek",
            "alexa",
            "unsafe",
            "opencandy",
            "downldr",
            "irata",
            "dbatloader",
            "vidar",
            "outbreak",
            "downloader",
            "blocker",
            "ransom",
            "autoit",
            "bladabindi",
            "emotet",
            "blacknet rat",
            "stealer",
            "presenoker",
            "fusioncore",
            "cleaner",
            "wacatac",
            "riskware",
            "coinminer",
            "xrat",
            "swrort",
            "installcore",
            "trojanspy",
            "mbydkqdhtu0h",
            "pbiptbmvd0k4",
            "pbzpdldtg",
            "detection list",
            "glelexoputyh",
            "linkid252669",
            "s2okorbdpt2x",
            "el9km",
            "mtap2vnnnpj",
            "blacklist",
            "x22x22",
            "x22scriptx22",
            "x22dntx22",
            "date",
            "u002d2",
            "linkcode u002d",
            "srclang",
            "urllang",
            "srcurl",
            "qzid",
            "pattern match",
            "intnavtnav",
            "q0o0mahttp",
            "login",
            "windows nt",
            "bad traffic",
            "et info",
            "tls handshake",
            "failure",
            "http traffic",
            "http",
            "suricata alerts",
            "event category",
            "description sid",
            "external",
            "logo",
            "av detection",
            "default browser",
            "guest system",
            "professional",
            "general",
            "file",
            "get fwlink",
            "geckohost",
            "suidm",
            "edgev1",
            "srchdafnoform",
            "srchuidv2",
            "edgesf1",
            "malware site",
            "agent",
            "exploit",
            "mimikatz",
            "quasar rat",
            "iframe",
            "beach research",
            "sgeneric",
            "static engine",
            "umbrella",
            "malware service",
            "exploit source",
            "scanning host",
            "Command and Control",
            "malicious url",
            "team malicious",
            "tor known",
            "tor relayrouter",
            "exit",
            "node tcp",
            "traffic",
            "bad traffic"
          ],
          "references": [
            "https://metro-tmo.com/",
            "Hybrid Analysis",
            "Alienvault OTX",
            "Data Analysis"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "South Africa",
            "Japan"
          ],
          "malware_families": [
            {
              "id": "TrojanDownloader:O97M/BazaLoader",
              "display_name": "TrojanDownloader:O97M/BazaLoader",
              "target": "/malware/TrojanDownloader:O97M/BazaLoader"
            },
            {
              "id": "SuppoBox",
              "display_name": "SuppoBox",
              "target": null
            },
            {
              "id": "Backdoor:Win32/Zbot",
              "display_name": "Backdoor:Win32/Zbot",
              "target": "/malware/Backdoor:Win32/Zbot"
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            },
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Beach Research",
              "display_name": "Beach Research",
              "target": null
            },
            {
              "id": "BlackNET RAT",
              "display_name": "BlackNET RAT",
              "target": null
            },
            {
              "id": "Backdoor:MSIL/Bladabindi",
              "display_name": "Backdoor:MSIL/Bladabindi",
              "target": "/malware/Backdoor:MSIL/Bladabindi"
            },
            {
              "id": "FormBook",
              "display_name": "FormBook",
              "target": null
            },
            {
              "id": "MimiKatz",
              "display_name": "MimiKatz",
              "target": null
            },
            {
              "id": "Squirrelwaffle",
              "display_name": "Squirrelwaffle",
              "target": null
            },
            {
              "id": "Pony - S0453",
              "display_name": "Pony - S0453",
              "target": null
            },
            {
              "id": "TrojanDropper:VBS/Swrort",
              "display_name": "TrojanDropper:VBS/Swrort",
              "target": "/malware/TrojanDropper:VBS/Swrort"
            },
            {
              "id": "Quasar RAT",
              "display_name": "Quasar RAT",
              "target": null
            },
            {
              "id": "Virus:DOS/Metro",
              "display_name": "Virus:DOS/Metro",
              "target": "/malware/Virus:DOS/Metro"
            },
            {
              "id": "Metro",
              "display_name": "Metro",
              "target": null
            },
            {
              "id": "Virut",
              "display_name": "Virut",
              "target": null
            },
            {
              "id": "Vidar",
              "display_name": "Vidar",
              "target": null
            },
            {
              "id": "AZORult",
              "display_name": "AZORult",
              "target": null
            },
            {
              "id": "Ramnit",
              "display_name": "Ramnit",
              "target": null
            },
            {
              "id": "Backdoor:Win32/Outbreak",
              "display_name": "Backdoor:Win32/Outbreak",
              "target": "/malware/Backdoor:Win32/Outbreak"
            },
            {
              "id": "ALF:PUA:Win32/OpenCandy",
              "display_name": "ALF:PUA:Win32/OpenCandy",
              "target": null
            },
            {
              "id": "IRATA",
              "display_name": "IRATA",
              "target": null
            },
            {
              "id": "Artemis",
              "display_name": "Artemis",
              "target": null
            },
            {
              "id": "Cobalt Strike - S0154",
              "display_name": "Cobalt Strike - S0154",
              "target": null
            },
            {
              "id": "ALF:PUA:Win32/FusionCore",
              "display_name": "ALF:PUA:Win32/FusionCore",
              "target": null
            },
            {
              "id": "ALF:Trojan:O97M/Emotet",
              "display_name": "ALF:Trojan:O97M/Emotet",
              "target": null
            },
            {
              "id": "Trojan:Win32/InstallCore",
              "display_name": "Trojan:Win32/InstallCore",
              "target": "/malware/Trojan:Win32/InstallCore"
            }
          ],
          "attack_ids": [
            {
              "id": "T1550",
              "name": "Use Alternate Authentication Material",
              "display_name": "T1550 - Use Alternate Authentication Material"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1059.007",
              "name": "JavaScript",
              "display_name": "T1059.007 - JavaScript"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1071.003",
              "name": "Mail Protocols",
              "display_name": "T1071.003 - Mail Protocols"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            }
          ],
          "industries": [
            "Food",
            "Gas",
            "Entertainment"
          ],
          "TLP": "white",
          "cloned_from": "650d0c66e0b02a6dde4a8b7a",
          "export_count": 41,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 780,
            "FileHash-SHA256": 3085,
            "domain": 527,
            "URL": 3128,
            "CVE": 6,
            "FileHash-MD5": 610,
            "FileHash-SHA1": 368
          },
          "indicator_count": 8504,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 221,
          "modified_text": "910 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "642a0daf35f2248868520cf9",
          "name": "Twitter Feed - drb_ra - 02-04-2023",
          "description": "",
          "modified": "2023-05-02T23:04:51.566000",
          "created": "2023-04-02T23:20:15.429000",
          "tags": [
            "CobaltStrike"
          ],
          "references": [
            "https://twitter.com/drb_ra/status/1642360600096276481",
            "https://twitter.com/drb_ra/status/1642361289346301953",
            "https://twitter.com/drb_ra/status/1642386026625740805",
            "https://twitter.com/drb_ra/status/1642386036285222913",
            "https://twitter.com/drb_ra/status/1642386827309899776",
            "https://twitter.com/drb_ra/status/1642387594569740289",
            "https://twitter.com/drb_ra/status/1642387722806386689",
            "https://twitter.com/drb_ra/status/1642454902356975618",
            "https://twitter.com/drb_ra/status/1642454954915889154",
            "https://twitter.com/drb_ra/status/1642455010729418752",
            "https://twitter.com/drb_ra/status/1642504146916892672",
            "https://twitter.com/drb_ra/status/1642504193108848644",
            "https://twitter.com/drb_ra/status/1642504240118505473",
            "https://twitter.com/drb_ra/status/1642504318916993024",
            "https://twitter.com/drb_ra/status/1642504409144782850",
            "https://twitter.com/drb_ra/status/1642504430669946881",
            "https://twitter.com/drb_ra/status/1642504458767671298",
            "https://twitter.com/drb_ra/status/1642504580305936389",
            "https://twitter.com/drb_ra/status/1642504642322919424",
            "https://twitter.com/drb_ra/status/1642505179978137601",
            "https://twitter.com/drb_ra/status/1642505220285513728",
            "https://twitter.com/drb_ra/status/1642505280708653058",
            "https://twitter.com/drb_ra/status/1642506029412802561",
            "https://twitter.com/drb_ra/status/1642506102305587202",
            "https://twitter.com/drb_ra/status/1642506268400144384",
            "https://twitter.com/drb_ra/status/1642506415993487360",
            "https://twitter.com/drb_ra/status/1642506634554384384",
            "https://twitter.com/drb_ra/status/1642506945369194496",
            "https://twitter.com/drb_ra/status/1642506986284515330",
            "https://twitter.com/drb_ra/status/1642507035500584960",
            "https://twitter.com/drb_ra/status/1642507129108963329",
            "https://twitter.com/drb_ra/status/1642507154329423874",
            "https://twitter.com/drb_ra/status/1642507436111060992",
