{ "type": "URL", "indicator": "https://www.globalsign.com/repository/06", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.globalsign.com/repository/06", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #424", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain globalsign.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain globalsign.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3901789228, "indicator": "https://www.globalsign.com/repository/06", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "69b610502027ff9e392b164a", "name": "interesting strings and dummy cert", "description": "", "modified": "2026-03-15T03:28:49.118000", "created": "2026-03-15T01:50:08.636000", "tags": [ "mode beta", "fried cookie", "sha256", "g2 o", "globalsign", "dummy", "tue jan", "mon apr", "tue aug", "fri aug" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 16, "hostname": 14, "FileHash-MD5": 23, "FileHash-SHA1": 9, "FileHash-SHA256": 10 }, "indicator_count": 72, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "78 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69af926b7c44b84b26ce3f4e", "name": "formail.exe clone arek-btc", "description": "", "modified": "2026-03-10T21:40:19.215000", "created": "2026-03-10T03:39:23.068000", "tags": [ "sha1", "sha256", "vhash", "authentihash", "ssdeep", "\u90ae\u4ef6", "\u4f01\u4e1a\u5fae\u4fe1\u5e2e\u52a9\u4e2d\u5fc3", "windows nt", "khtml", "gecko", "read c", "ascii text", "msie", "crlf line", "ms windows", "intel", "default", "write", "malware", "copy", "agent", "next", "imphash", "virustotal", "detections", "comments", "detections name", "eeeeee e", "eeeeeee e", "eeeee delphi", "win32" ], "references": [ "http://service.exmail.qq.com/cgi-bin/help?&&id=20022&no=1000728&subtype=1", "http://connectivitycheck.gstatic.com/generate_204" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "681e0afed57810a1e5159708", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 354, "domain": 31, "hostname": 77, "URL": 172, "FileHash-MD5": 135, "FileHash-SHA1": 40, "email": 3 }, "indicator_count": 812, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "82 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698054a372fb3461e21b616b", "name": "RelevantKnowledge Adware drops Malware including Ransomware TeslaCrypt | File deletion, system corruption", "description": "Arrival Details: \nThis Adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.\nInstallation: \nThis Adware adds the follows processes, Deletes files, Other System Modifications , It adds registry entries. || \n\nRelevantKnowledge Adware drops Malware including Ransomware TeslaCrypt | File deletion, system corruption \n\u201cTypes of RelevantKnowledge Adware\u201d\nPUP.Optional.RelevantKnowledge is sometimes considered adware and by some even as spyware. MarketScore, formerly known as Netsetter, uses RelevantKnowledge to gather data about Internet usage. The data is sold for various goals. These include Internet development, commerce, economic analysis, market predictions, and page ranking in search results.PUP.Optional.RelevantKnowledge is adware that comes bundled with many freeware utilities.", "modified": "2026-03-04T06:02:39.413000", "created": "2026-02-02T07:39:15.479000", "tags": [ "dynamicloader", "oamazon", "cnamazon rsa", "mozilla", "write c", "united", "globalc", "win32", "iwin", "write", "encrypt", "malware", "file deletion", "relevant knowledge", "deletes files", "system modification", "registry", "adding", "process", "drops files", "drive by", "compromise", "g2 c", "legalcopyright", "productname", "thawte", "thawte code", "signing ca", "certification", "division cn", "primary root", "quietuninstallstring", "present jan", "unknown aaaa", "ip address", "unknown ns", "trojan", "title error", "ipv4 add", "urls", "reverse dns", "spyware", "united