{ "type": "Domain", "indicator": "hypertechcenter.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/hypertechcenter.com", "alexa": "http://www.alexa.com/siteinfo/hypertechcenter.com", "indicator": "hypertechcenter.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3755259262, "indicator": "hypertechcenter.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "688c68bb217706e5d3e8212c", "name": "Typosquatting DGA used for espionage targeting resident/s", "description": "Typosquatting /URL hijacking targeting a US community. |\n#phishing #virtool #redirects #backdoor #sinkhole #simbda #locating #tracking #email_hijacking #espionage_via_locate_and_track #checkin\n-Unsupported/Fake Internet Explorer Version MSIE 2.\n_Unsupported/Fake Windows NT Version 5.0\n_Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz\nYara Detections\n\u2022 generic_shellcode_downloader\nAlerts:\n\u2022 procmem_yara\n\u2022 injection_inter_process\n\u2022 injection_create_remote_thread\n\u2022 antidebug_windows\n\u2022 multiple_useragents\n\u2022 network_fake_useragent\n\u2022 cape_detected_threat\n\u2022 antiav_detectfile\n\u2022 deletes_self\n\u2022 infostealer_cookies\n\u2022 injection_createremotethread\n\u2022 network_questionable_http_path\n\u2022 suricata_alert\n\u2022 anomalous_deletefile\n\u2022 dynamic_function_loading\n\u2022 http_request\n\u2022 createtoolhelp32snapshot_module_enumeration\n\u2022 enumerates_running_processes\nprocess_", "modified": "2025-08-31T06:01:31.901000", "created": "2025-08-01T07:11:55.364000", "tags": [ "address google", "safe browsing", "entries", "bq may", "bq jun", "virtool", "next associated", "bq sep", "registered", "united", "showing", "urls show", "trojan", "date", "backdoor", "formbook cnc", "checkin", "passive dns", "cnc checkin", "twitter", "expiration date", "name servers", "div div", "span", "associated urls", "show", "date checked", "url hostname", "server response", "ip address", "google safe", "results jun", "present oct", "entries http", "response ip", "present dec", "present feb", "present jan", "files show", "date hash", "avast avg", "b may", "bq apr", "win32", "cryp", "bq mar", "bq feb", "win32clipbanker", "mtb may", "dynamicloader", "msie", "windows nt", "slcc2", "media center", "high", "medium", "yara rule", "et trojan", "http", "possible", "copy", "internal", "mtb feb", "mtb aug", "mtb nov", "mtb jul", "mtb apr", "mtb jun", "results oct", "adwaresig", "checked url", "hostname server", "present jun", "results jul", "present sep", "next http", "scans show", "search", "a domains", "script urls", "situs judi", "online slot", "gacor slot88", "agen judi", "bola sbobet", "script domains", "results sep", "meta", "encrypt", "win32cve apr", "ransom", "as16509", "as29791", "next", "unknown", "top source", "top destination", "suspicious", "sha256", "ids detections", "less see", "contacted", "pulse pulses", "av detections", "yara detections", "alerts", "analysis date", "file score" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 537, "URL": 173, "hostname": 25, "FileHash-MD5": 504, "FileHash-SHA1": 495, "domain": 79, "CVE": 1, "email": 1 }, "indicator_count": 1815, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "275 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a536d6ca1f8cf73b0a0c", "name": "Content Reputation Revenge", "description": "", "modified": "2023-12-06T16:45:42.567000", "created": "2023-12-06T16:45:42.567000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 389, "domain": 629, "URL": 1103, "hostname": 371, "FileHash-MD5": 512, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a53297598bac143dc90c", "name": "Malvertizing", "description": "", "modified": "2023-12-06T16:45:38.747000", "created": "2023-12-06T16:45:38.747000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 389, "domain": 629, "URL": 1103, "hostname": 371, "FileHash-MD5": 512, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a52d46c621212ee24542", "name": "Malvertizing: Exponential Adult Contact Revenge Porn & Vulnerabilities", "description": "", "modified": "2023-12-06T16:45:32.953000", "created": "2023-12-06T16:45:32.953000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 389, "domain": 629, "URL": 1103, "hostname": 371, "FileHash-MD5": 512, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6507d445eaddea2b39611065", "name": "Malvertizing: Exponential Adult Contact Revenge Porn & Vulnerabilities", "description": "BrownTube.com/Target?\nToday: Blacklisted & Whitelisted domain. All malware is correct and verified and by now historical. Evader, detects all AI and intrusion. Packed! Farr more vulnerabilities than necessary to list. Research shows this attack on a targeted individuals dates back years. There is evidence of a browser malware that would direct targeted person's directly to site where device is brutally infected. Based on online research target may have been a victim of crime. Even if that weren't the case, this is definitely criminal and intentional.\nThere is underage content advertised. Web and Hidden CAMS accessed.\nVerdict: Revenge Porn\nTarget country clarifier: Origin of campaign US. It is advertised in Russia via Bing aka Yandex/Microsoft merge.\nIt's is viewable Anywhere.", "modified": "2023-10-18T02:01:30.938000", "created": "2023-09-18T04:38:29.088000", "tags": [ "pierced pussy", "shemale interracial", "thai lesb", "asia anal", "girl on girl", "happy end", "thai sex", "amateur", "thai porn", "gay amateur", "amateur amateur", "asian big", "teens pov", "big tits", "tsara brashears", "porn thai", "cisco umbrella", "malware", "alexa top", "million", "site", "safe site", "heur", "internet storm", "artemis", "adware", "alexa", "coinminer", "iframe", "riskware", "patcher", "crack", "blacklist", "malware site", "malicious site", "detection list", "phishing", "windows nt", "file", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "blacklist https", "whois record", "resolutions", "referrer", "Suricata", "content reputation", "ALERT: WEB CAMS", "child abuse", "South Carolina Federal Credit Union Phishing", "Phishing.HTML", "js user", "evader", "redirect", "browser malware", "cyber crime", "Abuse", "Yandex", "United States", "Suricata Alert", "From America to Russia" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America", "Canada", "Russian Federation" ], "malware_families": [ { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "EngineBox Malware", "display_name": "EngineBox Malware", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Private Internet Access", "display_name": "Private