            "https://twitter.com/drb_ra/status/1642507567795453953",
            "https://twitter.com/drb_ra/status/1642507740567199744",
            "https://twitter.com/drb_ra/status/1642625328869781505",
            "https://twitter.com/drb_ra/status/1642625765949710336",
            "https://twitter.com/drb_ra/status/1642626174877564929",
            "https://twitter.com/drb_ra/status/1642626783060152331",
            "https://twitter.com/drb_ra/status/1642627827001356290",
            "https://twitter.com/drb_ra/status/1642627885323124746",
            "https://twitter.com/drb_ra/status/1642628041804337153",
            "https://twitter.com/drb_ra/status/1642628599596437505",
            "https://twitter.com/drb_ra/status/1642628943617327106",
            "https://twitter.com/drb_ra/status/1642629210677166081"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 7,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "CyberHunterAutoFeed",
            "id": "182496",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 48
          },
          "indicator_count": 48,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 1600,
          "modified_text": "1082 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64028d8f6f65ffd9b9564d73",
          "name": "Twitter Feed - drb_ra - 03-03-2023",
          "description": "",
          "modified": "2023-04-03T00:00:54.320000",
          "created": "2023-03-04T00:15:11.012000",
          "tags": [
            "CobaltStrike"
          ],
          "references": [
            "https://twitter.com/drb_ra/status/1631485485540319232",
            "https://twitter.com/drb_ra/status/1631490052394975232",
            "https://twitter.com/drb_ra/status/1631491397177208832",
            "https://twitter.com/drb_ra/status/1631505726064545792",
            "https://twitter.com/drb_ra/status/1631519361344106496",
            "https://twitter.com/drb_ra/status/1631519464641445888",
            "https://twitter.com/drb_ra/status/1631519503166189568",
            "https://twitter.com/drb_ra/status/1631519652424609792",
            "https://twitter.com/drb_ra/status/1631519870973083649",
            "https://twitter.com/drb_ra/status/1631519938912329728",
            "https://twitter.com/drb_ra/status/1631519999016812545",
            "https://twitter.com/drb_ra/status/1631520030771781632",
            "https://twitter.com/drb_ra/status/1631520066381529090",
            "https://twitter.com/drb_ra/status/1631520135226744832",
            "https://twitter.com/drb_ra/status/1631520180927967233",
            "https://twitter.com/drb_ra/status/1631520308069908481",
            "https://twitter.com/drb_ra/status/1631520469072355331",
            "https://twitter.com/drb_ra/status/1631520550047694849",
            "https://twitter.com/drb_ra/status/1631624397491404801",
            "https://twitter.com/drb_ra/status/1631628029095968769",
            "https://twitter.com/drb_ra/status/1631629011167084545",
            "https://twitter.com/drb_ra/status/1631629312339202050",
            "https://twitter.com/drb_ra/status/1631629894319849473",
            "https://twitter.com/drb_ra/status/1631631329778434048",
            "https://twitter.com/drb_ra/status/1631631892930781184",
            "https://twitter.com/drb_ra/status/1631632341536735232",
            "https://twitter.com/drb_ra/status/1631633081558859779",
            "https://twitter.com/drb_ra/status/1631652146176495620",
            "https://twitter.com/drb_ra/status/1631741252210229250",
            "https://twitter.com/drb_ra/status/1631741291166924827",
            "https://twitter.com/drb_ra/status/1631741332522770433",
            "https://twitter.com/drb_ra/status/1631741432468733953",
            "https://twitter.com/drb_ra/status/1631741447882899456",
            "https://twitter.com/drb_ra/status/1631741580204802060",
            "https://twitter.com/drb_ra/status/1631741616334536705",
            "https://twitter.com/drb_ra/status/1631741635099762689",
            "https://twitter.com/drb_ra/status/1631741718608347136",
            "https://twitter.com/drb_ra/status/1631741738313285634",
            "https://twitter.com/drb_ra/status/1631741826980773889",
            "https://twitter.com/drb_ra/status/1631741929821020161",
            "https://twitter.com/drb_ra/status/1631742011794489358",
            "https://twitter.com/drb_ra/status/1631742033168662541",
            "https://twitter.com/drb_ra/status/1631782638443716608"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 7,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "CyberHunterAutoFeed",
            "id": "182496",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 41
          },
          "indicator_count": 41,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 1600,
          "modified_text": "1112 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "63f6af72b5a7a14e86986f84",
          "name": "Twitter Feed - drb_ra - 22-02-2023",
          "description": "",
          "modified": "2023-03-25T00:02:33.269000",
          "created": "2023-02-23T00:12:34.642000",
          "tags": [
            "CobaltStrike"
          ],
          "references": [
            "https://twitter.com/drb_ra/status/1628218029866725378",
            "https://twitter.com/drb_ra/status/1628218182010822658",
            "https://twitter.com/drb_ra/status/1628218622333136897",
            "https://twitter.com/drb_ra/status/1628218667665072128",
            "https://twitter.com/drb_ra/status/1628218696186429443",
            "https://twitter.com/drb_ra/status/1628218819914104833",
            "https://twitter.com/drb_ra/status/1628218889539620864",
            "https://twitter.com/drb_ra/status/1628221537848262657",
            "https://twitter.com/drb_ra/status/1628358951631745026",
            "https://twitter.com/drb_ra/status/1628370471606517762",
            "https://twitter.com/drb_ra/status/1628372262632972291",
            "https://twitter.com/drb_ra/status/1628372639227027457",
            "https://twitter.com/drb_ra/status/1628373055134203905",
            "https://twitter.com/drb_ra/status/1628377035654459392",
            "https://twitter.com/drb_ra/status/1628378887062265857",
            "https://twitter.com/drb_ra/status/1628379172375523328",
            "https://twitter.com/drb_ra/status/1628379173134761986",
            "https://twitter.com/drb_ra/status/1628415827019022337",
            "https://twitter.com/drb_ra/status/1628416522119938056",
            "https://twitter.com/drb_ra/status/1628459662327554048",
            "https://twitter.com/drb_ra/status/1628459697991827457",
            "https://twitter.com/drb_ra/status/1628459937465528321",
            "https://twitter.com/drb_ra/status/1628460051173199875",
            "https://twitter.com/drb_ra/status/1628460086761848832",
            "https://twitter.com/drb_ra/status/1628460150917935105",
            "https://twitter.com/drb_ra/status/1628460216957140992",
            "https://twitter.com/drb_ra/status/1628460252424200192",
            "https://twitter.com/drb_ra/status/1628460276797276164",
            "https://twitter.com/drb_ra/status/1628521305317277696",
            "https://twitter.com/drb_ra/status/1628522133977538563",
            "https://twitter.com/drb_ra/status/1628523759576514563",
            "https://twitter.com/drb_ra/status/1628524671371997191",
            "https://twitter.com/drb_ra/status/1628527149048033280",
            "https://twitter.com/drb_ra/status/1628528657676353539",
            "https://twitter.com/drb_ra/status/1628531532913684481",
            "https://twitter.com/drb_ra/status/1628532129394003970",
            "https://twitter.com/drb_ra/status/1628532822335188992"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 9,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "CyberHunterAutoFeed",
            "id": "182496",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 40
          },
          "indicator_count": 40,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 1600,
          "modified_text": "1121 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "63f017041f697d73cca5e659",
          "name": "Twitter Feed - drb_ra - 17-02-2023",
          "description": "",
          "modified": "2023-03-20T00:01:17.081000",
          "created": "2023-02-18T00:08:36.727000",
          "tags": [
            "CobaltStrike"
          ],
          "references": [
            "https://twitter.com/drb_ra/status/1626407758051278849",
            "https://twitter.com/drb_ra/status/1626409577452281857",
            "https://twitter.com/drb_ra/status/1626409600898502657",
            "https://twitter.com/drb_ra/status/1626409840267481089",
            "https://twitter.com/drb_ra/status/1626553209757089795",
            "https://twitter.com/drb_ra/status/1626554110693482496",
            "https://twitter.com/drb_ra/status/1626558875712331777",
            "https://twitter.com/drb_ra/status/1626560141104496640",
            "https://twitter.com/drb_ra/status/1626561846089072641",
            "https://twitter.com/drb_ra/status/1626564430182989824",
            "https://twitter.com/drb_ra/status/1626586779062247424",
            "https://twitter.com/drb_ra/status/1626586846573760512",
            "https://twitter.com/drb_ra/status/1626587020603850754",
            "https://twitter.com/drb_ra/status/1626587203903295491",
            "https://twitter.com/drb_ra/status/1626587243774377984",
            "https://twitter.com/drb_ra/status/1626587383889293312",
            "https://twitter.com/drb_ra/status/1626587458489192451",
            "https://twitter.com/drb_ra/status/1626587739570450435",
            "https://twitter.com/drb_ra/status/1626589376997388293",
            "https://twitter.com/drb_ra/status/1626589472585560066",
            "https://twitter.com/drb_ra/status/1626589626134851586",
            "https://twitter.com/drb_ra/status/1626640908375453696",
            "https://twitter.com/drb_ra/status/1626641304758194188",
            "https://twitter.com/drb_ra/status/1626642301928759296",
            "https://twitter.com/drb_ra/status/1626642751314968576",
            "https://twitter.com/drb_ra/status/1626643280988340224",
            "https://twitter.com/drb_ra/status/1626643606478983171",
            "https://twitter.com/drb_ra/status/1626644572993425433",
            "https://twitter.com/drb_ra/status/1626645201866395660",
            "https://twitter.com/drb_ra/status/1626647260992835597",
            "https://twitter.com/drb_ra/status/1626648917751353345",
