{ "type": "URL", "indicator": "https://www.directferries.com/iceland.htm", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.directferries.com/iceland.htm", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2853581600, "indicator": "https://www.directferries.com/iceland.htm", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "665ec0cfd110b0694c51fbe2", "name": "Eset - Dorkbot", "description": "Dorkbot a self-propagating program that can spread itself from one computer to another threatening to perform numerous f actions of a malicious hacker's choice on PC. Found on an updated windows machine. Hacker named machine, installed apple viewing software programs, partitioned 'zombie' machine. Network of compromised, sketchy remote transfer agents of a professional in the service industry. Serious impact on or companies impact on remote workers contracted by company in question due to the abrupt cessation of business of a recognized brand it's industry. Unfortunately, the documentation of this Eset programs behavior has been misplaced. From recall. this install identified and allowed threats, d. It was a weird see with the names eye experience. Incoming request/ Remote operators, disallowed many transactions and other basic use of software. Workers potentially working a database from individuals whose PII & PHI was leaked.", "modified": "2024-07-04T06:01:28.799000", "created": "2024-06-04T07:22:55.572000", "tags": [ "historical ssl", "referrer", "algorithm", "v3 serial", "number", "cus cnamazon", "validity", "subject public", "key info", "key algorithm", "key identifier", "subject key", "first", "server", "registrar abuse", "date", "csl computer", "gmbh dba", "contact phone", "domain status", "registrar url", "registrar whois", "contact email", "code", "united", "unknown", "aaaa", "as14061", "cname", "search", "emails", "dnssec", "showing", "win32", "title error", "passive dns", "open ports", "trojan", "body doctype", "html public", "w3cdtd html", "body", "dns replication", "domain", "lookups", "email", "name server", "slovensko", "tech contact", "valid", "admin contact", "a domains", "a li", "span h3", "header link", "option option", "united kingdom", "test", "april", "meta", "paris", "eset", "yara detections", "nod32", "amon", "internalname", "online payment", "scan endpoints", "all scoreblue", "filehash", "pulse pulses", "amz cf", "creation date", "record value", "expiration date", "name servers", "servers", "status", "next", "asnone united", "moved", "certificate", "ipv4", "urls", "files", "av detections", "ids detections", "alerts", "analysis date", "cf2a", "xaax04x00", "high", "dns reply", "noip domain", "et trojan", "createsuspended", "malware traffic", "dorkbot", "malware", "copy", "name verdict", "falcon sandbox", "windows nt", "appdata", "png image", "pattern match", "indicator", "ascii text", "rgba", "get collect", "vj98", "hybrid", "general", "local", "click", "strings", "path", "ms windows", "pe32", "intel", "microsoft asf", "pe32 executable", "database", "english", "installer", "template", "tue jun", "service", "crlf line", "url https", "http", "ip address", "related nids", "files location", "tip" ], "references": [ "bpp.eset.com", "IDS Detections: Win32/IRCBrute/Floder.ej/TKcik.A Checkin Dorkbot GeoIP Lookup to wipmania DNS Reply Sinkhole Microsoft NO-IP", "IDS Detections: Domain Win32/IRCBrute/Floder.ej/TKcik.A Pass Checkin External IP Lookup Attempt To Wipmania Suspicious Mozilla User-Agent - Likely Fake", "High Priority Alerts: nids_malware_alert injection_runpe network_icmp dumped_buffer2 network_irc nolookup_communication", "High Priority Alerts: allocates_execute_remote_process persistence_autorun injection_createremotethread injection_modifies_memory", "High Priority Alerts: injection_write_memory injection_write_memory_exe modifies_proxy_wpad injection_ntsetcontextthread injection_resumethread dumped_buffer network_http nids_alert suspicious_tld allocates_rwx .", "IP\u2019s Contacted: 172.217.14.226 172.217.14.234 162.217.99.134 204.95.99.243 212.83.168.196 216.58.193.67 216.58.217.42 99.86.38.99", "Domains Contacted: n.jntbxduhz.ru n.yqqufklho.ru n.lotys.ru api.wipmania.com n.vbemnggcj.ru n.hmiblgoja.ru dns.msftncsi.com n.ezjhyxxbf.ru", "https://otx.alienvault.com/indicator/file/8ad6f89c763315bf59bc3619139f8478f6bcc57d902123c8b5c413f251ff8778", "Alerts: dead_host network_icmp nolookup_communication packer_polymorphic origin_langid peid_packer", "https://healthinsurancecompanion.com/affordable-health-insurance?Landing_Page=https://healthinsurancecompanion.com/affordable-health-insurance&SRC=iDr_E", "appleremotesupport.com | http://thickapple.net/index.php", "https://normalexchange.com/v/155e44b6-11dc-11e8-9dff-01407350b0f6/c/1e289258-e09c-11e5-bea8-021988c520a1/?clickid=9023100005531544085-201802-3", "https://asserts.turbovpn.co/web/images/download/icons/apple-icon.png", "https://appleid-verify.servecounterstrike.com/", "http://schoolgirl.uxxxporn.