Internet Access", "target": null }, { "id": "Content Reputation", "display_name": "Content Reputation", "target": null }, { "id": "#Exploit:NtQueryIntervalProfile", "display_name": "#Exploit:NtQueryIntervalProfile", "target": null }, { "id": "HackTool:Win32/IPCCrack", "display_name": "HackTool:Win32/IPCCrack", "target": "/malware/HackTool:Win32/IPCCrack" }, { "id": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "display_name": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "#LowFi:Adware:Win32/Altnet", "display_name": "#LowFi:Adware:Win32/Altnet", "target": null }, { "id": "Phishing.BNR", "display_name": "Phishing.BNR", "target": null }, { "id": "Ameriprise Financial phishing", "display_name": "Ameriprise Financial phishing", "target": null }, { "id": "#Lowfi:HSTR:Win32/DownloadMR", "display_name": "#Lowfi:HSTR:Win32/DownloadMR", "target": null }, { "id": "Malware Download", "display_name": "Malware Download", "target": null }, { "id": "#Lowfi:HSTR:Win32/WidgiToolbar", "display_name": "#Lowfi:HSTR:Win32/WidgiToolbar", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Application.Agent", "display_name": "Application.Agent", "target": null }, { "id": "Backdoor.PHP.WebShell", "display_name": "Backdoor.PHP.WebShell", "target": null }, { "id": "MalwareHiderPatched", "display_name": "MalwareHiderPatched", "target": null }, { "id": "JS.eIframeAcNMe", "display_name": "JS.eIframeAcNMe", "target": null }, { "id": "Pua.Snojan", "display_name": "Pua.Snojan", "target": null }, { "id": "Application.CoinMiner", "display_name": "Application.CoinMiner", "target": null }, { "id": "W32.HfsAdware", "display_name": "W32.HfsAdware", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "Trojan.QUAF", "display_name": "Trojan.QUAF", "target": null }, { "id": "Hoax.DeceptPCClean", "display_name": "Hoax.DeceptPCClean", "target": null }, { "id": "Hoax.HTML.Phish", "display_name": "Hoax.HTML.Phish", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Malware.Phish", "display_name": "Malware.Phish", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Trojan.HTML.Generic.4 Phish.82B7", "display_name": "Trojan.HTML.Generic.4 Phish.82B7", "target": null }, { "id": "HTML:PhishingMS", "display_name": "HTML:PhishingMS", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HTML.Generic Phishing.S23", "display_name": "HTML.Generic Phishing.S23", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Adware.Agent", "display_name": "Adware.Agent", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Trojan.Script.Generic", "display_name": "Trojan.Script.Generic", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Trojan.Reconyc ml.Generic", "display_name": "Trojan.Reconyc ml.Generic", "target": null }, { "id": "Ole2.Macro.Agent HTML:PhishingMail", "display_name": "Ole2.Macro.Agent HTML:PhishingMail", "target": null }, { "id": "Gen:Variant.Application.LoadMoney", "display_name": "Gen:Variant.Application.LoadMoney", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "Trojan.Disco", "display_name": "Trojan.Disco", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "PUP.Dstudio.dd", "display_name": "PUP.Dstudio.dd", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Gen:Variant.Application.Bundler.Somoto", "display_name": "Gen:Variant.Application.Bundler.Somoto", "target": null }, { "id": "Phishing.DOC", "display_name": "Phishing.DOC", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Ole2.Macro.Agent", "display_name": "Ole2.Macro.Agent", "target": null }, { "id": "Trojan.Reconyc 1", "display_name": "Trojan.Reconyc 1", "target": null }, { "id": "HTML:PhishingMail", "display_name": "HTML:PhishingMail", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "Gen:Variant.Ser.Bulz", "display_name": "Gen:Variant.Ser.Bulz", "target": null }, { "id": "Phishing.Agent", "display_name": "Phishing.Agent", "target": null }, { "id": "HEUR:Trojan.BAT", "display_name": "HEUR:Trojan.BAT", "target": null }, { "id": "Gen:NN.ZexaF.34090", "display_name": "Gen:NN.ZexaF.34090", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Vdehu.A", "display_name": "Vdehu.A", "target": null }, { "id": "TScope.Malware", "display_name": "TScope.Malware", "target": null }, { "id": "PUA.NSISmod", "display_name": "PUA.NSISmod", "target": null }, { "id": "Trojan.Uztuby", "display_name": "Trojan.Uztuby", "target": null }, { "id": "JS.Phishing", "display_name": "JS.Phishing", "target": null }, { "id": "Win64:Malware", "display_name": "Win64:Malware", "target": null }, { "id": "AGEN.1031860", "display_name": "AGEN.1031860", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "Trojan.Script.Phish", "display_name": "Trojan.Script.Phish", "target": null }, { "id": "HTML:Instagram", "display_name": "HTML:Instagram", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "DriverAgent.A potentially unwanted", "display_name": "DriverAgent.A potentially unwanted", "target": null }, { "id": "ML.Attribute", "display_name": "ML.Attribute", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 512, "domain": 629, "hostname": 371, "URL": 1103, "FileHash-SHA256": 389, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "958 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6507d4f778c6732784d241c7", "name": "Malvertizing", "description": "", "modified": "2023-10-18T02:01:30.938000", "created": "2023-09-18T04:41:27.225000", "tags": [ "pierced pussy", "shemale interracial", "thai lesb", "asia anal", "girl on girl", "happy end", "thai sex", "amateur", "thai porn", "gay amateur", "amateur amateur", "asian big", "teens pov", "big tits", "tsara brashears", "porn thai", "cisco umbrella", "malware", "alexa top", "million", "site", "safe site", "heur", "internet storm", "artemis", "adware", "alexa", "coinminer", "iframe", "riskware", "patcher", "crack", "blacklist", "malware site", "malicious site", "detection list", "phishing", "windows nt", "file", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "blacklist https", "whois record", "resolutions", "referrer", "Suricata", "content reputation", "ALERT: WEB CAMS", "child abuse", "South Carolina Federal Credit Union Phishing", "Phishing.HTML", "js user", "evader", "redirect", "browser malware", "cyber crime", "Abuse", "Yandex", "United States", "Suricata Alert", "From America to Russia" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America", "Canada", "Russian Federation" ], "malware_families": [ { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "EngineBox Malware", "display_name": "EngineBox Malware", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Private