{ "type": "Domain", "indicator": "libsqlite3.so", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/libsqlite3.so", "alexa": "http://www.alexa.com/siteinfo/libsqlite3.so", "indicator": "libsqlite3.so", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3633012243, "indicator": "libsqlite3.so", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "694b02eb945649ff909f06d5", "name": "$RECYCLE . BIN\\ -> Part 2", "description": "E:\\Suss-SG2\\$RECYCLE.BIN\\\n\nVictim Google Pixel Telus ISP Norton AV Device\nDevice connected to AHS/Covenant Health, University of Alberta, Government of Alberta", "modified": "2026-01-28T02:03:16.337000", "created": "2025-12-23T21:00:27.029000", "tags": [ "Telus", "YEG", "AHS", "Pixel", "ConnectCare", "Norton", "UAlberta", "Google" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Education", "Technology", "Telecommunications", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 65761, "FileHash-SHA1": 56561, "FileHash-SHA256": 43672, "domain": 1373, "email": 39, "URL": 466, "hostname": 818, "CVE": 3, "CIDR": 2 }, "indicator_count": 168695, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "124 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69348cbacd7ec555dd44615c", "name": "SCANID: S-FAnhzBVY2dY - 12.06.25 4:57AM", "description": "Part 2 MD5 - SCANID: S-FAnhzBVY2dY - 12.06.25 4:57AM\n\nLoose Rules", "modified": "2026-01-05T00:05:52.895000", "created": "2025-12-06T20:06:18.137000", "tags": [ "Thor", "UAlberta", "AHS", "Covenanthealth", "Alberta", "myAlberta", "Connectcare", "Telus", "Norton", "Canada" ], "references": [ "https://www.filescan.io/uploads/69348af0fee3f1394f73b924/reports/16ad1364-f33a-400e-a67f-9b1f5b719479/overview", "https://hybrid-analysis.com/sample/04ea5529a4c7058cd4fe4b7d5f7da78b7aa0a4c379cbc298b3298404b31bc118", "https://metadefender.com/results/file/bzI1MTIwNlRDanBsel9PdmJFb1BTTE5IaUpI", "https://hybrid-analysis.com/sample/04ea5529a4c7058cd4fe4b7d5f7da78b7aa0a4c379cbc298b3298404b31bc118/69348a778d2dcfd0390e63bd", "https://app.threat.zone/submission/8bb05dfe-3680-4df5-a201-c53462b22491/overview", "https://yaraify.abuse.ch/scan/results/d572cc7d-d2e0-11f0-a73e-42010aa4000b" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1518.001", "name": "Security Software Discovery", "display_name": "T1518.001 - Security Software Discovery" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1074.001", "name": "Local Data Staging", "display_name": "T1074.001 - Local Data Staging" }, { "id": "T1006", "name": "Direct Volume Access", "display_name": "T1006 - Direct Volume Access" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1547.009", "name": "Shortcut Modification", "display_name": "T1547.009 - Shortcut Modification" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1137", "name": "Office Application Startup", "display_name": "T1137 - Office Application Startup" } ], "industries": [ "Government", "Education", "Healthcare", "Telecommunications", "Technology", "Finance", "Hospitality" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13906, "FileHash-SHA1": 742, "FileHash-SHA256": 742, "domain": 186, "hostname": 67, "URL": 30, "email": 17 }, "indicator_count": 15690, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "147 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63eabe6f6a9aaa48a17d66e0", "name": "Google Chrome", "description": "Google has released a version of its operating system that stops automatically checking for security updates and instead instead uses the 'cros' tool to automatically install them on to the Google Chrome operating systems, as well as the Android version.", "modified": "2023-03-16T00:12:03.978000", "created": "2023-02-13T22:49:19.557000", "tags": [ "license", "copyright", "android open", "source project", "apache license", "version", "unless", "as is", "basis", "or conditions", "disables", "please", "google", "private key", "software", "work", "licensor", "a particular", "direct", "february", "generator", "david", "code", "bunny", "neither", "apache", "june", "uboot", "except", "bsd3clause", "bsd2clause", "library name", "link", "license name", "binaries", "qt websockets", "tink", "qt widgets", "unknown", "format", "branch", "any kind" ], "references": [ "cros-garcon.conf", "source.properties", "LICENSE", "android-info.txt", "android-sdk-preview-license", "web.dev.har", "NOTICE.csv", "android-sdk-license", "NOTICE.txt", "Downloads.pem", "weston.ini", "package.xml", "mkfs.ext3", "mkfs.ext4", "mkfs.ext2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Lillylillith39", "id": "221303", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 453, "hostname": 81, "FileHash-SHA256": 245, "domain": 62, "email": 7, "FileHash-SHA1": 3, "YARA": 1 }, "indicator_count": 852, "is_author": false, "is_subscribing": null, "subscriber_count": 32, "modified_text": "1173 