            "https://twitter.com/drb_ra/status/1626650630558257170",
            "https://twitter.com/drb_ra/status/1626652362667397126",
            "https://twitter.com/drb_ra/status/1626652541319581716",
            "https://twitter.com/drb_ra/status/1626654042821632000",
            "https://twitter.com/drb_ra/status/1626654106944213011",
            "https://twitter.com/drb_ra/status/1626655626074984449",
            "https://twitter.com/drb_ra/status/1626655968418271233",
            "https://twitter.com/drb_ra/status/1626672323376869378",
            "https://twitter.com/drb_ra/status/1626672400166182926",
            "https://twitter.com/drb_ra/status/1626672466582986770",
            "https://twitter.com/drb_ra/status/1626672611949174786",
            "https://twitter.com/drb_ra/status/1626672642353684491",
            "https://twitter.com/drb_ra/status/1626672701770194959",
            "https://twitter.com/drb_ra/status/1626672862386872337",
            "https://twitter.com/drb_ra/status/1626673209176121354",
            "https://twitter.com/drb_ra/status/1626673809393606679",
            "https://twitter.com/drb_ra/status/1626674178483970056",
            "https://twitter.com/drb_ra/status/1626674436467220489"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 14,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "CyberHunterAutoFeed",
            "id": "182496",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 51
          },
          "indicator_count": 51,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 1600,
          "modified_text": "1126 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://twitter.com/drb_ra/status/1642626783060152331",
        "https://twitter.com/drb_ra/status/1626672862386872337",
        "https://twitter.com/drb_ra/status/1626561846089072641",
        "https://twitter.com/drb_ra/status/1642455010729418752",
        "https://twitter.com/drb_ra/status/1631520308069908481",
        "https://twitter.com/drb_ra/status/1626654042821632000",
        "https://twitter.com/drb_ra/status/1628524671371997191",
        "https://twitter.com/drb_ra/status/1631485485540319232",
        "https://twitter.com/drb_ra/status/1628218622333136897",
        "https://twitter.com/drb_ra/status/1626674178483970056",
        "https://twitter.com/drb_ra/status/1626650630558257170",
        "https://twitter.com/drb_ra/status/1628523759576514563",
        "https://twitter.com/drb_ra/status/1631519503166189568",
        "https://twitter.com/drb_ra/status/1631519464641445888",
        "https://twitter.com/drb_ra/status/1628459662327554048",
        "https://twitter.com/drb_ra/status/1626553209757089795",
        "https://twitter.com/drb_ra/status/1626672701770194959",
        "https://twitter.com/drb_ra/status/1642506634554384384",
        "https://twitter.com/drb_ra/status/1631519870973083649",
        "https://twitter.com/drb_ra/status/1626673209176121354",
        "https://twitter.com/drb_ra/status/1642628943617327106",
        "https://twitter.com/drb_ra/status/1631632341536735232",
        "https://twitter.com/drb_ra/status/1642505179978137601",
        "https://twitter.com/drb_ra/status/1628459937465528321",
        "https://twitter.com/drb_ra/status/1628460150917935105",
        "https://twitter.com/drb_ra/status/1626589626134851586",
        "https://twitter.com/drb_ra/status/1626643606478983171",
        "https://twitter.com/drb_ra/status/1631519999016812545",
        "https://twitter.com/drb_ra/status/1628460276797276164",
        "https://twitter.com/drb_ra/status/1631520550047694849",
        "https://twitter.com/drb_ra/status/1626640908375453696",
        "https://twitter.com/drb_ra/status/1642454902356975618",
        "https://twitter.com/drb_ra/status/1626647260992835597",
        "https://twitter.com/drb_ra/status/1628379173134761986",
        "https://twitter.com/drb_ra/status/1626587243774377984",
        "https://twitter.com/drb_ra/status/1631741635099762689",
        "https://twitter.com/drb_ra/status/1642504240118505473",
        "https://twitter.com/drb_ra/status/1642625765949710336",
        "https://twitter.com/drb_ra/status/1626407758051278849",
        "https://twitter.com/drb_ra/status/1642506415993487360",
        "https://twitter.com/drb_ra/status/1642504430669946881",
        "https://twitter.com/drb_ra/status/1628416522119938056",
        "https://twitter.com/drb_ra/status/1626589376997388293",
        "https://twitter.com/drb_ra/status/1631490052394975232",
        "https://twitter.com/drb_ra/status/1631741718608347136",
        "https://twitter.com/drb_ra/status/1626642751314968576",
        "https://twitter.com/drb_ra/status/1626644572993425433",
        "https://twitter.com/drb_ra/status/1628460216957140992",
        "Alienvault OTX",
        "https://twitter.com/drb_ra/status/1626642301928759296",
        "https://twitter.com/drb_ra/status/1628358951631745026",
        "https://twitter.com/drb_ra/status/1642387722806386689",
        "https://twitter.com/drb_ra/status/1626673809393606679",
        "https://twitter.com/drb_ra/status/1626587383889293312",
        "https://twitter.com/drb_ra/status/1631631892930781184",
        "https://twitter.com/drb_ra/status/1631519938912329728",
        "https://twitter.com/drb_ra/status/1642627885323124746",
        "https://twitter.com/drb_ra/status/1628218696186429443",
        "https://twitter.com/drb_ra/status/1628532129394003970",
        "https://twitter.com/drb_ra/status/1626654106944213011",
        "https://twitter.com/drb_ra/status/1631520469072355331",
        "https://twitter.com/drb_ra/status/1631633081558859779",
        "https://metro-tmo.com/",
        "https://twitter.com/drb_ra/status/1628528657676353539",
        "https://twitter.com/drb_ra/status/1642507436111060992",
        "https://twitter.com/drb_ra/status/1626587458489192451",
        "Data Analysis",
        "https://twitter.com/drb_ra/status/1642507567795453953",
        "https://twitter.com/drb_ra/status/1631520180927967233",
        "https://twitter.com/drb_ra/status/1626587020603850754",
        "https://twitter.com/drb_ra/status/1628460051173199875",
        "https://twitter.com/drb_ra/status/1631629894319849473",
        "https://twitter.com/drb_ra/status/1626652541319581716",
        "https://twitter.com/drb_ra/status/1626558875712331777",
        "https://twitter.com/drb_ra/status/1642504146916892672",
        "https://twitter.com/drb_ra/status/1626409840267481089",
        "https://twitter.com/drb_ra/status/1631519361344106496",
        "https://twitter.com/drb_ra/status/1631628029095968769",
        "https://twitter.com/drb_ra/status/1631629312339202050",
        "https://twitter.com/drb_ra/status/1626672642353684491",
        "https://twitter.com/drb_ra/status/1642386026625740805",
        "https://twitter.com/drb_ra/status/1628373055134203905",
        "https://twitter.com/drb_ra/status/1631520066381529090",
        "https://twitter.com/drb_ra/status/1631741332522770433",
        "https://twitter.com/drb_ra/status/1642506268400144384",
        "https://twitter.com/drb_ra/status/1642507035500584960",
        "https://twitter.com/drb_ra/status/1628218029866725378",
        "https://twitter.com/drb_ra/status/1642628599596437505",
        "https://twitter.com/drb_ra/status/1628527149048033280",
        "https://twitter.com/drb_ra/status/1628218889539620864",
        "https://twitter.com/drb_ra/status/1628370471606517762",
        "https://twitter.com/drb_ra/status/1631631329778434048",
        "https://twitter.com/drb_ra/status/1631741447882899456",
        "https://twitter.com/drb_ra/status/1626560141104496640",
        "https://twitter.com/drb_ra/status/1626589472585560066",
        "https://twitter.com/drb_ra/status/1628378887062265857",
        "https://twitter.com/drb_ra/status/1626586779062247424",
        "https://twitter.com/drb_ra/status/1642386827309899776",
        "https://twitter.com/drb_ra/status/1642454954915889154",
        "https://twitter.com/drb_ra/status/1642628041804337153",
        "https://twitter.com/drb_ra/status/1626645201866395660",
        "https://twitter.com/drb_ra/status/1626655626074984449",
        "https://twitter.com/drb_ra/status/1642507129108963329",
        "https://twitter.com/drb_ra/status/1626674436467220489",
        "https://twitter.com/drb_ra/status/1631741738313285634",
        "https://twitter.com/drb_ra/status/1626641304758194188",
        "https://twitter.com/drb_ra/status/1631741929821020161",
        "https://twitter.com/drb_ra/status/1631624397491404801",
        "https://twitter.com/drb_ra/status/1642505220285513728",
        "https://twitter.com/drb_ra/status/1642506029412802561",
        "https://twitter.com/drb_ra/status/1631491397177208832",
        "https://twitter.com/drb_ra/status/1631519652424609792",
        "https://twitter.com/drb_ra/status/1628218819914104833",
        "https://twitter.com/drb_ra/status/1628379172375523328",
        "https://twitter.com/drb_ra/status/1626554110693482496",
        "https://twitter.com/drb_ra/status/1626643280988340224",
        "https://twitter.com/drb_ra/status/1631505726064545792",
        "https://twitter.com/drb_ra/status/1631782638443716608",
        "https://twitter.com/drb_ra/status/1628459697991827457",
        "https://twitter.com/drb_ra/status/1626672611949174786",
        "https://twitter.com/drb_ra/status/1642505280708653058",
        "https://twitter.com/drb_ra/status/1642387594569740289",
        "https://twitter.com/drb_ra/status/1642360600096276481",
        "https://twitter.com/drb_ra/status/1642504458767671298",
        "https://twitter.com/drb_ra/status/1642625328869781505",
        "https://twitter.com/drb_ra/status/1642504642322919424",
        "https://twitter.com/drb_ra/status/1631652146176495620",
        "https://twitter.com/drb_ra/status/1628218182010822658",
        "https://twitter.com/drb_ra/status/1626648917751353345",
        "https://twitter.com/drb_ra/status/1628372262632972291",
        "https://twitter.com/drb_ra/status/1642386036285222913",
        "https://twitter.com/drb_ra/status/1642626174877564929",
        "https://twitter.com/drb_ra/status/1631742033168662541",
        "https://twitter.com/drb_ra/status/1631741291166924827",
        "https://twitter.com/drb_ra/status/1628531532913684481",
        "https://twitter.com/drb_ra/status/1631741616334536705",
        "https://twitter.com/drb_ra/status/1628460086761848832",
        "https://twitter.com/drb_ra/status/1626587203903295491",
        "https://twitter.com/drb_ra/status/1642361289346301953",
        "https://twitter.com/drb_ra/status/1626655968418271233",
        "https://twitter.com/drb_ra/status/1626672400166182926",