Internet Access", "display_name": "Private Internet Access", "target": null }, { "id": "Content Reputation", "display_name": "Content Reputation", "target": null }, { "id": "#Exploit:NtQueryIntervalProfile", "display_name": "#Exploit:NtQueryIntervalProfile", "target": null }, { "id": "HackTool:Win32/IPCCrack", "display_name": "HackTool:Win32/IPCCrack", "target": "/malware/HackTool:Win32/IPCCrack" }, { "id": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "display_name": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "#LowFi:Adware:Win32/Altnet", "display_name": "#LowFi:Adware:Win32/Altnet", "target": null }, { "id": "Phishing.BNR", "display_name": "Phishing.BNR", "target": null }, { "id": "Ameriprise Financial phishing", "display_name": "Ameriprise Financial phishing", "target": null }, { "id": "#Lowfi:HSTR:Win32/DownloadMR", "display_name": "#Lowfi:HSTR:Win32/DownloadMR", "target": null }, { "id": "Malware Download", "display_name": "Malware Download", "target": null }, { "id": "#Lowfi:HSTR:Win32/WidgiToolbar", "display_name": "#Lowfi:HSTR:Win32/WidgiToolbar", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Application.Agent", "display_name": "Application.Agent", "target": null }, { "id": "Backdoor.PHP.WebShell", "display_name": "Backdoor.PHP.WebShell", "target": null }, { "id": "MalwareHiderPatched", "display_name": "MalwareHiderPatched", "target": null }, { "id": "JS.eIframeAcNMe", "display_name": "JS.eIframeAcNMe", "target": null }, { "id": "Pua.Snojan", "display_name": "Pua.Snojan", "target": null }, { "id": "Application.CoinMiner", "display_name": "Application.CoinMiner", "target": null }, { "id": "W32.HfsAdware", "display_name": "W32.HfsAdware", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "Trojan.QUAF", "display_name": "Trojan.QUAF", "target": null }, { "id": "Hoax.DeceptPCClean", "display_name": "Hoax.DeceptPCClean", "target": null }, { "id": "Hoax.HTML.Phish", "display_name": "Hoax.HTML.Phish", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Malware.Phish", "display_name": "Malware.Phish", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Trojan.HTML.Generic.4 Phish.82B7", "display_name": "Trojan.HTML.Generic.4 Phish.82B7", "target": null }, { "id": "HTML:PhishingMS", "display_name": "HTML:PhishingMS", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HTML.Generic Phishing.S23", "display_name": "HTML.Generic Phishing.S23", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Adware.Agent", "display_name": "Adware.Agent", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Trojan.Script.Generic", "display_name": "Trojan.Script.Generic", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Trojan.Reconyc ml.Generic", "display_name": "Trojan.Reconyc ml.Generic", "target": null }, { "id": "Ole2.Macro.Agent HTML:PhishingMail", "display_name": "Ole2.Macro.Agent HTML:PhishingMail", "target": null }, { "id": "Gen:Variant.Application.LoadMoney", "display_name": "Gen:Variant.Application.LoadMoney", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "Trojan.Disco", "display_name": "Trojan.Disco", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "PUP.Dstudio.dd", "display_name": "PUP.Dstudio.dd", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Gen:Variant.Application.Bundler.Somoto", "display_name": "Gen:Variant.Application.Bundler.Somoto", "target": null }, { "id": "Phishing.DOC", "display_name": "Phishing.DOC", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Ole2.Macro.Agent", "display_name": "Ole2.Macro.Agent", "target": null }, { "id": "Trojan.Reconyc 1", "display_name": "Trojan.Reconyc 1", "target": null }, { "id": "HTML:PhishingMail", "display_name": "HTML:PhishingMail", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "Gen:Variant.Ser.Bulz", "display_name": "Gen:Variant.Ser.Bulz", "target": null }, { "id": "Phishing.Agent", "display_name": "Phishing.Agent", "target": null }, { "id": "HEUR:Trojan.BAT", "display_name": "HEUR:Trojan.BAT", "target": null }, { "id": "Gen:NN.ZexaF.34090", "display_name": "Gen:NN.ZexaF.34090", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Vdehu.A", "display_name": "Vdehu.A", "target": null }, { "id": "TScope.Malware", "display_name": "TScope.Malware", "target": null }, { "id": "PUA.NSISmod", "display_name": "PUA.NSISmod", "target": null }, { "id": "Trojan.Uztuby", "display_name": "Trojan.Uztuby", "target": null }, { "id": "JS.Phishing", "display_name": "JS.Phishing", "target": null }, { "id": "Win64:Malware", "display_name": "Win64:Malware", "target": null }, { "id": "AGEN.1031860", "display_name": "AGEN.1031860", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "Trojan.Script.Phish", "display_name": "Trojan.Script.Phish", "target": null }, { "id": "HTML:Instagram", "display_name": "HTML:Instagram", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "DriverAgent.A potentially unwanted", "display_name": "DriverAgent.A potentially unwanted", "target": null }, { "id": "ML.Attribute", "display_name": "ML.Attribute", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" } ], "industries": [], "TLP": "white", "cloned_from": "6507d445eaddea2b39611065", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 512, "domain": 629, "hostname": 371, "URL": 1103, "FileHash-SHA256": 389, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "958 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6507d50cc5175d4bc3e98bd3", "name": "Content Reputation Revenge ", "description": "", "modified": "2023-10-18T02:01:30.938000", "created": "2023-09-18T04:41:48.350000", "tags": [ "pierced pussy", "shemale interracial", "thai lesb", "asia anal", "girl on girl", "happy end", "thai sex", "amateur", "thai porn", "gay amateur", "amateur amateur", "asian big", "teens pov", "big tits", "tsara brashears", "porn thai", "cisco umbrella", "malware", "alexa top", "million", "site", "safe site", "heur", "internet storm", "artemis", "adware", "alexa", "coinminer", "iframe", "riskware", "patcher", "crack", "blacklist", "malware site", "malicious site", "detection list", "phishing", "windows nt", "file", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "blacklist https", "whois record", "resolutions", "referrer", "Suricata", "content reputation", "ALERT: WEB CAMS", "child abuse", "South Carolina Federal Credit Union Phishing", "Phishing.HTML", "js user", "evader", "redirect", "browser malware", "cyber crime", "Abuse", "Yandex", "United States", "Suricata Alert", "From America to Russia" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America", "Canada", "Russian