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win32:GenMalicious-KAG\\ [Trj]", "display_name": "Win32:GenMalicious-KAG\\ [Trj]", "target": null }, { "id": ", Win.Trojan.Agent-1286703", "display_name": ", Win.Trojan.Agent-1286703", "target": null }, { "id": "Trojan:Win32/DorkBot.DU", "display_name": "Trojan:Win32/DorkBot.DU", "target": "/malware/Trojan:Win32/DorkBot.DU" }, { "id": "Win32:Malware-gen", "display_name": "Win32:Malware-gen", "target": null }, { "id": "Win.Trojan.Cosmu-1058", "display_name": "Win.Trojan.Cosmu-1058", "target": null }, { "id": "Trojan:Win32/Zombie.A", "display_name": "Trojan:Win32/Zombie.A", "target": "/malware/Trojan:Win32/Zombie.A" } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [ "Finance", "Healthcare", "Telecommunications", "Technology" ], "TLP": "green", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 758, "FileHash-SHA1": 478, "FileHash-SHA256": 2561, "URL": 8210, "domain": 2202, "hostname": 2760, "email": 22, "CVE": 3 }, "indicator_count": 16994, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "655 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65551682899b039e02b8dc8a", "name": "Apple | iOS | Automated Attacks | Resource Hijacking | Google Tracker", "description": "Boot or Logon Autostart Execution\nCommand and Scripting Interpreter\nAutomated Collection\nWebToolbar \nAmazon rsa\nAmazon02\nAmazon S3\nPrivilege Abuse\nRetaliation", "modified": "2023-12-15T18:02:25.356000", "created": "2023-11-15T19:05:38.437000", "tags": [ "strong", "saal digital", "photo portal", "daten", "support", "saal", "bersicht", "informationen", "profis", "rabatte fr", "service", "heur", "malware", "cisco umbrella", "adware", "safe site", "malware site", "malicious site", "phishing site", "alexa top", "million", "tiggre", "presenoker", "agent", "opencandy", "conduit", "unsafe", "wacatac", "artemis", "phishing", "iframe", "installpack", "xrat", "fusioncore", "riskware", "acint", "nircmd", "swrort", "downldr", "systweak", "behav", "crack", "genkryptik", "exploit", "filetour", "cleaner", "webtoolbar", "trojanspy", "get fdm", "ms windows", "pe32", "intel", "search", "show", "united", "entries", "systemdrive", "program files", "installer", "write", "delphi", "next", "june", "win32", "copy", "pixel", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "variables", "langpage string", "lang", "saalgroup", "creoletohtml", "chat", "reverse dns", "resource", "general full", "asn16509", "amazon02", "url https", "security tls", "protocol h2", "hash", "get h2", "main", "request chain", "http", "de redirected", "http redirect", "site", "malicious url", "blacklist https", "domain", "screenshot", "windows nt", "win64", "khtml", "gecko", "amazons3", "aes128gcm", "amazon rsa", "aes256", "date", "name verdict", "pattern match", "root ca", "script", "done adding", "catalog file", "file", "indicator", "authority", "class", "mitre att", "meta", "unknown", "error", "hybrid", "accept", "general", "local", "click", "strings", "generator", "critical", "refresh", "tools", "null", "body", "create c", "html document", "xport", "noname057", "generic malware", "generic", "dapato", "alexa", "installcore", "downloader", "dropper", "outbreak", "iobit", "mediaget", "azorult", "runescape", "facebook", "bank", "download", "live", "rms", "maltiverse", "cyber threat", "engineering", "services", "malicious host", "malicious", "team", "zeus", "nymaim", "zbot", "simda", "asyncrat", "cobalt strike", "ransomware", "matsnu", "cutwail", "citadel", "pykspa", "raccoon", "kronos", "ramnit", "redline stealer", "apple", "apple", "html info", "title saal", "meta tags", "trackers google", "tag manager", "gtm5wjlq2", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "self", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "hostname", "anonymizer", "firehol", "mail spammer", "team proxy", "kraken", "suppobox", "tofsee", "vawtrak", "hotmail", "netsky", "stealer", "blacknet rat", "remcos", "miner", "hacktool", "trojan", "detplock", "team phishing", "a nxdomain", "passive dns", "scan endpoints", "all octoseek", "pulse pulses", "urls", "files", "ip address", "all search", "otx octoseek", "files ip", "contacted", "whois record", "ssl certificate", "pe resource", "bundled", "attack", "parent", "historical ssl", "collections", "communicating", "emotet", "execution", "markmonitor inc", "vhash", "authentihash", "imphash", "ssdeep", "win32 exe", "magic pe32", "trid win32", "archive", "valid", "serial number", "valid from", "valid usage", "code signing", "status status", "valid issuer", "assured id", "issuer issuer", "symantec sha256", "sections", "file type", "trid generic", "cil executable", "contained", "details module", "version id", "typelib id", "header target", "machine intel", "utc entry", "point", "sections name", "streams size", "entropy chi2", "guid", "blob", "namecheap", "ip detections", "country", "resolutions", "referrer", "whois whois", "threat roundup", "parent domain", "CVE-2023-22518", "CVE-2017-0143", "CVE-2017-0147", "CVE-2020-0601", "CVE-2017-8570", "CVE-2018-4893", "CVE-2017-11882", "CVE-2017-0199", "CVE-2014-3153", "W32.AIDetectNet.01", "trojan.adload/ursu", "targeting tsara brashears", "cybercrime", "privilege escalation", "defacement", "privilege abuse", "soc", "red team", "social engineering", "retaliation", "assault victim", "obsession" ], "references": [ "https://hybrid-analysis.com/sample/9e8ce8607b7f32f6f66c8126851a55818ff775ee060d2c448679e5eb1e22ba2a", "https://www.saal-digital.de/ordercockpit/?email=christ.robert@gmx.de&ordernumber=802109030129517", "\u2193 Interesting \u2193", "owa.telegrafix.com", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (Phishing)", "christ.robert@gmx.de", "https://simtk.org/projects/sv_tests (Tsara Brashears project?)", "https://itunes.apple.com/de/app/saal-design-app/id1481631197?mt=8", "https://play.google.com/store/apps/details?id=com.saaldigital.designerapp.de&hl=de", "BEELab_web_1.0.2-prerelease.exe", "AfraidZad.exe", "https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic", "greycroftpartners.com", "http://videotubeplayer.com/?groupds=1&clientId=201&productId=1407&tracking=w5JJ46MKQI493DMO1NDNTQ6K&publisher_id=", "trkpls3.com", "eg-monitoring.com", "http://m.pornsexer.xxx.3.1.adiosfil.roksit.net/", "https://twitter.com/PORNO_SEXYBABES" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Netherlands", "Italy", "Singapore", "France", "Germany", "Korea, Republic of" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "RMS", "display_name": "RMS", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 82, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 841, "FileHash-SHA1": 467, "FileHash-SHA256": 6370, "CVE": 9, "domain": 2160, "hostname": 3074, "email": 1, "URL": 6550, "SSLCertFingerprint": 1, "CIDR": 3 }, "indicator_count": 19476, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "857 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655516871038cbad9eae2bb7", "name": "Apple | iOS | Automated Attacks | Resource Hijacking | Google Tracker", "description": "Boot or Logon Autostart Execution\nCommand and Scripting Interpreter\nAutomated Collection\nWebToolbar \nAmazon rsa\nAmazon02\nAmazon S3\nPrivilege Abuse\nRetaliation", "modified": "2023-12-15T18:02:25.356000", "created": "2023-11-15T19:05:43.285000", "tags": [ "strong", "saal digital", "photo portal", "daten", "support", "saal", "bersicht", "informationen", "profis", "rabatte fr", "service", "heur", "malware", "cisco umbrella", "adware", "safe site", "malware site", "malicious site", "phishing site", "alexa top", "million", "tiggre", "presenoker", "agent", "opencandy", "conduit", "unsafe", "wacatac", "artemis", "phishing", "iframe", "installpack", "xrat", "fusioncore", "riskware", "acint", "nircmd", "swrort", "downldr", "systweak", "behav", "crack", "genkryptik", "exploit", "filetour", "cleaner", "webtoolbar", "trojanspy", "get fdm", "ms windows", "pe32", "intel", "search", "show", "united", "entries", "systemdrive", "program files", "installer", "write", "delphi", "next", "june", "win32", "copy", "pixel", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "variables", "langpage string", "lang", "saalgroup", "creoletohtml", "chat", "reverse dns", "resource", "general full", "asn16509", "amazon02", "url https", "security tls", "protocol h2", "hash", "get h2", "main", "request chain", "http", "de redirected", "http redirect", "site", "malicious url", "blacklist https", "domain", "screenshot", "windows nt", "win64", "khtml", "gecko", "amazons3", "aes128gcm", "amazon rsa", "aes256", "date", "name verdict", "pattern match", "root ca", "script", "done adding", "catalog file", "file", "indicator", "authority", "class", "mitre att", "meta", "unknown", "error", "hybrid", "accept", "general", "local", "click", "strings", "generator", "critical", "refresh", "tools", "null", "body", "create c", "html document", "xport", "noname057", "generic malware", "generic", "dapato", "alexa", "installcore", "downloader", "dropper", "outbreak", "iobit", "mediaget", "azorult", "runescape", "facebook", "bank", "download", "live", "rms", "maltiverse", "cyber threat", "engineering", "services", "malicious host", "malicious", "team", "zeus", "nymaim", "zbot", "simda", "asyncrat", "cobalt strike", "ransomware", "matsnu", "cutwail", "citadel", "pykspa", "raccoon", "kronos", "ramnit", "redline stealer", "apple", "apple", "html info", "title saal", "meta tags", "trackers google", "tag manager", "gtm5wjlq2", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "self", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "hostname", "anonymizer", "firehol", "mail spammer", "team proxy", "kraken", "suppobox", "tofsee", "vawtrak", "hotmail", "netsky", "stealer", "blacknet rat", "remcos", "miner", "hacktool", "trojan", "detplock", "team phishing", "a nxdomain", "passive dns", "scan endpoints", "all octoseek", "pulse pulses", "urls", "files", "ip address", "all search", "otx octoseek", "files ip", "contacted", "whois record", "ssl certificate", "pe resource", "bundled", "attack", "parent", "historical ssl", "collections", "communicating", "emotet", "execution", "markmonitor inc", "vhash", "authentihash", "imphash", "ssdeep", "win32 exe", "magic pe32", "trid win32", "archive", "valid", "serial number", "valid from", "valid usage", "code signing", "status status", "valid issuer", "assured id", "issuer issuer", "symantec sha256", "sections", "file type", "trid generic", "cil executable", "contained", "details module", "version id", "typelib id", "header target", "machine intel", "utc entry", "point", "sections name", "streams size", "entropy chi2", "guid", "blob", "namecheap", "ip detections", "country", "resolutions", "referrer", "whois whois", "threat roundup", "parent domain", "CVE-2023-22518", "CVE-2017-0143", "CVE-2017-0147", "CVE-2020-0601", "CVE-2017-8570", "CVE-2018-4893", "CVE-2017-11882", "CVE-2017-0199", "CVE-2014-3153", "W32.AIDetectNet.01", "trojan.adload/ursu", "targeting tsara brashears", "cybercrime", "privilege escalation", "defacement", "privilege abuse", "soc", "red team", "social engineering", "retaliation", "assault victim", "obsession" ], "references": [ "https://hybrid-analysis.com/sample/9e8ce8607b7f32f6f66c8126851a55818ff775ee060d2c448679e5eb1e22ba2a", "https://www.saal-digital.de/ordercockpit/?email=christ.robert@gmx.de&ordernumber=802109030129517", "\u2193 Interesting \u2193", "owa.telegrafix.com", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (Phishing)", "christ.robert@gmx.de", "https://simtk.org/projects/sv_tests (Tsara Brashears