{ "type": "URL", "indicator": "https://www.vgt.pl/js/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.vgt.pl/js/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3892571037, "indicator": "https://www.vgt.pl/js/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "68c090cc2f0b2c544b57cc04", "name": "#fp539598-VBS/LoveLetter. BT / 94. 152. 58. 192 Vgt. pl, adorno. pl, Sanselo. pl, dekoramia. eu, ginko garden. pl", "description": "VT Graph by Kulinski Arkadi // Axelo", "modified": "2025-10-09T20:01:05.189000", "created": "2025-09-09T20:40:44.677000", "tags": [ "idn1", "sendimage0", "refalphabet", "refts1668470969", "refts1668471031", "refts1668471040", "refts1668471074", "refts1668471028", "refts1668471064", "refts1668471045", "entity" ], "references": [ "https://www.virustotal.com/graph/embed/ge0dab8d04b47447e8dbbfe6904ed8334cee7a59a652f4fd4ba42160c4d3b1958?theme=dark" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 122, "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 48, "domain": 8, "hostname": 119 }, "indicator_count": 301, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "191 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6701c8e87c91ff0ff82cddbb", "name": "Podgl\u0105d zmian na wniosku danych osobowych lub obywatelstwa dzia\u0142alno\u015bci gospodarczej. Ceidg.gov.pl - Centralna Ewidencja i Informacja o Dzia\u0142alno\u015bci Gospodarczej", "description": "Dane wej\u015bciowe do CEIDG z uprawnieniami \u201ejednego okienka\u201d, CEIDG prze\u015ble informacje o zmianie w twojej firmie do skarbowego, GUS, ZUS/ KRUS i do rejestr\u00f3w regulowanych (je\u015bli twoja dzia\u0142alno\u015b\u0107 wymaga\u0142a koncesji lub podlegaj\u0105cej).\nDokonana operacja o dzia\u0142alno\u015bci gospodarczej wybodaeth \u00c2\u00a31.5m (\u20ac2.3m)", "modified": "2025-07-29T16:17:40.086000", "created": "2024-10-05T23:16:56.227000", "tags": [ "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik", "serwer" ], "references": [ "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=949ec1d7-6fce-48f1-af89-8177c16efaf5&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=949ec1d7-6fce-48f1-af89-8177c16efaf5", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=01440425-663c-42e1-a224-c59fa9e7db55&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=01440425-663c-42e1-a224-c59fa9e7db55", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=b2418699-3375-4b39-bfb8-c9ce3005ea8b&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=b2418699-3375-4b39-bfb8-c9ce3005ea8b", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=9b024ef2-9f20-417e-ad7f-e918925d03e6&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=9b024ef2-9f20-417e-ad7f-e918925d03e6", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=a9b1805b-892e-4171-bd4b-d4519fb65185", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=d4271593-cfcf-4222-8422-59418a5dbfae&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=d4271593-cfcf-4222-8422-59418a5dbfae", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=c1af4558-3788-44e6-898e-f1ec13ee95c7", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=4d261d23-a418-4b4a-bcf3-95e19e085bab&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=4d261d23-a418-4b4a-bcf3-95e19e085bab", "2929ce76b91264510628184c6e91849e19bc0db038cc3aadc0d2b67fb2423bed" ], "public": 1, "adversary": "", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "Serwer", "display_name": "Serwer", "target": null } ], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1553.006", "name": "Code Signing Policy Modification", "display_name": "T1553.006 - Code Signing Policy Modification" }, { "id": "T1553.001", "name": "Gatekeeper Bypass", "display_name": "T1553.001 - Gatekeeper Bypass" }, { "id": "T1553.005", "name": "Mark-of-the-Web Bypass", "display_name": "T1553.005 - Mark-of-the-Web Bypass" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 129, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 5, "URL": 357, "IPv4": 82, "hostname": 194, "domain": 43, "FileHash-SHA256": 426, "FileHash-MD5": 102, "FileHash-SHA1": 100, "CVE": 9, "IPv6": 2, "YARA": 1 }, "indicator_count": 1321, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "264 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "676df7b699b17adb549dbd7a", "name": "185.253.212.22", "description": "TrojanDropper:Win32/Cutwail.12142-1: Trojan Cafeini-13 wedi dweud wrz 2023, a year before the release of the malicious software.", "modified": "2025-01-26T01:02:51.890000", "created": "2024-12-27T00:41:23.901000", "tags": [ "lowfi", "wygraj trojan", "cafeini13", "trojandropper", "wygraj" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wygraj", "display_name": "Wygraj", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "URL": 170, "FileHash-SHA256": 1836, "domain": 47, "hostname": 67, "FileHash-MD5": 973, "FileHash-SHA1": 972 }, "indicator_count": 4066, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6773fc65ae5df98c10b7ecc0", "name": "https://fontawesome.io/ 85999a8fe53ac406df7722b64e788923bb763878b7a99cdb5446f2b042c5834d", "description": "Dane obrazu png, 8-bit/kolor RGBA, bez przeplotu gyda'rzeg i'wch wrthod wybodaeth.\n5511a9b9f9144ed7bde4ccb074733b7c564d918d2a8b10d391afc6be5b3b1509\n89122eeb6c696ce683a6c279a7fbe814909e67645a0dcaf1d8de44c1856d636f", "modified": "2025-01-04T23:08:57.750000", "created": "2024-12-31T14:15:01.675000", "tags": [ "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "typeradio", "twitter", "font awesome", "license", "font", "sil ofl", "mit license", "woff2", "woff", "truetype", "fontawesome", "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "sha256", "rozmiar", "kontekst https", "typ tekst", "opis tekst", "ascii z", "crlf proces", "sha1", "cache entry", "gzip chrome", "woff chrome", "gzip", "submission", "vhash", "ssdeep", "file type", "html internet", "magic html", "ascii text", "trid file", "magika html", "icons", "vector icons", "svg icons", "free icons", "icon font", "webfont", "desktop icons", "svg", "font awesome free", "font awesome pro" ], "references": [ "https://www.vgt.pl/css/bootstrap.min.css", "https://www.vgt.pl/css/font-awesome.min.css", "https://www.vgt.pl/img/logo.png", "https://www.vgt.pl/css/style.css?2018-02-25", "https://fontawesome.io/", "http://fontawesome.io/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 15, "hostname": 20, "URL": 97, "FileHash-SHA256": 336, "FileHash-MD5": 999, "FileHash-SHA1": 206 }, "indicator_count": 1673, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "469 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6773e6b7f96024463e651596", "name": "https://www.vgt.pl/css/font-awesome.min.css", "description": "Dane obrazu png, 8-bit/kolor RGBA, bez przeplotu gyda'rzeg i'wch wrthod wybodaeth.", "modified": "2025-01-04T23:08:56.099000", "created": "2024-12-31T12:42:31.667000", "tags": [ "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "sha256", "rozmiar", "kontekst https", "typ tekst", "opis tekst", "ascii z", "crlf proces", "vhash", "authentihash", "imphash", "rich pe", "ssdeep", "plik", "sha1", "kopiuj ssdeep", "skopiuj imphash", "microsoft znak", "typ dane", "ms windows", "typ plik", "pe32" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 27, "FileHash-SHA1": 15, "FileHash-SHA256": 60, "URL": 26 }, "indicator_count": 128, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "469 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6665c84b687c5e16b95e8f8e", "name": "94.152.152.223 v65023.niebieski.net Cyber_Folks S.A. (vgt.pl)", "description": "SHA1 32223ade25c4a1d39cb8ac13042e8e6dfe3ca78f , SHA1 \n 99987c1ee1ddb7fd113abd65c836fbb71c3da4da\n Role: UPX , Ransomware , Trojan , Mirai , Buschido Mirai antywirusowe\nWin.Trojan.VBGeneric-6735875-0 , Robak:Win32/Mofksys.RND!MTB", "modified": "2024-12-31T01:53:43.222000", "created": "2024-06-09T15:20:43.178000", "tags": [ "expiration", "no expiration", "url http", "url https", "hostname", "domain", "ipv4", "filehashsha256", "fh no", "filehashmd5", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "pl o", "unizeto", "sa ou", "urzd", "certum cn" ], "references": [ "https://viz.greynoise.io/analysis/f3d70a4f-14b1-4d26-8617-98d591", "https://viz.greynoise.io/analysis/a40cf3ce-d048-47c1-94b7-730b71", "https://viz.greynoise.io/analysis/4627bc3a-0238-4f2f-ad5c-c50527" ], "public": 1, "adversary": "TrojanDownloader:Win32/Nemucod", "targeted_countries": [ "Poland", "United States of America", "Germany", "Netherlands" ], "malware_families": [ { "id": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "display_name": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1027.004", "name": "Compile