{
"type": "URL",
"indicator": "https://z.prototype.be.call",
"general": {
"sections": [
"general",
"url_list",
"http_scans",
"screenshot"
],
"indicator": "https://z.prototype.be.call",
"type": "url",
"type_title": "URL",
"validation": [],
"base_indicator": {
"id": 3262123971,
"indicator": "https://z.prototype.be.call",
"type": "URL",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 8,
"pulses": [
{
"id": "6891bf5f58c1ae303f6d313e",
"name": "Jeeng | Powerbox | Tracking | Mirai \u2022 Palantir plugin",
"description": "#ELF:Mirai-ALC\\ [Trj]\n* [https://d1-myadmin.dpdlocal.co.uk/login]\n\u2022 [cf20ed53-cb6d-4dfd-a4e8-794fbe163efc.pcap]\nAlfper:BrowserModifier:Win32/DeepSync.C\n#prometheus #trojan #malware #elf #mirai dpd #palantir # plugin #tracking #monitoring #call #tracker #spyware #worm #virus #election_ news",
"modified": "2025-09-04T08:05:56.240000",
"created": "2025-08-05T08:22:55.113000",
"tags": [
"url https",
"indicator role",
"title added",
"active related",
"pulses url",
"entries",
"url http",
"type indicator",
"role title",
"added active",
"related pulses",
"showing",
"iocs",
"learn more",
"filehashsha256",
"types",
"indicators show",
"search",
"present jul",
"present jun",
"present may",
"present aug",
"present apr",
"present mar",
"present feb",
"united",
"unknown aaaa",
"all ipv4",
"pulse pulses",
"passive dns",
"urls",
"files",
"reverse dns",
"location united",
"america flag",
"america asn",
"open",
"registrar",
"limited ta",
"com laude",
"nomiq",
"creation date",
"ip address",
"date",
"domain",
"hostname",
"files ip",
"address",
"asn as21342",
"scan",
"ipv4",
"pulses",
"servers",
"hostname add",
"pulse submit",
"url analysis",
"verdict",
"france unknown",
"name servers",
"present",
"whois show",
"record value",
"domain name",
"expiration date",
"status",
"domain add",
"filehashmd5",
"idhttp",
"tidcustomhttp",
"classes",
"medium",
"crlf line",
"show",
"registry",
"service",
"copy",
"patch",
"write",
"next",
"markus",
"delphi",
"win32",
"persistence",
"execution",
"http",
"files domain",
"files related",
"pulses none",
"related tags",
"none google",
"refresh57959",
"windows xp",
"pack",
"shows",
"cc08",
"f06a6b",
"pulses hostname",
"germany unknown",
"aaaa",
"learn",
"ck id",
"name tactics",
"suspicious",
"informative",
"command",
"adversaries",
"ssl certificate",
"spawns",
"development att",
"sha1",
"copy md5",
"copy sha1",
"copy sha256",
"sha256",
"ascii text",
"pattern match",
"mitre att",
"show technique",
"format",
"august",
"hybrid",
"local",
"path",
"click",
"strings",
"filehashsha1",
"palantir feb",
"difference feb"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1012",
"name": "Query Registry",
"display_name": "T1012 - Query Registry"
},
{
"id": "T1031",
"name": "Modify Existing Service",
"display_name": "T1031 - Modify Existing Service"
},
{
"id": "T1053",
"name": "Scheduled Task/Job",
"display_name": "T1053 - Scheduled Task/Job"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1060",
"name": "Registry Run Keys / Startup Folder",
"display_name": "T1060 - Registry Run Keys / Startup Folder"
},
{
"id": "T1070",
"name": "Indicator Removal on Host",
"display_name": "T1070 - Indicator Removal on Host"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1096",
"name": "NTFS File Attributes",
"display_name": "T1096 - NTFS File Attributes"
},
{
"id": "T1112",
"name": "Modify Registry",
"display_name": "T1112 - Modify Registry"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1480",
"name": "Execution Guardrails",
"display_name": "T1480 - Execution Guardrails"
},
{
"id": "T1553",
"name": "Subvert Trust Controls",
"display_name": "T1553 - Subvert Trust Controls"
},
{
"id": "T1568",
"name": "Dynamic Resolution",
"display_name": "T1568 - Dynamic Resolution"
},
{
"id": "T1583",
"name": "Acquire Infrastructure",
"display_name": "T1583 - Acquire Infrastructure"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Q.Vashti",
"id": "337942",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 3809,
"hostname": 1197,
"domain": 456,
"FileHash-MD5": 170,
"FileHash-SHA256": 579,
