{ "type": "Domain", "indicator": "msftauth.net", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/msftauth.net", "alexa": "http://www.alexa.com/siteinfo/msftauth.net", "indicator": "msftauth.net", "type": "domain", "type_title": "Domain", "validation": [ { "source": "akamai", "message": "Akamai rank: #1380", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain msftauth.net", "name": "Whitelisted domain" } ], "base_indicator": { "id": 1823940309, "indicator": "msftauth.net", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 16, "pulses": [ { "id": "69d5c3f3a05ada29f8ba406d", "name": "CAPE Sandbox", "description": "<>>pretext\nMy links would not attack but this is disturbing.\n\nServices Opened\nRASMAN\nWatching it all.", "modified": "2026-05-08T02:10:38.371000", "created": "2026-04-08T02:56:51.724000", "tags": [ "pulse pulses", "http", "pulses otx", "pulses", "released", "bartblaze", "info", "private rule", "psinlnk", "convert", "frombase", "scriptinlnk", "activexobject", "exeinlnk", "comspec", "flash", "webdav", "externalnet", "homenet", "reply", "submission", "ssdeep", "csv text", "magic ascii", "trid file", "magika csv", "file size", "history first", "analysis", "utc names", "file type", "crlf line", "utc http", "response final", "url https", "ip address", "status code", "body length", "kb body", "size", "analysis date", "urls", "domains", "registrar", "ip detections", "country" ], "references": [ "https://www.virustotal.com/gui/file/d577d1e70da0c075b35351930b2f39fef73aef7a6e10b92d30a4817f97745059/relations", "https://www.virustotal.com/gui/file/000000c30bd1247c9088ff83758a335a9d1aeffa89ec8757fc7de2f6ac563080/behavior" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "hostname": 171, "FileHash-MD5": 175, "FileHash-SHA1": 166, "FileHash-SHA256": 161, "domain": 12, "YARA": 1 }, "indicator_count": 777, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fc2ceaf9989ac75c80ac68", "name": "Credit [ty] OctoSeek - please follow them [Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server] - this post is so true", "description": "", "modified": "2026-05-07T06:24:09.569000", "created": "2026-05-07T06:10:50.373000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c597a4a45c8d84f0b15c1", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2927, "domain": 627, "hostname": 1320, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10755, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fc2ce920f63f0ab26c6871", "name": "Credit [ty] OctoSeek - please follow them [Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server] - this post is so true", "description": "", "modified": "2026-05-07T06:22:38.844000", "created": "2026-05-07T06:10:49.008000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c597a4a45c8d84f0b15c1", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2927, "domain": 627, "hostname": 1320, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10755, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d48d3b4900e932be011875", "name": "Free Automated Malware Analysis Service - Falcon Sandbox -", "description": "", "modified": "2026-05-07T04:07:52.917000", "created": "2026-04-07T04:51:07.162000", "tags": [ "ip address", "december", "c2 server", "famous chollima", "hostwinds", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "threat level", "ansi", "date", "pcap", "pcap processing", "report domain", "report", "sha256", "filepath", "runtime process", "path", "suspicious", "hostile", "hybrid", "accept", "close", "click", "hosts", "malicious", "general", "local", "factory", "strings", "contact", "united", "flag", "germany germany", "enom", "gmt flag", "server", "name server", "contacted hosts", "hybrid analysis", "api key", "vetting process", "please note", "please", "prefetch8 ansi", "show process", "hash seen", "ck id", "win64", "gecko", "mitre att", "comspec", "april", "refresh", "model", "mozi", "window", "dest" ], "references": [ "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5e690fae4c892737e7365efe", "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5f7728aa32edd97f433dbb02", "https://hybrid-analysis.com/sample/a7a080e1e8bbd8b71a897b4d8d9d549207c2931a5e416c4599fc5cf51fc357c6", "https://hybrid-analysis.com/sample/e05affb84f4d1e1f2fb5f0200d819ffa64e3bc17c9e9b56f46a910b1c08f95e4/69d48a496246d30efa004564" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 84, "domain": 72, "URL": 112, "FileHash-MD5": 94, "FileHash-SHA1": 68, "email": 2, "hostname": 91, "SSLCertFingerprint": 12 }, "indicator_count": 535, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d48d3b4cb631f407faf565", "name": "Free Automated Malware Analysis Service - Falcon Sandbox -", "description": "", "modified": "2026-05-07T04:07:52.917000", "created": "2026-04-07T04:51:07.591000", "tags": [ "ip address", "december", "c2 server", "famous chollima", "hostwinds", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "threat level", "ansi", "date", "pcap", "pcap processing", "report domain", "report", "sha256", "filepath", "runtime process", "path", "suspicious", "hostile", "hybrid", "accept", "close", "click", "hosts", "malicious", "general", "local", "factory", "strings", "contact", "united", "flag", "germany germany", "enom", "gmt flag", "server", "name server", "contacted hosts", "hybrid analysis", "api key", "vetting process", "please note", "please", "prefetch8 ansi", "show process", "hash seen", "ck id", "win64", "gecko", "mitre att", "comspec", "april", "refresh", "model", "mozi", "window", "dest" ], "references": [ "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5e690fae4c892737e7365efe", "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5f7728aa32edd97f433dbb02", "https://hybrid-analysis.com/sample/a7a080e1e8bbd8b71a897b4d8d9d549207c2931a5e416c4599fc5cf51fc357c6", "https://hybrid-analysis.com/sample/e05affb84f4d1e1f2fb5f0200d819ffa64e3bc17c9e9b56f46a910b1c08f95e4/69d48a496246d30efa004564" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 84, "domain": 72, "URL": 112, "FileHash-MD5": 94, "FileHash-SHA1": 68, "email": 2, "hostname": 91, "SSLCertFingerprint": 12 }, "indicator_count": 535, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d48d3cfab80e8a75ef85c1", "name": "Free Automated Malware Analysis Service - Falcon Sandbox -", "description": "", "modified": "2026-05-07T04:07:52.917000", "created": "2026-04-07T04:51:08.017000", "tags": [ "ip address", "december", "c2 server", "famous chollima", "hostwinds", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "threat level", "ansi", "date", "pcap", "pcap processing", "report domain", "report", "sha256", "filepath", "runtime process", "path", "suspicious", "hostile", "hybrid", "accept", "close", "click", "hosts", "malicious", "general", "local", "factory", "strings", "contact", "united", "flag", "germany germany", "enom", "gmt flag", "server", "name server", "contacted hosts", "hybrid analysis", "api key", "vetting process", "please note", "please", "prefetch8 ansi", "show process", "hash seen", "ck id", "win64", "gecko", "mitre att", "comspec", "april", "refresh", "model", "mozi", "window", "dest" ], "references": [ "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5e690fae4c892737e7365efe", "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5f7728aa32edd97f433dbb02", "https://hybrid-analysis.com/sample/a7a080e1e8bbd8b71a897b4d8d9d549207c2931a5e416c4599fc5cf51fc357c6", "https://hybrid-analysis.com/sample/e05affb84f4d1e1f2fb5f0200d819ffa64e3bc17c9e9b56f46a910b1c08f95e4/69d48a496246d30efa004564" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 84, "domain": 72, "URL": 113, "FileHash-MD5": 94, "FileHash-SHA1": 68, "email": 2, "hostname": 91, "SSLCertFingerprint": 12 }, "indicator_count": 536, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ce1c7b60a3065cc75b7e23", "name": "Chance Encounter Clone CREDIT: UCP_GoA23 Public - same watering hole?", "description": "", "modified": "2026-04-21T05:29:42.247000", "created": "2026-04-02T07:36:27.829000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": "698f07428f6e35876e034e41", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "41 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "698f07428f6e35876e034e41", "name": "Chance Encounter Commuting from U of A to GoA - 02.13.2026", "description": "My 1st Graph: Hidden Boots on my Phone ( Chance Encounter Commuting from U of A to GoA - 02.13.2026 ). \nConclusion: U of A and the Governments of Alberta, and those of Treaty 6/7/8 have been victims of crime.