        "https://twitter.com/drb_ra/status/1642507740567199744",
        "https://twitter.com/drb_ra/status/1628521305317277696",
        "https://twitter.com/drb_ra/status/1631741432468733953",
        "https://twitter.com/drb_ra/status/1626409577452281857",
        "https://twitter.com/drb_ra/status/1626672323376869378",
        "https://twitter.com/drb_ra/status/1628415827019022337",
        "https://twitter.com/drb_ra/status/1642504409144782850",
        "https://twitter.com/drb_ra/status/1628532822335188992",
        "https://twitter.com/drb_ra/status/1628218667665072128",
        "https://twitter.com/drb_ra/status/1631742011794489358",
        "https://twitter.com/drb_ra/status/1628460252424200192",
        "https://twitter.com/drb_ra/status/1631741580204802060",
        "https://twitter.com/drb_ra/status/1628377035654459392",
        "https://twitter.com/drb_ra/status/1626587739570450435",
        "https://twitter.com/drb_ra/status/1642506102305587202",
        "https://twitter.com/drb_ra/status/1631520030771781632",
        "https://twitter.com/drb_ra/status/1642629210677166081",
        "https://twitter.com/drb_ra/status/1628221537848262657",
        "https://twitter.com/drb_ra/status/1626672466582986770",
        "Hybrid Analysis",
        "https://twitter.com/drb_ra/status/1642504193108848644",
        "https://twitter.com/drb_ra/status/1626564430182989824",
        "https://twitter.com/drb_ra/status/1642627827001356290",
        "https://twitter.com/drb_ra/status/1642506986284515330",
        "https://twitter.com/drb_ra/status/1642507154329423874",
        "https://twitter.com/drb_ra/status/1631741826980773889",
        "https://twitter.com/drb_ra/status/1626586846573760512",
        "https://twitter.com/drb_ra/status/1626652362667397126",
        "https://twitter.com/drb_ra/status/1642506945369194496",
        "https://twitter.com/drb_ra/status/1631520135226744832",
        "https://twitter.com/drb_ra/status/1631629011167084545",
        "https://twitter.com/drb_ra/status/1628372639227027457",
        "https://twitter.com/drb_ra/status/1626409600898502657",
        "https://twitter.com/drb_ra/status/1642504580305936389",
        "https://twitter.com/drb_ra/status/1631741252210229250",
        "https://twitter.com/drb_ra/status/1642504318916993024",
        "https://twitter.com/drb_ra/status/1628522133977538563"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [
            "Backdoor:win32/outbreak",
            "Vidar",
            "Backdoor:msil/bladabindi",
            "Irata",
            "Metro",
            "Ramnit",
            "Trojandropper:vbs/swrort",
            "Alf:pua:win32/opencandy",
            "Mimikatz",
            "Trojan:win32/installcore",
            "Pony - s0453",
            "Maltiverse",
            "Trojanspy",
            "Quasar rat",
            "Beach research",
            "Virut",
            "Squirrelwaffle",
            "Blacknet rat",
            "Backdoor:win32/zbot",
            "Alf:trojan:o97m/emotet",
            "Formbook",
            "Suppobox",
            "Virus:dos/metro",
            "Alf:pua:win32/fusioncore",
            "Artemis",
            "Azorult",
            "Cobalt strike - s0154",
            "Trojandownloader:o97m/bazaloader"
          ],
          "industries": [
            "Gas",
            "Entertainment",
            "Food"
          ],
          "unique_indicators": 8836
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/micnosoftupdates.com",
    "whois": "http://whois.domaintools.com/micnosoftupdates.com",
    "domain": "micnosoftupdates.com",
    "hostname": "winlog02.micnosoftupdates.com"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 11,
  "pulses": [
    {
      "id": "69e1d9cd805ecfc463bed935",
      "name": "BlackNet RAT clone credit octoseek",
      "description": "",
      "modified": "2026-04-18T00:51:09.427000",
      "created": "2026-04-17T06:57:17.378000",
      "tags": [
        "united",
        "heur",
        "bank",
        "covid19 scam",
        "anonymizer",
        "malicious site",
        "telefonica peru",
        "cyber threat",
        "proxy",
        "malware",
        "phishing",
        "zbot",
        "suppobox",
        "team",
        "trojanx",
        "service",
        "facebook",
        "win64",
        "trojan",
        "artemis",
        "cisco umbrella",
        "site",
        "alexa top",
        "million",
        "safe site",
        "engineering",
        "download",
        "microsoft",
        "generic",
        "union",
        "bazaloader",
        "media",
        "runescape",
        "blacklist https",
        "generic malware",
        "metro",
        "tmobile",
        "on us",
        "mls season",
        "home internet",
        "shop",
        "autopay",
        "free",
        "metro store",
        "limit",
        "pass",
        "close",
        "galaxy",
        "easy",
        "back",
        "stream",
        "find",
        "twitter",
        "intnavfnav",
        "conditions",
        "service url",
        "search live",
        "api blog",
        "docs pricing",
        "september",
        "instagram url",
        "facebook url",
        "value",
        "variables",
        "visitor object",
        "alpine object",
        "cookies",
        "taq boolean",
        "get h2",
        "kb script",
        "b xhr",
        "post h2",
        "frame",
        "b image",
        "kb image",
        "redirect chain",
        "frame c0bc",
        "kb stylesheet",
        "covid19",
        "phishing site",
        "malicious",
        "cve201711882",
        "cobalt strike",
        "squirrelwaffle",
        "pony",
        "binder",
        "virut",
        "ramnit",
        "dropper",
        "formbook",
        "azorult",
        "bambernek",
        "alexa",
        "unsafe",
        "opencandy",
        "downldr",
        "irata",
        "dbatloader",
        "vidar",
        "outbreak",
        "downloader",
        "blocker",
        "ransom",
        "autoit",
        "bladabindi",
        "emotet",
        "blacknet rat",
        "stealer",
        "presenoker",
        "fusioncore",
        "cleaner",
        "wacatac",
        "riskware",
        "coinminer",
        "xrat",
        "swrort",
        "installcore",
        "trojanspy",
        "mbydkqdhtu0h",
        "pbiptbmvd0k4",
        "pbzpdldtg",
        "detection list",
        "glelexoputyh",
        "linkid252669",
        "s2okorbdpt2x",
        "el9km",
        "mtap2vnnnpj",
        "blacklist",
        "x22x22",
        "x22scriptx22",
        "x22dntx22",
        "date",
        "u002d2",
        "linkcode u002d",
        "srclang",
        "urllang",
        "srcurl",
        "qzid",
        "pattern match",
        "intnavtnav",
        "q0o0mahttp",
        "login",
        "windows nt",
        "bad traffic",
        "et info",
        "tls handshake",
        "failure",
        "http traffic",
        "http",
        "suricata alerts",
        "event category",
        "description sid",
        "external",
        "logo",
        "av detection",
        "default browser",
        "guest system",
        "professional",
        "general",
        "file",
        "get fwlink",
        "geckohost",
        "suidm",
        "edgev1",
        "srchdafnoform",
        "srchuidv2",
        "edgesf1",
        "malware site",
        "agent",
        "exploit",
        "mimikatz",
        "quasar rat",
        "iframe",
        "beach research",
        "sgeneric",
        "static engine",
        "umbrella",
        "malware service",
        "exploit source",
        "scanning host",
        "Command and Control",
        "malicious url",
        "team malicious",
        "tor known",
        "tor relayrouter",
        "exit",
        "node tcp",
        "traffic",
        "bad traffic"
      ],
      "references": [
        "https://metro-tmo.com/",
        "Hybrid Analysis",
        "Alienvault OTX",
        "Data Analysis"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America",
        "South Africa",
        "Japan"
      ],
      "malware_families": [
        {
          "id": "TrojanDownloader:O97M/BazaLoader",
          "display_name": "TrojanDownloader:O97M/BazaLoader",
          "target": "/malware/TrojanDownloader:O97M/BazaLoader"
        },
        {
          "id": "SuppoBox",
          "display_name": "SuppoBox",
          "target": null
        },
        {
          "id": "Backdoor:Win32/Zbot",
          "display_name": "Backdoor:Win32/Zbot",
          "target": "/malware/Backdoor:Win32/Zbot"
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        },
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "Beach Research",
          "display_name": "Beach Research",
          "target": null
        },
        {
          "id": "BlackNET RAT",
          "display_name": "BlackNET RAT",
          "target": null
        },
        {
          "id": "Backdoor:MSIL/Bladabindi",
          "display_name": "Backdoor:MSIL/Bladabindi",
          "target": "/malware/Backdoor:MSIL/Bladabindi"
        },
        {
          "id": "FormBook",
          "display_name": "FormBook",
          "target": null
        },
        {
          "id": "MimiKatz",
          "display_name": "MimiKatz",
          "target": null
        },
        {
          "id": "Squirrelwaffle",
          "display_name": "Squirrelwaffle",
          "target": null
        },
        {
          "id": "Pony - S0453",
          "display_name": "Pony - S0453",
          "target": null
        },
        {
          "id": "TrojanDropper:VBS/Swrort",
          "display_name": "TrojanDropper:VBS/Swrort",
          "target": "/malware/TrojanDropper:VBS/Swrort"
        },
        {
          "id": "Quasar RAT",
          "display_name": "Quasar RAT",
          "target": null
        },
        {
          "id": "Virus:DOS/Metro",
          "display_name": "Virus:DOS/Metro",
          "target": "/malware/Virus:DOS/Metro"
        },
        {
          "id": "Metro",
          "display_name": "Metro",
          "target": null
        },
        {
          "id": "Virut",
          "display_name": "Virut",
          "target": null
        },
        {
          "id": "Vidar",
          "display_name": "Vidar",
          "target": null
        },
        {
          "id": "AZORult",
          "display_name": "AZORult",
          "target": null
        },
        {
          "id": "Ramnit",
          "display_name": "Ramnit",
          "target": null
        },
        {
          "id": "Backdoor:Win32/Outbreak",