Federation" ], "malware_families": [ { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "EngineBox Malware", "display_name": "EngineBox Malware", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Private Internet Access", "display_name": "Private Internet Access", "target": null }, { "id": "Content Reputation", "display_name": "Content Reputation", "target": null }, { "id": "#Exploit:NtQueryIntervalProfile", "display_name": "#Exploit:NtQueryIntervalProfile", "target": null }, { "id": "HackTool:Win32/IPCCrack", "display_name": "HackTool:Win32/IPCCrack", "target": "/malware/HackTool:Win32/IPCCrack" }, { "id": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "display_name": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "#LowFi:Adware:Win32/Altnet", "display_name": "#LowFi:Adware:Win32/Altnet", "target": null }, { "id": "Phishing.BNR", "display_name": "Phishing.BNR", "target": null }, { "id": "Ameriprise Financial phishing", "display_name": "Ameriprise Financial phishing", "target": null }, { "id": "#Lowfi:HSTR:Win32/DownloadMR", "display_name": "#Lowfi:HSTR:Win32/DownloadMR", "target": null }, { "id": "Malware Download", "display_name": "Malware Download", "target": null }, { "id": "#Lowfi:HSTR:Win32/WidgiToolbar", "display_name": "#Lowfi:HSTR:Win32/WidgiToolbar", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Application.Agent", "display_name": "Application.Agent", "target": null }, { "id": "Backdoor.PHP.WebShell", "display_name": "Backdoor.PHP.WebShell", "target": null }, { "id": "MalwareHiderPatched", "display_name": "MalwareHiderPatched", "target": null }, { "id": "JS.eIframeAcNMe", "display_name": "JS.eIframeAcNMe", "target": null }, { "id": "Pua.Snojan", "display_name": "Pua.Snojan", "target": null }, { "id": "Application.CoinMiner", "display_name": "Application.CoinMiner", "target": null }, { "id": "W32.HfsAdware", "display_name": "W32.HfsAdware", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "Trojan.QUAF", "display_name": "Trojan.QUAF", "target": null }, { "id": "Hoax.DeceptPCClean", "display_name": "Hoax.DeceptPCClean", "target": null }, { "id": "Hoax.HTML.Phish", "display_name": "Hoax.HTML.Phish", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Malware.Phish", "display_name": "Malware.Phish", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Trojan.HTML.Generic.4 Phish.82B7", "display_name": "Trojan.HTML.Generic.4 Phish.82B7", "target": null }, { "id": "HTML:PhishingMS", "display_name": "HTML:PhishingMS", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HTML.Generic Phishing.S23", "display_name": "HTML.Generic Phishing.S23", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Adware.Agent", "display_name": "Adware.Agent", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Trojan.Script.Generic", "display_name": "Trojan.Script.Generic", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Trojan.Reconyc ml.Generic", "display_name": "Trojan.Reconyc ml.Generic", "target": null }, { "id": "Ole2.Macro.Agent HTML:PhishingMail", "display_name": "Ole2.Macro.Agent HTML:PhishingMail", "target": null }, { "id": "Gen:Variant.Application.LoadMoney", "display_name": "Gen:Variant.Application.LoadMoney", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "Trojan.Disco", "display_name": "Trojan.Disco", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "PUP.Dstudio.dd", "display_name": "PUP.Dstudio.dd", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Gen:Variant.Application.Bundler.Somoto", "display_name": "Gen:Variant.Application.Bundler.Somoto", "target": null }, { "id": "Phishing.DOC", "display_name": "Phishing.DOC", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Ole2.Macro.Agent", "display_name": "Ole2.Macro.Agent", "target": null }, { "id": "Trojan.Reconyc 1", "display_name": "Trojan.Reconyc 1", "target": null }, { "id": "HTML:PhishingMail", "display_name": "HTML:PhishingMail", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "Gen:Variant.Ser.Bulz", "display_name": "Gen:Variant.Ser.Bulz", "target": null }, { "id": "Phishing.Agent", "display_name": "Phishing.Agent", "target": null }, { "id": "HEUR:Trojan.BAT", "display_name": "HEUR:Trojan.BAT", "target": null }, { "id": "Gen:NN.ZexaF.34090", "display_name": "Gen:NN.ZexaF.34090", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Vdehu.A", "display_name": "Vdehu.A", "target": null }, { "id": "TScope.Malware", "display_name": "TScope.Malware", "target": null }, { "id": "PUA.NSISmod", "display_name": "PUA.NSISmod", "target": null }, { "id": "Trojan.Uztuby", "display_name": "Trojan.Uztuby", "target": null }, { "id": "JS.Phishing", "display_name": "JS.Phishing", "target": null }, { "id": "Win64:Malware", "display_name": "Win64:Malware", "target": null }, { "id": "AGEN.1031860", "display_name": "AGEN.1031860", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "Trojan.Script.Phish", "display_name": "Trojan.Script.Phish", "target": null }, { "id": "HTML:Instagram", "display_name": "HTML:Instagram", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "DriverAgent.A potentially unwanted", "display_name": "DriverAgent.A potentially unwanted", "target": null }, { "id": "ML.Attribute", "display_name": "ML.Attribute", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" } ], "industries": [], "TLP": "white", "cloned_from": "6507d4f778c6732784d241c7", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 512, "domain": 629, "hostname": 371, "URL": 1103, "FileHash-SHA256": 389, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "958 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "[Unnamed group]" ], "malware_families": [ "Js.eiframeacnme", "W32.hfsadware", "Pup.dstudio.dd", "W32.aidetectvm", "Gen:variant.application.bundler.somoto", "Agen.1031860", "Tscope.malware", "Gen:variant.msilperseus", "#lowfi:hstr:win32/downloadmr", "Malicious.35bb6b", "Adware.agent", "Trojan.reconyc ml.generic", "Trojan.uztuby", "Application.clenonta", "Pua.snojan", "Malware", "Html:phishingmail", "Content reputation", "Phishing.agent", "#lowfi:hstr:win32/widgitoolbar", "Enginebox malware", "Backdoor.php.webshell", "Ransom.win64.wacatac.oa", "Hoax.js.phish", "Ole2.macro.agent", "Gen:variant.razy", "Phishing.bnr", "Html.generic phishing.s23", "Trojan.reconyc 1", "Gen:nn.zexaf.34090", "Hacktool:win32/ipccrack", "Trojan.quaf", "Riskware.crack", "Private internet access", "Application.agent", "Trojan.html.generic.4 phish.82b7", "Js:trojan.cryxos", "Phishing.doc", "Malwarehiderpatched", "Generic.malware", "Hoax.deceptpcclean", "Ole2.macro.agent