{ "type": "URL", "indicator": "https://www.franas.pl", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.franas.pl", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3868486366, "indicator": "https://www.franas.pl", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "340 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6665c84b687c5e16b95e8f8e", "name": "94.152.152.223 v65023.niebieski.net Cyber_Folks S.A. (vgt.pl)", "description": "SHA1 32223ade25c4a1d39cb8ac13042e8e6dfe3ca78f , SHA1 \n 99987c1ee1ddb7fd113abd65c836fbb71c3da4da\n Role: UPX , Ransomware , Trojan , Mirai , Buschido Mirai antywirusowe\nWin.Trojan.VBGeneric-6735875-0 , Robak:Win32/Mofksys.RND!MTB", "modified": "2024-12-31T01:53:43.222000", "created": "2024-06-09T15:20:43.178000", "tags": [ "expiration", "no expiration", "url http", "url https", "hostname", "domain", "ipv4", "filehashsha256", "fh no", "filehashmd5", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "pl o", "unizeto", "sa ou", "urzd", "certum cn" ], "references": [ "https://viz.greynoise.io/analysis/f3d70a4f-14b1-4d26-8617-98d591", "https://viz.greynoise.io/analysis/a40cf3ce-d048-47c1-94b7-730b71", "https://viz.greynoise.io/analysis/4627bc3a-0238-4f2f-ad5c-c50527" ], "public": 1, "adversary": "TrojanDownloader:Win32/Nemucod", "targeted_countries": [ "Poland", "United States of America", "Germany", "Netherlands" ], "malware_families": [ { "id": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "display_name": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1027.004", "name": "Compile After Delivery", "display_name": "T1027.004 - Compile After Delivery" }, { "id": "T1027.003", "name": "Steganography", "display_name": "T1027.003 - Steganography" }, { "id": "T1027.002", "name": "Software Packing", "display_name": "T1027.002 - Software Packing" }, { "id": "T1027.001", "name": "Binary Padding", "display_name": "T1027.001 - Binary Padding" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1553.006", "name": "Code Signing Policy Modification", "display_name": "T1553.006 - Code Signing Policy Modification" }, { "id": "T1553.004", "name": "Install Root Certificate", "display_name": "T1553.004 - Install Root Certificate" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1055.011", "name": "Extra Window Memory Injection", "display_name": "T1055.011 - Extra Window Memory Injection" }, { "id": "T1055.008", "name": "Ptrace System Calls", "display_name": "T1055.008 - Ptrace System Calls" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036.001", "name": "Invalid Code Signature", "display_name": "T1036.001 - Invalid Code Signature" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3205, "FileHash-SHA1": 2671, "FileHash-SHA256": 11469, "SSLCertFingerprint": 6, "URL": 5435, "domain": 1356, "email": 55, "hostname": 2205, "CVE": 13, "YARA": 4, "CIDR": 1, "IPv4": 25, "FileHash-IMPHASH": 1, "BitcoinAddress": 2, "IPv6": 13 }, "indicator_count": 26461, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66c9103736c51f12e3bcfac8", "name": "VGT INTERNET - pozycjonowanie, serwery, domeny, strony www, poligrafia", "description": "Willi Echo wedi dweud wrthod wybodaeth iawno i'wodraeth o oryginalnej architekturze, a ddydd Sadwrn.", "modified": "2024-12-27T01:07:36.247000", "created": "2024-08-23T22:41:59.321000", "tags": [ "adres url", "profesjonalne", "projektowanie", "tworzenie", "stron", "internetowych", "strony", "internetowe", "pozycjonowanie", "poligrafia", "web design", "hosting", "internet", "cms", "reklama", "vgt internet", "skuteczna", "przegldaj", "skontaktuj", "z nami", "info", "ssl domeny", "copyright", "authority key", "identifier id", "win32", "whasz", "oszczdno", "win32 exe", "magia plik", "pe32 dla", "ms windows", "intel", "oglny plik", "windos", "generic", "typ pliku", "typ jzyk", "ikona rt", "neutralny", "tekst ascii", "wersja rt", "angielski usa", "plik", "file name", "type win32", "exe size", "mb first", "seen", "size", "first seen", "avg win32", "bkav undetected", "malicious", "drweb", "sha1", "sha256", "pehash", "richhash", "meble na wymiar", "meble na zam\u00f3wienie", "szafy", "meble \u0142azienkowe", "meble kuchenne", "meble biurowe", "zabudowy wn\u0119k", "blaty kamienne", "sprawd", "strong", "wirtualne", "kreatywne