          "display_name": "Backdoor:Win32/Outbreak",
          "target": "/malware/Backdoor:Win32/Outbreak"
        },
        {
          "id": "ALF:PUA:Win32/OpenCandy",
          "display_name": "ALF:PUA:Win32/OpenCandy",
          "target": null
        },
        {
          "id": "IRATA",
          "display_name": "IRATA",
          "target": null
        },
        {
          "id": "Artemis",
          "display_name": "Artemis",
          "target": null
        },
        {
          "id": "Cobalt Strike - S0154",
          "display_name": "Cobalt Strike - S0154",
          "target": null
        },
        {
          "id": "ALF:PUA:Win32/FusionCore",
          "display_name": "ALF:PUA:Win32/FusionCore",
          "target": null
        },
        {
          "id": "ALF:Trojan:O97M/Emotet",
          "display_name": "ALF:Trojan:O97M/Emotet",
          "target": null
        },
        {
          "id": "Trojan:Win32/InstallCore",
          "display_name": "Trojan:Win32/InstallCore",
          "target": "/malware/Trojan:Win32/InstallCore"
        }
      ],
      "attack_ids": [
        {
          "id": "T1550",
          "name": "Use Alternate Authentication Material",
          "display_name": "T1550 - Use Alternate Authentication Material"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1059.007",
          "name": "JavaScript",
          "display_name": "T1059.007 - JavaScript"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1071.003",
          "name": "Mail Protocols",
          "display_name": "T1071.003 - Mail Protocols"
        },
        {
          "id": "T1071.001",
          "name": "Web Protocols",
          "display_name": "T1071.001 - Web Protocols"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        }
      ],
      "industries": [
        "Food",
        "Gas",
        "Entertainment"
      ],
      "TLP": "white",
      "cloned_from": "650d0c66e0b02a6dde4a8b7a",
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 781,
        "FileHash-SHA256": 3085,
        "domain": 528,
        "URL": 3130,
        "CVE": 6,
        "FileHash-MD5": 610,
        "FileHash-SHA1": 368
      },
      "indicator_count": 8508,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 49,
      "modified_text": "1 day ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6570a5cb329096398f3411f4",
      "name": "Virus:DOS/Metro",
      "description": "",
      "modified": "2023-12-06T16:48:11.311000",
      "created": "2023-12-06T16:48:11.311000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 8,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "StreamMiningEx",
        "id": "262917",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CVE": 6,
        "FileHash-SHA256": 3085,
        "hostname": 780,
        "domain": 527,
        "FileHash-MD5": 610,
        "FileHash-SHA1": 368,
        "URL": 3128
      },
      "indicator_count": 8504,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 110,
      "modified_text": "865 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6570a5ba6d66424b1992092e",
      "name": "BlackNet RAT",
      "description": "",
      "modified": "2023-12-06T16:47:54.897000",
      "created": "2023-12-06T16:47:54.897000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 8,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "StreamMiningEx",
        "id": "262917",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CVE": 6,
        "FileHash-SHA256": 3085,
        "hostname": 780,
        "domain": 527,
        "FileHash-MD5": 610,
        "FileHash-SHA1": 368,
        "URL": 3128
      },
      "indicator_count": 8504,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 111,
      "modified_text": "865 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6570a5b2ff4216fe9cd82624",
      "name": "Metro T-Mobile Command & Control. Cyber Threat",
      "description": "",
      "modified": "2023-12-06T16:47:46.826000",
      "created": "2023-12-06T16:47:46.826000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 8,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "StreamMiningEx",
        "id": "262917",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CVE": 6,
        "FileHash-SHA256": 3085,
        "hostname": 780,
        "domain": 527,
        "FileHash-MD5": 610,
        "FileHash-SHA1": 368,
        "URL": 3128
      },
      "indicator_count": 8504,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 110,
      "modified_text": "865 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "650d0c39523aa8a52fdb1fa1",
      "name": "Metro T-Mobile Command & Control. Cyber Threat",
      "description": "",
      "modified": "2023-10-21T23:02:19.178000",
      "created": "2023-09-22T03:38:33.405000",
      "tags": [
        "united",
        "heur",
        "bank",
        "covid19 scam",
        "anonymizer",
        "malicious site",
        "telefonica peru",
        "cyber threat",
        "proxy",
        "malware",
        "phishing",
        "zbot",
        "suppobox",
        "team",
        "trojanx",
        "service",
        "facebook",
        "win64",
        "trojan",
        "artemis",
        "cisco umbrella",
        "site",
        "alexa top",
        "million",
        "safe site",
        "engineering",
        "download",
        "microsoft",
        "generic",
        "union",
        "bazaloader",
        "media",
        "runescape",
        "blacklist https",
        "generic malware",
        "metro",
        "tmobile",
        "on us",
        "mls season",
        "home internet",
        "shop",
        "autopay",
        "free",
        "metro store",
        "limit",
        "pass",
        "close",
        "galaxy",
        "easy",
        "back",
        "stream",
        "find",
        "twitter",
        "intnavfnav",
        "conditions",
        "service url",
        "search live",
        "api blog",
        "docs pricing",
        "september",
        "instagram url",
        "facebook url",
        "value",
        "variables",
        "visitor object",
        "alpine object",
        "cookies",
        "taq boolean",
        "get h2",
        "kb script",
        "b xhr",
        "post h2",
        "frame",
        "b image",
        "kb image",
        "redirect chain",
        "frame c0bc",
        "kb stylesheet",
        "covid19",
        "phishing site",
        "malicious",
        "cve201711882",
        "cobalt strike",
        "squirrelwaffle",
        "pony",
        "binder",
        "virut",
        "ramnit",
        "dropper",
        "formbook",
        "azorult",
        "bambernek",
        "alexa",
        "unsafe",
        "opencandy",
        "downldr",
        "irata",
        "dbatloader",
        "vidar",
        "outbreak",
        "downloader",
        "blocker",
        "ransom",
        "autoit",
        "bladabindi",
        "emotet",
        "blacknet rat",
        "stealer",
        "presenoker",
        "fusioncore",
        "cleaner",
        "wacatac",
        "riskware",
        "coinminer",
        "xrat",
        "swrort",
        "installcore",
        "trojanspy",
        "mbydkqdhtu0h",
        "pbiptbmvd0k4",
        "pbzpdldtg",
        "detection list",
        "glelexoputyh",
        "linkid252669",
        "s2okorbdpt2x",
        "el9km",
        "mtap2vnnnpj",
        "blacklist",
        "x22x22",
        "x22scriptx22",
        "x22dntx22",
        "date",
        "u002d2",
        "linkcode u002d",
        "srclang",
        "urllang",
        "srcurl",
        "qzid",
        "pattern match",
        "intnavtnav",
        "q0o0mahttp",
        "login",
        "windows nt",
        "bad traffic",
        "et info",
        "tls handshake",
        "failure",
        "http traffic",
        "http",
        "suricata alerts",
        "event category",
        "description sid",
        "external",
        "logo",
        "av detection",
        "default browser",
        "guest system",
        "professional",
        "general",
        "file",
        "get fwlink",
        "geckohost",
        "suidm",
        "edgev1",
        "srchdafnoform",
        "srchuidv2",
        "edgesf1",
        "malware site",
        "agent",
        "exploit",
        "mimikatz",
        "quasar rat",
        "iframe",
        "beach research",
        "sgeneric",
        "static engine",
        "umbrella",
        "malware service",
        "exploit source",
        "scanning host",
        "Command and Control",
        "malicious url",
        "team malicious",
        "tor known",
        "tor relayrouter",
        "exit",
        "node tcp",
        "traffic",
        "bad traffic"
      ],
      "references": [
        "https://metro-tmo.com/",
        "Hybrid Analysis",
        "Alienvault OTX",
        "Data Analysis"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America",
        "South Africa",
        "Japan"
      ],
      "malware_families": [
        {
          "id": "TrojanDownloader:O97M/BazaLoader",
          "display_name": "TrojanDownloader:O97M/BazaLoader",
          "target": "/malware/TrojanDownloader:O97M/BazaLoader"
        },
        {
          "id": "SuppoBox",
          "display_name": "SuppoBox",
          "target": null
        },
        {
          "id": "Backdoor:Win32/Zbot",
          "display_name": "Backdoor:Win32/Zbot",
          "target": "/malware/Backdoor:Win32/Zbot"
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        },
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "Beach Research",
          "display_name": "Beach Research",
          "target": null
        },
        {
          "id": "BlackNET RAT",
          "display_name": "BlackNET RAT",
          "target": null
        },
        {
          "id": "Backdoor:MSIL/Bladabindi",
          "display_name": "Backdoor:MSIL/Bladabindi",
          "target": "/malware/Backdoor:MSIL/Bladabindi"
        },
        {
          "id": "FormBook",
          "display_name": "FormBook",
          "target": null
        },
        {
          "id": "MimiKatz",
          "display_name": "MimiKatz",
          "target": null
        },
        {
          "id": "Squirrelwaffle",
          "display_name": "Squirrelwaffle",
          "target": null
        },
        {
          "id": "Pony - S0453",
          "display_name": "Pony - S0453",
          "target": null
        },
        {
          "id": "TrojanDropper:VBS/Swrort",
          "display_name": "TrojanDropper:VBS/Swrort",
          "target": "/malware/TrojanDropper:VBS/Swrort"
        },
        {
          "id": "Quasar RAT",