\nhttps://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "modified": "2026-03-15T10:19:15.579000", "created": "2026-02-13T11:13:03.870000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "78 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "654c5970817e6bf8b0e5b5ff", "name": "Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server | Apple iOS", "description": "Darkside 2020 Ecosystem .BEware\nMalicious Tor server. Link found in pulse created prior. \nMalvertizing target: Tsara Brashears\nRevenge Porn.\nThere may me others. Malicious Apple activities, locating, CVE exploits, unlocking, hijacker, service transfer, spyware, malicious full auth, tracking, endless. Seems to originate from a law firm that goes to far to defend clients and silence alleged victims. \nSome State allow the same privileges and tools the federal government to insurance, workers compensation, investigators and insurance company law firms for investigations. \nFear tactics they seem willing to back up. I was approached and asked about my cyber knowledge by strangers. I am followed now for using a tool properly.\nALL terms auto populated from various tools from various tools used including, State, Brian Sabey, cyber stalking. Perhaps he's made contact with target. Danger!", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-09T04:00:48.087000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 339, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "654c597a4a45c8d84f0b15c1", "name": "Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server | Apple iOS", "description": "Darkside 2020 Ecosystem .BEware\nMalicious Tor server. Link found in pulse created prior. \nMalvertizing target: Tsara Brashears\nRevenge Porn.\nThere may me others. Malicious Apple activities, locating, CVE exploits, unlocking, hijacker, service transfer, spyware, malicious full auth, tracking, endless. Seems to originate from a law firm that goes to far to defend clients and silence alleged victims. \nSome State allow the same privileges and tools the federal government to insurance, workers compensation, investigators and insurance company law firms for investigations. \nFear tactics they seem willing to back up. I was approached and asked about my cyber knowledge by strangers. I am followed now for using a tool properly.\nALL terms auto populated from various tools from various tools used including, State, Brian Sabey, cyber stalking. Perhaps he's made contact with target. Danger!", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-09T04:00:58.166000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 338, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "654c606d74f82e547c77ad89", "name": "Ransom.Win64.PORNOASSET.SM1 | DeepScan:Generic.Ransom.GandCrab5", "description": "Ransom.Win64.PORNOASSET.SM1 DeepScan:Generic.Ransom.GandCrab5\nBlackNET RAT $WebWatson\nAuto generated results from a variety of tools.", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-09T04:30:37.089000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 338, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "654d29ff31857aafba0358e1", "name": "Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server | Apple iOS", "description": "", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-09T18:50:39.675000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c597a4a45c8d84f0b15c1", "export_count": 341, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6558126013aef7ce80968842", "name": "PuffStealer", "description": "", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-18T01:24:48.887000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c5970817e6bf8b0e5b5ff", "export_count": 334, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a975e2a76dd4ddaec80a", "name": "Remote Access attack | Agent Tesla | C2 | BatLoader | C2 | Dridex", "description": "", "modified": "2023-12-06T17:03:49.269000", "created": "2023-12-06T17:03:49.269000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 8, "FileHash-SHA256": 2173, "domain": 584, "hostname": 1707, "URL": 4145, "FileHash-SHA1": 545, "FileHash-MD5": 1071 }, "indicator_count": 10233, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "652c33c45c1f1566c4b8c6a2", "name": "Remote Access attack | Agent Tesla | C2 | BatLoader | C2 | Dridex", "description": "https://login.live.com/oauth20_remoteconnect.srf\nInvalid CRDS Token\nI suffered quite an attack on my devices. My personal experience, phone service changed, embedding., privilege escalation adversaries, remote probe, obvious unauthorized microsoft usage multiple logins. embedded phone service apps, injected, unknown apps, dumping. connect/shared/ tethered to other clouds, apps devices, decrypted phone., cookies turned off after attack, no Google, other search engine access, passwords compromised malicious Google sorry index w/Azorult. I am targeted. Usual suspects\nPrior: 'D241 connect test was successful messages'. Wifi and cellular issues.\nAftermath, Zombie devices. C2. Calls don't connect, keyloggers, etc", "modified": "2023-11-14T17:01:45.019000", "created": "2023-10-15T18:47:32.354000", "tags": [ "whois record", "historical ssl", "ssl certificate", "communicating", "referrer", "united", "mail spammer", "detection list", "ip address", "blacklist", "possiblecerber", "outlook", "covid19", "artemis", "unsafe", "cisco umbrella", "site", "safe site", "phishing site", "malicious site", "malware", "malware site", "alexa top", "million", "phishingms", "exploit", "live", "blacklist https", "javascript", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "p3p cp", "pragma", "whois whois", "contacted", "threat network", "pe resource", "uatrue url", "typepv", "probe", "execution", "core", "emotet", "remcos", "nokoyawa", "asyncrat", "heur", "anonymizer", "firehol", "trojanx", "agent", "riskware", "trojan", "binder", "small", "downloader", "hupigon", "crypt", "cobalt strike", "union", "team", "agent tesla", "malicious", "fakealert", "dbatloader", "stealer", "nanocore rat", "formbook", "dropper", "dridex", "hawkeye", "netwire", "download", "opencandy", "bladabindi", "phishing", "bank", "alexa", "trojanspy", "maltiverse", "uatrue", "processorx86", "langen", "generic malware", "fakedout threat", "ip summary", "url summary", "summary", "sample", "samples", "injected", "mitre", "attack", "cybercrime", "Suspicious.Save", "dns server", "scanning ip's", "Backdoor.Remcos", "Threats200220200050", "IOC_19052020", "behaves like emotet" ], "references": [ "https://login.live.com/oauth20_remoteconnect.srf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "France" ], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Agent Tesla - S0331", "display_name": "Agent Tesla - S0331", "target": null }, { "id": "HawkEye Keylogger", "display_name": "HawkEye Keylogger", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Application.Generic", "display_name": "Application.Generic", "target": null }, { "id": "Backdoor.RemoteManipulator", "display_name": "Backdoor.RemoteManipulator", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "XOR.DDoS", "display_name": "XOR.DDoS", "target": null }, { "id": "Backdoor.Remcos", "display_name": "Backdoor.Remcos", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1071, "FileHash-SHA1": 545, "FileHash-SHA256": 2173, "domain": 584, "hostname": 1707, "URL": 4145, "CVE": 8 }, "indicator_count": 10233, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "930 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f1c989df5416bd0ff3d38", "name": "Remote Access attack | Agent Tesla | C2 | BatLoader | C2 | Dridex", "description": "", "modified": "2023-11-14T17:01:45.019000", "created": "2023-10-30T03:01:44.846000", "tags": [ "whois record", "historical ssl", "ssl certificate", "communicating", "referrer", "united", "mail spammer", "detection list", "ip address", "blacklist", "possiblecerber", "outlook", "covid19", "artemis", "unsafe", "cisco umbrella", "site", "safe site", "phishing site", "malicious site", "malware", "malware site", "alexa top", "million", "phishingms", "exploit", "live", "blacklist https", "javascript", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "p3p cp", "pragma", "whois whois", "contacted", "threat network", "pe resource", "uatrue url", "typepv", "probe", "execution", "core", "emotet", "remcos", "nokoyawa", "asyncrat", "heur", "anonymizer", "firehol", "trojanx", "agent", "riskware", "trojan", "binder", "small", "downloader", "hupigon", "crypt", "cobalt strike", "union", "team", "agent tesla", "malicious", "fakealert", "dbatloader", "stealer", "nanocore rat", "formbook", "dropper", "dridex", "hawkeye", "netwire", "download", "opencandy", "bladabindi", "phishing", "bank", "alexa", "trojanspy", "maltiverse", "uatrue", "processorx86", "langen", "generic