project?)", "https://itunes.apple.com/de/app/saal-design-app/id1481631197?mt=8", "https://play.google.com/store/apps/details?id=com.saaldigital.designerapp.de&hl=de", "BEELab_web_1.0.2-prerelease.exe", "AfraidZad.exe", "https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic", "greycroftpartners.com", "http://videotubeplayer.com/?groupds=1&clientId=201&productId=1407&tracking=w5JJ46MKQI493DMO1NDNTQ6K&publisher_id=", "trkpls3.com", "eg-monitoring.com", "http://m.pornsexer.xxx.3.1.adiosfil.roksit.net/", "https://twitter.com/PORNO_SEXYBABES" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Netherlands", "Italy", "Singapore", "France", "Germany", "Korea, Republic of" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "RMS", "display_name": "RMS", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 83, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 841, "FileHash-SHA1": 467, "FileHash-SHA256": 6370, "CVE": 9, "domain": 2160, "hostname": 3074, "email": 1, "URL": 6550, "SSLCertFingerprint": 1, "CIDR": 3 }, "indicator_count": 19476, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "857 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570800373899fd03e2e49db", "name": "Democrats.org", "description": "", "modified": "2023-12-06T14:06:59.250000", "created": "2023-12-06T14:06:59.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3114, "domain": 3501, "hostname": 3860, "URL": 17938, "FileHash-MD5": 2, "FileHash-SHA1": 10 }, "indicator_count": 28425, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f519ef27fa72eb62598", "name": "CambridgeAnalytica.org", "description": "", "modified": "2023-12-06T14:04:01.301000", "created": "2023-12-06T14:04:01.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 335, "URL": 13379, "hostname": 2501, "domain": 1501, "FileHash-SHA1": 15 }, "indicator_count": 17731, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707ed1b2c24f71d408f58a", "name": "lvc.org", "description": "", "modified": "2023-12-06T14:01:52.611000", "created": "2023-12-06T14:01:52.611000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "hostname": 3051, "FileHash-SHA256": 524, "URL": 14286, "domain": 1501, "email": 3, "FileHash-SHA1": 12 }, "indicator_count": 19379, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6220c81aaf6fddde0116569a", "name": "Democrats.org", "description": "", "modified": "2022-04-02T00:04:50.405000", "created": "2022-03-03T13:52:26.328000", "tags": [ "date", "dns replication" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 17938, "hostname": 3860, "domain": 3501, "FileHash-SHA256": 3114, "FileHash-MD5": 2, "FileHash-SHA1": 10 }, "indicator_count": 28425, "is_author": false, "is_subscribing": null, "subscriber_count": 408, "modified_text": "1479 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621927dd57ee9ed86aeb9cb4", "name": "CambridgeAnalytica.org", "description": "", "modified": "2022-03-27T00:00:39.057000", "created": "2022-02-25T19:02:53.023000", "tags": [ "win32 exe", "scott hanselman", "win32 dll", "llc creation", "date", "passive dns", "subdomains", "detections type", "name", "rich text", "format", "music", "first" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 13379, "hostname": 2501, "domain": 1501, "FileHash-SHA256": 335, "FileHash-SHA1": 15 }, "indicator_count": 17731, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6213ffb8b8b4c14bf3c0420f", "name": "lvc.org", "description": "", "modified": "2022-03-23T00:02:04.887000", "created": "2022-02-21T21:10:16.849000", "tags": [ "algorithm", "key identifier", "x509v3 subject", "solutions", "llc creation", "date", "categories", "ranks rank", "value ingestion", "time majestic", "umbrella", "masking enabled", "win32 exe", "server", "email", "registrar abuse", "practice", "gre premium", "code", "registrar url", "score" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14286, "hostname": 3051, "domain": 1501, "FileHash-SHA256": 524, "CVE": 2, "email": 3, "FileHash-SHA1": 12 }, "indicator_count": 19379, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1489 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://healthinsurancecompanion.com/affordable-health-insurance?Landing_Page=https://healthinsurancecompanion.com/affordable-health-insurance&SRC=iDr_E", "trkpls3.com", "High Priority Alerts: nids_malware_alert injection_runpe network_icmp dumped_buffer2 network_irc nolookup_communication", "greycroftpartners.com", "https://simtk.org/projects/sv_tests (Tsara Brashears project?)", "https://play.google.com/store/apps/details?id=com.saaldigital.designerapp.de&hl=de", "High Priority Alerts: injection_write_memory injection_write_memory_exe modifies_proxy_wpad injection_ntsetcontextthread injection_resumethread dumped_buffer network_http nids_alert suspicious_tld allocates_rwx .", "https://hybrid-analysis.com/sample/9e8ce8607b7f32f6f66c8126851a55818ff775ee060d2c448679e5eb1e22ba2a", "eg-monitoring.com", "AfraidZad.exe", "http://m.pornsexer.xxx.3.1.adiosfil.roksit.net/", "Alerts: dead_host network_icmp nolookup_communication packer_polymorphic origin_langid peid_packer", "https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic", "IDS Detections: Domain Win32/IRCBrute/Floder.ej/TKcik.A Pass Checkin External IP Lookup Attempt To Wipmania Suspicious Mozilla User-Agent - Likely Fake", "https://appleid-verify.servecounterstrike.com/", "BEELab_web_1.0.2-prerelease.exe", "https://www.saal-digital.de/ordercockpit/?email=christ.robert@gmx.de&ordernumber=802109030129517", "IDS Detections: Win32/IRCBrute/Floder.ej/TKcik.A Checkin Dorkbot GeoIP Lookup to wipmania DNS Reply Sinkhole Microsoft NO-IP", "http://videotubeplayer.com/?groupds=1&clientId=201&productId=1407&tracking=w5JJ46MKQI493DMO1NDNTQ6K&publisher_id=", "bpp.eset.com", "https://asserts.turbovpn.co/web/images/download/icons/apple-icon.png", "IP\u2019s