states", "servers", "hostname", "legal", "amazon", "awsdns", "amazon.com ,inc", "amazon legal", "crazyfrost", "brian sabey", "aaaa", "name servers", "ahmann related", "cloudfront", "read c", "medium", "memcommit", "entries", "high", "checks", "windows", "delete", "execution", "dock", "persistence", "capture", "next", "local", "show", "search", "officeoffice16", "virustotal api", "screenshots", "comments", "vendor finding", "notes clamav", "files matching", "number", "sample analysis", "copy", "hide samples", "ransomware", "nsis", "nullsoft", "teslacrypt" ], "references": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/adware.win32.relevantknowledge.p", "File Description: iWin Games Downloader FileVersion: 1.0.3.0", "LegalCopyright\u00a9 iWin inc. ProductName: iWin Games ProductVersion 1.0.3.0", "Mutexes _!SHMSFTHISTORY!_", "Win.Ransomware.TeslaCrypt-9828161-0", "YARA Detections:: Nullsoft_NSIS \uffadNullsoftInst NullSoft" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Adware.RelevantKnowledge-9939891-0", "display_name": "Win.Adware.RelevantKnowledge-9939891-0", "target": null }, { "id": "Win.Ransomware.TeslaCrypt", "display_name": "Win.Ransomware.TeslaCrypt", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 44, "FileHash-SHA1": 32, "FileHash-SHA256": 106, "domain": 17, "hostname": 70, "SSLCertFingerprint": 12, "URL": 174, "email": 4 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "88 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "681e0afed57810a1e5159708", "name": "Foxmail.exe", "description": "MD5- 359f80e74649e20bf65ca1607989b55d\nMD5- baa281dc20752fa96021665b2963ba1a\nhttps://www.virustotal.com/gui/file/4d829d9b1096e5e70ad2bd94bc79fb2a47124aad75380154c6ee135298a84559/relations\nhttps://www.virustotal.com/gui/file/b79d5618048a8493fe6001c99cf8f05176828788afe88a562e05afe74947e88f/details", "modified": "2025-10-01T00:01:22.860000", "created": "2025-05-09T14:02:38.820000", "tags": [ "sha1", "sha256", "vhash", "authentihash", "ssdeep", "\u90ae\u4ef6", "\u4f01\u4e1a\u5fae\u4fe1\u5e2e\u52a9\u4e2d\u5fc3", "windows nt", "khtml", "gecko", "read c", "ascii text", "msie", "crlf line", "ms windows", "intel", "default", "write", "malware", "copy", "agent", "next", "imphash", "virustotal", "detections", "comments", "detections name", "eeeeee e", "eeeeeee e", "eeeee delphi", "win32" ], "references": [ "http://service.exmail.qq.com/cgi-bin/help?&&id=20022&no=1000728&subtype=1", "http://connectivitycheck.gstatic.com/generate_204" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 354, "domain": 31, "hostname": 76, "URL": 171, "FileHash-MD5": 135, "FileHash-SHA1": 40, "email": 3 }, "indicator_count": 810, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "243 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66dea8f783e2e21fe8105fa8", "name": "IObit Unlocker", "description": "Browser bar, API access ,\ncached, , device unlocker, search result attacks. |\n\nLink below opened appeared on a device, deleted private crowdstrike.com pulse and other IoC's. Device had only been used for research. Private Crowdstrike pulses included highly highly priority and critical issues found prior to h,obal outage. Unsure if related to IObit. . \n\nhttps://otx.alienvault.com/browse/global/pulses?q=tag:%22esta%20caliente%22&include_inactive=0&sort=-modified&page=1&limit=10&indicatorsSearch=esta%20caliente\n\nAs reported before both VirusTotal & otx.alienvault.com experiences frequent attacks. New stealer found.. Other users have mentioned otx issues on other forums.", "modified": "2024-10-09T06:02:16.991000", "created": "2024-09-09T07:51:19.348000", "tags": [ "pe resource", "the bazar", "story", "hackers", "cyber attack", "spotify artist", "gamers", "inno setup", "delphi generic", "win32 exe", "pe32", "intel", "ms windows", "pe32 installer", "module", "linker", "delphi", "info header", "name