          "display_name": "Quasar RAT",
          "target": null
        },
        {
          "id": "Virus:DOS/Metro",
          "display_name": "Virus:DOS/Metro",
          "target": "/malware/Virus:DOS/Metro"
        },
        {
          "id": "Metro",
          "display_name": "Metro",
          "target": null
        },
        {
          "id": "Virut",
          "display_name": "Virut",
          "target": null
        },
        {
          "id": "Vidar",
          "display_name": "Vidar",
          "target": null
        },
        {
          "id": "AZORult",
          "display_name": "AZORult",
          "target": null
        },
        {
          "id": "Ramnit",
          "display_name": "Ramnit",
          "target": null
        },
        {
          "id": "Backdoor:Win32/Outbreak",
          "display_name": "Backdoor:Win32/Outbreak",
          "target": "/malware/Backdoor:Win32/Outbreak"
        },
        {
          "id": "ALF:PUA:Win32/OpenCandy",
          "display_name": "ALF:PUA:Win32/OpenCandy",
          "target": null
        },
        {
          "id": "IRATA",
          "display_name": "IRATA",
          "target": null
        },
        {
          "id": "Artemis",
          "display_name": "Artemis",
          "target": null
        },
        {
          "id": "Cobalt Strike - S0154",
          "display_name": "Cobalt Strike - S0154",
          "target": null
        },
        {
          "id": "ALF:PUA:Win32/FusionCore",
          "display_name": "ALF:PUA:Win32/FusionCore",
          "target": null
        },
        {
          "id": "ALF:Trojan:O97M/Emotet",
          "display_name": "ALF:Trojan:O97M/Emotet",
          "target": null
        },
        {
          "id": "Trojan:Win32/InstallCore",
          "display_name": "Trojan:Win32/InstallCore",
          "target": "/malware/Trojan:Win32/InstallCore"
        }
      ],
      "attack_ids": [
        {
          "id": "T1550",
          "name": "Use Alternate Authentication Material",
          "display_name": "T1550 - Use Alternate Authentication Material"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1059.007",
          "name": "JavaScript",
          "display_name": "T1059.007 - JavaScript"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1071.003",
          "name": "Mail Protocols",
          "display_name": "T1071.003 - Mail Protocols"
        },
        {
          "id": "T1071.001",
          "name": "Web Protocols",
          "display_name": "T1071.001 - Web Protocols"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        }
      ],
      "industries": [
        "Food",
        "Gas",
        "Entertainment"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 40,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 780,
        "FileHash-SHA256": 3085,
        "domain": 527,
        "URL": 3128,
        "CVE": 6,
        "FileHash-MD5": 610,
        "FileHash-SHA1": 368
      },
      "indicator_count": 8504,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 218,
      "modified_text": "910 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "650d0c66e0b02a6dde4a8b7a",
      "name": "BlackNet RAT",
      "description": "",
      "modified": "2023-10-21T23:02:19.178000",
      "created": "2023-09-22T03:39:18.306000",
      "tags": [
        "united",
        "heur",
        "bank",
        "covid19 scam",
        "anonymizer",
        "malicious site",
        "telefonica peru",
        "cyber threat",
        "proxy",
        "malware",
        "phishing",
        "zbot",
        "suppobox",
        "team",
        "trojanx",
        "service",
        "facebook",
        "win64",
        "trojan",
        "artemis",
        "cisco umbrella",
        "site",
        "alexa top",
        "million",
        "safe site",
        "engineering",
        "download",
        "microsoft",
        "generic",
        "union",
        "bazaloader",
        "media",
        "runescape",
        "blacklist https",
        "generic malware",
        "metro",
        "tmobile",
        "on us",
        "mls season",
        "home internet",
        "shop",
        "autopay",
        "free",
        "metro store",
        "limit",
        "pass",
        "close",
        "galaxy",
        "easy",
        "back",
        "stream",
        "find",
        "twitter",
        "intnavfnav",
        "conditions",
        "service url",
        "search live",
        "api blog",
        "docs pricing",
        "september",
        "instagram url",
        "facebook url",
        "value",
        "variables",
        "visitor object",
        "alpine object",
        "cookies",
        "taq boolean",
        "get h2",
        "kb script",
        "b xhr",
        "post h2",
        "frame",
        "b image",
        "kb image",
        "redirect chain",
        "frame c0bc",
        "kb stylesheet",
        "covid19",
        "phishing site",
        "malicious",
        "cve201711882",
        "cobalt strike",
        "squirrelwaffle",
        "pony",
        "binder",
        "virut",
        "ramnit",
        "dropper",
        "formbook",
        "azorult",
        "bambernek",
        "alexa",
        "unsafe",
        "opencandy",
        "downldr",
        "irata",
        "dbatloader",
        "vidar",
        "outbreak",
        "downloader",
        "blocker",
        "ransom",
        "autoit",
        "bladabindi",
        "emotet",
        "blacknet rat",
        "stealer",
        "presenoker",
        "fusioncore",
        "cleaner",
        "wacatac",
        "riskware",
        "coinminer",
        "xrat",
        "swrort",
        "installcore",
        "trojanspy",
        "mbydkqdhtu0h",
        "pbiptbmvd0k4",
        "pbzpdldtg",
        "detection list",
        "glelexoputyh",
        "linkid252669",
        "s2okorbdpt2x",
        "el9km",
        "mtap2vnnnpj",
        "blacklist",
        "x22x22",
        "x22scriptx22",
        "x22dntx22",
        "date",
        "u002d2",
        "linkcode u002d",
        "srclang",
        "urllang",
        "srcurl",
        "qzid",
        "pattern match",
        "intnavtnav",
        "q0o0mahttp",
        "login",
        "windows nt",
        "bad traffic",
        "et info",
        "tls handshake",
        "failure",
        "http traffic",
        "http",
        "suricata alerts",
        "event category",
        "description sid",
        "external",
        "logo",
        "av detection",
        "default browser",
        "guest system",
        "professional",
        "general",
        "file",
        "get fwlink",
        "geckohost",
        "suidm",
        "edgev1",
        "srchdafnoform",
        "srchuidv2",
        "edgesf1",
        "malware site",
        "agent",
        "exploit",
        "mimikatz",
        "quasar rat",
        "iframe",
        "beach research",
        "sgeneric",
        "static engine",
        "umbrella",
        "malware service",
        "exploit source",
        "scanning host",
        "Command and Control",
        "malicious url",
        "team malicious",
        "tor known",
        "tor relayrouter",
        "exit",
        "node tcp",
        "traffic",
        "bad traffic"
      ],
      "references": [
        "https://metro-tmo.com/",
        "Hybrid Analysis",
        "Alienvault OTX",
        "Data Analysis"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America",
        "South Africa",
        "Japan"
      ],
      "malware_families": [
        {
          "id": "TrojanDownloader:O97M/BazaLoader",
          "display_name": "TrojanDownloader:O97M/BazaLoader",
          "target": "/malware/TrojanDownloader:O97M/BazaLoader"
        },
        {
          "id": "SuppoBox",
          "display_name": "SuppoBox",
          "target": null
        },
        {
          "id": "Backdoor:Win32/Zbot",
          "display_name": "Backdoor:Win32/Zbot",
          "target": "/malware/Backdoor:Win32/Zbot"
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        },
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "Beach Research",
          "display_name": "Beach Research",
          "target": null
        },
        {
          "id": "BlackNET RAT",
          "display_name": "BlackNET RAT",
          "target": null
        },
        {
          "id": "Backdoor:MSIL/Bladabindi",
          "display_name": "Backdoor:MSIL/Bladabindi",
          "target": "/malware/Backdoor:MSIL/Bladabindi"
        },
        {
          "id": "FormBook",
          "display_name": "FormBook",
          "target": null
        },
        {
          "id": "MimiKatz",
          "display_name": "MimiKatz",
          "target": null
        },
        {
          "id": "Squirrelwaffle",
          "display_name": "Squirrelwaffle",
          "target": null
        },
        {
          "id": "Pony - S0453",
          "display_name": "Pony - S0453",
          "target": null
        },
        {
          "id": "TrojanDropper:VBS/Swrort",
          "display_name": "TrojanDropper:VBS/Swrort",
          "target": "/malware/TrojanDropper:VBS/Swrort"
        },
        {
          "id": "Quasar RAT",
          "display_name": "Quasar RAT",
          "target": null
        },
        {
          "id": "Virus:DOS/Metro",
          "display_name": "Virus:DOS/Metro",
          "target": "/malware/Virus:DOS/Metro"
        },
        {
          "id": "Metro",
          "display_name": "Metro",
          "target": null
        },
        {
          "id": "Virut",
          "display_name": "Virut",
          "target": null
        },
        {
          "id": "Vidar",
          "display_name": "Vidar",
          "target": null
        },
        {
          "id": "AZORult",
          "display_name": "AZORult",
          "target": null
        },
        {
          "id": "Ramnit",
          "display_name": "Ramnit",
          "target": null
        },
        {
          "id": "Backdoor:Win32/Outbreak",
          "display_name": "Backdoor:Win32/Outbreak",
          "target": "/malware/Backdoor:Win32/Outbreak"
        },
        {
          "id": "ALF:PUA:Win32/OpenCandy",
          "display_name": "ALF:PUA:Win32/OpenCandy",
          "target": null
        },
        {
          "id": "IRATA",
          "display_name": "IRATA",
          "target": null
        },
        {
          "id": "Artemis",
          "display_name": "Artemis",
          "target": null
        },
        {
          "id": "Cobalt Strike - S0154",
          "display_name": "Cobalt Strike - S0154",
          "target": null
        },
        {