After Delivery", "display_name": "T1027.004 - Compile After Delivery" }, { "id": "T1027.003", "name": "Steganography", "display_name": "T1027.003 - Steganography" }, { "id": "T1027.002", "name": "Software Packing", "display_name": "T1027.002 - Software Packing" }, { "id": "T1027.001", "name": "Binary Padding", "display_name": "T1027.001 - Binary Padding" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1553.006", "name": "Code Signing Policy Modification", "display_name": "T1553.006 - Code Signing Policy Modification" }, { "id": "T1553.004", "name": "Install Root Certificate", "display_name": "T1553.004 - Install Root Certificate" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1055.011", "name": "Extra Window Memory Injection", "display_name": "T1055.011 - Extra Window Memory Injection" }, { "id": "T1055.008", "name": "Ptrace System Calls", "display_name": "T1055.008 - Ptrace System Calls" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036.001", "name": "Invalid Code Signature", "display_name": "T1036.001 - Invalid Code Signature" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3205, "FileHash-SHA1": 2671, "FileHash-SHA256": 11469, "SSLCertFingerprint": 6, "URL": 5435, "domain": 1356, "email": 55, "hostname": 2205, "CVE": 13, "YARA": 4, "CIDR": 1, "IPv4": 25, "FileHash-IMPHASH": 1, "BitcoinAddress": 2, "IPv6": 13 }, "indicator_count": 26461, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "669b8fa0d807682987a33cb7", "name": "https://ssl-proxy.my-addr.org/myaddrproxy.php/https/www.vgt.pl", "description": "Here is the full text of the X509 certificate, signed by Google LLC, which is published on 1 July 2014:. \u00c2\u00a31.4m.. (\u20ac2.3m)", "modified": "2024-10-20T00:48:20.932000", "created": "2024-07-20T10:21:20.075000", "tags": [ "submission", "globalsign root", "ougwny urzd", "oglobalsign", "ssdeep", "magic", "trid der", "file size", "history first", "analysis", "win32 exe", "narzdzie nokia", "best bb5", "aaaaa" ], "references": [ "https://viz.greynoise.io/analysis/399e2039-4568-4e91-95b1-56e4de" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 19, "FileHash-SHA256": 92, "IPv6": 6, "hostname": 111, "domain": 60, "URL": 638, "YARA": 1, "FileHash-IMPHASH": 1, "email": 4, "IPv4": 6, "CVE": 2 }, "indicator_count": 958, "is_author": false, "is_subscribing": null, "subscriber_count": 125, "modified_text": "546 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666a290827eb9a7dec1aa57f", "name": "just checking", "description": "", "modified": "2024-07-12T21:02:00.286000", "created": "2024-06-12T23:02:32.039000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 1278, "URL": 5288, "domain": 1217, "hostname": 2980, "CVE": 1 }, "indicator_count": 10774, "is_author": false, "is_subscribing": null, "subscriber_count": 178, "modified_text": "645 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "https://www.jelenia-gora.so.gov.pl/", "https://www.vgt.pl/img/logo.png", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=4d261d23-a418-4b4a-bcf3-95e19e085bab", "2929ce76b91264510628184c6e91849e19bc0db038cc3aadc0d2b67fb2423bed", "https://www.vgt.pl/css/bootstrap.min.css", "https://www.vgt.pl/css/font-awesome.min.css", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=9b024ef2-9f20-417e-ad7f-e918925d03e6&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=b2418699-3375-4b39-bfb8-c9ce3005ea8b&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=01440425-663c-42e1-a224-c59fa9e7db55&source=versionChange&history=true", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=d4271593-cfcf-4222-8422-59418a5dbfae", "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "https://viz.greynoise.io/analysis/f3d70a4f-14b1-4d26-8617-98d591", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://fontawesome.io/", "https://viz.greynoise.io/analysis/399e2039-4568-4e91-95b1-56e4de", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://viz.greynoise.io/analysis/a40cf3ce-d048-47c1-94b7-730b71", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=949ec1d7-6fce-48f1-af89-8177c16efaf5&source=versionChange&history=true", "http://www.jelenia-gora.so.gov.pl/", "http://fontawesome.io/", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=9b024ef2-9f20-417e-ad7f-e918925d03e6", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