malware", "fakedout threat", "ip summary", "url summary", "summary", "sample", "samples", "injected", "mitre", "attack", "cybercrime", "Suspicious.Save", "dns server", "scanning ip's", "Backdoor.Remcos", "Threats200220200050", "IOC_19052020", "behaves like emotet" ], "references": [ "https://login.live.com/oauth20_remoteconnect.srf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "France" ], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Agent Tesla - S0331", "display_name": "Agent Tesla - S0331", "target": null }, { "id": "HawkEye Keylogger", "display_name": "HawkEye Keylogger", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Application.Generic", "display_name": "Application.Generic", "target": null }, { "id": "Backdoor.RemoteManipulator", "display_name": "Backdoor.RemoteManipulator", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "XOR.DDoS", "display_name": "XOR.DDoS", "target": null }, { "id": "Backdoor.Remcos", "display_name": "Backdoor.Remcos", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "652c33c45c1f1566c4b8c6a2", "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1071, "FileHash-SHA1": 545, "FileHash-SHA256": 2173, "domain": 584, "hostname": 1707, "URL": 4145, "CVE": 8 }, "indicator_count": 10233, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "930 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "ThreatFox Abuse.ch", "https://downloaddevtools.ir/ (phishing)", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "Hostname: www.supernetforme.com command_and_control", "README", "config-5.15.44-Re4son-v7l+", "IPv4 95.213.186.51 command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "COPYING.linux", "config-5.15.44-Re4son-v8+", "IPv4 45.15.156.208 command_and_control", "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "apples.encryptedwork.com (Interesting in the blacknet)", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5f7728aa32edd97f433dbb02", "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5e690fae4c892737e7365efe", "IPv4 104.247.81.51 command_and_control", "IPv4 63.251.106.25 command_and_control", "Deep Research", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://hybrid-analysis.com/sample/a7a080e1e8bbd8b71a897b4d8d9d549207c2931a5e416c4599fc5cf51fc357c6", "config.txt", "Cyber Threat Coalition", "https://login.live.com/oauth20_remoteconnect.srf", "config-5.15.44-Re4son+", "LICENCE.broadcom", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "URLhaus Abuse.ch", "URLscan.io", "Hybrid Analysis", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son-v7+", "grub_background.sh", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "cmdline.txt", "20.99.186.246 exploit source", "https://www.virustotal.com/gui/file/000000c30bd1247c9088ff83758a335a9d1aeffa89ec8757fc7de2f6ac563080/behavior", "theme.txt", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "happylifehappywife.com", "IPv4 103.224.182.246 command_and_control", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "IPv4 72.251.233.245 command_and_control", "Maltiverse Research Team", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://hybrid-analysis.com/sample/e05affb84f4d1e1f2fb5f0200d819ffa64e3bc17c9e9b56f46a910b1c08f95e4/69d48a496246d30efa004564", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "IPv4 45.12.253.72. command_and_control", "fp2e7a.wpc.2be4.phicdn.net", "https://www.virustotal.com/gui/file/d577d1e70da0c075b35351930b2f39fef73aef7a6e10b92d30a4817f97745059/relations" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Lucky Mouse APT27 | NoName057(16) | Unnamed" ], "malware_families": [ "Presenoker", "Suspicious.cloud", "Faceliker.a", "Trojan.generic", "Malicious.moderate.ml", "Agen.1045227", "Vb.emodldr.4", "Agent.pwc", "Blacknet", "Trojan.killproc", "Ransom_wcry.smalym", "Kryptik.nrd", "Heur:webtoolbar.generic", "Bladabindi.q", "Trojan.autoruns.generickds", "Trojandownloader:linux/downldr", "$webwatson", "Tsgeneric", "Trojan.vba", "Backdoor.xtreme", "Dridex", "Packed.netseal", "Agent.aso", "Dldr.agent", "Trojan.pws.agent", "Trojan.trickbot", "Js:trojan.js.faceliker", "Trojan.pws.growtopia", "Trojan.msil.injector", "Application.innovativsol", "Generic.msil.limerat", "Trojan.vbkryjetor", "Wannacry", "Malicious.high.ml", "Trojan:python/downldr", "Loki bot", "Artemis", "Agen.1141126", "Deepscan:generic.ransom.gandcrab5", "Trojan.msil", "Js:trojan.js.likejack", "Dropper.trojan.agent", "Html_redir.smr", "Macro.agent", "Gen:variant.jaiko", "Bscope.riskware", "Heur:adware.startsurf", "Packed-gv", "Malicious.d800d6", "Dropper.trojan.generic", "Pws-fczz", "Generic.asmalws", "Vb:trojan.vba.agent", "Vb.downloader.2", "Heur:trojan.msil.tasker", "Js:trojan.cryxos", "Trojan.inject", "Gen:variant.bulz", "Snh:script [dropper]", "Heur:trojan.msoffice.alien", "Trojan.wanna", "Ransom.win64.wacatac.oa", "Heur/qvm41.2.da9b.malware", "Trojanspy.java", "Trojanspy", "Gen:variant.zusy", "Kuluoz.b.gen", "Malicious.71b1a8", "Generic.malware", "Injector.clds", "Malwarex", "Wacatac.d6", "Hack.patcher", "Kryptik.gucb", "W32.aidetectvm", "Adware.downware", "Heur:remoteadmin.generic", "Pua.reg1staid", "Msil.trojan.bse", "Trojan.script", "Application.generic", "Scrinject.b", "Gen:heur.noobyprotect", "Gen:variant.msilperseus", "Hacktool.cheatengine", "Phish.ab", "Riskware.agent", "S-b748adc5", "Heur.msword.gen", "Redcap.zoohz", "Smokeloader", "Opensubtitles.a", "Gen:heur.ransom.hiddentears", "Trojan.win64", "Feodo", "Gen:variant.revengerat", "Application.sqlcrack", "Behaveslike.ransom", "Gen:variant.cerbu", "Heur:exploit.generic", "Malicious.3e78cc", "Backdoor.poison", "Dangerousobject.multi", "Skynet", "Possiblethreat.pallas", "Exploit.w32.agent", "Riskware", "Xor.ddos", "Gen:variant.johnnie", "Elf", "Trojan.downloader.generic", "Riskware.hacktool.agent", "Kryptik.noe", "Unsafe", "Immortal stealer", "Worm.win64.autorun", "Virus.ramnit", "Spyware.bobik", "Webmonitor rat", "W32.eheur", "Unsafe.ai_score_100%", "Suspicious.save", "Adware.kuzitui", "Troj_frs.vsntfk19", "Ramnit.n", "Macro.downloader.amip", "Ait.heur.cottonmouth.8.78f19bd7", "Evo", "Agen.1144657", "Gen:heur.msil.androm", "Zpevdo.b", "Js:trojan.clicker", "W32.aidetect", "Vb.chronos.7", "Generic.bitcoinminer.3", "Tor - s0183", "Trojan.java", "Agent.nbae", "Backdoor.rbot", "Msil.downloader", "Js:iframe", "Deepscan:generic.ransom.amnesiae", "Gen:nn.zexaf.32515", "Gen:variant.graftor", "Gen:variant.kazy", "Redcap.vneda", "Trojan.chapak", "Packed.asprotect", "Exploit cve-2017-11882", "Trojan.ekstak", "Backdoor.hupigon", "Bscope.trojan", "Malicious.8c45ba", "Gamehack.nl", "Inmortal", "Agen.1030939", "Generic.msil.grwtpstealer.1", "Auslogics", "Exploit.msoffice", "Trojan.tasker", "Phish.jat", "Gen:trojan.heur2.lptbhw@w64.hfsautob", "W32.trojan", "Trojan.python", "Filerepmalware", "Trojan.heur", "Qvm201.0.b70b.malware", "Ransom_wcry.smj", "Risktool.phpw", "Gamehack.crs", "Psw.stealer", "Gen:variant.ser.strictor", "Trojan.delshad", "Agenttesla", "Malicious.11abfc", "Trojan:msil/burkina", "Emotet", "Script.agent", "Gen:variant.sirefef", "Linux.agent", "Adload.ad81", "Dropped:generic.ransom.dmr", "Injector.jdo", "Autoit.bimwt", "Powershell.downloader", "Heur/qvm42.3.72eb.malware", "Sdbot.caoc", "Trojan.notifier", "Gen:heur.msil.inject", "Virus.3dmax.script", "Pws.p", "Backdoor.remcos", "Trojanspy.python", "Heur:trojan.msoffice.stratos", "Trojan.cud.gen", "Generic.msil.bladabindi", "Suspected of trojan.downloader.gen", "Nemucod.a", "Gen:variant.mikey", "Virus.virut", "Fake ,promethiumm ,strongpity", "Trojanspy.keylogger", "Trojan.ole2.vbs", "Riskware.netfilter", "Vba.downloader", "Hacktool.bruteforce", "Gen:variant.razy", "Generic.msil.passwordstealer", "Trojan.trickster", "Macro.trojan.dropperd", "Malware.tk.generic", "Cil.heapoverride", "Agent.aik.gencil.stupidcryptor", "Domains", "Redcap.rlhse", "Application.searchprotect", "Ransom.wannacrypt", "Dropper.binder", "Trojan.html.phish", "Trojan.packednet", "Trojan.doc.downloader", "Constructor.msil linux.agent", "Backdoor.remotemanipulator", "Powershell.trojan", "Adware.installmonetizer", "Susp.rtf.objupdate", "Python.keylogger", "Program.unwanted", "Behavbehaveslike.pupxbi", "Backdoor.agent", "Suspicious_gen.f47v0520", "Gen:variant.ursu", "Backdoor.msil.agent", "Trojan.starter js.iframe", "Gen:variant.ulise", "Heur:trojan.tasker", "Indiloadz.bb", "Packed.themida.gen", "Vb.pwshell.2", "Gen:heur.ransom.msil", "Gen:nn.zemsilf.34128", "Trojan.wisdomeyes.16070401.9500", "Hw32.packed", "Downloader.certutilurlcache", "Black.gen2", "Trojan.androm.gen", "Wannacryptor", "Suspicious.low.ml", "Agen.1038489", "Trojan.psw.python", "Trickbot - s0266", "Heur.vba.trojan", "Pwsx", "Il:trojan.msilzilla", "Malicious.f01f67", "Gamehack.dom", "Downldr.gen", "Generic.trickbot.1", "Hoax.js.phish", "Hawkeye keylogger", "Generic.malware.smyb", "Loki password stealer (pws)", "Pua.gen", "Injector.is.gen", "Susp.lnk", "Trojan:vba/downldr", "Trojan.agent", "Trojan.indiloadz", "Troj_gen.r002c0og518", "Webtoolbar", "Riskware.crack", "Backdoor.androm", "Locky", "Trojan:linux/downldr", "Dropper.msil", "Gen:variant.midie", "Xegumumune.8596c22f", "Gen:nn", "Vb:trojan.valyria", "Ml.generic", "Index.php", "Kryptik.fph.gen", "Js:trojan.hidelink", "Vb.emooodldr.10", "Hacktool.binder", "States", "Psw.agent", "Trojan.malware.121218", "Heur:backdoor.msil.nanobot", "Agent.aik.gen", "Cve-2015-1650", "Redline stealer", "Maltiverse", "Gen:variant.barys", "Heur:trojan.msoffice.sagent", "Zbd zeus", "Trojan.psw.mimikatz", "Blacknet rat", "Trojan.pornoasset", "Exploit.cve", "Staticrr.paleokits.net", "Packed.vmprotect", "Script.inf", "Cil.stupidcryptor", "Xlm.trojan.abracadabra.27", "Generic.servstart.a", "Ransom:win32/cve-2017-0147", "Behaveslike.exploit", "Wacapew.c", "Gen:nn.zemsilf.34062", "Icefog", "Ransom.win64.pornoasset.sm1", "Agen.1043164", "Suppobox", "Trojan.malware.300983", "Delf.nbx", "Agent.ypez", "Malicious.6e0700", "Malware.heur_generic.a", "Constructor.msil", "Trojan.php.agent", "Heur:trojan.linux.agent", "Heur:trojan.ole2.alien", "Html:script", "Sgeneric", "Apt notes", "Trojan.pws", "Agent tesla - s0331", "Deepscan:generic.spyagent.6", "Tscope.trojan", "Virus.office.qexvmc", "Trojan.js.agent", "Trojan.ransom.generickd", "Phishing.html", "Heur.bzc.yax.pantera.10", "Azorult", "Gen:variant.symmi", "Psw.discord" ], "industries": [ "Finance", "Telecommunications", "Agriculture", "Healthcare", "Transportation", "Education", "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 16, "pulses": [ { "id": "69d5c3f3a05ada29f8ba406d", "name": "CAPE Sandbox", "description": "<>>pretext\nMy links would not attack but this is disturbing.\n\nServices Opened\nRASMAN\nWatching it all.", "modified": "2026-05-08T02:10:38.371000", "created": "2026-04-08T02:56:51.724000", "tags": [ "pulse pulses", "http", "pulses otx", "pulses", "released", "bartblaze", "info", "private rule", "psinlnk", "convert", "frombase", "scriptinlnk", "activexobject", "exeinlnk", "comspec", "flash", "webdav", "externalnet", "homenet", "reply", "submission", "ssdeep", "csv text", "magic ascii", "trid file", "magika csv", "file size", "history first", "analysis", "utc names", "file type", "crlf line", "utc http", "response final", "url https", "ip address", "status code", "body length", "kb body", "size", "analysis date", "urls", "domains", "registrar", "ip detections", "country" ], "references": [ "https://www.virustotal.com/gui/file/d577d1e70da0c075b35351930b2f39fef73aef7a6e10b92d30a4817f97745059/relations", "https://www.virustotal.com/gui/file/000000c30bd1247c9088ff83758a335a9d1aeffa89ec8757fc7de2f6ac563080/behavior" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "hostname": 171, "FileHash-MD5": 175, "FileHash-SHA1": 166, "FileHash-SHA256": 161, "domain": 12, "YARA": 1 }, "indicator_count": 777, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fc2ceaf9989ac75c80ac68", "name": "Credit [ty] OctoSeek - please follow them [Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server] - this post is so true", "description": "", "modified": "2026-05-07T06:24:09.569000", "created": "2026-05-07T06:10:50.373000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c597a4a45c8d84f0b15c1", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2927, "domain": 627, "hostname": 1320, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10755, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fc2ce920f63f0ab26c6871", "name": "Credit [ty] OctoSeek - please follow them [Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server] - this post is so true", "description": "", "modified": "2026-05-07T06:22:38.844000", "created": "2026-05-07T06:10:49.008000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": "654c597a4a45c8d84f0b15c1", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2927, "domain": 627, "hostname": 1320, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10755, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d48d3b4900e932be011875", "name": "Free Automated Malware Analysis Service - Falcon Sandbox -", "description": "", "modified": "2026-05-07T04:07:52.917000", "created": "2026-04-07T04:51:07.162000", "tags": [ "ip address", "december", "c2 server", "famous chollima", "hostwinds", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "threat level", "ansi", "date", "pcap", "pcap processing", "report domain", "report", "sha256", "filepath", "runtime process", "path", "suspicious", "hostile", "hybrid", "accept", "close", "click", "hosts", "malicious", "general", "local", "factory", "strings", "contact", "united", "flag", "germany germany", "enom", "gmt flag", "server", "name server", "contacted hosts", "hybrid analysis", "api key", "vetting process", "please note", "please", "prefetch8 ansi", "show process", "hash seen", "ck id", "win64", "gecko", "mitre att", "comspec", "april", "refresh", "model", "mozi", "window", "dest" ], "references": [ "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5e690fae4c892737e7365efe", "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5f7728aa32edd97f433dbb02", "https://hybrid-analysis.com/sample/a7a080e1e8bbd8b71a897b4d8d9d549207c2931a5e416c4599fc5cf51fc357c6", "https://hybrid-analysis.com/sample/e05affb84f4d1e1f2fb5f0200d819ffa64e3bc17c9e9b56f46a910b1c08f95e4/69d48a496246d30efa004564" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 84, "domain": 72, "URL": 112, "FileHash-MD5": 94, "FileHash-SHA1": 68, "email": 2, "hostname": 91, "SSLCertFingerprint": 12 }, "indicator_count": 535, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d48d3b4cb631f407faf565", "name": "Free Automated Malware Analysis Service - Falcon Sandbox -", "description": "", "modified": "2026-05-07T04:07:52.917000", "created": "2026-04-07T04:51:07.591000", "tags": [ "ip address", "december", "c2 server", "famous chollima", "hostwinds", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "threat level", "ansi", "date", "pcap", "pcap processing", "report domain", "report", "sha256", "filepath", "runtime process", "path", "suspicious", "hostile", "hybrid", "accept", "close", "click", "hosts", "malicious", "general", "local", "factory", "strings", "contact", "united", "flag", "germany germany", "enom", "gmt flag", "server", "name server", "contacted hosts", "hybrid analysis", "api key", "vetting process", "please note", "please", "prefetch8 ansi", "show process", "hash seen", "ck id", "win64", "gecko", "mitre att", "comspec", "april", "refresh", "model", "mozi", "window", "dest" ], "references": [ "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5e690fae4c892737e7365efe", "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5f7728aa32edd97f433dbb02", "https://hybrid-analysis.com/sample/a7a080e1e8bbd8b71a897b4d8d9d549207c2931a5e416c4599fc5cf51fc357c6", "https://hybrid-analysis.com/sample/e05affb84f4d1e1f2fb5f0200d819ffa64e3bc17c9e9b56f46a910b1c08f95e4/69d48a496246d30efa004564" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 84, "domain": 72, "URL": 112, "FileHash-MD5": 94, "FileHash-SHA1": 68, "email": 2, "hostname": 91, "SSLCertFingerprint": 12 }, "indicator_count": 535, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d48d3cfab80e8a75ef85c1", "name": "Free Automated Malware Analysis Service - Falcon Sandbox -", "description": "", "modified": "2026-05-07T04:07:52.917000", "created": "2026-04-07T04:51:08.017000", "tags": [ "ip address", "december", "c2 server", "famous chollima", "hostwinds", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "threat level", "ansi", "date", "pcap", "pcap processing", "report domain", "report", "sha256", "filepath", "runtime process", "path", "suspicious", "hostile", "hybrid", "accept", "close", "click", "hosts", "malicious", "general", "local", "factory", "strings", "contact", "united", "flag", "germany germany", "enom", "gmt flag", "server", "name server", "contacted hosts", "hybrid analysis", "api key", "vetting process", "please note", "please", "prefetch8 ansi", "show process", "hash seen", "ck id", "win64", "gecko", "mitre att", "comspec", "april", "refresh", "model", "mozi", "window", "dest" ], "references": [ "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5e690fae4c892737e7365efe", "https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5f7728aa32edd97f433dbb02", "https://hybrid-analysis.com/sample/a7a080e1e8bbd8b71a897b4d8d9d549207c2931a5e416c4599fc5cf51fc357c6", "https://hybrid-analysis.com/sample/e05affb84f4d1e1f2fb5f0200d819ffa64e3bc17c9e9b56f46a910b1c08f95e4/69d48a496246d30efa004564" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 84, "domain": 72, "URL": 113, "FileHash-MD5": 94, "FileHash-SHA1": 68, "email": 2, "hostname": 91, "SSLCertFingerprint": 12 }, "indicator_count": 536, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ce1c7b60a3065cc75b7e23", "name": "Chance Encounter Clone CREDIT: UCP_GoA23 Public - same watering hole?", "description": "", "modified": "2026-04-21T05:29:42.247000", "created": "2026-04-02T07:36:27.829000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": "698f07428f6e35876e034e41", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "41 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "698f07428f6e35876e034e41", "name": "Chance Encounter Commuting from U of A to GoA - 02.13.2026", "description": "My 1st Graph: Hidden Boots on my Phone ( Chance Encounter Commuting from U of A to GoA - 02.13.2026 ). \nConclusion: U of A and the Governments of Alberta, and those of Treaty 6/7/8 have been victims of crime.