md5", "language", "overlay", "algorithm", "thumbprint", "serial number", "symantec time", "stamping", "sha256 code", "signing ca", "valid", "valid usage", "class", "windows", "uninstall iobit", "files", "file type", "javascript", "get http", "http requests", "dns resolutions", "ip traffic", "legalcopyright", "component", "read", "write", "dynamicloader", "medium", "time stamping", "malware fighter", "variant", "invalid variant", "stack", "format", "error", "msie", "chrome", "passive dns", "gmt content", "all scoreblue", "name servers", "as35819", "moved", "red team", "are you hiring", "united states", "aaaa", "asnone united", "cname", "nxdomain", "whitelisted", "showing", "as44273 host", "inno5311", "win32", "ipv4", "widgitoolbar", "unknown", "hashes", "windows nt", "win32 dll", "kb file", "historical ssl", "referrer", "malware", "network", "cancer", "dynadot inc", "temp", "domains", "mesh digital" ], "references": [ "unlocker-setup_v1.1.2.exe", "FileHash-SHA256 055fb1f2d36226f676514de472d04d84772a104ebc6bc2cb190d08c967c197c6", "codes.iobit.com", "ALF:PUA:Block:IObit.R!MTB | External Hosts: Reverse IP ASN 3.128.123.2\tapi.mybrowserbar.com *DisableUserModeCallbackFilter", "Crowdsourced IDS: Matches rule (http_inspect) HTTP Content-Length message body was truncated Matches rule FILEEXT JPG file claimed", "Yara Detections: Zeppelin_10 , stack_string , ConventionEngine_Keyword_Laun", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing]", "Aug 31, 2024\thttp://bluesprig.mybrowserbar.com/\tbluesprig.mybrowserbar.com\t200\t18.116.57.197", "Yara: Matches rule Windows_API_Function from ruleset Windows_API_Function by InQuest Labs", "img-prod-cms-rt-microsoft-com.akamaized.net | iobitapps.mybrowserbar.com | recorder-iobit-com.us-east-1.elasticbeanstalk.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Genpack-9877676-0", "display_name": "Win.Malware.Genpack-9877676-0", "target": null }, { "id": "SLF:PUA:Win32/IObitBundler", "display_name": "SLF:PUA:Win32/IObitBundler", "target": null } ], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 379, "FileHash-SHA1": 357, "FileHash-SHA256": 1383, "URL": 122, "domain": 286, "hostname": 568, "email": 8 }, "indicator_count": 3103, "is_author": false, "is_subscribing": null, "subscriber_count": 233, "modified_text": "599 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6663311a8c529069bb34a06f", "name": "Injection | Win.Worm.Mydoom | Ransomware | Android Device attack", "description": "Android device, remotely modified, hidden users, 'zombie' device, targeting, framing, unknown admin.", "modified": "2024-07-07T15:00:25.739000", "created": "2024-06-07T16:11:06.485000", "tags": [ "november", "threat roundup", "axelo", "atkafij0", "referrer", "historical ssl", "dynamicloader", "write c", "yara rule", "delete c", "ms windows", "medium", "yara detections", "show", "search", "united", "write", "copy", "create c", "read c", "flashpix", "high", "template", "persistence", "execution", "next", "unknown", "shared address", "html info", "title rfc", "ipv4 prefix", "space meta", "tags", "prefix", "space", "script tags", "anchor hrefs", "sha256", "vhash", "ssdeep", "html internet", "magic html", "ascii text", "magika html", "file size", "internet", "iana", "city", "los angeles", "orgabusephone", "orgid", "iana ref", "net192", "net1920000", "iana special", "detections type", "name", "win32 exe", "runresdll", "android", "trojan", "files", "installer", "10357", "javascript", "malibot", "pe32", "intel", "linux x8664", "khtml", "win32", "process32nextw", "discovery", "discovery t1057", "t1057", "t1045", "memcommit", "regopenkeyexw", "regsetvalueexa", "writeconsolea", "minute tr", "highest f", "regdword", "del f", "start", "memreserve", "dock" ], "references": [ "http://tools.ietf.org/html/rfc6598 | Found in android device| Block: 100:116.200.0/? [Special Use /Non - IANA]", "AV Detection: Win.Downloader.68062-1 | Yara Detections: MS_Visual_Basic_6_0 , Cabinet_Archive", "High Priority Alerts: dead_host network_icmp dumped_buffer2 nolookup_communication modifies_certificates", "Alerts: dumped_buffer network_http allocates_rwx antisandbox_sleep antivm_disk_size exe_appdata antivm_network_adapters privilege_luid_check", "Alerts: antivm_queries_computername checks_debugger recon_fingerprint antivm_memory_available", "Image: https://otx.alienvault.com/otxapi/indicators/file/screenshot/a674df2469cb894b79343bdedfb2068c124746003678826f9281f69887200811", "https://otx.alienvault.com/indicator/file/a674df2469cb894b79343bdedfb2068c124746003678826f9281f69887200811 [Win.Downloader.68062-1]", "https://otx.alienvault.com/indicator/file/0000374bffccbcd54ea9a1c51514b671a8caf732ef3bef2cc8cccd4bf01665cf [Win.Worm.Mydoom-5]", "Yara Detections: Nrv2x , upx_3 , UPX_OEP_place , UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser , UPX", "High Priority Alerts: procmem_yara network_bind persistence_autorun", "Alerts: dynamic_function_loading powershell_download reads_self suspicious_tld dead_connect", "buildbot.tools.ietf.org [Win32:Malware-gen]", "Yara Detections: MS_Visual_Cpp_2008 | High Priority Alerts: dead_host network_icmp", "Priority Alerts: dumped_buffer network_http suspicious_tld allocates_rwx creates_exe exe_appdata antivm_network_adapters pe_features", "Yara: Detections Skype User-Agent detected, LZMA" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Downloader.68062-1", "display_name": "Win.Downloader.68062-1", "target": null }, { "id": "Win.Worm.Mydoom-5", "display_name": "Win.Worm.Mydoom-5", "target": null }, { "id": "Win32:Trojan-gen", "display_name": "Win32:Trojan-gen", "target": null }, { "id": "Backdoor:Win32/Hera.A!bit", "display_name": "Backdoor:Win32/Hera.A!bit", "target": "/malware/Backdoor:Win32/Hera.A!bit" } ], "attack_ids": [ { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 350, "FileHash-SHA1": 318, "FileHash-SHA256": 1929, "URL": 1885, "hostname": 1600, "domain": 1380, "email": 7, "SSLCertFingerprint": 40 }, "indicator_count": 7509, "is_author": false, "is_subscribing": null, "subscriber_count": 233, "modified_text": "693 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "ALF:PUA:Block:IObit.R!MTB | External Hosts: Reverse IP ASN 3.128.123.2\tapi.mybrowserbar.com *DisableUserModeCallbackFilter", "Mutexes _!SHMSFTHISTORY!_", "http://service.exmail.qq.com/cgi-bin/help?&&id=20022&no=1000728&subtype=1", "YARA Detections:: Nullsoft_NSIS \uffadNullsoftInst NullSoft", "http://connectivitycheck.gstatic.com/generate_204", "http://tools.ietf.org/html/rfc6598 | Found in android device| Block: 100:116.200.0/? [Special Use /Non - IANA]", "https://otx.alienvault.com/indicator/file/0000374bffccbcd54ea9a1c51514b671a8caf732ef3bef2cc8cccd4bf01665cf [Win.Worm.Mydoom-5]", "High Priority Alerts: procmem_yara network_bind persistence_autorun", "Image: https://otx.alienvault.com/otxapi/indicators/file/screenshot/a674df2469cb894b79343bdedfb2068c124746003678826f9281f69887200811", "FileHash-SHA256 055fb1f2d36226f676514de472d04d84772a104ebc6bc2cb190d08c967c197c6", "Yara Detections: MS_Visual_Cpp_2008 | High Priority Alerts: dead_host network_icmp", "codes.iobit.com", "Yara Detections: Nrv2x , upx_3 , UPX_OEP_place , UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser , UPX", "Aug 31, 2024\thttp://bluesprig.mybrowserbar.com/\tbluesprig.mybrowserbar.com\t200\t18.116.57.197", "buildbot.tools.ietf.org [Win32:Malware-gen]", "High Priority Alerts: dead_host network_icmp dumped_buffer2 nolookup_communication modifies_certificates", "Yara Detections: Zeppelin_10 , stack_string , ConventionEngine_Keyword_Laun", "unlocker-setup_v1.1.2.exe", "LegalCopyright\u00a9 iWin inc. ProductName: iWin Games ProductVersion 1.0.3.0", "Alerts: dumped_buffer network_http