Contacted: 172.217.14.226 172.217.14.234 162.217.99.134 204.95.99.243 212.83.168.196 216.58.193.67 216.58.217.42 99.86.38.99", "Domains Contacted: n.jntbxduhz.ru n.yqqufklho.ru n.lotys.ru api.wipmania.com n.vbemnggcj.ru n.hmiblgoja.ru dns.msftncsi.com n.ezjhyxxbf.ru", "\u2193 Interesting \u2193", "https://itunes.apple.com/de/app/saal-design-app/id1481631197?mt=8", "owa.telegrafix.com", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (Phishing)", "https://twitter.com/PORNO_SEXYBABES", "High Priority Alerts: allocates_execute_remote_process persistence_autorun injection_createremotethread injection_modifies_memory", "appleremotesupport.com | http://thickapple.net/index.php", "http://schoolgirl.uxxxporn.com", "christ.robert@gmx.de", "https://otx.alienvault.com/indicator/file/8ad6f89c763315bf59bc3619139f8478f6bcc57d902123c8b5c413f251ff8778", "https://normalexchange.com/v/155e44b6-11dc-11e8-9dff-01407350b0f6/c/1e289258-e09c-11e5-bea8-021988c520a1/?clickid=9023100005531544085-201802-3" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Maltiverse", ", win.trojan.agent-1286703", "Trojan:win32/dorkbot.du", "Rms", "Win32:malware-gen", "Win32:genmalicious-kag\\ [trj]", "Win.trojan.cosmu-1058", "Trojan:win32/zombie.a", "Webtoolbar", "Trojanspy", "Generic" ], "industries": [ "Healthcare", "Telecommunications", "Finance", "Technology" ], "unique_indicators": 93190 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/directferries.com", "whois": "http://whois.domaintools.com/directferries.com", "domain": "directferries.com", "hostname": "www.directferries.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "665ec0cfd110b0694c51fbe2", "name": "Eset - Dorkbot", "description": "Dorkbot a self-propagating program that can spread itself from one computer to another threatening to perform numerous f actions of a malicious hacker's choice on PC. Found on an updated windows machine. Hacker named machine, installed apple viewing software programs, partitioned 'zombie' machine. Network of compromised, sketchy remote transfer agents of a professional in the service industry. Serious impact on or companies impact on remote workers contracted by company in question due to the abrupt cessation of business of a recognized brand it's industry. Unfortunately, the documentation of this Eset programs behavior has been misplaced. From recall. this install identified and allowed threats, d. It was a weird see with the names eye experience. Incoming request/ Remote operators, disallowed many transactions and other basic use of software. Workers potentially working a database from individuals whose PII & PHI was leaked.", "modified": "2024-07-04T06:01:28.799000", "created": "2024-06-04T07:22:55.572000", "tags": [ "historical ssl", "referrer", "algorithm", "v3 serial", "number", "cus cnamazon", "validity", "subject public", "key info", "key algorithm", "key identifier", "subject key", "first", "server", "registrar abuse", "date", "csl computer", "gmbh dba", "contact phone", "domain status", "registrar url", "registrar whois", "contact email", "code", "united", "unknown", "aaaa", "as14061", "cname", "search", "emails", "dnssec", "showing", "win32", "title error", "passive dns", "open ports", "trojan", "body doctype", "html public", "w3cdtd html", "body", "dns replication", "domain", "lookups", "email", "name server", "slovensko", "tech contact", "valid", "admin contact", "a domains", "a li", "span h3", "header link", "option option", "united kingdom", "test", "april", "meta", "paris", "eset", "yara detections", "nod32", "amon", "internalname", "online payment", "scan endpoints", "all scoreblue", "filehash", "pulse pulses", "amz cf", "creation date", "record value", "expiration date", "name servers", "servers", "status", "next", "asnone united", "moved", "certificate", "ipv4", "urls", "files", "av detections", "ids detections", "alerts", "analysis date", "cf2a", "xaax04x00", "high", "dns reply", "noip domain", "et trojan", "createsuspended", "malware traffic", "dorkbot", "malware", "copy", "name verdict", "falcon sandbox", "windows nt", "appdata", "png image", "pattern match", "indicator", "ascii text", "rgba", "get collect", "vj98", "hybrid", "general", "local", "click", "strings", "path", "ms windows", "pe32", "intel", "microsoft asf", "pe32 executable", "database", "english", "installer", "template", "tue jun", "service", "crlf line", "url https", "http", "ip address", "related nids", "files location", "tip" ], "references": [ "bpp.eset.com", "IDS Detections: Win32/IRCBrute/Floder.ej/TKcik.A Checkin Dorkbot GeoIP Lookup to wipmania DNS Reply Sinkhole Microsoft NO-IP", "IDS Detections: Domain Win32/IRCBrute/Floder.ej/TKcik.A Pass Checkin External IP Lookup Attempt To Wipmania Suspicious Mozilla User-Agent - Likely Fake", "High Priority Alerts: nids_malware_alert injection_runpe network_icmp dumped_buffer2 network_irc nolookup_communication", "High Priority Alerts: allocates_execute_remote_process persistence_autorun injection_createremotethread injection_modifies_memory", "High Priority Alerts: injection_write_memory injection_write_memory_exe modifies_proxy_wpad injection_ntsetcontextthread injection_resumethread dumped_buffer network_http nids_alert suspicious_tld allocates_rwx .", "IP\u2019s Contacted: 172.217.14.226 172.217.14.234 162.217.99.134 204.95.99.243 212.83.168.196 216.58.193.67 216.58.217.42 99.86.38.99", "Domains Contacted: n.jntbxduhz.ru n.yqqufklho.ru n.lotys.ru api.wipmania.com n.vbemnggcj.ru n.hmiblgoja.ru dns.msftncsi.com n.ezjhyxxbf.ru", "https://otx.alienvault.com/indicator/file/8ad6f89c763315bf59bc3619139f8478f6bcc57d902123c8b5c413f251ff8778", "Alerts: dead_host network_icmp nolookup_communication packer_polymorphic origin_langid peid_packer", "https://healthinsurancecompanion.com/affordable-health-insurance?Landing_Page=https://healthinsurancecompanion.com/affordable-health-insurance&SRC=iDr_E", "appleremotesupport.com | http://thickapple.net/index.php", "https://normalexchange.com/v/155e44b6-11dc-11e8-9dff-01407350b0f6/c/1e289258-e09c-11e5-bea8-021988c520a1/?clickid=9023100005531544085-201802-3", "https://asserts.turbovpn.co/web/images/download/icons/apple-icon.png", "https://appleid-verify.servecounterstrike.com/", "http://schoolgirl.uxxxporn.