html:phishingmail", "Unsafe.ai_score_100%", "Gen:variant.ser.bulz", "Trojan.script.phish", "Pua.nsismod", "Heur:trojan.bat", "Gen:variant.application.loadmoney", "Ml.attribute", "Trojan.disco", "Application.coinminer", "Heur.htmlunescape", "Malicious.high.ml", "Malware.phish", "Driveragent.a potentially unwanted", "Html:phishingms", "Vdehu.a", "Js.phishing", "Trojan.agent", "Scrinject.b", "Trojan.script.generic", "Win64:malware", "#exploit:ntqueryintervalprofile", "Gen:variant.ursu", "#lowfihstr:program:win32/coinminer_cgminer_clean", "Malicious.moderate.ml", "Html:instagram", "#lowfi:adware:win32/altnet", "Malware download", "Gen:variant.graftor", "Ameriprise financial phishing", "Hoax.html.phish", "Zpevdo.b", "Artemis" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "688c68bb217706e5d3e8212c", "name": "Typosquatting DGA used for espionage targeting resident/s", "description": "Typosquatting /URL hijacking targeting a US community. |\n#phishing #virtool #redirects #backdoor #sinkhole #simbda #locating #tracking #email_hijacking #espionage_via_locate_and_track #checkin\n-Unsupported/Fake Internet Explorer Version MSIE 2.\n_Unsupported/Fake Windows NT Version 5.0\n_Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz\nYara Detections\n\u2022 generic_shellcode_downloader\nAlerts:\n\u2022 procmem_yara\n\u2022 injection_inter_process\n\u2022 injection_create_remote_thread\n\u2022 antidebug_windows\n\u2022 multiple_useragents\n\u2022 network_fake_useragent\n\u2022 cape_detected_threat\n\u2022 antiav_detectfile\n\u2022 deletes_self\n\u2022 infostealer_cookies\n\u2022 injection_createremotethread\n\u2022 network_questionable_http_path\n\u2022 suricata_alert\n\u2022 anomalous_deletefile\n\u2022 dynamic_function_loading\n\u2022 http_request\n\u2022 createtoolhelp32snapshot_module_enumeration\n\u2022 enumerates_running_processes\nprocess_", "modified": "2025-08-31T06:01:31.901000", "created": "2025-08-01T07:11:55.364000", "tags": [ "address google", "safe browsing", "entries", "bq may", "bq jun", "virtool", "next associated", "bq sep", "registered", "united", "showing", "urls show", "trojan", "date", "backdoor", "formbook cnc", "checkin", "passive dns", "cnc checkin", "twitter", "expiration date", "name servers", "div div", "span", "associated urls", "show", "date checked", "url hostname", "server response", "ip address", "google safe", "results jun", "present oct", "entries http", "response ip", "present dec", "present feb", "present jan", "files show", "date hash", "avast avg", "b may", "bq apr", "win32", "cryp", "bq mar", "bq feb", "win32clipbanker", "mtb may", "dynamicloader", "msie", "windows nt", "slcc2", "media center", "high", "medium", "yara rule", "et trojan", "http", "possible", "copy", "internal", "mtb feb", "mtb aug", "mtb nov", "mtb jul", "mtb apr", "mtb jun", "results oct", "adwaresig", "checked url", "hostname server", "present jun", "results jul", "present sep", "next http", "scans show", "search", "a domains", "script urls", "situs judi", "online slot", "gacor slot88", "agen judi", "bola sbobet", "script domains", "results sep", "meta", "encrypt", "win32cve apr", "ransom", "as16509", "as29791", "next", "unknown", "top source", "top destination", "suspicious", "sha256", "ids detections", "less see", "contacted", "pulse pulses", "av detections", "yara detections", "alerts", "analysis date", "file score" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 537, "URL": 173, "hostname": 25, "FileHash-MD5": 504, "FileHash-SHA1": 495, "domain": 79, "CVE": 1, "email": 1 }, "indicator_count": 1815, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "275 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a536d6ca1f8cf73b0a0c", "name": "Content Reputation Revenge", "description": "", "modified": "2023-12-06T16:45:42.567000", "created": "2023-12-06T16:45:42.567000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 389, "domain": 629, "URL": 1103, "hostname": 371, "FileHash-MD5": 512, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a53297598bac143dc90c", "name": "Malvertizing", "description": "", "modified": "2023-12-06T16:45:38.747000", "created": "2023-12-06T16:45:38.747000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 389, "domain": 629, "URL": 1103, "hostname": 371, "FileHash-MD5": 512, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a52d46c621212ee24542", "name": "Malvertizing: Exponential Adult Contact Revenge Porn & Vulnerabilities", "description": "", "modified": "2023-12-06T16:45:32.953000", "created": "2023-12-06T16:45:32.953000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 389, "domain": 629, "URL": 1103, "hostname": 371, "FileHash-MD5": 512, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6507d445eaddea2b39611065", "name": "Malvertizing: Exponential Adult Contact Revenge Porn & Vulnerabilities", "description": "BrownTube.com/Target?\nToday: Blacklisted & Whitelisted domain. All malware is correct and verified and by now historical. Evader, detects all AI and intrusion. Packed! Farr more vulnerabilities than necessary to list. Research shows this attack on a targeted individuals dates back years. There is evidence of a browser malware that would direct targeted person's directly to site where device is brutally infected. Based on online research target may have been a victim of crime. Even if that weren't the case, this is definitely criminal and intentional.\nThere is underage content advertised. Web and Hidden CAMS accessed.\nVerdict: Revenge Porn\nTarget country clarifier: Origin of campaign US. It is advertised in Russia via Bing aka Yandex/Microsoft merge.\nIt's is viewable Anywhere.", "modified": "2023-10-18T02:01:30.938000", "created": "2023-09-18T04:38:29.088000", "tags": [ "pierced pussy", "shemale interracial", "thai lesb", "asia anal", "girl on girl", "happy end", "thai sex", "amateur", "thai porn", "gay amateur", "amateur amateur", "asian big", "teens pov", "big tits", "tsara brashears", "porn thai", "cisco umbrella", "malware", "alexa top", "million", "site", "safe site", "heur", "internet storm", "artemis", "adware", "alexa", "coinminer", "iframe", "riskware", "patcher", "crack", "blacklist", "malware site", "malicious site", "detection list", "phishing", "windows nt", "file", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "blacklist https", "whois record", "resolutions", "referrer", "Suricata", "content reputation", "ALERT: WEB CAMS", "child abuse", "South Carolina Federal Credit Union Phishing", "Phishing.HTML", "js user", "evader", "redirect", "browser malware", "cyber crime", "Abuse", "Yandex", "United