allocates_rwx antisandbox_sleep antivm_disk_size exe_appdata antivm_network_adapters privilege_luid_check", "File Description: iWin Games Downloader FileVersion: 1.0.3.0", "Yara: Matches rule Windows_API_Function from ruleset Windows_API_Function by InQuest Labs", "Alerts: antivm_queries_computername checks_debugger recon_fingerprint antivm_memory_available", "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/adware.win32.relevantknowledge.p", "Win.Ransomware.TeslaCrypt-9828161-0", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing]", "Priority Alerts: dumped_buffer network_http suspicious_tld allocates_rwx creates_exe exe_appdata antivm_network_adapters pe_features", "Yara: Detections Skype User-Agent detected, LZMA", "AV Detection: Win.Downloader.68062-1 | Yara Detections: MS_Visual_Basic_6_0 , Cabinet_Archive", "img-prod-cms-rt-microsoft-com.akamaized.net | iobitapps.mybrowserbar.com | recorder-iobit-com.us-east-1.elasticbeanstalk.com", "Crowdsourced IDS: Matches rule (http_inspect) HTTP Content-Length message body was truncated Matches rule FILEEXT JPG file claimed", "https://otx.alienvault.com/indicator/file/a674df2469cb894b79343bdedfb2068c124746003678826f9281f69887200811 [Win.Downloader.68062-1]", "Alerts: dynamic_function_loading powershell_download reads_self suspicious_tld dead_connect" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Win.worm.mydoom-5", "Win.malware.genpack-9877676-0", "Slf:pua:win32/iobitbundler", "Win.ransomware.teslacrypt", "Win.downloader.68062-1", "Backdoor:win32/hera.a!bit", "Win.adware.relevantknowledge-9939891-0", "Win32:trojan-gen" ], "industries": [ "Telecommunications", "Technology" ], "unique_indicators": 12843 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/globalsign.com", "whois": "http://whois.domaintools.com/globalsign.com", "domain": "globalsign.com", "hostname": "www.globalsign.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "69b610502027ff9e392b164a", "name": "interesting strings and dummy cert", "description": "", "modified": "2026-03-15T03:28:49.118000", "created": "2026-03-15T01:50:08.636000", "tags": [ "mode beta", "fried cookie", "sha256", "g2 o", "globalsign", "dummy", "tue jan", "mon apr", "tue aug", "fri aug" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 16, "hostname": 14, "FileHash-MD5": 23, "FileHash-SHA1": 9, "FileHash-SHA256": 10 }, "indicator_count": 72, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "78 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69af926b7c44b84b26ce3f4e", "name": "formail.exe clone arek-btc", "description": "", "modified": "2026-03-10T21:40:19.215000", "created": "2026-03-10T03:39:23.068000", "tags": [ "sha1", "sha256", "vhash", "authentihash", "ssdeep", "\u90ae\u4ef6", "\u4f01\u4e1a\u5fae\u4fe1\u5e2e\u52a9\u4e2d\u5fc3", "windows nt", "khtml", "gecko", "read c", "ascii text", "msie", "crlf line", "ms windows", "intel", "default", "write", "malware", "copy", "agent", "next", "imphash", "virustotal", "detections", "comments", "detections name", "eeeeee e", "eeeeeee e", "eeeee delphi", "win32" ], "references": [ "http://service.exmail.qq.com/cgi-bin/help?&&id=20022&no=1000728&subtype=1", "http://connectivitycheck.gstatic.com/generate_204" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "681e0afed57810a1e5159708", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 354, "domain": 31, "hostname": 77, "URL": 172, "FileHash-MD5": 135, "FileHash-SHA1": 40, "email": 3 }, "indicator_count": 812, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "82 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698054a372fb3461e21b616b", "name": "RelevantKnowledge Adware drops Malware including Ransomware TeslaCrypt | File deletion, system corruption", "description": "Arrival Details: \nThis Adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.