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/04ea5529a4c7058cd4fe4b7d5f7da78b7aa0a4c379cbc298b3298404b31bc118/69348a778d2dcfd0390e63bd", "https://www.filescan.io/uploads/69348af0fee3f1394f73b924/reports/16ad1364-f33a-400e-a67f-9b1f5b719479/overview", "source.properties", "https://metadefender.com/results/file/bzI1MTIwNlRDanBsel9PdmJFb1BTTE5IaUpI", "android-sdk-preview-license", "https://app.threat.zone/submission/8bb05dfe-3680-4df5-a201-c53462b22491/overview", "web.dev.har", "NOTICE.csv", "Downloads.pem", "weston.ini", "android-sdk-license", "LICENSE", "NOTICE.txt", "android-info.txt", "package.xml", "https://hybrid-analysis.com/sample/04ea5529a4c7058cd4fe4b7d5f7da78b7aa0a4c379cbc298b3298404b31bc118", "mkfs.ext3", "cros-garcon.conf", "mkfs.ext2", "mkfs.ext4", "https://yaraify.abuse.ch/scan/results/d572cc7d-d2e0-11f0-a73e-42010aa4000b" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Finance", "Government", "Hospitality", "Healthcare", "Telecommunications", "Technology", "Education" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "694b02eb945649ff909f06d5", "name": "$RECYCLE . BIN\\ -> Part 2", "description": "E:\\Suss-SG2\\$RECYCLE.BIN\\\n\nVictim Google Pixel Telus ISP Norton AV Device\nDevice connected to AHS/Covenant Health, University of Alberta, Government of Alberta", "modified": "2026-01-28T02:03:16.337000", "created": "2025-12-23T21:00:27.029000", "tags": [ "Telus", "YEG", "AHS", "Pixel", "ConnectCare", "Norton", "UAlberta", "Google" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Education", "Technology", "Telecommunications", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 65761, "FileHash-SHA1": 56561, "FileHash-SHA256": 43672, "domain": 1373, "email": 39, "URL": 466, "hostname": 818, "CVE": 3, "CIDR": 2 }, "indicator_count": 168695, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "124 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69348cbacd7ec555dd44615c", "name": "SCANID: S-FAnhzBVY2dY - 12.06.25 4:57AM", "description": "Part 2 MD5 - SCANID: S-FAnhzBVY2dY - 12.06.25 4:57AM\n\nLoose Rules", "modified": "2026-01-05T00:05:52.895000", "created": "2025-12-06T20:06:18.137000", "tags": [ "Thor", "UAlberta", "AHS", "Covenanthealth", "Alberta", "myAlberta", "Connectcare", "Telus", "Norton", "Canada" ], "references": [ "https://www.filescan.io/uploads/69348af0fee3f1394f73b924/reports/16ad1364-f33a-400e-a67f-9b1f5b719479/overview", "https://hybrid-analysis.com/sample/04ea5529a4c7058cd4fe4b7d5f7da78b7aa0a4c379cbc298b3298404b31bc118", "https://metadefender.com/results/file/bzI1MTIwNlRDanBsel9PdmJFb1BTTE5IaUpI", "https://hybrid-analysis.com/sample/04ea5529a4c7058cd4fe4b7d5f7da78b7aa0a4c379cbc298b3298404b31bc118/69348a778d2dcfd0390e63bd", "https://app.threat.zone/submission/8bb05dfe-3680-4df5-a201-c53462b22491/overview", "https://yaraify.abuse.ch/scan/results/d572cc7d-d2e0-11f0-a73e-42010aa4000b" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1518.001", "name": "Security Software Discovery", "display_name": "T1518.001 - Security Software Discovery" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1074.001", "name": "Local Data Staging", "display_name": "T1074.001 - Local Data Staging" }, { "id": "T1006", "name": "Direct Volume Access", "display_name": "T1006 - Direct Volume Access" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1547.009", "name": "Shortcut Modification", "display_name": "T1547.009 - Shortcut Modification" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1137", "name": "Office Application Startup", "display_name": "T1137 - Office Application Startup" } ], "industries": [ "Government", "Education", "Healthcare", "Telecommunications", "Technology", "Finance", "Hospitality" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13906, "FileHash-SHA1": 742, "FileHash-SHA256": 742, "domain": 186, "hostname": 67, "URL": 30, "email": 17 }, "indicator_count": 15690, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "147 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63eabe6f6a9aaa48a17d66e0", "name": "Google Chrome", "description": "Google has released a version of its operating system that stops automatically checking for security updates and instead instead uses the 'cros' tool to automatically install them on to the Google Chrome operating systems, as well as the Android version.", "modified": "2023-03-16T00:12:03.978000", "created": "2023-02-13T22:49:19.557000", "tags": [ "license", "copyright", "android open", "source project", "apache license", "version", "unless", "as is", "basis", "or conditions", "disables", "please", "google", "private key", "software", "work", "licensor", "a particular", "direct", "february", "generator", "david", "code", "bunny", "neither", "apache", "june", "uboot", "except", "bsd3clause", "bsd2clause", "library name", "link", "license name", "binaries", "qt websockets", "tink", "qt widgets", "unknown", "format", "branch", "any kind" ], "references": [ "cros-garcon.conf", "source.properties", "LICENSE", "android-info.txt", "android-sdk-preview-license", "web.dev.har", "NOTICE.csv", "android-sdk-license", "NOTICE.txt", "Downloads.pem", "weston.ini", "package.xml", "mkfs.ext3", "mkfs.ext4", "mkfs.ext2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Lillylillith39", "id": "221303", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 453, "hostname": 81, "FileHash-SHA256": 245, "domain": 62, "email": 7, "FileHash-SHA1": 3, "YARA": 1 }, "indicator_count": 852, "is_author": false, "is_subscribing": null, "subscriber_count": 32, "modified_text": "1173 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "libsqlite3.so", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "libsqlite3.so", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780309080.4539397 }