meble", "produkcja", "kuchnie", "zabudowa", "zwizualizuj", "kliknij", "speedtest", "files proofs", "vin syd", "sgp sbg", "rbx hil", "gra eri", "bom bhs", "ssl certificate", "noclegi szklarska por\u0119ba", "nocleg w szklarskiej por\u0119bie", "szklarska por\u0119ba pensjonat", "szklarska por\u0119ba", "pokoje", "pensjonat", "spa", "wakacje", "relaks", "wypoczynek", "willa echo", "willi echo", "szrenic", "tobie", "pastwu", "znajduje si", "azienka", "wifi", "z naczyniami", "bajeczne", "e1 f7", "c5 e0", "algorithm", "key identifier", "x509v3 subject", "number", "cus olet", "encrypt cnr10", "validity", "subject public", "key info", "key algorithm", "vhash", "ssdeep", "file type", "ini text" ], "references": [ "http://sanselo.pl", "http://www.sanselo.pl", "http://vgt.pl", "http://www.vgt.pl", "http://franas.pl", "http://www.franas.pl", "https://kreatywne-meble.pl", "http://ovh.net/common/font/lato/light/webfont.svg", "https://ws.nperf.com/partner/js?l=05d1f5db-f38f-42ed-924b-87e3b0f2d5b6", "http://willaecho.pl/", "http://www.willaecho.pl/", "http://www.tomasz.franas.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 438, "domain": 128, "hostname": 524, "URL": 943, "IPv4": 23, "FileHash-SHA256": 3021, "FileHash-SHA1": 397, "email": 4, "CVE": 1 }, "indicator_count": 5479, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "478 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66b3e7ebf9bc34b5ea10f701", "name": "http://www.dekoramia.eu/ SP\u00d3\u0141KA CYWILNA mx4.dekoramia.eu", "description": "Here is a full list of updates on the Biblioteka DLL, as well as the other parts of the code:-1-2-3-4-6..com", "modified": "2024-11-02T18:45:45.464000", "created": "2024-08-07T21:32:27.566000", "tags": [ "nxdomena", "nieznany", "nieznany strona", "a nxdomena", "rn kategorileri", "metal avizeler", "dekora metal", "tl zeri", "cretsiz kargo", "sipari takip", "trke", "sepetim", "tl sepetim", "sepetinizde rn", "metal", "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik", "dekoramia", "wyroby z", "jelenia gra", "bezterminowo", "nazwa hosta", "ccnl asnas3333", "sieci ip", "ripe ncc", "nazwa", "nxdomain", "aaaa", "cname", "zobacz te", "buforowane", "zasb", "ffffff", "error", "string", "copyright", "closure library", "typeof c", "jnew k", "knew k", "bnew k", "lnew k", "date", "sha1", "https", "biblioteka dll", "win32 certca", "win32", "win32 exe", "win32 dll", "certenroll", "tekst", "dos exe", "pdf introduo", "wprowadzenie", "whasz" ], "references": [ "Podgl?d wpisu po zmianie _ Ceidg.gov.pl - Centralna Ewidencja i Informacja o Dzia?alno?ci Gospodarczej.html", "Wydruk.pdf", "https://cse.google.com/cse.js?cx=003414466004237966221:dgg7iftvryo" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 219, "domain": 26, "FileHash-SHA1": 257, "URL": 194, "IPv4": 5, "FileHash-MD5": 320, "FileHash-SHA256": 361, "email": 9, "IPv6": 21, "CVE": 10 }, "indicator_count": 1422, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "533 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "552 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666a290827eb9a7dec1aa57f", "name": "just checking", "description": "", "modified": "2024-07-12T21:02:00.286000", "created": "2024-06-12T23:02:32.039000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 1278, "URL": 5288, "domain": 1217, "hostname": 2980, "CVE": 1 }, "indicator_count": 10774, "is_author": false, "is_subscribing": null, "subscriber_count": 178, "modified_text": "646 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://kreatywne-meble.pl", "https://viz.greynoise.io/analysis/a40cf3ce-d048-47c1-94b7-730b71", "https://waf.intelix.pl/957476/Chat/Script/Compatibility", "https://www.jelenia-gora.so.gov.pl/", "http://ovh.net/common/font/lato/light/webfont.svg", "http://www.vgt.pl", "http://willaecho.pl/", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://viz.greynoise.io/analysis/4627bc3a-0238-4f2f-ad5c-c50527", "http://www.jelenia-gora.so.gov.pl/", "https://ws.nperf.com/partner/js?l=05d1f5db-f38f-42ed-924b-87e3b0f2d5b6", "http://www.franas.pl", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.willaecho.pl/", "Wydruk.pdf", "http://sanselo.pl", "http://franas.pl", "http://www.tomasz.franas.pl", "http://vgt.pl", "https://viz.greynoise.io/analysis/f3d70a4f-14b1-4d26-8617-98d591", "https://cse.google.com/cse.js?cx=003414466004237966221:dgg7iftvryo", "Podgl?d