\nInstallation: \nThis Adware adds the follows processes, Deletes files, Other System Modifications , It adds registry entries. || \n\nRelevantKnowledge Adware drops Malware including Ransomware TeslaCrypt | File deletion, system corruption \n\u201cTypes of RelevantKnowledge Adware\u201d\nPUP.Optional.RelevantKnowledge is sometimes considered adware and by some even as spyware. MarketScore, formerly known as Netsetter, uses RelevantKnowledge to gather data about Internet usage. The data is sold for various goals. These include Internet development, commerce, economic analysis, market predictions, and page ranking in search results.PUP.Optional.RelevantKnowledge is adware that comes bundled with many freeware utilities.", "modified": "2026-03-04T06:02:39.413000", "created": "2026-02-02T07:39:15.479000", "tags": [ "dynamicloader", "oamazon", "cnamazon rsa", "mozilla", "write c", "united", "globalc", "win32", "iwin", "write", "encrypt", "malware", "file deletion", "relevant knowledge", "deletes files", "system modification", "registry", "adding", "process", "drops files", "drive by", "compromise", "g2 c", "legalcopyright", "productname", "thawte", "thawte code", "signing ca", "certification", "division cn", "primary root", "quietuninstallstring", "present jan", "unknown aaaa", "ip address", "unknown ns", "trojan", "title error", "ipv4 add", "urls", "reverse dns", "spyware", "united states", "servers", "hostname", "legal", "amazon", "awsdns", "amazon.com ,inc", "amazon legal", "crazyfrost", "brian sabey", "aaaa", "name servers", "ahmann related", "cloudfront", "read c", "medium", "memcommit", "entries", "high", "checks", "windows", "delete", "execution", "dock", "persistence", "capture", "next", "local", "show", "search", "officeoffice16", "virustotal api", "screenshots", "comments", "vendor finding", "notes clamav", "files matching", "number", "sample analysis", "copy", "hide samples", "ransomware", "nsis", "nullsoft", "teslacrypt" ], "references": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/adware.win32.relevantknowledge.p", "File Description: iWin Games Downloader FileVersion: 1.0.3.0", "LegalCopyright\u00a9 iWin inc. ProductName: iWin Games ProductVersion 1.0.3.0", "Mutexes _!SHMSFTHISTORY!_", "Win.Ransomware.TeslaCrypt-9828161-0", "YARA Detections:: Nullsoft_NSIS \uffadNullsoftInst NullSoft" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Adware.RelevantKnowledge-9939891-0", "display_name": "Win.Adware.RelevantKnowledge-9939891-0", "target": null }, { "id": "Win.Ransomware.TeslaCrypt", "display_name": "Win.Ransomware.TeslaCrypt", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 44, "FileHash-SHA1": 32, "FileHash-SHA256": 106, "domain": 17, "hostname": 70, "SSLCertFingerprint": 12, "URL": 174, "email": 4 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "88 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "681e0afed57810a1e5159708", "name": "Foxmail.exe", "description": "MD5- 359f80e74649e20bf65ca1607989b55d\nMD5- baa281dc20752fa96021665b2963ba1a\nhttps://www.virustotal.com/gui/file/4d829d9b1096e5e70ad2bd94bc79fb2a47124aad75380154c6ee135298a84559/relations\nhttps://www.virustotal.com/gui/file/b79d5618048a8493fe6001c99cf8f05176828788afe88a562e05afe74947e88f/details", "modified": "2025-10-01T00:01:22.860000", "created": "2025-05-09T14:02:38.820000", "tags": [ "sha1", "sha256", "vhash", "authentihash", "ssdeep", "\u90ae\u4ef6", "\u4f01\u4e1a\u5fae\u4fe1\u5e2e\u52a9\u4e2d\u5fc3", "windows nt", "khtml", "gecko", "read c", "ascii text", "msie", "crlf line", "ms windows", "intel", "default", "write", "malware", "copy", "agent", "next", "imphash", "virustotal", "detections", "comments", "detections name", "eeeeee e", "eeeeeee e", "eeeee delphi", "win32" ], "references": [ "http://service.exmail.qq.com/cgi-bin/help?