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win32:GenMalicious-KAG\\ [Trj]", "display_name": "Win32:GenMalicious-KAG\\ [Trj]", "target": null }, { "id": ", Win.Trojan.Agent-1286703", "display_name": ", Win.Trojan.Agent-1286703", "target": null }, { "id": "Trojan:Win32/DorkBot.DU", "display_name": "Trojan:Win32/DorkBot.DU", "target": "/malware/Trojan:Win32/DorkBot.DU" }, { "id": "Win32:Malware-gen", "display_name": "Win32:Malware-gen", "target": null }, { "id": "Win.Trojan.Cosmu-1058", "display_name": "Win.Trojan.Cosmu-1058", "target": null }, { "id": "Trojan:Win32/Zombie.A", "display_name": "Trojan:Win32/Zombie.A", "target": "/malware/Trojan:Win32/Zombie.A" } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [ "Finance", "Healthcare", "Telecommunications", "Technology" ], "TLP": "green", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 758, "FileHash-SHA1": 478, "FileHash-SHA256": 2561, "URL": 8210, "domain": 2202, "hostname": 2760, "email": 22, "CVE": 3 }, "indicator_count": 16994, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "655 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65551682899b039e02b8dc8a", "name": "Apple | iOS | Automated Attacks | Resource Hijacking | Google Tracker", "description": "Boot or Logon Autostart Execution\nCommand and Scripting Interpreter\nAutomated Collection\nWebToolbar \nAmazon rsa\nAmazon02\nAmazon S3\nPrivilege Abuse\nRetaliation", "modified": "2023-12-15T18:02:25.356000", "created": "2023-11-15T19:05:38.437000", "tags": [ "strong", "saal digital", "photo portal", "daten", "support", "saal", "bersicht", "informationen", "profis", "rabatte fr", "service", "heur", "malware", "cisco umbrella", "adware", "safe site", "malware site", "malicious site", "phishing site", "alexa top", "million", "tiggre", "presenoker", "agent", "opencandy", "conduit", "unsafe", "wacatac", "artemis", "phishing", "iframe", "installpack", "xrat", "fusioncore", "riskware", "acint", "nircmd", "swrort", "downldr", "systweak", "behav", "crack", "genkryptik", "exploit", "filetour", "cleaner", "webtoolbar", "trojanspy", "get fdm", "ms windows", "pe32", "intel", "search", "show", "united", "entries", "systemdrive", "program files", "installer", "write", "delphi", "next", "june", "win32", "copy", "pixel", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "variables", "langpage string", "lang", "saalgroup", "creoletohtml", "chat", "reverse dns", "resource", "general full", "asn16509", "amazon02", "url https", "security tls", "protocol h2", "hash", "get h2", "main", "request chain", "http", "de redirected", "http redirect", "site", "malicious url", "blacklist https", "domain", "screenshot", "windows nt", "win64", "khtml", "gecko", "amazons3", "aes128gcm", "amazon rsa", "aes256", "date", "name verdict", "pattern match", "root ca", "script", "done adding", "catalog file", "file", "indicator", "authority", "class", "mitre att", "meta", "unknown", "error", "hybrid", "accept", "general", "local", "click", "strings", "generator", "critical", "refresh", "tools", "null", "body", "create c", "html document", "xport", "noname057", "generic malware", "generic", "dapato", "alexa", "installcore", "downloader", "dropper", "outbreak", "iobit", "mediaget", "azorult", "runescape", "facebook", "bank", "download", "live", "rms", "maltiverse", "cyber threat", "engineering", "services", "malicious host", "malicious", "team", "zeus", "nymaim", "zbot", "simda", "asyncrat", "cobalt strike", "ransomware", "matsnu", "cutwail", "citadel", "pykspa", "raccoon", "kronos", "ramnit", "redline stealer", "apple", "apple", "html info", "title saal", "meta tags", "trackers google", "tag manager", "gtm5wjlq2", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "self", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "hostname", "anonymizer", "firehol", "mail spammer", "team proxy", "kraken", "suppobox", "tofsee", "vawtrak", "hotmail", "netsky", "stealer", "blacknet rat", "remcos", "miner", "hacktool", "trojan", "detplock", "team phishing", "a nxdomain", "passive dns", "scan endpoints", "all octoseek", "pulse pulses", "urls", "files", "ip address", "all search", "otx octoseek", "files ip", "contacted", "whois record", "ssl certificate", "pe resource", "bundled", "attack", "parent", "historical ssl", "collections", "communicating", "emotet", "execution", "markmonitor inc", "vhash", "authentihash", "imphash", "ssdeep", "win32 exe", "magic pe32", "trid win32", "archive", "valid", "serial number", "valid from", "valid usage", "code signing", "status status", "valid issuer", "assured id", "issuer issuer", "symantec sha256", "sections", "file type", "trid generic", "cil executable", "contained", "details module", "version id", "typelib id", "header target", "machine intel", "utc entry", "point", "sections name", "streams size", "entropy chi2", "guid", "blob", "namecheap", "ip detections", "country", "resolutions", "referrer", "whois