=4d261d23-a418-4b4a-bcf3-95e19e085bab&source=versionChange&history=true", "https://www.vgt.pl/css/style.css?2018-02-25", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=949ec1d7-6fce-48f1-af89-8177c16efaf5", "https://waf.intelix.pl/957476/Chat/Script/Compatibility", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=b2418699-3375-4b39-bfb8-c9ce3005ea8b", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=d4271593-cfcf-4222-8422-59418a5dbfae&source=versionChange&history=true", "https://www.virustotal.com/graph/embed/ge0dab8d04b47447e8dbbfe6904ed8334cee7a59a652f4fd4ba42160c4d3b1958?theme=dark", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=01440425-663c-42e1-a224-c59fa9e7db55", "https://viz.greynoise.io/analysis/4627bc3a-0238-4f2f-ad5c-c50527", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=c1af4558-3788-44e6-898e-f1ec13ee95c7", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=a9b1805b-892e-4171-bd4b-d4519fb65185" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "TrojanDownloader:Win32/Nemucod" ], "malware_families": [ "", "Serwer a przed\u0142u\u017cenie sesji #{text} wojcieszyce pl", "Serwer", "Wygraj" ], "industries": [], "unique_indicators": 90932 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/vgt.pl", "whois": "http://whois.domaintools.com/vgt.pl", "domain": "vgt.pl", "hostname": "www.vgt.pl" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "68c090cc2f0b2c544b57cc04", "name": "#fp539598-VBS/LoveLetter. BT / 94. 152. 58. 192 Vgt. pl, adorno. pl, Sanselo. pl, dekoramia. eu, ginko garden. pl", "description": "VT Graph by Kulinski Arkadi // Axelo", "modified": "2025-10-09T20:01:05.189000", "created": "2025-09-09T20:40:44.677000", "tags": [ "idn1", "sendimage0", "refalphabet", "refts1668470969", "refts1668471031", "refts1668471040", "refts1668471074", "refts1668471028", "refts1668471064", "refts1668471045", "entity" ], "references": [ "https://www.virustotal.com/graph/embed/ge0dab8d04b47447e8dbbfe6904ed8334cee7a59a652f4fd4ba42160c4d3b1958?theme=dark" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 122, "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 48, "domain": 8, "hostname": 119 }, "indicator_count": 301, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "191 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6701c8e87c91ff0ff82cddbb", "name": "Podgl\u0105d zmian na wniosku danych osobowych lub obywatelstwa dzia\u0142alno\u015bci gospodarczej. Ceidg.gov.pl - Centralna Ewidencja i Informacja o Dzia\u0142alno\u015bci Gospodarczej", "description": "Dane wej\u015bciowe do CEIDG z uprawnieniami \u201ejednego okienka\u201d, CEIDG prze\u015ble informacje o zmianie w twojej firmie do skarbowego, GUS, ZUS/ KRUS i do rejestr\u00f3w regulowanych (je\u015bli twoja dzia\u0142alno\u015b\u0107 wymaga\u0142a koncesji lub podlegaj\u0105cej).\nDokonana operacja o dzia\u0142alno\u015bci gospodarczej wybodaeth \u00c2\u00a31.5m (\u20ac2.3m)", "modified": "2025-07-29T16:17:40.086000", "created": "2024-10-05T23:16:56.227000", "tags": [ "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik", "serwer" ], "references": [ "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=949ec1d7-6fce-48f1-af89-8177c16efaf5&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=949ec1d7-6fce-48f1-af89-8177c16efaf5", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=01440425-663c-42e1-a224-c59fa9e7db55&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=01440425-663c-42e1-a224-c59fa9e7db55", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=b2418699-3375-4b39-bfb8-c9ce3005ea8b&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=b2418699-3375-4b39-bfb8-c9ce3005ea8b", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=9b024ef2-9f20-417e-ad7f-e918925d03e6&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=9b024ef2-9f20-417e-ad7f-e918925d03e6", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=a9b1805b-892e-4171-bd4b-d4519fb65185", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=d4271593-cfcf-4222-8422-59418a5dbfae&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=d4271593-cfcf-4222-8422-59418a5dbfae", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=c1af4558-3788-44e6-898e-f1ec13ee95c7", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=4d261d23-a418-4b4a-bcf3-95e19e085bab&source=versionChange&history=true", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=4d261d23-a418-4b4a-bcf3-95e19e085bab", "2929ce76b91264510628184c6e91849e19bc0db038cc3aadc0d2b67fb2423bed" ], "public": 