&&id=20022&no=1000728&subtype=1", "http://connectivitycheck.gstatic.com/generate_204" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 354, "domain": 31, "hostname": 76, "URL": 171, "FileHash-MD5": 135, "FileHash-SHA1": 40, "email": 3 }, "indicator_count": 810, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "243 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66dea8f783e2e21fe8105fa8", "name": "IObit Unlocker", "description": "Browser bar, API access ,\ncached, , device unlocker, search result attacks. |\n\nLink below opened appeared on a device, deleted private crowdstrike.com pulse and other IoC's. Device had only been used for research. Private Crowdstrike pulses included highly highly priority and critical issues found prior to h,obal outage. Unsure if related to IObit. . \n\nhttps://otx.alienvault.com/browse/global/pulses?q=tag:%22esta%20caliente%22&include_inactive=0&sort=-modified&page=1&limit=10&indicatorsSearch=esta%20caliente\n\nAs reported before both VirusTotal & otx.alienvault.com experiences frequent attacks. New stealer found.. Other users have mentioned otx issues on other forums.", "modified": "2024-10-09T06:02:16.991000", "created": "2024-09-09T07:51:19.348000", "tags": [ "pe resource", "the bazar", "story", "hackers", "cyber attack", "spotify artist", "gamers", "inno setup", "delphi generic", "win32 exe", "pe32", "intel", "ms windows", "pe32 installer", "module", "linker", "delphi", "info header", "name md5", "language", "overlay", "algorithm", "thumbprint", "serial number", "symantec time", "stamping", "sha256 code", "signing ca", "valid", "valid usage", "class", "windows", "uninstall iobit", "files", "file type", "javascript", "get http", "http requests", "dns resolutions", "ip traffic", "legalcopyright", "component", "read", "write", "dynamicloader", "medium", "time stamping", "malware fighter", "variant", "invalid variant", "stack", "format", "error", "msie", "chrome", "passive dns", "gmt content", "all scoreblue", "name servers", "as35819", "moved", "red team", "are you hiring", "united states", "aaaa", "asnone united", "cname", "nxdomain", "whitelisted", "showing", "as44273 host", "inno5311", "win32", "ipv4", "widgitoolbar", "unknown", "hashes", "windows nt", "win32 dll", "kb file", "historical ssl", "referrer", "malware", "network", "cancer", "dynadot inc", "temp", "domains", "mesh digital" ], "references": [ "unlocker-setup_v1.1.2.exe", "FileHash-SHA256 055fb1f2d36226f676514de472d04d84772a104ebc6bc2cb190d08c967c197c6", "codes.iobit.com", "ALF:PUA:Block:IObit.R!MTB | External Hosts: Reverse IP ASN 3.128.123.2\tapi.mybrowserbar.com *DisableUserModeCallbackFilter", "Crowdsourced IDS: Matches rule (http_inspect) HTTP Content-Length message body was truncated Matches rule FILEEXT JPG file claimed", "Yara Detections: Zeppelin_10 , stack_string , ConventionEngine_Keyword_Laun", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing]", "Aug 31, 2024\thttp://bluesprig.mybrowserbar.com/\tbluesprig.mybrowserbar.com\t200\t18.116.57.197", "Yara: Matches rule Windows_API_Function from ruleset Windows_API_Function by InQuest Labs", "img-prod-cms-rt-microsoft-com.akamaized.net | iobitapps.mybrowserbar.com | recorder-iobit-com.us-east-1.elasticbeanstalk.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Genpack-9877676-0", "display_name": "Win.Malware.Genpack-9877676-0", "target": null }, { "id": "SLF:PUA:Win32/IObitBundler", "display_name": "SLF:PUA:Win32/IObitBundler", "target": null } ], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 379, "FileHash-SHA1": 357, "FileHash-SHA256": 1383, "URL": 122, "domain": 286, "hostname": 568, "email": 8 }, "indicator_count": 3103, "is_author": false, "is_subscribing": null, "subscriber_count": 233, "modified_text": "599 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6663311a8c529069bb34a06f", "name": "Injection | Win.Worm.Mydoom | Ransomware | Android Device attack", "description": "Android