          "id": "ALF:PUA:Win32/FusionCore",
          "display_name": "ALF:PUA:Win32/FusionCore",
          "target": null
        },
        {
          "id": "ALF:Trojan:O97M/Emotet",
          "display_name": "ALF:Trojan:O97M/Emotet",
          "target": null
        },
        {
          "id": "Trojan:Win32/InstallCore",
          "display_name": "Trojan:Win32/InstallCore",
          "target": "/malware/Trojan:Win32/InstallCore"
        }
      ],
      "attack_ids": [
        {
          "id": "T1550",
          "name": "Use Alternate Authentication Material",
          "display_name": "T1550 - Use Alternate Authentication Material"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1059.007",
          "name": "JavaScript",
          "display_name": "T1059.007 - JavaScript"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1071.003",
          "name": "Mail Protocols",
          "display_name": "T1071.003 - Mail Protocols"
        },
        {
          "id": "T1071.001",
          "name": "Web Protocols",
          "display_name": "T1071.001 - Web Protocols"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        }
      ],
      "industries": [
        "Food",
        "Gas",
        "Entertainment"
      ],
      "TLP": "white",
      "cloned_from": "650d0c39523aa8a52fdb1fa1",
      "export_count": 41,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 780,
        "FileHash-SHA256": 3085,
        "domain": 527,
        "URL": 3128,
        "CVE": 6,
        "FileHash-MD5": 610,
        "FileHash-SHA1": 368
      },
      "indicator_count": 8504,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 219,
      "modified_text": "910 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "650d0c8adc78d892cadd250a",
      "name": "Virus:DOS/Metro",
      "description": "",
      "modified": "2023-10-21T23:02:19.178000",
      "created": "2023-09-22T03:39:54.432000",
      "tags": [
        "united",
        "heur",
        "bank",
        "covid19 scam",
        "anonymizer",
        "malicious site",
        "telefonica peru",
        "cyber threat",
        "proxy",
        "malware",
        "phishing",
        "zbot",
        "suppobox",
        "team",
        "trojanx",
        "service",
        "facebook",
        "win64",
        "trojan",
        "artemis",
        "cisco umbrella",
        "site",
        "alexa top",
        "million",
        "safe site",
        "engineering",
        "download",
        "microsoft",
        "generic",
        "union",
        "bazaloader",
        "media",
        "runescape",
        "blacklist https",
        "generic malware",
        "metro",
        "tmobile",
        "on us",
        "mls season",
        "home internet",
        "shop",
        "autopay",
        "free",
        "metro store",
        "limit",
        "pass",
        "close",
        "galaxy",
        "easy",
        "back",
        "stream",
        "find",
        "twitter",
        "intnavfnav",
        "conditions",
        "service url",
        "search live",
        "api blog",
        "docs pricing",
        "september",
        "instagram url",
        "facebook url",
        "value",
        "variables",
        "visitor object",
        "alpine object",
        "cookies",
        "taq boolean",
        "get h2",
        "kb script",
        "b xhr",
        "post h2",
        "frame",
        "b image",
        "kb image",
        "redirect chain",
        "frame c0bc",
        "kb stylesheet",
        "covid19",
        "phishing site",
        "malicious",
        "cve201711882",
        "cobalt strike",
        "squirrelwaffle",
        "pony",
        "binder",
        "virut",
        "ramnit",
        "dropper",
        "formbook",
        "azorult",
        "bambernek",
        "alexa",
        "unsafe",
        "opencandy",
        "downldr",
        "irata",
        "dbatloader",
        "vidar",
        "outbreak",
        "downloader",
        "blocker",
        "ransom",
        "autoit",
        "bladabindi",
        "emotet",
        "blacknet rat",
        "stealer",
        "presenoker",
        "fusioncore",
        "cleaner",
        "wacatac",
        "riskware",
        "coinminer",
        "xrat",
        "swrort",
        "installcore",
        "trojanspy",
        "mbydkqdhtu0h",
        "pbiptbmvd0k4",
        "pbzpdldtg",
        "detection list",
        "glelexoputyh",
        "linkid252669",
        "s2okorbdpt2x",
        "el9km",
        "mtap2vnnnpj",
        "blacklist",
        "x22x22",
        "x22scriptx22",
        "x22dntx22",
        "date",
        "u002d2",
        "linkcode u002d",
        "srclang",
        "urllang",
        "srcurl",
        "qzid",
        "pattern match",
        "intnavtnav",
        "q0o0mahttp",
        "login",
        "windows nt",
        "bad traffic",
        "et info",
        "tls handshake",
        "failure",
        "http traffic",
        "http",
        "suricata alerts",
        "event category",
        "description sid",
        "external",
        "logo",
        "av detection",
        "default browser",
        "guest system",
        "professional",
        "general",
        "file",
        "get fwlink",
        "geckohost",
        "suidm",
        "edgev1",
        "srchdafnoform",
        "srchuidv2",
        "edgesf1",
        "malware site",
        "agent",
        "exploit",
        "mimikatz",
        "quasar rat",
        "iframe",
        "beach research",
        "sgeneric",
        "static engine",
        "umbrella",
        "malware service",
        "exploit source",
        "scanning host",
        "Command and Control",
        "malicious url",
        "team malicious",
        "tor known",
        "tor relayrouter",
        "exit",
        "node tcp",
        "traffic",
        "bad traffic"
      ],
      "references": [
        "https://metro-tmo.com/",
        "Hybrid Analysis",
        "Alienvault OTX",
        "Data Analysis"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America",
        "South Africa",
        "Japan"
      ],
      "malware_families": [
        {
          "id": "TrojanDownloader:O97M/BazaLoader",
          "display_name": "TrojanDownloader:O97M/BazaLoader",
          "target": "/malware/TrojanDownloader:O97M/BazaLoader"
        },
        {
          "id": "SuppoBox",
          "display_name": "SuppoBox",
          "target": null
        },
        {
          "id": "Backdoor:Win32/Zbot",
          "display_name": "Backdoor:Win32/Zbot",
          "target": "/malware/Backdoor:Win32/Zbot"
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        },
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "Beach Research",
          "display_name": "Beach Research",
          "target": null
        },
        {
          "id": "BlackNET RAT",
          "display_name": "BlackNET RAT",
          "target": null
        },
        {
          "id": "Backdoor:MSIL/Bladabindi",
          "display_name": "Backdoor:MSIL/Bladabindi",
          "target": "/malware/Backdoor:MSIL/Bladabindi"
        },
        {
          "id": "FormBook",
          "display_name": "FormBook",
          "target": null
        },
        {
          "id": "MimiKatz",
          "display_name": "MimiKatz",
          "target": null
        },
        {
          "id": "Squirrelwaffle",
          "display_name": "Squirrelwaffle",
          "target": null
        },
        {
          "id": "Pony - S0453",
          "display_name": "Pony - S0453",
          "target": null
        },
        {
          "id": "TrojanDropper:VBS/Swrort",
          "display_name": "TrojanDropper:VBS/Swrort",
          "target": "/malware/TrojanDropper:VBS/Swrort"
        },
        {
          "id": "Quasar RAT",
          "display_name": "Quasar RAT",
          "target": null
        },
        {
          "id": "Virus:DOS/Metro",
          "display_name": "Virus:DOS/Metro",
          "target": "/malware/Virus:DOS/Metro"
        },
        {
          "id": "Metro",
          "display_name": "Metro",
          "target": null
        },
        {
          "id": "Virut",
          "display_name": "Virut",
          "target": null
        },
        {
          "id": "Vidar",
          "display_name": "Vidar",
          "target": null
        },
        {
          "id": "AZORult",
          "display_name": "AZORult",
          "target": null
        },
        {
          "id": "Ramnit",
          "display_name": "Ramnit",
          "target": null
        },
        {
          "id": "Backdoor:Win32/Outbreak",
          "display_name": "Backdoor:Win32/Outbreak",
          "target": "/malware/Backdoor:Win32/Outbreak"
        },
        {
          "id": "ALF:PUA:Win32/OpenCandy",
          "display_name": "ALF:PUA:Win32/OpenCandy",
          "target": null
        },
        {
          "id": "IRATA",
          "display_name": "IRATA",
          "target": null
        },
        {
          "id": "Artemis",
          "display_name": "Artemis",
          "target": null
        },
        {
          "id": "Cobalt Strike - S0154",
          "display_name": "Cobalt Strike - S0154",
          "target": null
        },
        {
          "id": "ALF:PUA:Win32/FusionCore",
          "display_name": "ALF:PUA:Win32/FusionCore",
          "target": null
        },
        {
          "id": "ALF:Trojan:O97M/Emotet",
          "display_name": "ALF:Trojan:O97M/Emotet",
          "target": null
        },
        {
          "id": "Trojan:Win32/InstallCore",
          "display_name": "Trojan:Win32/InstallCore",
          "target": "/malware/Trojan:Win32/InstallCore"
        }
      ],
      "attack_ids": [
        {
          "id": "T1550",
          "name": "Use Alternate Authentication Material",
          "display_name": "T1550 - Use Alternate Authentication Material"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1059.007",
          "name": "JavaScript",
          "display_name": "T1059.007 - JavaScript"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1071.003",
          "name": "Mail Protocols",
          "display_name": "T1071.003 - Mail Protocols"
        },
        {
          "id": "T1071.001",
          "name": "Web Protocols",
          "display_name": "T1071.001 - Web Protocols"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        }
      ],
      "industries": [
        "Food",
        "Gas",
        "Entertainment"
      ],
      "TLP": "white",
      "cloned_from": "650d0c66e0b02a6dde4a8b7a",
      "export_count": 41,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 780,
        "FileHash-SHA256": 3085,