1, "adversary": "", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "Serwer", "display_name": "Serwer", "target": null } ], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1553.006", "name": "Code Signing Policy Modification", "display_name": "T1553.006 - Code Signing Policy Modification" }, { "id": "T1553.001", "name": "Gatekeeper Bypass", "display_name": "T1553.001 - Gatekeeper Bypass" }, { "id": "T1553.005", "name": "Mark-of-the-Web Bypass", "display_name": "T1553.005 - Mark-of-the-Web Bypass" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 129, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 5, "URL": 357, "IPv4": 82, "hostname": 194, "domain": 43, "FileHash-SHA256": 426, "FileHash-MD5": 102, "FileHash-SHA1": 100, "CVE": 9, "IPv6": 2, "YARA": 1 }, "indicator_count": 1321, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "264 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "676df7b699b17adb549dbd7a", "name": "185.253.212.22", "description": "TrojanDropper:Win32/Cutwail.12142-1: Trojan Cafeini-13 wedi dweud wrz 2023, a year before the release of the malicious software.", "modified": "2025-01-26T01:02:51.890000", "created": "2024-12-27T00:41:23.901000", "tags": [ "lowfi", "wygraj trojan", "cafeini13", "trojandropper", "wygraj" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wygraj", "display_name": "Wygraj", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 1, "URL": 170, "FileHash-SHA256": 1836, "domain": 47, "hostname": 67, "FileHash-MD5": 973, "FileHash-SHA1": 972 }, "indicator_count": 4066, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6773fc65ae5df98c10b7ecc0", "name": "https://fontawesome.io/ 85999a8fe53ac406df7722b64e788923bb763878b7a99cdb5446f2b042c5834d", "description": "Dane obrazu png, 8-bit/kolor RGBA, bez przeplotu gyda'rzeg i'wch wrthod wybodaeth.\n5511a9b9f9144ed7bde4ccb074733b7c564d918d2a8b10d391afc6be5b3b1509\n89122eeb6c696ce683a6c279a7fbe814909e67645a0dcaf1d8de44c1856d636f", "modified": "2025-01-04T23:08:57.750000", "created": "2024-12-31T14:15:01.675000", "tags": [ "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "typeradio", "twitter", "font awesome", "license", "font", "sil ofl", "mit license", "woff2", "woff", "truetype", "fontawesome", "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "sha256", "rozmiar", "kontekst https", "typ tekst", "opis tekst", "ascii z", "crlf proces", "sha1", "cache entry", "gzip chrome", "woff chrome", "gzip", "submission", "vhash", "ssdeep", "file type", "html internet", "magic html", "ascii text", "trid file", "magika html", "icons", "vector icons", "svg icons", "free icons", "icon font", "webfont", "desktop icons", "svg", "font awesome free", "font awesome pro" ], "references": [ "https://www.vgt.pl/css/bootstrap.min.css", "https://www.vgt.pl/css/font-awesome.min.css", "https://www.vgt.pl/img/logo.png", "https://www.vgt.pl/css/style.css?2018-02-25", "https://fontawesome.io/", "http://fontawesome.io/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 15, "hostname": 20, "URL": 97, "FileHash-SHA256": 336, "FileHash-MD5": 999, "FileHash-SHA1": 206 }, "indicator_count": 1673, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "469 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6773e6b7f96024463e651596", "name": "https://www.vgt.pl/css/font-awesome.min.css", "description": "Dane obrazu png, 8-bit/kolor RGBA, bez przeplotu gyda'rzeg i'wch wrthod wybodaeth.", "modified": "2025-01-04T23:08:56.099000", "created": "2024-12-31T12:42:31.667000", "tags": [ "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "sha256", "rozmiar", "kontekst https", "typ tekst", "opis tekst", "ascii z", "crlf proces", "vhash", "authentihash", "imphash", "rich pe", "ssdeep", "plik", "sha1", "kopiuj ssdeep", "skopiuj imphash", "microsoft znak", "typ dane", "ms windows", "typ plik", "pe32" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 27, "FileHash-SHA1": 15, "FileHash-SHA256": 60, "URL": 26 }, "indicator_count": 128, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "469 