device, remotely modified, hidden users, 'zombie' device, targeting, framing, unknown admin.", "modified": "2024-07-07T15:00:25.739000", "created": "2024-06-07T16:11:06.485000", "tags": [ "november", "threat roundup", "axelo", "atkafij0", "referrer", "historical ssl", "dynamicloader", "write c", "yara rule", "delete c", "ms windows", "medium", "yara detections", "show", "search", "united", "write", "copy", "create c", "read c", "flashpix", "high", "template", "persistence", "execution", "next", "unknown", "shared address", "html info", "title rfc", "ipv4 prefix", "space meta", "tags", "prefix", "space", "script tags", "anchor hrefs", "sha256", "vhash", "ssdeep", "html internet", "magic html", "ascii text", "magika html", "file size", "internet", "iana", "city", "los angeles", "orgabusephone", "orgid", "iana ref", "net192", "net1920000", "iana special", "detections type", "name", "win32 exe", "runresdll", "android", "trojan", "files", "installer", "10357", "javascript", "malibot", "pe32", "intel", "linux x8664", "khtml", "win32", "process32nextw", "discovery", "discovery t1057", "t1057", "t1045", "memcommit", "regopenkeyexw", "regsetvalueexa", "writeconsolea", "minute tr", "highest f", "regdword", "del f", "start", "memreserve", "dock" ], "references": [ "http://tools.ietf.org/html/rfc6598 | Found in android device| Block: 100:116.200.0/? [Special Use /Non - IANA]", "AV Detection: Win.Downloader.68062-1 | Yara Detections: MS_Visual_Basic_6_0 , Cabinet_Archive", "High Priority Alerts: dead_host network_icmp dumped_buffer2 nolookup_communication modifies_certificates", "Alerts: dumped_buffer network_http allocates_rwx antisandbox_sleep antivm_disk_size exe_appdata antivm_network_adapters privilege_luid_check", "Alerts: antivm_queries_computername checks_debugger recon_fingerprint antivm_memory_available", "Image: https://otx.alienvault.com/otxapi/indicators/file/screenshot/a674df2469cb894b79343bdedfb2068c124746003678826f9281f69887200811", "https://otx.alienvault.com/indicator/file/a674df2469cb894b79343bdedfb2068c124746003678826f9281f69887200811 [Win.Downloader.68062-1]", "https://otx.alienvault.com/indicator/file/0000374bffccbcd54ea9a1c51514b671a8caf732ef3bef2cc8cccd4bf01665cf [Win.Worm.Mydoom-5]", "Yara Detections: Nrv2x , upx_3 , UPX_OEP_place , UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser , UPX", "High Priority Alerts: procmem_yara network_bind persistence_autorun", "Alerts: dynamic_function_loading powershell_download reads_self suspicious_tld dead_connect", "buildbot.tools.ietf.org [Win32:Malware-gen]", "Yara Detections: MS_Visual_Cpp_2008 | High Priority Alerts: dead_host network_icmp", "Priority Alerts: dumped_buffer network_http suspicious_tld allocates_rwx creates_exe exe_appdata antivm_network_adapters pe_features", "Yara: Detections Skype User-Agent detected, LZMA" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Downloader.68062-1", "display_name": "Win.Downloader.68062-1", "target": null }, { "id": "Win.Worm.Mydoom-5", "display_name": "Win.Worm.Mydoom-5", "target": null }, { "id": "Win32:Trojan-gen", "display_name": "Win32:Trojan-gen", "target": null }, { "id": "Backdoor:Win32/Hera.A!bit", "display_name": "Backdoor:Win32/Hera.A!bit", "target": "/malware/Backdoor:Win32/Hera.A!bit" } ], "attack_ids": [ { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 350, "FileHash-SHA1": 318, "FileHash-SHA256": 1929, "URL": 1885, "hostname": 1600, "domain": 1380, "email": 7, "SSLCertFingerprint": 40 }, "indicator_count": 7509, "is_author": false, "is_subscribing": null, "subscriber_count": 233, "modified_text": "693 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.globalsign.com/repository/06", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.globalsign.com/repository/06", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780284736.6738207 }