{ "type": "URL", "indicator": "https://www.uofa.ca", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.uofa.ca", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3844952225, "indicator": "https://www.uofa.ca", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "69ce1c7b60a3065cc75b7e23", "name": "Chance Encounter Clone CREDIT: UCP_GoA23 Public - same watering hole?", "description": "", "modified": "2026-04-02T07:42:49.581000", "created": "2026-04-02T07:36:27.829000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": "698f07428f6e35876e034e41", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698f07428f6e35876e034e41", "name": "Chance Encounter Commuting from U of A to GoA - 02.13.2026", "description": "My 1st Graph: Hidden Boots on my Phone ( Chance Encounter Commuting from U of A to GoA - 02.13.2026 ). \nConclusion: U of A and the Governments of Alberta, and those of Treaty 6/7/8 have been victims of crime.\nhttps://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "modified": "2026-03-15T10:19:15.579000", "created": "2026-02-13T11:13:03.870000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "35 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68b60cdecf42fb532f2ceb12", "name": "U of A DataBreach Update - 11.13.25", "description": "Domain Analysis that serves as evidence of an on-going DataBreaches at the University of Alberta with associated references.\nAnalysis demonstrates abused critical infrastructure in the Province of Alberta stemming from UAlberta as detailed in this Pulse.", "modified": "2025-12-13T22:01:27.739000", "created": "2025-09-01T21:15:10.117000", "tags": [ "as16509", "amazon02", "redirect", "tags", "as14618", "amazonaes", "search", "public", "search live", "api blog", "patch http", "please", "javascript", "url", "website", "web", "scanner", "analyze", "analyzer", "search api", "make sure", "domain", "and not", "page", "home search", "live api", "blog docs", "pricing login", "greynoise", "visualizer skip", "service status", "company blog", "us careers", "policies vpat", "slo privacy", "cookie patent", "copyright", "google privacy", "sandbox", "reputation", "phishing", "malware", "amazon web", "services", "warning icon", "share report", "systems", "cloudflare", "varnish", "nginx", "apache", "write", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "course", "program", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "UAlberta" ], "references": [ "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/iocs", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/summary", "https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://viz.greynoise.io/ip/analysis/d90b0bd7-aaa1-4ea6-93c1-92bfd2d8f930", "https://urlquery.net/report/e9f9c430-fb2f-4166-8bfb-500339fdb9c0", "https://www.filescan.io/uploads/68b608d639a6221faa7935aa/reports/dd218cea-f81d-43ed-97fe-dd8c5aec52a3/ioc", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43", "https://viz.greynoise.io/query/AS3359", "https://www.virustotal.com/graph/embed/g4022b02acb3b46ddb4b24043845853d9f56a84d80b5849188fee79c90217d4ca?theme=dark", "http://ci-www.threatcrowd.org/domain.php?domain=ualberta.ca", "https://www.urlvoid.com/dns-records-lookup/", "https://www.shodan.io/search?query=ualberta.ca", "https://dnsdumpster.com/", "https://bgpview.io/asn/3359#whois", "https://centralops.net/co/", "https://app.netlas.io/domains/stats/?facets=domain&indices=&q=domain%3A%2A.ualberta.ca&size=1100", "09.10.25 - https://viz.greynoise.io/ip/analysis/df2c8c37-f8f2-4398-b709-7c716b03b697", "09.10.25 - https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43/680e723df123be6c63004290", "https://www.criminalip.io/asset/search?query=ualberta.ca", "09.20.25 - https://urlscan.io/search/#page.domain%3Aualberta.ca", "https://app.threat.zone/submission/c70698bf-881e-491a-a582-eee634b4bf73/url-analysis-report", "https://whois.domaintools.com/ualberta.ca", "https://research.domaintools.com/research/whois-history/search/?q=ualberta.ca", "https://viewdns.info/iphistory/?domain=ualberta.ca", "https://viewdns.info/portscan/?host=ualberta.ca", "https://whois.easycounter.com/ualberta.ca", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=ualberta.ca", "https://who.is/whois/ualberta.ca", "https://www.robtex.com/en/dns-lookup/ca/ualberta", "https://www.whoxy.com/ualberta.ca", "https://reverseip.domaintools.com/search/?q=ualberta.ca", "https://bgp.he.net/dns/ualberta.ca", "https://intelx.io/?s=ualberta.ca", "https://pulsedive.com/indicator/?indicator=ualberta.ca", "https://web.archive.org/web/20250000000000*/ualberta.ca", "https://crt.sh/?q=ualberta.ca&exclude=expired&group=none", "https://viewdns.info/traceroute/?domain=ualberta.ca", "https://centralops.net/co/DomainDossier.aspx", "https://search.odin.io/hosts?query=ualberta.ca", "https://www.merklemap.com/search?query=ualberta.ca&page=0" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 92, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 9901, "domain": 790, "email": 982, "hostname": 10520, "FileHash-MD5": 550, "FileHash-SHA256": 1726, "FileHash-SHA1": 519, "SSLCertFingerprint": 64, "CIDR": 26, "CVE": 12 }, "indicator_count": 25090, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "127 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68b282764066330381194dfe", "name": "SSL Server Test: ualberta.ca (Powered by Qualys SSL Labs) - 08.29.25", "description": "This server is designed to protect the security of your computer, mobile phone, tablet and online banking systems from being attacked by malicious software, or MITM, as well as using the secure net.", "modified": "2025-09-28T00:00:13.359000", "created": "2025-08-30T04:47:50.847000", "tags": [ "sha256", "r rsa", "x25519 fs", "fs safari", "ecdh x25519", "android", "fs ie", "phone", "safari", "no sni", "openssl", "macos", "UAlberta" ], "references": [ "https://www.ssllabs.com/ssltest/analyze.html?d=ualberta.ca" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 5, "domain": 9, "URL": 39, "hostname": 194 }, "indicator_count": 251, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "204 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "415 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66f9980dbc0f1360dfdb7ac5", "name": "fbf29190e5e37fdd3962682e44b092fe8158b09deaf83cc2052c97d2a80e59ee // hxxp://www[.]microsoft[.]com/pkiops/crl/MicSecSerCA2011_2011-10-18[.]crl", "description": "https://www.virustotal.com/graph/embed/g01c31a9734354d3fa14dd33e4bf1ec770e47e5f31e58424a927132b65c0cc052?theme=dark\n\nVT Graph of: fbf29190e5e37fdd3962682e44b092fe8158b09deaf83cc2052c97d2a80e59ee // hxxp://www[.]microsoft[.]com/pkiops/crl/MicSecSerCA2011_2011-10-18[.]crl", "modified": "2024-10-31T22:02:55.263000", "created": "2024-09-29T18:10:21.653000", "tags": [ "entity", "Certificates", "Malcerts" ], "references": [ "https://www.virustotal.com/graph/embed/g01c31a9734354d3fa14dd33e4bf1ec770e47e5f31e58424a927132b65c0cc052?theme=dark", "http://www.hybrid-analysis.com/file-collection/66fac68ee418a841c80f2f92", "http://www.hybrid-analysis.com/file-collection/66fac9127c919f69780c6f51", "http://www.hybrid-analysis.com/file-collection/66faca03bf2d577d0707447e", "http://www.hybrid-analysis.com/file-collection/66faca7c1e2a6e5879090c09", "http://www.hybrid-analysis.com/file-collection/66facaef84282adfb805d499", "http://www.hybrid-analysis.com/file-collection/66fac600ca930ea26b059ede", "http://www.hybrid-analysis.com/file-collection/66fac890b85c51f0a00bb153", "http://www.hybrid-analysis.com/file-collection/66fac7f30821b4aa5f0666ed", "http://www.hybrid-analysis.com/file-collection/66fac7871e2a6e58790909fe", "http://www.hybrid-analysis.com/file-collection/66fac6de4c7499ee5303356c", "http://www.hybrid-analysis.com/file-collection/66fac978202166e31d059f2e", "http://www.hybrid-analysis.com/file-collection/66fac56e9086d458e6064fea", "https://urlscan.io/api/v1/result/5dea4d73-564a-4a37-88ef-da841b2bb274/", "https://urlscan.io/result/5dea4d73-564a-4a37-88ef-da841b2bb274/", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d/community", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d/iocs", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d/graph" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Telecommunications", "Technology", "Healthcare", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 793, "FileHash-SHA1": 716, "FileHash-SHA256": 9805, "URL": 2314, "domain": 1937, "hostname": 2958, "CVE": 21 }, "indicator_count": 18544, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "535 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://dnsdumpster.com/", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://web.archive.org/web/20250000000000*/ualberta.ca", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=ualberta.ca", "https://www.urlvoid.com/dns-records-lookup/", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://who.is/whois/ualberta.ca", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "COPYING.linux", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://viz.greynoise.io/query/AS3359", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "http://www.hybrid-analysis.com/file-collection/66fac9127c919f69780c6f51", "cmdline.txt", "https://search.odin.io/hosts?query=ualberta.ca", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "09.10.25 - https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://crt.sh/?q=ualberta.ca&exclude=expired&group=none", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://app.netlas.io/domains/stats/?facets=domain&indices=&q=domain%3A%2A.ualberta.ca&size=1100", "https://viewdns.info/iphistory/?domain=ualberta.ca", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d/iocs", "config.txt", "http://ci-www.threatcrowd.org/domain.php?domain=ualberta.ca", "https://www.robtex.com/en/dns-lookup/ca/ualberta", "https://urlscan.io/result/5dea4d73-564a-4a37-88ef-da841b2bb274/", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "config-5.15.44-Re4son-v7+", "https://urlquery.net/report/e9f9c430-fb2f-4166-8bfb-500339fdb9c0", "https://viewdns.info/traceroute/?domain=ualberta.ca", "http://www.hybrid-analysis.com/file-collection/66fac56e9086d458e6064fea", "http://www.hybrid-analysis.com/file-collection/66faca03bf2d577d0707447e", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viewdns.info/portscan/?host=ualberta.ca", "http://www.hybrid-analysis.com/file-collection/66fac978202166e31d059f2e", "theme.txt", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43", "config-5.15.44-Re4son-v8l+", "AppRegistrationList.csv", "https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://www.virustotal.com/graph/embed/g01c31a9734354d3fa14dd33e4bf1ec770e47e5f31e58424a927132b65c0cc052?theme=dark", "https://centralops.net/co/", "https://www.filescan.io/uploads/68b608d639a6221faa7935aa/reports/dd218cea-f81d-43ed-97fe-dd8c5aec52a3/ioc", "http://www.hybrid-analysis.com/file-collection/66fac68ee418a841c80f2f92", "09.20.25 - https://urlscan.io/search/#page.domain%3Aualberta.ca", "https://whois.easycounter.com/ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List", "config-5.15.44-Re4son-v8+", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/iocs", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d/community", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://tria.ge/240517-t9pc2ahb2t", "https://tria.ge/240521-q4s79agb25/static1", "grub_background.sh", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/summary", "https://centralops.net/co/DomainDossier.aspx", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://urlscan.io/search/#ualberta.ca", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d", "Thor Scan: S-I9VvMTB6cZU", "http://www.hybrid-analysis.com/file-collection/66fac890b85c51f0a00bb153", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://reverseip.domaintools.com/search/?q=ualberta.ca", "http://www.hybrid-analysis.com/file-collection/66fac6de4c7499ee5303356c", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d/graph", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "09.10.25 - https://viz.greynoise.io/ip/analysis/df2c8c37-f8f2-4398-b709-7c716b03b697", "All - EnterpriseAppsList.csv", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "http://www.hybrid-analysis.com/file-collection/66fac600ca930ea26b059ede", "http://www.hybrid-analysis.com/file-collection/66facaef84282adfb805d499", "https://pulsedive.com/indicator/?indicator=ualberta.ca", "https://www.virustotal.com/graph/embed/g4022b02acb3b46ddb4b24043845853d9f56a84d80b5849188fee79c90217d4ca?theme=dark", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://intelx.io/?s=ualberta.ca", "https://www.whoxy.com/ualberta.ca", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43/680e723df123be6c63004290", "LICENCE.broadcom", "https://www.merklemap.com/search?query=ualberta.ca&page=0", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "http://www.hybrid-analysis.com/file-collection/66fac7f30821b4aa5f0666ed", "https://www.ssllabs.com/ssltest/analyze.html?d=ualberta.ca", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://bgpview.io/asn/3359#whois", "http://www.hybrid-analysis.com/file-collection/66faca7c1e2a6e5879090c09", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://urlscan.io/api/v1/result/5dea4d73-564a-4a37-88ef-da841b2bb274/", "README", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "config-5.15.44-Re4son+", "https://viz.greynoise.io/ip/analysis/d90b0bd7-aaa1-4ea6-93c1-92bfd2d8f930", "https://bgp.he.net/dns/ualberta.ca", "https://app.threat.zone/submission/c70698bf-881e-491a-a582-eee634b4bf73/url-analysis-report", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "config-5.15.44-Re4son-v7l+", "https://www.shodan.io/search?query=ualberta.ca", "https://research.domaintools.com/research/whois-history/search/?q=ualberta.ca", "https://www.criminalip.io/asset/search?query=ualberta.ca", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://whois.domaintools.com/ualberta.ca", "http://www.hybrid-analysis.com/file-collection/66fac7871e2a6e58790909fe", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Healthcare", "Transportation", "Technology", "Government", "Agriculture", "Finance", "Telecommunications", "Education" ], "unique_indicators": 