States", "Suricata Alert", "From America to Russia" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America", "Canada", "Russian Federation" ], "malware_families": [ { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "EngineBox Malware", "display_name": "EngineBox Malware", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Private Internet Access", "display_name": "Private Internet Access", "target": null }, { "id": "Content Reputation", "display_name": "Content Reputation", "target": null }, { "id": "#Exploit:NtQueryIntervalProfile", "display_name": "#Exploit:NtQueryIntervalProfile", "target": null }, { "id": "HackTool:Win32/IPCCrack", "display_name": "HackTool:Win32/IPCCrack", "target": "/malware/HackTool:Win32/IPCCrack" }, { "id": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "display_name": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "#LowFi:Adware:Win32/Altnet", "display_name": "#LowFi:Adware:Win32/Altnet", "target": null }, { "id": "Phishing.BNR", "display_name": "Phishing.BNR", "target": null }, { "id": "Ameriprise Financial phishing", "display_name": "Ameriprise Financial phishing", "target": null }, { "id": "#Lowfi:HSTR:Win32/DownloadMR", "display_name": "#Lowfi:HSTR:Win32/DownloadMR", "target": null }, { "id": "Malware Download", "display_name": "Malware Download", "target": null }, { "id": "#Lowfi:HSTR:Win32/WidgiToolbar", "display_name": "#Lowfi:HSTR:Win32/WidgiToolbar", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Application.Agent", "display_name": "Application.Agent", "target": null }, { "id": "Backdoor.PHP.WebShell", "display_name": "Backdoor.PHP.WebShell", "target": null }, { "id": "MalwareHiderPatched", "display_name": "MalwareHiderPatched", "target": null }, { "id": "JS.eIframeAcNMe", "display_name": "JS.eIframeAcNMe", "target": null }, { "id": "Pua.Snojan", "display_name": "Pua.Snojan", "target": null }, { "id": "Application.CoinMiner", "display_name": "Application.CoinMiner", "target": null }, { "id": "W32.HfsAdware", "display_name": "W32.HfsAdware", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "Trojan.QUAF", "display_name": "Trojan.QUAF", "target": null }, { "id": "Hoax.DeceptPCClean", "display_name": "Hoax.DeceptPCClean", "target": null }, { "id": "Hoax.HTML.Phish", "display_name": "Hoax.HTML.Phish", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Malware.Phish", "display_name": "Malware.Phish", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Trojan.HTML.Generic.4 Phish.82B7", "display_name": "Trojan.HTML.Generic.4 Phish.82B7", "target": null }, { "id": "HTML:PhishingMS", "display_name": "HTML:PhishingMS", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HTML.Generic Phishing.S23", "display_name": "HTML.Generic Phishing.S23", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Adware.Agent", "display_name": "Adware.Agent", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Trojan.Script.Generic", "display_name": "Trojan.Script.Generic", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Trojan.Reconyc ml.Generic", "display_name": "Trojan.Reconyc ml.Generic", "target": null }, { "id": "Ole2.Macro.Agent HTML:PhishingMail", "display_name": "Ole2.Macro.Agent HTML:PhishingMail", "target": null }, { "id": "Gen:Variant.Application.LoadMoney", "display_name": "Gen:Variant.Application.LoadMoney", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "Trojan.Disco", "display_name": "Trojan.Disco", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "PUP.Dstudio.dd", "display_name": "PUP.Dstudio.dd", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Gen:Variant.Application.Bundler.Somoto", "display_name": "Gen:Variant.Application.Bundler.Somoto", "target": null }, { "id": "Phishing.DOC", "display_name": "Phishing.DOC", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Ole2.Macro.Agent", "display_name": "Ole2.Macro.Agent", "target": null }, { "id": "Trojan.Reconyc 1", "display_name": "Trojan.Reconyc 1", "target": null }, { "id": "HTML:PhishingMail", "display_name": "HTML:PhishingMail", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "Gen:Variant.Ser.Bulz", "display_name": "Gen:Variant.Ser.Bulz", "target": null }, { "id": "Phishing.Agent", "display_name": "Phishing.Agent", "target": null }, { "id": "HEUR:Trojan.BAT", "display_name": "HEUR:Trojan.BAT", "target": null }, { "id": "Gen:NN.ZexaF.34090", "display_name": "Gen:NN.ZexaF.34090", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Vdehu.A", "display_name": "Vdehu.A", "target": null }, { "id": "TScope.Malware", "display_name": "TScope.Malware", "target": null }, { "id": "PUA.NSISmod", "display_name": "PUA.NSISmod", "target": null }, { "id": "Trojan.Uztuby", "display_name": "Trojan.Uztuby", "target": null }, { "id": "JS.Phishing", "display_name": "JS.Phishing", "target": null }, { "id": "Win64:Malware", "display_name": "Win64:Malware", "target": null }, { "id": "AGEN.1031860", "display_name": "AGEN.1031860", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "Trojan.Script.Phish", "display_name": "Trojan.Script.Phish", "target": null }, { "id": "HTML:Instagram", "display_name": "HTML:Instagram", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "DriverAgent.A potentially unwanted", "display_name": "DriverAgent.A potentially unwanted", "target": null }, { "id": "ML.Attribute", "display_name": "ML.Attribute", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 512, "domain": 629, "hostname": 371, "URL": 1103, "FileHash-SHA256": 389, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "958 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6507d4f778c6732784d241c7", "name": "Malvertizing", "description": "", "modified": "2023-10-18T02:01:30.938000", "created": "2023-09-18T04:41:27.225000", "tags": [ "pierced pussy", "shemale interracial", "thai lesb", "asia anal", "girl on girl", "happy end", "thai sex", "amateur", "thai porn", "gay amateur", "amateur amateur", "asian big", "teens pov", "big tits", "tsara brashears", "porn thai", "cisco umbrella", "malware", "alexa top", "million", "site", "safe site", "heur", "internet storm", "artemis", "adware", "alexa", "coinminer", "iframe", "riskware", "patcher", "crack", "blacklist", "malware site", "malicious site", "detection list", "phishing", "windows nt", "file", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "blacklist https", "whois record", "resolutions", "referrer", "Suricata", "content reputation", "ALERT: WEB CAMS", "child abuse", "South Carolina Federal Credit Union Phishing", "Phishing.HTML", "js user", "evader", "redirect", "browser malware", "cyber