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6665c84b687c5e16b95e8f8e", "name": "94.152.152.223 v65023.niebieski.net Cyber_Folks S.A. (vgt.pl)", "description": "SHA1 32223ade25c4a1d39cb8ac13042e8e6dfe3ca78f , SHA1 \n 99987c1ee1ddb7fd113abd65c836fbb71c3da4da\n Role: UPX , Ransomware , Trojan , Mirai , Buschido Mirai antywirusowe\nWin.Trojan.VBGeneric-6735875-0 , Robak:Win32/Mofksys.RND!MTB", "modified": "2024-12-31T01:53:43.222000", "created": "2024-06-09T15:20:43.178000", "tags": [ "expiration", "no expiration", "url http", "url https", "hostname", "domain", "ipv4", "filehashsha256", "fh no", "filehashmd5", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "pl o", "unizeto", "sa ou", "urzd", "certum cn" ], "references": [ "https://viz.greynoise.io/analysis/f3d70a4f-14b1-4d26-8617-98d591", "https://viz.greynoise.io/analysis/a40cf3ce-d048-47c1-94b7-730b71", "https://viz.greynoise.io/analysis/4627bc3a-0238-4f2f-ad5c-c50527" ], "public": 1, "adversary": "TrojanDownloader:Win32/Nemucod", "targeted_countries": [ "Poland", "United States of America", "Germany", "Netherlands" ], "malware_families": [ { "id": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "display_name": "Serwer A Przed\u0142u\u017cenie sesji #{text} Wojcieszyce PL", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1027.004", "name": "Compile After Delivery", "display_name": "T1027.004 - Compile After Delivery" }, { "id": "T1027.003", "name": "Steganography", "display_name": "T1027.003 - Steganography" }, { "id": "T1027.002", "name": "Software Packing", "display_name": "T1027.002 - Software Packing" }, { "id": "T1027.001", "name": "Binary Padding", "display_name": "T1027.001 - Binary Padding" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1553.006", "name": "Code Signing Policy Modification", "display_name": "T1553.006 - Code Signing Policy Modification" }, { "id": "T1553.004", "name": "Install Root Certificate", "display_name": "T1553.004 - Install Root Certificate" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1055.011", "name": "Extra Window Memory Injection", "display_name": "T1055.011 - Extra Window Memory Injection" }, { "id": "T1055.008", "name": "Ptrace System Calls", "display_name": "T1055.008 - Ptrace System Calls" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036.001", "name": "Invalid Code Signature", "display_name": "T1036.001 - Invalid Code Signature" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3205, "FileHash-SHA1": 2671, "FileHash-SHA256": 11469, "SSLCertFingerprint": 6, "URL": 5435, "domain": 1356, "email": 55, "hostname": 2205, "CVE": 13, "YARA": 4, "CIDR": 1, "IPv4": 25, "FileHash-IMPHASH": 1, "BitcoinAddress": 2, "IPv6": 13 }, "indicator_count": 26461, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "669b8fa0d807682987a33cb7", "name": "https://ssl-proxy.my-addr.org/myaddrproxy.php/https/www.vgt.pl", "description": "Here is the full text of the X509 certificate, signed by Google LLC, which is published on 1 July 2014:. \u00c2\u00a31.4m.. (\u20ac2.3m)", "modified": "2024-10-20T00:48:20.932000", "created": "2024-07-20T10:21:20.075000", "tags": [ "submission", "globalsign root", "ougwny urzd", "oglobalsign", "ssdeep", "magic", "trid der", "file size", "history first", "analysis", "win32 exe", "narzdzie nokia", "best bb5", "aaaaa" ], "references": [ "https://viz.greynoise.io/analysis/399e2039-4568-4e91-95b1-56e4de" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 19, "FileHash-SHA256": 92, "IPv6": 6, "hostname": 111, "domain": 60, "URL": 638, "YARA": 1, "FileHash-IMPHASH": 1, "email": 4, "IPv4": 6, "CVE": 2 }, "indicator_count": 958, "is_author": false, "is_subscribing": null, "subscriber_count": 125, "modified_text": "546 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666a290827eb9a7dec1aa57f", "name": "just checking", "description": "", "modified": "2024-07-12T21:02:00.286000", "created": "2024-06-12T23:02:32.039000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 1278, "URL": 5288, "domain": 1217, "hostname": 2980, "CVE": 1 }, "indicator_count": 10774, "is_author": false, "is_subscribing": null, "subscriber_count": 178, "modified_text": "645 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.vgt.pl/js/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.vgt.pl/js/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776619942.5913684 }