62647 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/uofa.ca", "whois": "http://whois.domaintools.com/uofa.ca", "domain": "uofa.ca", "hostname": "www.uofa.ca" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "69ce1c7b60a3065cc75b7e23", "name": "Chance Encounter Clone CREDIT: UCP_GoA23 Public - same watering hole?", "description": "", "modified": "2026-04-02T07:42:49.581000", "created": "2026-04-02T07:36:27.829000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": "698f07428f6e35876e034e41", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698f07428f6e35876e034e41", "name": "Chance Encounter Commuting from U of A to GoA - 02.13.2026", "description": "My 1st Graph: Hidden Boots on my Phone ( Chance Encounter Commuting from U of A to GoA - 02.13.2026 ). \nConclusion: U of A and the Governments of Alberta, and those of Treaty 6/7/8 have been victims of crime.\nhttps://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "modified": "2026-03-15T10:19:15.579000", "created": "2026-02-13T11:13:03.870000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "35 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68b60cdecf42fb532f2ceb12", "name": "U of A DataBreach Update - 11.13.25", "description": "Domain Analysis that serves as evidence of an on-going DataBreaches at the University of Alberta with associated references.\nAnalysis demonstrates abused critical infrastructure in the Province of Alberta stemming from UAlberta as detailed in this Pulse.", "modified": "2025-12-13T22:01:27.739000", "created": "2025-09-01T21:15:10.117000", "tags": [ "as16509", "amazon02", "redirect", "tags", "as14618", "amazonaes", "search", "public", "search live", "api blog", "patch http", "please", "javascript", "url", "website", "web", "scanner", "analyze", "analyzer", "search api", "make sure", "domain", "and not", "page", "home search", "live api", "blog docs", "pricing login", "greynoise", "visualizer skip", "service status", "company blog", "us careers", "policies vpat", "slo privacy", "cookie patent", "copyright", "google privacy", "sandbox", "reputation", "phishing", "malware", "amazon web", "services", "warning icon", "share report", "systems", "cloudflare", "varnish", "nginx", "apache", "write", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "course", "program", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "UAlberta" ], "references": [ "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/iocs", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/summary", "https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://viz.greynoise.io/ip/analysis/d90b0bd7-aaa1-4ea6-93c1-92bfd2d8f930", "https://urlquery.net/report/e9f9c430-fb2f-4166-8bfb-500339fdb9c0", "https://www.filescan.io/uploads/68b608d639a6221faa7935aa/reports/dd218cea-f81d-43ed-97fe-dd8c5aec52a3/ioc", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43", "https://viz.greynoise.io/query/AS3359", "https://www.virustotal.com/graph/embed/g4022b02acb3b46ddb4b24043845853d9f56a84d80b5849188fee79c90217d4ca?theme=dark", "http://ci-www.threatcrowd.org/domain.php?domain=ualberta.ca", "https://www.urlvoid.com/dns-records-lookup/", "https://www.shodan.io/search?query=ualberta.ca", "https://dnsdumpster.com/", "https://bgpview.io/asn/3359#whois", "https://centralops.net/co/", "https://app.netlas.io/domains/stats/?facets=domain&indices=&q=domain%3A%2A.ualberta.ca&size=1100", "09.10.25 - https://viz.greynoise.io/ip/analysis/df2c8c37-f8f2-4398-b709-7c716b03b697", "09.10.25 - https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43/680e723df123be6c63004290", "https://www.criminalip.io/asset/search?query=ualberta.ca", "09.20.25 - https://urlscan.io/search/#page.domain%3Aualberta.ca", "https://app.threat.zone/submission/c70698bf-881e-491a-a582-eee634b4bf73/url-analysis-report", "https://whois.domaintools.com/ualberta.ca", "https://research.domaintools.com/research/whois-history/search/?q=ualberta.ca", "https://viewdns.info/iphistory/?domain=ualberta.ca", "https://viewdns.info/portscan/?host=ualberta.ca", "https://whois.easycounter.com/ualberta.ca", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=ualberta.ca", "https://who.is/whois/ualberta.ca", "https://www.robtex.com/en/dns-lookup/ca/ualberta", "https://www.whoxy.com/ualberta.ca", "https://reverseip.domaintools.com/search/?q=ualberta.ca", "https://bgp.he.net/dns/ualberta.ca", "https://intelx.io/?s=ualberta.ca", "https://pulsedive.com/indicator/?indicator=ualberta.ca", "https://web.archive.org/web/20250000000000*/ualberta.ca", "https://crt.sh/?q=ualberta.ca&exclude=expired&group=none", "https://viewdns.info/traceroute/?domain=ualberta.ca", "https://centralops.net/co/DomainDossier.aspx", "https://search.odin.io/hosts?query=ualberta.ca", "https://www.merklemap.com/search?query=ualberta.ca&page=0" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 92, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 9901, "domain": 790, "email": 982, "hostname": 10520, "FileHash-MD5": 550, "FileHash-SHA256": 1726, "FileHash-SHA1": 519, "SSLCertFingerprint": 64, "CIDR": 26, "CVE": 12 }, "indicator_count": 25090, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "127 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68b282764066330381194dfe", "name": "SSL Server Test: ualberta.ca (Powered by Qualys SSL Labs) - 08.29.25", "description": "This server is designed to protect the security of your computer, mobile phone, tablet and online banking systems from being attacked by malicious software, or MITM, as well as using the secure net.", "modified": "2025-09-28T00:00:13.359000", "created": "2025-08-30T04:47:50.847000", "tags": [ "sha256", "r rsa", "x25519 fs", "fs safari", "ecdh x25519", "android", "fs ie", "phone", "safari", "no sni", "openssl", "macos", "UAlberta" ], "references": [ "https://www.ssllabs.com/ssltest/analyze.html?d=ualberta.ca" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 5, "domain": 9, "URL": 39, "hostname": 194 }, "indicator_count": 251, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "204 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "415 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66f9980dbc0f1360dfdb7ac5", "name": "fbf29190e5e37fdd3962682e44b092fe8158b09deaf83cc2052c97d2a80e59ee // hxxp://www[.]microsoft[.]com/pkiops/crl/MicSecSerCA2011_2011-10-18[.]crl", "description": "https://www.virustotal.com/graph/embed/g01c31a9734354d3fa14dd33e4bf1ec770e47e5f31e58424a927132b65c0cc052?theme=dark\n\nVT Graph of: fbf29190e5e37fdd3962682e44b092fe8158b09deaf83cc2052c97d2a80e59ee // hxxp://www[.]microsoft[.]com/pkiops/crl/MicSecSerCA2011_2011-10-18[.]crl", "modified": "2024-10-31T22:02:55.263000", "created": "2024-09-29T18:10:21.653000", "tags": [ "entity", "Certificates", "Malcerts" ], "references": [ "https://www.virustotal.com/graph/embed/g01c31a9734354d3fa14dd33e4bf1ec770e47e5f31e58424a927132b65c0cc052?theme=dark", "http://www.hybrid-analysis.com/file-collection/66fac68ee418a841c80f2f92", "http://www.hybrid-analysis.com/file-collection/66fac9127c919f69780c6f51", "http://www.hybrid-analysis.com/file-collection/66faca03bf2d577d0707447e", "http://www.hybrid-analysis.com/file-collection/66faca7c1e2a6e5879090c09", "http://www.hybrid-analysis.com/file-collection/66facaef84282adfb805d499", "http://www.hybrid-analysis.com/file-collection/66fac600ca930ea26b059ede", "http://www.hybrid-analysis.com/file-collection/66fac890b85c51f0a00bb153", "http://www.hybrid-analysis.com/file-collection/66fac7f30821b4aa5f0666ed", "http://www.hybrid-analysis.com/file-collection/66fac7871e2a6e58790909fe", "http://www.hybrid-analysis.com/file-collection/66fac6de4c7499ee5303356c", "http://www.hybrid-analysis.com/file-collection/66fac978202166e31d059f2e", "http://www.hybrid-analysis.com/file-collection/66fac56e9086d458e6064fea", "https://urlscan.io/api/v1/result/5dea4d73-564a-4a37-88ef-da841b2bb274/", "https://urlscan.io/result/5dea4d73-564a-4a37-88ef-da841b2bb274/", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d/community", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d/iocs", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d", "https://www.virustotal.com/gui/collection/aa215ea9a4819e7b629171f16969657ad55a22269acc626b32d5625eb3c16d9d/graph" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Telecommunications", "Technology", "Healthcare", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 793, "FileHash-SHA1": 716, "FileHash-SHA256": 9805, "URL": 2314, "domain": 1937, "hostname": 2958, "CVE": 21 }, "indicator_count": 18544, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "535 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.uofa.ca", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.uofa.ca", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776670268.088194 }