"FileHash-SHA1": 161,
"CVE": 1,
"email": 1,
"SSLCertFingerprint": 6
},
"indicator_count": 6380,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 137,
"modified_text": "227 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "663d2869e0f3a42bbddc42ff",
"name": "UPX executable packer.",
"description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"",
"modified": "2024-10-14T00:01:17.069000",
"created": "2024-05-09T19:47:53.786000",
"tags": [
"cioch adrian",
"centrum usug",
"sieciowych",
"elf binary",
"upx compression",
"roth",
"nextron",
"info",
"javascript",
"html",
"office open",
"xml document",
"network capture",
"win32 exe",
"xml pakietu",
"pdf zestawy",
"przechwytywanie",
"office",
"filehashsha1",
"url https",
"cve cve20201070",
"cve cve20203153",
"cve cve20201048",
"cve cve20211732",
"cve20201048 apr",
"filehashmd5",
"cve cve20010901",
"cve cve20021841",
"cve20153202 apr",
"cve cve20160728",
"cve cve20161807",
"cve cve20175123",
"cve20185407 apr",
"cve cve20054605",
"cve cve20060745",
"cve cve20070452",
"cve cve20070453",
"cve cve20070454",
"cve cve20071355",
"cve cve20071358",
"cve cve20071871",
"cve20149614 apr",
"cve cve20151503",
"cve cve20152080",
"cve cve20157377",
"cve cve20170131",
"cve20200796 may",
"cve cve20113403"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 6861,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Arek-BTC",
"id": "212764",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 5771,
"domain": 3139,
"URL": 14525,
"FileHash-SHA1": 2610,
"IPv4": 108,
"CIDR": 40,
"FileHash-SHA256": 10705,
"FileHash-MD5": 3373,
"YARA": 2,
"CVE": 148,
"Mutex": 7,
"FilePath": 3,
"SSLCertFingerprint": 3,
"email": 23,
"JA3": 1,
"IPv6": 2
},
"indicator_count": 40460,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 137,
"modified_text": "552 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65708ef0cdb40fa0e7d239ca",
"name": "either emotet or a part of it",
"description": "",
"modified": "2023-12-06T15:10:40.867000",
"created": "2023-12-06T15:10:40.867000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 342,
"hostname": 456,
"domain": 349,
"URL": 1730,
"FileHash-MD5": 1,
"FileHash-SHA1": 1
},
"indicator_count": 2879,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "65707e5b7df6f60133e8fb50",
"name": "Jeeng / Powerbox",
"description": "",
"modified": "2023-12-06T13:59:55.129000",
"created": "2023-12-06T13:59:55.129000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 3,
"FileHash-SHA256": 9072,
"domain": 2500,
"hostname": 3584,
"URL": 13548,
"FileHash-MD5": 197,
"FileHash-SHA1": 162,
"email": 19,
"CIDR": 20,
"SSLCertFingerprint": 2,
"BitcoinAddress": 1
},
"indicator_count": 29108,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "62e1ca167a1591e7b4ca1129",
"name": "VirusTotal view-source on https://www.virustotal.com/en/file/undefined/analysis/",
"description": "someone really needs to figure out wtf this is all doing it has to be part of the net.sh",
"modified": "2022-07-28T02:05:04.183000",
"created": "2022-07-27T23:28:22.504000",
"tags": [
"array",
"object",
"typeof t",
"layer1",
"error",
"path",
"function",
"typeerror",
"date",
"svg export",
"span",
"null",
"unknown",
"click",
"february",
"april",
"june",
"august",
"this",
"void",
"bounce",
"string",
"regexp",
"number",
"sxa0",
"amptoken",
"optout",
"notfound",
"contenttype",
"form",
"copyright",
"element",
"polymer project",
"authors",
"bsd style",
"code",
"google",
"software",
"window",
"generator",
"comment",
"trident",
"typeof e",
"typeof symbol",
"typeof btoa",
"btoa",
"typeof reflect",
"boolean",
"customevent",
"plugin",
"build",
"home",
"intelligence",
"graph",
"report",
"urls",
"please",
"javascript",
"https://www.virustotal.com/en/file/undefined/analysis/",
"net.sh"
],
"references": [
"entity%3Aip%20whois%3Ainfo%40anodicnetwork.com.html",
"14.main.bundle.91f9f7ff635e0b797de3.js",
"5.main.bundle.e92e5e24e074f9c2a52b.js",
"0.main.bundle.a9d68f5204cd3ac257b6.js",
"webcomponent-polyfill.js",
"analytics.js",
"12.main.bundle.50be73a11d1d3745a5ee.js",
"\" Page not found Page not found Page not found