wpisu po zmianie _ Ceidg.gov.pl - Centralna Ewidencja i Informacja o Dzia?alno?ci Gospodarczej.html", "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "https://www.jelenia-gora.sr.gov.pl/spacer", "http://www.sanselo.pl" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "TrojanDownloader:Win32/Nemucod" ], "malware_families": [ "", "Serwer a przed\u0142u\u017cenie sesji #{text} wojcieszyce pl", "Serwer" ], "industries": [], "unique_indicators": 114024 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/franas.pl", "whois": "http://whois.domaintools.com/franas.pl", "domain": "franas.pl", "hostname": "www.franas.pl" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "340 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6665c84b687c5e16b95e8f8e", "name": "94.152.152.223 v65023.niebieski.net Cyber_Folks S.A. (vgt.pl)", "description": "SHA1 32223ade25c4a1d39cb8ac13042e8e6dfe3ca78f , SHA1 \n 99987c1ee1ddb7fd113abd65c836fbb71c3da4da\n Role: UPX , Ransomware , Trojan , Mirai , Buschido Mirai antywirusowe\nWin.Trojan.VBGeneric-6735875-0 , Robak:Win32/Mofksys.RND!MTB", "modified": "2024-12-31T01:53:43.222000", "created": "2024-06-09T15:20:43.178000", "tags": [ "expiration", "no expiration", "url http", "url https", "hostname", "domain", "ipv4", "filehashsha256", "fh no", "filehashmd5", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "pl o", "unizeto", "sa ou", "urzd", "certum cn" ], "references": [ "https://viz.greynoise.io/analysis/f3d70a4f-14b1-4d26-8617-98d591", "https://viz.greynoise.io/analysis/a40cf3ce-d048-47c1-94b7-730b71", "https://viz.greynoise.io/analysis/4627bc3a-0238-4f2f-ad5c-c50527" ], "public": 1, "adversary": "TrojanDownloader:Win32/Nemucod", "targeted_countries": [ "Poland", "United States of America", "Germany", "Netherlands" ], "malware_families": [ { "id": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "display_name": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1027.004", "name": "Compile After Delivery", "display_name": "T1027.004 - Compile After Delivery" }, { "id": "T1027.003", "name": "Steganography", "display_name": "T1027.003 - Steganography" }, { "id": "T1027.002", "name": "Software Packing", "display_name": "T1027.002 - Software Packing" }, { "id": "T1027.001", "name": "Binary Padding", "display_name": "T1027.001 - Binary Padding" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1553.006", "name": "Code Signing Policy Modification", "display_name": "T1553.006 - Code Signing Policy Modification" }, { "id": "T1553.004", "name": "Install Root Certificate", "display_name": "T1553.004 - Install Root Certificate" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1055.011", "name": "Extra Window Memory Injection", "display_name": "T1055.011 - Extra Window Memory Injection" }, { "id": "T1055.008", "name": "Ptrace System Calls", "display_name": "T1055.008 - Ptrace System Calls" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036.001", "name": "Invalid Code Signature", "display_name": "T1036.001 - Invalid Code Signature" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3205, "FileHash-SHA1": 2671, "FileHash-SHA256": 11469, "SSLCertFingerprint": 6, "URL": 5435, "domain": 1356, "email": 55, "hostname": 2205, "CVE": 13, "YARA": 4, "CIDR": 1, "IPv4": 25, "FileHash-IMPHASH": 1, "BitcoinAddress": 2, "IPv6": 13 }, "indicator_count": 26461, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66c9103736c51f12e3bcfac8", "name": "VGT INTERNET - pozycjonowanie, serwery, domeny, strony www, poligrafia", "description": "Willi Echo wedi dweud wrthod wybodaeth iawno i'wodraeth o oryginalnej architekturze, a ddydd Sadwrn.", "modified": "2024-12-27T01:07:36.247000", "created": "2024-08-23T22:41:59.321000", "tags": [ "adres url", "profesjonalne", "projektowanie", "tworzenie", "stron", "internetowych", "strony", "internetowe", "pozycjonowanie", "poligrafia", "web design", "hosting", "internet", "cms", "reklama", "vgt internet", "skuteczna", "przegldaj", "skontaktuj", "z nami", "info", "ssl domeny", "copyright", "authority key", "identifier id", "win32", "whasz", "oszczdno", "win32 