        "domain": 527,
        "URL": 3128,
        "CVE": 6,
        "FileHash-MD5": 610,
        "FileHash-SHA1": 368
      },
      "indicator_count": 8504,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 221,
      "modified_text": "910 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "642a0daf35f2248868520cf9",
      "name": "Twitter Feed - drb_ra - 02-04-2023",
      "description": "",
      "modified": "2023-05-02T23:04:51.566000",
      "created": "2023-04-02T23:20:15.429000",
      "tags": [
        "CobaltStrike"
      ],
      "references": [
        "https://twitter.com/drb_ra/status/1642360600096276481",
        "https://twitter.com/drb_ra/status/1642361289346301953",
        "https://twitter.com/drb_ra/status/1642386026625740805",
        "https://twitter.com/drb_ra/status/1642386036285222913",
        "https://twitter.com/drb_ra/status/1642386827309899776",
        "https://twitter.com/drb_ra/status/1642387594569740289",
        "https://twitter.com/drb_ra/status/1642387722806386689",
        "https://twitter.com/drb_ra/status/1642454902356975618",
        "https://twitter.com/drb_ra/status/1642454954915889154",
        "https://twitter.com/drb_ra/status/1642455010729418752",
        "https://twitter.com/drb_ra/status/1642504146916892672",
        "https://twitter.com/drb_ra/status/1642504193108848644",
        "https://twitter.com/drb_ra/status/1642504240118505473",
        "https://twitter.com/drb_ra/status/1642504318916993024",
        "https://twitter.com/drb_ra/status/1642504409144782850",
        "https://twitter.com/drb_ra/status/1642504430669946881",
        "https://twitter.com/drb_ra/status/1642504458767671298",
        "https://twitter.com/drb_ra/status/1642504580305936389",
        "https://twitter.com/drb_ra/status/1642504642322919424",
        "https://twitter.com/drb_ra/status/1642505179978137601",
        "https://twitter.com/drb_ra/status/1642505220285513728",
        "https://twitter.com/drb_ra/status/1642505280708653058",
        "https://twitter.com/drb_ra/status/1642506029412802561",
        "https://twitter.com/drb_ra/status/1642506102305587202",
        "https://twitter.com/drb_ra/status/1642506268400144384",
        "https://twitter.com/drb_ra/status/1642506415993487360",
        "https://twitter.com/drb_ra/status/1642506634554384384",
        "https://twitter.com/drb_ra/status/1642506945369194496",
        "https://twitter.com/drb_ra/status/1642506986284515330",
        "https://twitter.com/drb_ra/status/1642507035500584960",
        "https://twitter.com/drb_ra/status/1642507129108963329",
        "https://twitter.com/drb_ra/status/1642507154329423874",
        "https://twitter.com/drb_ra/status/1642507436111060992",
        "https://twitter.com/drb_ra/status/1642507567795453953",
        "https://twitter.com/drb_ra/status/1642507740567199744",
        "https://twitter.com/drb_ra/status/1642625328869781505",
        "https://twitter.com/drb_ra/status/1642625765949710336",
        "https://twitter.com/drb_ra/status/1642626174877564929",
        "https://twitter.com/drb_ra/status/1642626783060152331",
        "https://twitter.com/drb_ra/status/1642627827001356290",
        "https://twitter.com/drb_ra/status/1642627885323124746",
        "https://twitter.com/drb_ra/status/1642628041804337153",
        "https://twitter.com/drb_ra/status/1642628599596437505",
        "https://twitter.com/drb_ra/status/1642628943617327106",
        "https://twitter.com/drb_ra/status/1642629210677166081"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 7,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "CyberHunterAutoFeed",
        "id": "182496",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 48
      },
      "indicator_count": 48,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 1600,
      "modified_text": "1082 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "64028d8f6f65ffd9b9564d73",
      "name": "Twitter Feed - drb_ra - 03-03-2023",
      "description": "",
      "modified": "2023-04-03T00:00:54.320000",
      "created": "2023-03-04T00:15:11.012000",
      "tags": [
        "CobaltStrike"
      ],
      "references": [
        "https://twitter.com/drb_ra/status/1631485485540319232",
        "https://twitter.com/drb_ra/status/1631490052394975232",
        "https://twitter.com/drb_ra/status/1631491397177208832",
        "https://twitter.com/drb_ra/status/1631505726064545792",
        "https://twitter.com/drb_ra/status/1631519361344106496",
        "https://twitter.com/drb_ra/status/1631519464641445888",
        "https://twitter.com/drb_ra/status/1631519503166189568",
        "https://twitter.com/drb_ra/status/1631519652424609792",
        "https://twitter.com/drb_ra/status/1631519870973083649",
        "https://twitter.com/drb_ra/status/1631519938912329728",
        "https://twitter.com/drb_ra/status/1631519999016812545",
        "https://twitter.com/drb_ra/status/1631520030771781632",
        "https://twitter.com/drb_ra/status/1631520066381529090",
        "https://twitter.com/drb_ra/status/1631520135226744832",
        "https://twitter.com/drb_ra/status/1631520180927967233",
        "https://twitter.com/drb_ra/status/1631520308069908481",
        "https://twitter.com/drb_ra/status/1631520469072355331",
        "https://twitter.com/drb_ra/status/1631520550047694849",
        "https://twitter.com/drb_ra/status/1631624397491404801",
        "https://twitter.com/drb_ra/status/1631628029095968769",
        "https://twitter.com/drb_ra/status/1631629011167084545",
        "https://twitter.com/drb_ra/status/1631629312339202050",
        "https://twitter.com/drb_ra/status/1631629894319849473",
        "https://twitter.com/drb_ra/status/1631631329778434048",
        "https://twitter.com/drb_ra/status/1631631892930781184",
        "https://twitter.com/drb_ra/status/1631632341536735232",
        "https://twitter.com/drb_ra/status/1631633081558859779",
        "https://twitter.com/drb_ra/status/1631652146176495620",
        "https://twitter.com/drb_ra/status/1631741252210229250",
        "https://twitter.com/drb_ra/status/1631741291166924827",
        "https://twitter.com/drb_ra/status/1631741332522770433",
        "https://twitter.com/drb_ra/status/1631741432468733953",
        "https://twitter.com/drb_ra/status/1631741447882899456",
        "https://twitter.com/drb_ra/status/1631741580204802060",
        "https://twitter.com/drb_ra/status/1631741616334536705",
        "https://twitter.com/drb_ra/status/1631741635099762689",
        "https://twitter.com/drb_ra/status/1631741718608347136",
        "https://twitter.com/drb_ra/status/1631741738313285634",
        "https://twitter.com/drb_ra/status/1631741826980773889",
        "https://twitter.com/drb_ra/status/1631741929821020161",
        "https://twitter.com/drb_ra/status/1631742011794489358",
        "https://twitter.com/drb_ra/status/1631742033168662541",
        "https://twitter.com/drb_ra/status/1631782638443716608"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 7,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "CyberHunterAutoFeed",
        "id": "182496",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 41
      },
      "indicator_count": 41,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 1600,
      "modified_text": "1112 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "63f6af72b5a7a14e86986f84",
      "name": "Twitter Feed - drb_ra - 22-02-2023",
      "description": "",
      "modified": "2023-03-25T00:02:33.269000",
      "created": "2023-02-23T00:12:34.642000",
      "tags": [
        "CobaltStrike"
      ],
      "references": [
        "https://twitter.com/drb_ra/status/1628218029866725378",
        "https://twitter.com/drb_ra/status/1628218182010822658",
        "https://twitter.com/drb_ra/status/1628218622333136897",
        "https://twitter.com/drb_ra/status/1628218667665072128",
        "https://twitter.com/drb_ra/status/1628218696186429443",
        "https://twitter.com/drb_ra/status/1628218819914104833",
        "https://twitter.com/drb_ra/status/1628218889539620864",
        "https://twitter.com/drb_ra/status/1628221537848262657",
        "https://twitter.com/drb_ra/status/1628358951631745026",
        "https://twitter.com/drb_ra/status/1628370471606517762",
        "https://twitter.com/drb_ra/status/1628372262632972291",
        "https://twitter.com/drb_ra/status/1628372639227027457",
        "https://twitter.com/drb_ra/status/1628373055134203905",
        "https://twitter.com/drb_ra/status/1628377035654459392",
        "https://twitter.com/drb_ra/status/1628378887062265857",
        "https://twitter.com/drb_ra/status/1628379172375523328",
        "https://twitter.com/drb_ra/status/1628379173134761986",
        "https://twitter.com/drb_ra/status/1628415827019022337",
        "https://twitter.com/drb_ra/status/1628416522119938056",
        "https://twitter.com/drb_ra/status/1628459662327554048",
        "https://twitter.com/drb_ra/status/1628459697991827457",
        "https://twitter.com/drb_ra/status/1628459937465528321",
        "https://twitter.com/drb_ra/status/1628460051173199875",
        "https://twitter.com/drb_ra/status/1628460086761848832",
        "https://twitter.com/drb_ra/status/1628460150917935105",
        "https://twitter.com/drb_ra/status/1628460216957140992",
        "https://twitter.com/drb_ra/status/1628460252424200192",
        "https://twitter.com/drb_ra/status/1628460276797276164",
        "https://twitter.com/drb_ra/status/1628521305317277696",
        "https://twitter.com/drb_ra/status/1628522133977538563",
        "https://twitter.com/drb_ra/status/1628523759576514563",
        "https://twitter.com/drb_ra/status/1628524671371997191",
        "https://twitter.com/drb_ra/status/1628527149048033280",
        "https://twitter.com/drb_ra/status/1628528657676353539",
        "https://twitter.com/drb_ra/status/1628531532913684481",
        "https://twitter.com/drb_ra/status/1628532129394003970",
        "https://twitter.com/drb_ra/status/1628532822335188992"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 9,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "CyberHunterAutoFeed",
        "id": "182496",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 40
      },
      "indicator_count": 40,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 1600,
      "modified_text": "1121 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://winlog02.micnosoftupdates.com/css/jquery.min.js",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://winlog02.micnosoftupdates.com/css/jquery.min.js",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1776628880.498176
}