\nhttps://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "modified": "2026-03-15T10:19:15.579000", "created": "2026-02-13T11:13:03.870000", "tags": [ "raspberry pi", "hdmi", "hdmi mode", "uncomment", "additional", "usb mass", "pi02", "pi zero", "zero", "enable drm", "program", "license", "free software", "foundation", "general public", "gnu general", "public license", "the program", "copyright", "sections", "june", "general", "april", "vice", "drivers", "analog", "digital", "video", "bus support", "media", "accelerometers", "capacitance", "resolver", "android", "flash", "monitoring", "codec", "loop", "light", "linear", "tools", "class", "speakup", "core support", "legacy", "kernel", "this software", "including", "but not", "limited to", "ltd all", "redistributions", "disclaimer", "is provided", "damage", "info", "params", "gpio", "gpio pin", "select", "digital volume", "load", "gpios", "compute module", "spi bus", "front", "clock", "speed", "tiny", "kali", "oled", "systemd", "digi", "miso", "screen", "show", "global property", "bootmenu", "label", "booting", "please", "javascript", "entity", "file list", "size first", "credits text", "readme text", "no meaningful", "url list", "status https", "domain list", "enom", "registrar", "ltd dba", "com laude", "ip address", "ip adresses", "U of A", "GoA", "Treaty 6", "Treaty 7", "Treaty 8", "AHS" ], "references": [ "cmdline.txt", "config.txt", "COPYING.linux", "config-5.15.44-Re4son-v7+", "config-5.15.44-Re4son-v7l+", "config-5.15.44-Re4son-v8l+", "config-5.15.44-Re4son+", "config-5.15.44-Re4son-v8+", "grub_background.sh", "LICENCE.broadcom", "README", "theme.txt", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations", "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e", "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark", "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Agriculture", "Finance", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 812, "URL": 2492, "hostname": 1171, "FileHash-SHA256": 2057, "CVE": 2, "FileHash-MD5": 14, "FileHash-SHA1": 16, "email": 2, "CIDR": 118 }, "indicator_count": 6684, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "78 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "654c5970817e6bf8b0e5b5ff", "name": "Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server | Apple iOS", "description": "Darkside 2020 Ecosystem .BEware\nMalicious Tor server. Link found in pulse created prior. \nMalvertizing target: Tsara Brashears\nRevenge Porn.\nThere may me others. Malicious Apple activities, locating, CVE exploits, unlocking, hijacker, service transfer, spyware, malicious full auth, tracking, endless. Seems to originate from a law firm that goes to far to defend clients and silence alleged victims. \nSome State allow the same privileges and tools the federal government to insurance, workers compensation, investigators and insurance company law firms for investigations. \nFear tactics they seem willing to back up. I was approached and asked about my cyber knowledge by strangers. I am followed now for using a tool properly.\nALL terms auto populated from various tools from various tools used including, State, Brian Sabey, cyber stalking. Perhaps he's made contact with target. Danger!", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-09T04:00:48.087000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 339, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "654c597a4a45c8d84f0b15c1", "name": "Lucky Mouse APT27 | Feodo Tracker | Malicious Tor Server | Apple iOS", "description": "Darkside 2020 Ecosystem .BEware\nMalicious Tor server. Link found in pulse created prior. \nMalvertizing target: Tsara Brashears\nRevenge Porn.\nThere may me others. Malicious Apple activities, locating, CVE exploits, unlocking, hijacker, service transfer, spyware, malicious full auth, tracking, endless. Seems to originate from a law firm that goes to far to defend clients and silence alleged victims. \nSome State allow the same privileges and tools the federal government to insurance, workers compensation, investigators and insurance company law firms for investigations. \nFear tactics they seem willing to back up. I was approached and asked about my cyber knowledge by strangers. I am followed now for using a tool properly.\nALL terms auto populated from various tools from various tools used including, State, Brian Sabey, cyber stalking. Perhaps he's made contact with target. Danger!", "modified": "2023-12-09T03:01:57.989000", "created": "2023-11-09T04:00:58.166000", "tags": [ "ssl certificate", "historical ssl", "communicating", "contacted", "resolutions", "whois record", "whois whois", "whois parent", "whois siblings", "skynet", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "cisco umbrella", "site", "safe site", "million", "team", "microsoft", "back", "download", "phishing", "union", "bank", "malicious site", "blacklist http", "exit", "traffic", "node tcp", "tor known", "tor relayrouter", "et tor", "known tor", "relayrouter", "anonymizer", "spammer", "malware", "dropped", "unlocker", "http", "critical risk", "redline stealer", "core", "hacktool", "execution", "type win32", "exe size", "first seen", "file name", "avast win32", "win32", "avg win32", "fortinet", "vitro", "mb first", "rmndrp", "clean mx", "undetected dns8", "undetected vx", "sophos", "vault", "zdb zeus", "cmc threat", "snort ip", "feodo tracker", "cybereason", "send bug", "pe yandex", "no data", "tag count", "count blacklist", "tag tag", "algorithm", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "key info", "key algorithm", "key identifier", "first", "seen", "valid", "no na", "no no", "ip security", "cndst root", "ca x3", "ca id", "research group", "cnisrg root", "no expired", "mozilla", "android", "malicious red team", "tsara brashears", "cyber stalking", "malvertizing", "invasion of privacy", "threat", "adult content", "apple", "iphone unlocker", "android", "exploited spyware", "malware host", "brute force", "revenge-rat", "banker", "evasive", "domain", "redline", "stealer", "phishing", "ramnit", "unreliable subdomains", "dridex", "gating", "msil", "rat", "loki", "network", "hacking", "sinkhole", "azorult", "c2", "historicalandnew", "targeted attack", "puffstealer", "rultazo", "lokibot", "loki pws", "burkina", "banker,dde,dridex,exploit", "banker,dridex,evasive", "trickbot", "ransomware,torrentlocker", "exploit_source", "blacknet", "FileRepMalware", "linux agent", "blacknet", "ios", "phishing paypal", "tagging", "defacement", "hit", "bounty", "phishing site", "malware site", "malware download", "endangerment", "Malicious domain - SANS Internet Storm Center", "evasive,msil,rat,revenge-rat", "prism_setting", "prism_object", "static engine", "social engineering", "jansky", "worm", "network rat", "networm", "Loki Password Stealer (PWS)", "South Carolina Federal Credit Union phishing", "darkweb", "yandex", "redirectors", "blacknet threats", "phishing,ransomware,sinkhole", "wanacrypt0r,wannacry,wcry", "tor c++", "tor c++ client", "python user", "js user", "hacker", "hijacker", "heur", "maltiverse", "alexa top", "exploit", "riskware", "unsafe", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "crack", "webtoolbar", "search live", "api blog", "docs pricing", "november", "de indicators", "domains", "hashes", "__convergedlogin_pcustomizationloader_44b450e8d543eb53930d", "malicious