crime", "Abuse", "Yandex", "United States", "Suricata Alert", "From America to Russia" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America", "Canada", "Russian Federation" ], "malware_families": [ { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "EngineBox Malware", "display_name": "EngineBox Malware", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Private Internet Access", "display_name": "Private Internet Access", "target": null }, { "id": "Content Reputation", "display_name": "Content Reputation", "target": null }, { "id": "#Exploit:NtQueryIntervalProfile", "display_name": "#Exploit:NtQueryIntervalProfile", "target": null }, { "id": "HackTool:Win32/IPCCrack", "display_name": "HackTool:Win32/IPCCrack", "target": "/malware/HackTool:Win32/IPCCrack" }, { "id": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "display_name": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "#LowFi:Adware:Win32/Altnet", "display_name": "#LowFi:Adware:Win32/Altnet", "target": null }, { "id": "Phishing.BNR", "display_name": "Phishing.BNR", "target": null }, { "id": "Ameriprise Financial phishing", "display_name": "Ameriprise Financial phishing", "target": null }, { "id": "#Lowfi:HSTR:Win32/DownloadMR", "display_name": "#Lowfi:HSTR:Win32/DownloadMR", "target": null }, { "id": "Malware Download", "display_name": "Malware Download", "target": null }, { "id": "#Lowfi:HSTR:Win32/WidgiToolbar", "display_name": "#Lowfi:HSTR:Win32/WidgiToolbar", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Application.Agent", "display_name": "Application.Agent", "target": null }, { "id": "Backdoor.PHP.WebShell", "display_name": "Backdoor.PHP.WebShell", "target": null }, { "id": "MalwareHiderPatched", "display_name": "MalwareHiderPatched", "target": null }, { "id": "JS.eIframeAcNMe", "display_name": "JS.eIframeAcNMe", "target": null }, { "id": "Pua.Snojan", "display_name": "Pua.Snojan", "target": null }, { "id": "Application.CoinMiner", "display_name": "Application.CoinMiner", "target": null }, { "id": "W32.HfsAdware", "display_name": "W32.HfsAdware", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "Trojan.QUAF", "display_name": "Trojan.QUAF", "target": null }, { "id": "Hoax.DeceptPCClean", "display_name": "Hoax.DeceptPCClean", "target": null }, { "id": "Hoax.HTML.Phish", "display_name": "Hoax.HTML.Phish", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Malware.Phish", "display_name": "Malware.Phish", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Trojan.HTML.Generic.4 Phish.82B7", "display_name": "Trojan.HTML.Generic.4 Phish.82B7", "target": null }, { "id": "HTML:PhishingMS", "display_name": "HTML:PhishingMS", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HTML.Generic Phishing.S23", "display_name": "HTML.Generic Phishing.S23", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Adware.Agent", "display_name": "Adware.Agent", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Trojan.Script.Generic", "display_name": "Trojan.Script.Generic", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Trojan.Reconyc ml.Generic", "display_name": "Trojan.Reconyc ml.Generic", "target": null }, { "id": "Ole2.Macro.Agent HTML:PhishingMail", "display_name": "Ole2.Macro.Agent HTML:PhishingMail", "target": null }, { "id": "Gen:Variant.Application.LoadMoney", "display_name": "Gen:Variant.Application.LoadMoney", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "Trojan.Disco", "display_name": "Trojan.Disco", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "PUP.Dstudio.dd", "display_name": "PUP.Dstudio.dd", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Gen:Variant.Application.Bundler.Somoto", "display_name": "Gen:Variant.Application.Bundler.Somoto", "target": null }, { "id": "Phishing.DOC", "display_name": "Phishing.DOC", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Ole2.Macro.Agent", "display_name": "Ole2.Macro.Agent", "target": null }, { "id": "Trojan.Reconyc 1", "display_name": "Trojan.Reconyc 1", "target": null }, { "id": "HTML:PhishingMail", "display_name": "HTML:PhishingMail", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "Gen:Variant.Ser.Bulz", "display_name": "Gen:Variant.Ser.Bulz", "target": null }, { "id": "Phishing.Agent", "display_name": "Phishing.Agent", "target": null }, { "id": "HEUR:Trojan.BAT", "display_name": "HEUR:Trojan.BAT", "target": null }, { "id": "Gen:NN.ZexaF.34090", "display_name": "Gen:NN.ZexaF.34090", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Vdehu.A", "display_name": "Vdehu.A", "target": null }, { "id": "TScope.Malware", "display_name": "TScope.Malware", "target": null }, { "id": "PUA.NSISmod", "display_name": "PUA.NSISmod", "target": null }, { "id": "Trojan.Uztuby", "display_name": "Trojan.Uztuby", "target": null }, { "id": "JS.Phishing", "display_name": "JS.Phishing", "target": null }, { "id": "Win64:Malware", "display_name": "Win64:Malware", "target": null }, { "id": "AGEN.1031860", "display_name": "AGEN.1031860", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "Trojan.Script.Phish", "display_name": "Trojan.Script.Phish", "target": null }, { "id": "HTML:Instagram", "display_name": "HTML:Instagram", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "DriverAgent.A potentially unwanted", "display_name": "DriverAgent.A potentially unwanted", "target": null }, { "id": "ML.Attribute", "display_name": "ML.Attribute", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" } ], "industries": [], "TLP": "white", "cloned_from": "6507d445eaddea2b39611065", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 512, "domain": 629, "hostname": 371, "URL": 1103, "FileHash-SHA256": 389, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "958 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6507d50cc5175d4bc3e98bd3", "name": "Content Reputation Revenge ", "description": "", "modified": "2023-10-18T02:01:30.938000", "created": "2023-09-18T04:41:48.350000", "tags": [ "pierced pussy", "shemale interracial", "thai lesb", "asia anal", "girl on girl", "happy end", "thai sex", "amateur", "thai porn", "gay amateur", "amateur amateur", "asian big", "teens pov", "big tits", "tsara brashears", "porn thai", "cisco umbrella", "malware", "alexa top", "million", "site", "safe site", "heur", "internet storm", "artemis", "adware", "alexa", "coinminer", "iframe", "riskware", "patcher", "crack", "blacklist", "malware site", "malicious site", "detection list", "phishing", "windows nt", "file", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "blacklist https", "whois record", "resolutions", "referrer", "Suricata", "content