exe", "magia plik", "pe32 dla", "ms windows", "intel", "oglny plik", "windos", "generic", "typ pliku", "typ jzyk", "ikona rt", "neutralny", "tekst ascii", "wersja rt", "angielski usa", "plik", "file name", "type win32", "exe size", "mb first", "seen", "size", "first seen", "avg win32", "bkav undetected", "malicious", "drweb", "sha1", "sha256", "pehash", "richhash", "meble na wymiar", "meble na zam\u00f3wienie", "szafy", "meble \u0142azienkowe", "meble kuchenne", "meble biurowe", "zabudowy wn\u0119k", "blaty kamienne", "sprawd", "strong", "wirtualne", "kreatywne meble", "produkcja", "kuchnie", "zabudowa", "zwizualizuj", "kliknij", "speedtest", "files proofs", "vin syd", "sgp sbg", "rbx hil", "gra eri", "bom bhs", "ssl certificate", "noclegi szklarska por\u0119ba", "nocleg w szklarskiej por\u0119bie", "szklarska por\u0119ba pensjonat", "szklarska por\u0119ba", "pokoje", "pensjonat", "spa", "wakacje", "relaks", "wypoczynek", "willa echo", "willi echo", "szrenic", "tobie", "pastwu", "znajduje si", "azienka", "wifi", "z naczyniami", "bajeczne", "e1 f7", "c5 e0", "algorithm", "key identifier", "x509v3 subject", "number", "cus olet", "encrypt cnr10", "validity", "subject public", "key info", "key algorithm", "vhash", "ssdeep", "file type", "ini text" ], "references": [ "http://sanselo.pl", "http://www.sanselo.pl", "http://vgt.pl", "http://www.vgt.pl", "http://franas.pl", "http://www.franas.pl", "https://kreatywne-meble.pl", "http://ovh.net/common/font/lato/light/webfont.svg", "https://ws.nperf.com/partner/js?l=05d1f5db-f38f-42ed-924b-87e3b0f2d5b6", "http://willaecho.pl/", "http://www.willaecho.pl/", "http://www.tomasz.franas.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 438, "domain": 128, "hostname": 524, "URL": 943, "IPv4": 23, "FileHash-SHA256": 3021, "FileHash-SHA1": 397, "email": 4, "CVE": 1 }, "indicator_count": 5479, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "478 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66b3e7ebf9bc34b5ea10f701", "name": "http://www.dekoramia.eu/ SP\u00d3\u0141KA CYWILNA mx4.dekoramia.eu", "description": "Here is a full list of updates on the Biblioteka DLL, as well as the other parts of the code:-1-2-3-4-6..com", "modified": "2024-11-02T18:45:45.464000", "created": "2024-08-07T21:32:27.566000", "tags": [ "nxdomena", "nieznany", "nieznany strona", "a nxdomena", "rn kategorileri", "metal avizeler", "dekora metal", "tl zeri", "cretsiz kargo", "sipari takip", "trke", "sepetim", "tl sepetim", "sepetinizde rn", "metal", "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik", "dekoramia", "wyroby z", "jelenia gra", "bezterminowo", "nazwa hosta", "ccnl asnas3333", "sieci ip", "ripe ncc", "nazwa", "nxdomain", "aaaa", "cname", "zobacz te", "buforowane", "zasb", "ffffff", "error", "string", "copyright", "closure library", "typeof c", "jnew k", "knew k", "bnew k", "lnew k", "date", "sha1", "https", "biblioteka dll", "win32 certca", "win32", "win32 exe", "win32 dll", "certenroll", "tekst", "dos exe", "pdf introduo", "wprowadzenie", "whasz" ], "references": [ "Podgl?d wpisu po zmianie _ Ceidg.gov.pl - Centralna Ewidencja i Informacja o Dzia?alno?ci Gospodarczej.html", "Wydruk.pdf", "https://cse.google.com/cse.js?cx=003414466004237966221:dgg7iftvryo" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 219, "domain": 26, "FileHash-SHA1": 257, "URL": 194, "IPv4": 5, "FileHash-MD5": 320, "FileHash-SHA256": 361, "email": 9, "IPv6": 21, "CVE": 10 }, "indicator_count": 1422, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "533 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "552 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666a290827eb9a7dec1aa57f", "name": "just checking", "description": "", "modified": "2024-07-12T21:02:00.286000", "created": "2024-06-12T23:02:32.039000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 1278, "URL": 5288, "domain": 1217, "hostname": 2980, "CVE": 1 }, "indicator_count": 10774, "is_author": false, "is_subscribing": null, "subscriber_count": 178, "modified_text": "646 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.franas.pl", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.franas.pl", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776634606.8008296 }