url", "financial", "blacknet rat", "azorult", "stealer", "deep scan", "blacklist https", "referrer", "collections kp", "incident ip", "sneaky server", "replacement", "unauthorized", "emotet", "noname057", "generic malware", "engineering", "cyber threat", "facebook", "paypal", "dropbox", "united", "america", "banking", "wells fargo", "steam", "twitter", "sliver", "daum", "swift", "runescape", "betabot", "district", "iframe", "alexa", "downldr", "agent", "presenoker", "bladabindi", "live", "conduit", "pony", "covid19", "malicious", "cobalt strike", "suppobox", "ramnit", "meterpreter", "virut", "njrat", "pykspa", "asyncrat", "downloader", "fakealert", "binder", "virustotal", "formbook", "necurs", "trojan", "msil", "hiloti", "vawtrak", "simda", "kraken", "solimba", "icedid", "redirector", "suspic", "amadey", "raccoon", "nanocore rat", "revenge rat", "genkryptik", "fuery", "wacatac", "service", "cloudeye", "tinba", "domaiq", "ave maria", "zeus", "ransomware", "zbot", "generic", "trojanspy", "states", "inmortal", "locky", "strike", "china cobalt", "keybase", "cutwail", "citadel", "radamant", "kovter", "bradesco", "nymaim", "amonetize", "bondat", "ghost rat", "vjw0rm", "bandoo", "matsnu", "dnspionage", "darkgate", "vidar", "keylogger", "remcos", "agenttesla", "detplock", "win64", "smokeloader", "agent tesla", "kgs0", "kls0", "urls", "type name", "dns replication", "date", "domain", "win32 exe", "files", "detections type", "name", "drpsuinstaller", "vdfsurfs", "opera", "icwrmind", "notepad", "installer", "miner", "unknown", "networm", "houdini", "quasar rat", "gamehack", "dbatloader", "qakbot", "ursnif", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-6332", "CVE-2017-11882", "CVE-2020-0601", "CVE-2020-0674", "hallrender.com", "brian sabey", "insurance", "botnetwork", "botmaster", "command_and_control", "CVE-2021-27065", "CVE-2021-40444", "CVE-2023-4966", "CVE-2017-0199", "CVE-2018-4893", "CVE-2010-3333", "CVE-2015-1641", "CVE-2017-0147", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-8373", "CVE-2017-8759", "CVE-2018-8453", "CVE-2014-3153", "CVE-2015-1650", "CVE-2017-0143", "CVE-2017-8464", "Icefog", "Delf.NBX", "$WebWatson", "Gen:Heur.Ransom.HiddenTears", "mobilekey.pw", "bitbucket.org", "Anomalous.100%", "malware distribution site", "gootkit", "edsaid", "rightsaided", "betabot", "cobaltstrike4.tk", "mas.to", "BehavesLike.YahLover", "srdvd16010404", "languageenu", "buildno", "channelisales", "vendorname2581", "osregion", "device", "systemlocale", "majorver16", "quasar", "find", "lockbit", "chaos", "ransomexx", "grandoreiro", "evilnum", "banker" ], "references": [ "https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7", "20.99.186.246 exploit source", "fp2e7a.wpc.2be4.phicdn.net", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found)", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker)", "http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper)", "init.ess.apple.com (malicious code script)", "https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found )", "https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators", "VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection", "Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246", "IPv4 45.12.253.72. command_and_control", "Hostname: ddos.dnsnb8.net command_and_control", "IPv4 95.213.186.51 command_and_control", "Hostname: www.supernetforme.com command_and_control", "IPv4 103.224.182.246 command_and_control", "IPv4 72.251.233.245 command_and_control", "IPv4 63.251.106.25 command_and_control", "IPv4 45.15.156.208 command_and_control", "IPv4 104.247.81.51 command_and_control", "http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing)", "https://downloaddevtools.ir/ (phishing)", "happylifehappywife.com", "apples.encryptedwork.com (Interesting in the blacknet)", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker)", "https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker)", "https://www.apple.com/shop/browse/open/country_selector (exploit)", "www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!", "http://init-p01st.push.apple.com/bag (malicious web creator)", "opencve.djgummikuh.de (CVE dispensary)", "Maltiverse Research Team", "URLscan.io", "Deep Research", "Hybrid Analysis", "URLhaus Abuse.ch", "Cyber Threat Coalition", "ThreatFox Abuse.ch" ], "public": 1, "adversary": "Lucky Mouse APT27 | NoName057(16) | Unnamed", "targeted_countries": [ "United States of America", "France", "Spain" ], "malware_families": [ { "id": "Feodo", "display_name": "Feodo", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Redline Stealer", "display_name": "Redline Stealer", "target": null }, { "id": "Ramnit.N", "display_name": "Ramnit.N", "target": null }, { "id": "Loki Bot", "display_name": "Loki Bot", "target": null }, { "id": "Loki Password Stealer (PWS)", "display_name": "Loki Password Stealer (PWS)", "target": null }, { "id": "AZORult", "display_name": "AZORult", "target": null }, { "id": "Zbd Zeus", "display_name": "Zbd Zeus", "target": null }, { "id": "Trojan:MSIL/Burkina", "display_name": "Trojan:MSIL/Burkina", "target": "/malware/Trojan:MSIL/Burkina" }, { "id": "Generic.TrickBot.1", "display_name": "Generic.TrickBot.1", "target": null }, { "id": "Exploit.CVE", "display_name": "Exploit.CVE", "target": null }, { "id": "Injector.IS.gen", "display_name": "Injector.IS.gen", "target": null }, { "id": "Gen:Variant.Razy", "display_name": "Gen:Variant.Razy", "target": null }, { "id": "Trojan.Androm.Gen", "display_name": "Trojan.Androm.Gen", "target": null }, { "id": "HEUR:Trojan.Linux.Agent", "display_name": "HEUR:Trojan.Linux.Agent", "target": null }, { "id": "BScope.Trojan", "display_name": "BScope.Trojan", "target": null }, { "id": "VBA.Downloader", "display_name": "VBA.Downloader", "target": null }, { "id": "Trojan.Notifier", "display_name": "Trojan.Notifier", "target": null }, { "id": "HEUR:Trojan.MSOffice.Alien", "display_name": "HEUR:Trojan.MSOffice.Alien", "target": null }, { "id": "Unsafe.AI_Score_100%", "display_name": "Unsafe.AI_Score_100%", "target": null }, { "id": "Gen:Variant.Johnnie", "display_name": "Gen:Variant.Johnnie", "target": null }, { "id": "DangerousObject.Multi", "display_name": "DangerousObject.Multi", "target": null }, { "id": "Trojan:Python/Downldr", "display_name": "Trojan:Python/Downldr", "target": "/malware/Trojan:Python/Downldr" }, { "id": "Trojan:Linux/Downldr", "display_name": "Trojan:Linux/Downldr", "target": "/malware/Trojan:Linux/Downldr" }, { "id": "Trojan:VBA/Downldr", "display_name": "Trojan:VBA/Downldr", "target": "/malware/Trojan:VBA/Downldr" }, { "id": "TrojanDownloader:Linux/Downldr", "display_name": "TrojanDownloader:Linux/Downldr", "target": "/malware/TrojanDownloader:Linux/Downldr" }, { "id": "Kryptik.FPH.gen", "display_name": "Kryptik.FPH.gen", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Trojan.Ransom.GenericKD", "display_name": "Trojan.Ransom.GenericKD", "target": null }, { "id": "Phish.JAT", "display_name": "Phish.JAT", "target": null }, { "id": "Phishing.HTML", "display_name": "Phishing.HTML", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "Phish.AB", "display_name": "Phish.AB", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "ml.Generic", "display_name": "ml.Generic", "target": null }, { "id": "Xegumumune.8596c22f", "display_name": "Xegumumune.8596c22f", "target": null }, { "id": "Generic.Malware.SMYB", "display_name": "Generic.Malware.SMYB", "target": null }, { "id": "malicious.moderate.ml", "display_name": "malicious.moderate.ml", "target": null }, { "id": "Agent.NBAE", "display_name": "Agent.NBAE", "target": null }, { "id": "AGEN.1045227", "display_name": "AGEN.1045227", "target": null }, { "id": "Riskware.Agent", "display_name": "Riskware.Agent", "target": null }, { "id": "Gen:Variant.Cerbu", "display_name": "Gen:Variant.Cerbu", "target": null }, { "id": "IL:Trojan.MSILZilla", "display_name": "IL:Trojan.MSILZilla", "target": null }, { "id": "Dropped:Generic.Ransom.DMR", "display_name": "Dropped:Generic.Ransom.DMR", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "malicious.f01f67", "display_name": "malicious.f01f67", "target": null }, { "id": "AGEN.1144657", "display_name": "AGEN.1144657", "target": null }, { "id": "Trojan.Heur", "display_name": "Trojan.Heur", "target": null }, { "id": "Trojan.Malware.300983", "display_name": "Trojan.Malware.300983", "target": null }, { "id": "SdBot.CAOC", "display_name": "SdBot.CAOC", "target": null }, { "id": "Trojan.DelShad", "display_name": "Trojan.DelShad", "target": null }, { "id": "Exploit CVE-2017-11882", "display_name": "Exploit