whois", "threat roundup", "parent domain", "CVE-2023-22518", "CVE-2017-0143", "CVE-2017-0147", "CVE-2020-0601", "CVE-2017-8570", "CVE-2018-4893", "CVE-2017-11882", "CVE-2017-0199", "CVE-2014-3153", "W32.AIDetectNet.01", "trojan.adload/ursu", "targeting tsara brashears", "cybercrime", "privilege escalation", "defacement", "privilege abuse", "soc", "red team", "social engineering", "retaliation", "assault victim", "obsession" ], "references": [ "https://hybrid-analysis.com/sample/9e8ce8607b7f32f6f66c8126851a55818ff775ee060d2c448679e5eb1e22ba2a", "https://www.saal-digital.de/ordercockpit/?email=christ.robert@gmx.de&ordernumber=802109030129517", "\u2193 Interesting \u2193", "owa.telegrafix.com", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (Phishing)", "christ.robert@gmx.de", "https://simtk.org/projects/sv_tests (Tsara Brashears project?)", "https://itunes.apple.com/de/app/saal-design-app/id1481631197?mt=8", "https://play.google.com/store/apps/details?id=com.saaldigital.designerapp.de&hl=de", "BEELab_web_1.0.2-prerelease.exe", "AfraidZad.exe", "https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic", "greycroftpartners.com", "http://videotubeplayer.com/?groupds=1&clientId=201&productId=1407&tracking=w5JJ46MKQI493DMO1NDNTQ6K&publisher_id=", "trkpls3.com", "eg-monitoring.com", "http://m.pornsexer.xxx.3.1.adiosfil.roksit.net/", "https://twitter.com/PORNO_SEXYBABES" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Netherlands", "Italy", "Singapore", "France", "Germany", "Korea, Republic of" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "RMS", "display_name": "RMS", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 82, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 841, "FileHash-SHA1": 467, "FileHash-SHA256": 6370, "CVE": 9, "domain": 2160, "hostname": 3074, "email": 1, "URL": 6550, "SSLCertFingerprint": 1, "CIDR": 3 }, "indicator_count": 19476, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "857 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655516871038cbad9eae2bb7", "name": "Apple | iOS | Automated Attacks | Resource Hijacking | Google Tracker", "description": "Boot or Logon Autostart Execution\nCommand and Scripting Interpreter\nAutomated Collection\nWebToolbar \nAmazon rsa\nAmazon02\nAmazon S3\nPrivilege Abuse\nRetaliation", "modified": "2023-12-15T18:02:25.356000", "created": "2023-11-15T19:05:43.285000", "tags": [ "strong", "saal digital", "photo portal", "daten", "support", "saal", "bersicht", "informationen", "profis", "rabatte fr", "service", "heur", "malware", "cisco umbrella", "adware", "safe site", "malware site", "malicious site", "phishing site", "alexa top", "million", "tiggre", "presenoker", "agent", "opencandy", "conduit", "unsafe", "wacatac", "artemis", "phishing", "iframe", "installpack", "xrat", "fusioncore", "riskware", "acint", "nircmd", "swrort", "downldr", "systweak", "behav", "crack", "genkryptik", "exploit", "filetour", "cleaner", "webtoolbar", "trojanspy", "get fdm", "ms windows", "pe32", "intel", "search", "show", "united", "entries", "systemdrive", "program files", "installer", "write", "delphi", "next", "june", "win32", "copy", "pixel", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "variables", "langpage string", "lang", "saalgroup", "creoletohtml", "chat", "reverse dns", "resource", "general full", "asn16509", "amazon02", "url https", "security tls", "protocol h2", "hash", "get h2", "main", "request chain", "http", "de redirected", "http redirect", "site", "malicious url", "blacklist https", "domain", "screenshot", "windows nt", "win64", "khtml", "gecko", "amazons3", "aes128gcm", "amazon rsa", "aes256", "date", "name verdict", "pattern match", "root ca", "script", "done adding", "catalog file", "file", "indicator", "authority", "class", "mitre att", "meta", "unknown", "error", "hybrid", "accept", "general", "local", "click", "strings", "generator", "critical", "refresh", "tools", "null", "body", "create c", "html document", "xport", "noname057", "generic malware", "generic", "dapato", "alexa", "installcore", "downloader", "dropper", "outbreak", "iobit", "mediaget", "azorult", "runescape", "facebook", "bank", "download", "live", "rms", "maltiverse", "cyber threat", "engineering", "services", "malicious host", "malicious", "team", "zeus", "nymaim", "zbot", "simda", "asyncrat", "cobalt strike", "ransomware", "matsnu", "cutwail", "citadel", "pykspa", "raccoon", "kronos", "ramnit", "redline stealer", "apple", "apple", "html info", "title saal", "meta tags", "trackers google", "tag manager", "gtm5wjlq2", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "self", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "hostname", "anonymizer", "firehol", "mail spammer", "team proxy", "kraken", "suppobox", "tofsee", "vawtrak", "hotmail", "netsky", "stealer", "blacknet rat", "remcos", "miner", "hacktool", "trojan", "detplock", "team phishing", "a nxdomain", "passive dns", "scan endpoints", "all octoseek", "pulse pulses", "urls", "files", "ip address", "all search", "otx octoseek", "files ip", "contacted", "whois record", "ssl certificate", "pe resource", "bundled", "attack", "parent", "historical ssl", "collections", "communicating", "emotet", "execution", "markmonitor inc", "vhash", "authentihash", "imphash", "ssdeep", "win32 exe", "magic pe32", "trid win32", "archive", "valid", "serial number", "valid from", "valid usage", "code signing", "status status", "valid issuer", "assured id", "issuer issuer", "symantec sha256", "sections", "file type", "trid generic", "cil executable", "contained", "details