reputation", "ALERT: WEB CAMS", "child abuse", "South Carolina Federal Credit Union Phishing", "Phishing.HTML", "js user", "evader", "redirect", "browser malware", "cyber crime", "Abuse", "Yandex", "United States", "Suricata Alert", "From America to Russia" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "United States of America", "Canada", "Russian Federation" ], "malware_families": [ { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "EngineBox Malware", "display_name": "EngineBox Malware", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Private Internet Access", "display_name": "Private Internet Access", "target": null }, { "id": "Content Reputation", "display_name": "Content Reputation", "target": null }, { "id": "#Exploit:NtQueryIntervalProfile", "display_name": "#Exploit:NtQueryIntervalProfile", "target": null }, { "id": "HackTool:Win32/IPCCrack", "display_name": "HackTool:Win32/IPCCrack", "target": "/malware/HackTool:Win32/IPCCrack" }, { "id": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "display_name": "#LowFiHSTR:Program:Win32/CoinMiner_CGMiner_Clean", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "#LowFi:Adware:Win32/Altnet", "display_name": "#LowFi:Adware:Win32/Altnet", "target": null }, { "id": "Phishing.BNR", "display_name": "Phishing.BNR", "target": null }, { "id": "Ameriprise Financial phishing", "display_name": "Ameriprise Financial phishing", "target": null }, { "id": "#Lowfi:HSTR:Win32/DownloadMR", "display_name": "#Lowfi:HSTR:Win32/DownloadMR", "target": null }, { "id": "Malware Download", "display_name": "Malware Download", "target": null }, { "id": "#Lowfi:HSTR:Win32/WidgiToolbar", "display_name": "#Lowfi:HSTR:Win32/WidgiToolbar", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Application.Agent", "display_name": "Application.Agent", "target": null }, { "id": "Backdoor.PHP.WebShell", "display_name": "Backdoor.PHP.WebShell", "target": null }, { "id": "MalwareHiderPatched", "display_name": "MalwareHiderPatched", "target": null }, { "id": "JS.eIframeAcNMe", "display_name": "JS.eIframeAcNMe", "target": null }, { "id": "Pua.Snojan", "display_name": "Pua.Snojan", "target": null }, { "id": "Application.CoinMiner", "display_name": "Application.CoinMiner", "target": null }, { "id": "W32.HfsAdware", "display_name": "W32.HfsAdware", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "Trojan.QUAF", "display_name": "Trojan.QUAF", "target": null }, { "id": "Hoax.DeceptPCClean", "display_name": "Hoax.DeceptPCClean", "target": null }, { "id": "Hoax.HTML.Phish", "display_name": "Hoax.HTML.Phish", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Malware.Phish", "display_name": "Malware.Phish", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Trojan.HTML.Generic.4 Phish.82B7", "display_name": "Trojan.HTML.Generic.4 Phish.82B7", "target": null }, { "id": "HTML:PhishingMS", "display_name": "HTML:PhishingMS", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HTML.Generic Phishing.S23", "display_name": "HTML.Generic Phishing.S23", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Adware.Agent", "display_name": "Adware.Agent", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Trojan.Script.Generic", "display_name": "Trojan.Script.Generic", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Trojan.Reconyc ml.Generic", "display_name": "Trojan.Reconyc ml.Generic", "target": null }, { "id": "Ole2.Macro.Agent HTML:PhishingMail", "display_name": "Ole2.Macro.Agent HTML:PhishingMail", "target": null }, { "id": "Gen:Variant.Application.LoadMoney", "display_name": "Gen:Variant.Application.LoadMoney", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "Trojan.Disco", "display_name": "Trojan.Disco", "target": null }, { "id": "Heur.HTMLUnescape", "display_name": "Heur.HTMLUnescape", "target": null }, { "id": "PUP.Dstudio.dd", "display_name": "PUP.Dstudio.dd", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Gen:Variant.Application.Bundler.Somoto", "display_name": "Gen:Variant.Application.Bundler.Somoto", "target": null }, { "id": "Phishing.DOC", "display_name": "Phishing.DOC", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Ole2.Macro.Agent", "display_name": "Ole2.Macro.Agent", "target": null }, { "id": "Trojan.Reconyc 1", "display_name": "Trojan.Reconyc 1", "target": null }, { "id": "HTML:PhishingMail", "display_name": "HTML:PhishingMail", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "Gen:Variant.Ser.Bulz", "display_name": "Gen:Variant.Ser.Bulz", "target": null }, { "id": "Phishing.Agent", "display_name": "Phishing.Agent", "target": null }, { "id": "HEUR:Trojan.BAT", "display_name": "HEUR:Trojan.BAT", "target": null }, { "id": "Gen:NN.ZexaF.34090", "display_name": "Gen:NN.ZexaF.34090", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "malicious.35bb6b", "display_name": "malicious.35bb6b", "target": null }, { "id": "Vdehu.A", "display_name": "Vdehu.A", "target": null }, { "id": "TScope.Malware", "display_name": "TScope.Malware", "target": null }, { "id": "PUA.NSISmod", "display_name": "PUA.NSISmod", "target": null }, { "id": "Trojan.Uztuby", "display_name": "Trojan.Uztuby", "target": null }, { "id": "JS.Phishing", "display_name": "JS.Phishing", "target": null }, { "id": "Win64:Malware", "display_name": "Win64:Malware", "target": null }, { "id": "AGEN.1031860", "display_name": "AGEN.1031860", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "Trojan.Script.Phish", "display_name": "Trojan.Script.Phish", "target": null }, { "id": "HTML:Instagram", "display_name": "HTML:Instagram", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Application.Clenonta", "display_name": "Application.Clenonta", "target": null }, { "id": "DriverAgent.A potentially unwanted", "display_name": "DriverAgent.A potentially unwanted", "target": null }, { "id": "ML.Attribute", "display_name": "ML.Attribute", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "T1070.003", "name": "Clear Command History", "display_name": "T1070.003 - Clear Command History" } ], "industries": [], "TLP": "white", "cloned_from": "6507d4f778c6732784d241c7", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 512, "domain": 629, "hostname": 371, "URL": 1103, "FileHash-SHA256": 389, "FileHash-SHA1": 117, "URI": 6, "FilePath": 1 }, "indicator_count": 3129, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "958 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "hypertechcenter.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "hypertechcenter.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780413853.7463076 }