module", "version id", "typelib id", "header target", "machine intel", "utc entry", "point", "sections name", "streams size", "entropy chi2", "guid", "blob", "namecheap", "ip detections", "country", "resolutions", "referrer", "whois whois", "threat roundup", "parent domain", "CVE-2023-22518", "CVE-2017-0143", "CVE-2017-0147", "CVE-2020-0601", "CVE-2017-8570", "CVE-2018-4893", "CVE-2017-11882", "CVE-2017-0199", "CVE-2014-3153", "W32.AIDetectNet.01", "trojan.adload/ursu", "targeting tsara brashears", "cybercrime", "privilege escalation", "defacement", "privilege abuse", "soc", "red team", "social engineering", "retaliation", "assault victim", "obsession" ], "references": [ "https://hybrid-analysis.com/sample/9e8ce8607b7f32f6f66c8126851a55818ff775ee060d2c448679e5eb1e22ba2a", "https://www.saal-digital.de/ordercockpit/?email=christ.robert@gmx.de&ordernumber=802109030129517", "\u2193 Interesting \u2193", "owa.telegrafix.com", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (Phishing)", "christ.robert@gmx.de", "https://simtk.org/projects/sv_tests (Tsara Brashears project?)", "https://itunes.apple.com/de/app/saal-design-app/id1481631197?mt=8", "https://play.google.com/store/apps/details?id=com.saaldigital.designerapp.de&hl=de", "BEELab_web_1.0.2-prerelease.exe", "AfraidZad.exe", "https://mail.greycroft.com/owa/redir.aspx?SURL=a0oI1dvGGkFYUoACVEbN8REVrmfS6H0MhUvXdexgmertl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAHAAcgBvAGQAdQBjAHQAaAB1AG4AdAAuAGMAbwBtAC8AdABlAGMAaAAvAGEAbgBpAG0AYQB0AGkAYwA.&URL=https://www.producthunt.com/tech/animatic", "greycroftpartners.com", "http://videotubeplayer.com/?groupds=1&clientId=201&productId=1407&tracking=w5JJ46MKQI493DMO1NDNTQ6K&publisher_id=", "trkpls3.com", "eg-monitoring.com", "http://m.pornsexer.xxx.3.1.adiosfil.roksit.net/", "https://twitter.com/PORNO_SEXYBABES" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Netherlands", "Italy", "Singapore", "France", "Germany", "Korea, Republic of" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "RMS", "display_name": "RMS", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 83, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 841, "FileHash-SHA1": 467, "FileHash-SHA256": 6370, "CVE": 9, "domain": 2160, "hostname": 3074, "email": 1, "URL": 6550, "SSLCertFingerprint": 1, "CIDR": 3 }, "indicator_count": 19476, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "857 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570800373899fd03e2e49db", "name": "Democrats.org", "description": "", "modified": "2023-12-06T14:06:59.250000", "created": "2023-12-06T14:06:59.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3114, "domain": 3501, "hostname": 3860, "URL": 17938, "FileHash-MD5": 2, "FileHash-SHA1": 10 }, "indicator_count": 28425, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f519ef27fa72eb62598", "name": "CambridgeAnalytica.org", "description": "", "modified": "2023-12-06T14:04:01.301000", "created": "2023-12-06T14:04:01.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 335, "URL": 13379, "hostname": 2501, "domain": 1501, "FileHash-SHA1": 15 }, "indicator_count": 17731, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707ed1b2c24f71d408f58a", "name": "lvc.org", "description": "", "modified": "2023-12-06T14:01:52.611000", "created": "2023-12-06T14:01:52.611000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "hostname": 3051, "FileHash-SHA256": 524, "URL": 14286, "domain": 1501, "email": 3, "FileHash-SHA1": 12 }, "indicator_count": 19379, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6220c81aaf6fddde0116569a", "name": "Democrats.org", "description": "", "modified": "2022-04-02T00:04:50.405000", "created": "2022-03-03T13:52:26.328000", "tags": [ "date", "dns replication" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 17938, "hostname": 3860, "domain": 3501, "FileHash-SHA256": 3114, "FileHash-MD5": 2, "FileHash-SHA1": 10 }, "indicator_count": 28425, "is_author": false, "is_subscribing": null, "subscriber_count": 408, "modified_text": "1479 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621927dd57ee9ed86aeb9cb4", "name": "CambridgeAnalytica.org", "description": "", "modified": "2022-03-27T00:00:39.057000", "created": "2022-02-25T19:02:53.023000", "tags": [ "win32 exe", "scott hanselman", "win32 dll", "llc creation", "date", "passive dns", "subdomains", "detections type", "name", "rich text", "format", "music", "first" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 13379, "hostname": 2501, "domain": 1501, "FileHash-SHA256": 335, "FileHash-SHA1": 15 }, "indicator_count": 17731, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6213ffb8b8b4c14bf3c0420f", "name": "lvc.org", "description": "", "modified": "2022-03-23T00:02:04.887000", "created": "2022-02-21T21:10:16.849000", "tags": [ "algorithm", "key identifier", "x509v3 subject", "solutions", "llc creation", "date", "categories", "ranks rank", "value ingestion", "time majestic", "umbrella", "masking enabled", "win32 exe", "server", "email", "registrar abuse", "practice", "gre premium", "code", "registrar url", "score" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14286, "hostname": 3051, "domain": 1501, "FileHash-SHA256": 524, "CVE": 2, "email": 3, "FileHash-SHA1": 12 }, "indicator_count": 19379, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1489 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.directferries.com/iceland.htm", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.directferries.com/iceland.htm", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776722624.0876737 }