CVE-2017-11882", "target": null }, { "id": "GameHack.NL", "display_name": "GameHack.NL", "target": null }, { "id": "JS:Trojan.HideLink", "display_name": "JS:Trojan.HideLink", "target": null }, { "id": "Script.Agent", "display_name": "Script.Agent", "target": null }, { "id": "Macro.Agent", "display_name": "Macro.Agent", "target": null }, { "id": "Macro.Downloader.AMIP", "display_name": "Macro.Downloader.AMIP", "target": null }, { "id": "Trojan.VBA", "display_name": "Trojan.VBA", "target": null }, { "id": "HEUR.VBA.Trojan", "display_name": "HEUR.VBA.Trojan", "target": null }, { "id": "VB.EmoooDldr.10", "display_name": "VB.EmoooDldr.10", "target": null }, { "id": "VB:Trojan.Valyria", "display_name": "VB:Trojan.Valyria", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Packed-GV", "display_name": "Packed-GV", "target": null }, { "id": "Adware.InstallMonetizer", "display_name": "Adware.InstallMonetizer", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "HW32.Packed", "display_name": "HW32.Packed", "target": null }, { "id": "Zpevdo.B", "display_name": "Zpevdo.B", "target": null }, { "id": "Presenoker", "display_name": "Presenoker", "target": null }, { "id": "SGeneric", "display_name": "SGeneric", "target": null }, { "id": "GameHack.DOM", "display_name": "GameHack.DOM", "target": null }, { "id": "BehavesLike.Ransom", "display_name": "BehavesLike.Ransom", "target": null }, { "id": "CIL.StupidCryptor", "display_name": "CIL.StupidCryptor", "target": null }, { "id": "Gen:Heur.Ransom.MSIL", "display_name": "Gen:Heur.Ransom.MSIL", "target": null }, { "id": "Black.Gen2", "display_name": "Black.Gen2", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Trojan.HTML.PHISH", "display_name": "Trojan.HTML.PHISH", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Program.Unwanted", "display_name": "Program.Unwanted", "target": null }, { "id": "HEUR/QVM42.3.72EB.Malware", "display_name": "HEUR/QVM42.3.72EB.Malware", "target": null }, { "id": "suspicious.low.ml", "display_name": "suspicious.low.ml", "target": null }, { "id": "JS:Trojan.Cryxos", "display_name": "JS:Trojan.Cryxos", "target": null }, { "id": "Suspicious_GEN.F47V0520", "display_name": "Suspicious_GEN.F47V0520", "target": null }, { "id": "Dropper.Trojan.Generic", "display_name": "Dropper.Trojan.Generic", "target": null }, { "id": "Trojan.TrickBot", "display_name": "Trojan.TrickBot", "target": null }, { "id": "Malware.Tk.Generic", "display_name": "Malware.Tk.Generic", "target": null }, { "id": "TrojanSpy.Java", "display_name": "TrojanSpy.Java", "target": null }, { "id": "Riskware.NetFilter", "display_name": "Riskware.NetFilter", "target": null }, { "id": "RiskWare.Crack", "display_name": "RiskWare.Crack", "target": null }, { "id": "BehavesLike.Exploit", "display_name": "BehavesLike.Exploit", "target": null }, { "id": "Gen:NN.ZemsilF.34128", "display_name": "Gen:NN.ZemsilF.34128", "target": null }, { "id": "Wacapew.C", "display_name": "Wacapew.C", "target": null }, { "id": "Trojan.Malware.121218", "display_name": "Trojan.Malware.121218", "target": null }, { "id": "RiskWare.HackTool.Agent", "display_name": "RiskWare.HackTool.Agent", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Trojan.Generic", "display_name": "Trojan.Generic", "target": null }, { "id": "W32.Trojan", "display_name": "W32.Trojan", "target": null }, { "id": "BScope.Riskware", "display_name": "BScope.Riskware", "target": null }, { "id": "Gen:Variant.Bulz", "display_name": "Gen:Variant.Bulz", "target": null }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "Virus.Ramnit", "display_name": "Virus.Ramnit", "target": null }, { "id": "Virus.Virut", "display_name": "Virus.Virut", "target": null }, { "id": "Adware.KuziTui", "display_name": "Adware.KuziTui", "target": null }, { "id": "AGEN.1141126", "display_name": "AGEN.1141126", "target": null }, { "id": "W32.AIDetect", "display_name": "W32.AIDetect", "target": null }, { "id": "Trojan.Python", "display_name": "Trojan.Python", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "Suspicious.Save", "display_name": "Suspicious.Save", "target": null }, { "id": "Adware.Downware", "display_name": "Adware.Downware", "target": null }, { "id": "Ransom.Win64.Wacatac.oa", "display_name": "Ransom.Win64.Wacatac.oa", "target": null }, { "id": "OpenSubtitles.A", "display_name": "OpenSubtitles.A", "target": null }, { "id": "VB.EmoDldr.4", "display_name": "VB.EmoDldr.4", "target": null }, { "id": "Gen:Variant.Midie", "display_name": "Gen:Variant.Midie", "target": null }, { "id": "HEUR/QVM41.2.DA9B.Malware", "display_name": "HEUR/QVM41.2.DA9B.Malware", "target": null }, { "id": "Gen:Variant.Sirefef", "display_name": "Gen:Variant.Sirefef", "target": null }, { "id": "Macro.Trojan.Dropperd", "display_name": "Macro.Trojan.Dropperd", "target": null }, { "id": "BlackNET RAT", "display_name": "BlackNET RAT", "target": null }, { "id": "Gen:Variant.Ursu", "display_name": "Gen:Variant.Ursu", "target": null }, { "id": "Redcap.rlhse", "display_name": "Redcap.rlhse", "target": null }, { "id": "Trojan.Trickster", "display_name": "Trojan.Trickster", "target": null }, { "id": "HTML_REDIR.SMR", "display_name": "HTML_REDIR.SMR", "target": null }, { "id": "TROJ_FRS.VSNTFK19", "display_name": "TROJ_FRS.VSNTFK19", "target": null }, { "id": "Hoax.JS.Phish", "display_name": "Hoax.JS.Phish", "target": null }, { "id": "JS:Iframe", "display_name": "JS:Iframe", "target": null }, { "id": "Application.SQLCrack", "display_name": "Application.SQLCrack", "target": null }, { "id": "susp.lnk", "display_name": "susp.lnk", "target": null }, { "id": "QVM201.0.B70B.Malware", "display_name": "QVM201.0.B70B.Malware", "target": null }, { "id": "Immortal Stealer", "display_name": "Immortal Stealer", "target": null }, { "id": "WebMonitor RAT", "display_name": "WebMonitor RAT", "target": null }, { "id": "Tor - S0183", "display_name": "Tor - S0183", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "WannaCryptor", "display_name": "WannaCryptor", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "BlackNET", "display_name": "BlackNET", "target": null }, { "id": "DeepScan:Generic.Ransom.GandCrab5", "display_name": "DeepScan:Generic.Ransom.GandCrab5", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "States", "display_name": "States", "target": null }, { "id": "Inmortal", "display_name": "Inmortal", "target": null }, { "id": "Domains", "display_name": "Domains", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Delf.NBX", "display_name": "Delf.NBX", "target": null }, { "id": "Gen:NN.ZexaF.32515", "display_name": "Gen:NN.ZexaF.32515", "target": null }, { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Gen:Variant.MSILPerseus", "display_name": "Gen:Variant.MSILPerseus", "target": null }, { "id": "Icefog", "display_name": "Icefog", "target": null }, { "id": "$WebWatson", "display_name": "$WebWatson", "target": null }, { "id": "Agent.AIK.gen", "display_name": "Agent.AIK.gen", "target": null }, { "id": "Agent.AIK.genCIL.StupidCryptor", "display_name": "Agent.AIK.genCIL.StupidCryptor", "target": null }, { "id": "Agent.YPEZ", "display_name": "Agent.YPEZ", "target": null }, { "id": "Application.InnovativSol", "display_name": "Application.InnovativSol", "target": null }, { "id": "Agent.ASO", "display_name": "Agent.ASO", "target": null }, { "id": "S-b748adc5", "display_name": "S-b748adc5", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "Kryptik.GUCB", "display_name": "Kryptik.GUCB", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Autoit.bimwt", "display_name": "Autoit.bimwt", "target": null }, { "id": "HEUR:Trojan.OLE2.Alien", "display_name": "HEUR:Trojan.OLE2.Alien", "target": null }, { "id": "AGEN.1038489", "display_name": "AGEN.1038489", "target": null }, { "id": "Gen:Variant.Ser.Strictor", "display_name": "Gen:Variant.Ser.Strictor", "target": null }, { "id": "Packed.Themida.Gen", "display_name": "Packed.Themida.Gen", "target": null }, { "id": "AGEN.1043164", "display_name": "AGEN.1043164", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Trojan.PornoAsset", "display_name": "Trojan.PornoAsset", "target": null }, { "id": "Ransom.Win64.PORNOASSET.SM1", "display_name": "Ransom.Win64.PORNOASSET.SM1", "target": null }, { "id": "Gen:Variant.Ulise", "display_name": "Gen:Variant.Ulise", "target": null }, { "id": "Trojan.Win64", "display_name": "Trojan.Win64", "target": null }, { "id": "Dropper.Trojan.Agent", "display_name": "Dropper.Trojan.Agent", "target": null }, { "id": "Heur.BZC.YAX.Pantera.10", "display_name": "Heur.BZC.YAX.Pantera.10", "target": null }, { "id": "malicious.high.ml", "display_name": "malicious.high.ml", "target": null }, { "id": "CVE-2015-1650", "display_name": "CVE-2015-1650", "target": null }, { "id": "Worm.Win64.AutoRun", "display_name": "Worm.Win64.AutoRun", "target": null }, { "id": "AIT.Heur.Cottonmouth.8.78F19BD7", "display_name": "AIT.Heur.Cottonmouth.8.78F19BD7", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "Pua.Gen", "display_name": "Pua.Gen", "target": null }, { "id": "Trojan.Downloader.Generic", "display_name": "Trojan.Downloader.Generic", "target": null }, { "id": "Suspected of Trojan.Downloader.gen", "display_name": "Suspected of Trojan.Downloader.gen", "target": null }, { "id": "HEUR:RemoteAdmin.Generic", "display_name": "HEUR:RemoteAdmin.Generic", "target": null }, { "id": "Gen:Heur.Ransom.HiddenTears", "display_name": "Gen:Heur.Ransom.HiddenTears", "target": null }, { "id": "Nemucod.A", "display_name": "Nemucod.A", "target": null }, { "id": "Backdoor.Hupigon", "display_name": "Backdoor.Hupigon", "target": null }, { "id": "Trojan.Starter JS.Iframe", "display_name": "Trojan.Starter JS.Iframe", "target": null }, { "id": "fake ,promethiumm ,strongpity", "display_name": "fake ,promethiumm ,strongpity", "target": null }, { "id": "PUA.Reg1staid", "display_name": "PUA.Reg1staid", "target": null }, { "id": "Malware.Heur_Generic.A", "display_name": "Malware.Heur_Generic.A", "target": null }, { "id": "Bladabindi.Q", "display_name": "Bladabindi.Q", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "malicious.6e0700", "display_name": "malicious.6e0700", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "TSGeneric", "display_name": "TSGeneric", "target": null }, { "id": "RedCap.vneda", "display_name": "RedCap.vneda", "target": null }, { "id": "Trojan.Indiloadz", "display_name": "Trojan.Indiloadz", "target": null }, { "id": "Trojan.Ekstak", "display_name": "Trojan.Ekstak", "target": null }, { "id": "staticrr.paleokits.net", "display_name": "staticrr.paleokits.net", "target": null }, { "id": "MSIL.Downloader", "display_name": "MSIL.Downloader", "target": null }, { "id": "Trojan.Autoruns.GenericKDS", "display_name": "Trojan.Autoruns.GenericKDS", "target": null }, { "id": "MSIL.Trojan.BSE", "display_name": "MSIL.Trojan.BSE", "target": null }, { "id": "Adload.AD81", "display_name": "Adload.AD81", "target": null }, { "id": "Packed.Asprotect", "display_name": "Packed.Asprotect", "target": null }, { "id": "Gen:NN.ZemsilF.34062", "display_name": "Gen:NN.ZemsilF.34062", "target": null }, { "id": "Evo", "display_name": "Evo", "target": null }, { "id": "Agent.pwc", "display_name": "Agent.pwc", "target": null }, { "id": "RiskTool.Phpw", "display_name": "RiskTool.Phpw", "target": null }, { "id": "Gen:Variant.Symmi", "display_name": "Gen:Variant.Symmi", "target": null }, { "id": "Trojan.PWS", "display_name": "Trojan.PWS", "target": null }, { "id": "Generic.BitCoinMiner.3", "display_name": "Generic.BitCoinMiner.3", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "Gen:NN", "display_name": "Gen:NN", "target": null }, { "id": "Downloader.CertutilURLCache", "display_name": "Downloader.CertutilURLCache", "target": null }, { "id": "Elf", "display_name": "Elf", "target": null }, { "id": "Gen:Heur.MSIL.Androm", "display_name": "Gen:Heur.MSIL.Androm", "target": null }, { "id": "Kryptik.NRD", "display_name": "Kryptik.NRD", "target": null }, { "id": "Riskware", "display_name": "Riskware", "target": null }, { "id": "Kuluoz.B.gen", "display_name": "Kuluoz.B.gen", "target": null }, { "id": "Gen:Variant.RevengeRat", "display_name": "Gen:Variant.RevengeRat", "target": null }, { "id": "Gen:Variant.Mikey", "display_name": "Gen:Variant.Mikey", "target": null }, { "id": "VB.Chronos.7", "display_name": "VB.Chronos.7", "target": null }, { "id": "Kryptik.NOE", "display_name": "Kryptik.NOE", "target": null }, { "id": "HEUR:WebToolbar.Generic", "display_name": "HEUR:WebToolbar.Generic", "target": null }, { "id": "Gen:Variant.Barys", "display_name": "Gen:Variant.Barys", "target": null }, { "id": "Backdoor.Xtreme", "display_name": "Backdoor.Xtreme", "target": null }, { "id": "Trojan.MSIL", "display_name": "Trojan.MSIL", "target": null }, { "id": "Gen:Variant.Graftor", "display_name": "Gen:Variant.Graftor", "target": null }, { "id": "Backdoor.Agent", "display_name": "Backdoor.Agent", "target": null }, { "id": "Unsafe", "display_name": "Unsafe", "target": null }, { "id": "Trojan.PHP.Agent", "display_name": "Trojan.PHP.Agent", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "HEUR:Exploit.Generic", "display_name": "HEUR:Exploit.Generic", "target": null }, { "id": "Ransom_WCRY.SMALYM", "display_name": "Ransom_WCRY.SMALYM", "target": null }, { "id": "Ransom_WCRY.SMJ", "display_name": "Ransom_WCRY.SMJ", "target": null }, { "id": "Auslogics", "display_name": "Auslogics", "target": null }, { "id": "Gen:Variant.Jaiko", "display_name": "Gen:Variant.Jaiko", "target": null }, { "id": "Exploit.W32.Agent", "display_name": "Exploit.W32.Agent", "target": null }, { "id": "Trojan.Cud.Gen", "display_name": "Trojan.Cud.Gen", "target": null }, { "id": "Trojan.DOC.Downloader", "display_name": "Trojan.DOC.Downloader", "target": null }, { "id": "Backdoor.MSIL.Agent", "display_name": "Backdoor.MSIL.Agent", "target": null }, { "id": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "display_name": "Gen:Trojan.Heur2.LPTbHW@W64.HfsAutoB", "target": null }, { "id": "Gen:Variant.Kazy", "display_name": "Gen:Variant.Kazy", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Ransom.WannaCrypt", "display_name": "Ransom.WannaCrypt", "target": null }, { "id": "Generic.ServStart.A", "display_name": "Generic.ServStart.A", "target": null }, { "id": "Trojan.Wanna", "display_name": "Trojan.Wanna", "target": null }, { "id": "Generic.MSIL.Bladabindi", "display_name": "Generic.MSIL.Bladabindi", "target": null }, { "id": "TROJ_GEN.R002C0OG518", "display_name": "TROJ_GEN.R002C0OG518", "target": null }, { "id": "Trojan.Chapak", "display_name": "Trojan.Chapak", "target": null }, { "id": "Indiloadz.BB", "display_name": "Indiloadz.BB", "target": null }, { "id": "BehavBehavesLike.PUPXBI", "display_name": "BehavBehavesLike.PUPXBI", "target": null }, { "id": "DeepScan:Generic.SpyAgent.6", "display_name": "DeepScan:Generic.SpyAgent.6", "target": null }, { "id": "Python.KeyLogger", "display_name": "Python.KeyLogger", "target": null }, { "id": "GameHack.CRS", "display_name": "GameHack.CRS", "target": null }, { "id": "Generic.MSIL.PasswordStealer", "display_name": "Generic.MSIL.PasswordStealer", "target": null }, { "id": "PSW.Agent", "display_name": "PSW.Agent", "target": null }, { "id": "malicious.8c45ba", "display_name": "malicious.8c45ba", "target": null }, { "id": "Dropper.Binder", "display_name": "Dropper.Binder", "target": null }, { "id": "Constructor.MSIL", "display_name": "Constructor.MSIL", "target": null }, { "id": "Linux.Agent", "display_name": "Linux.Agent", "target": null }, { "id": "Virus.3DMax.Script", "display_name": "Virus.3DMax.Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Application.SearchProtect", "display_name": "Application.SearchProtect", "target": null }, { "id": "JS:Trojan.Clicker", "display_name": "JS:Trojan.Clicker", "target": null }, { "id": "Faceliker.A", "display_name": "Faceliker.A", "target": null }, { "id": "JS:Trojan.JS.Faceliker", "display_name": "JS:Trojan.JS.Faceliker", "target": null }, { "id": "Constructor.MSIL Linux.Agent", "display_name": "Constructor.MSIL Linux.Agent", "target": null }, { "id": "PowerShell.Trojan", "display_name": "PowerShell.Trojan", "target": null }, { "id": "HTML:Script", "display_name": "HTML:Script", "target": null }, { "id": "ScrInject.B", "display_name": "ScrInject.B", "target": null }, { "id": "W32.AIDetectVM", "display_name": "W32.AIDetectVM", "target": null }, { "id": "HackTool.CheatEngine", "display_name": "HackTool.CheatEngine", "target": null }, { "id": "Injector.CLDS", "display_name": "Injector.CLDS", "target": null }, { "id": "VB.Downloader.2", "display_name": "VB.Downloader.2", "target": null }, { "id": "malicious.3e78cc", "display_name": "malicious.3e78cc", "target": null }, { "id": "malicious.d800d6", "display_name": "malicious.d800d6", "target": null }, { "id": "VB.PwShell.2", "display_name": "VB.PwShell.2", "target": null }, { "id": "Backdoor.RBot", "display_name": "Backdoor.RBot", "target": null }, { "id": "malicious.71b1a8", "display_name": "malicious.71b1a8", "target": null }, { "id": "TrojanSpy.KeyLogger", "display_name": "TrojanSpy.KeyLogger", "target": null }, { "id": "Injector.JDO", "display_name": "Injector.JDO", "target": null }, { "id": "Heur.Msword.Gen", "display_name": "Heur.Msword.Gen", "target": null }, { "id": "PSW.Discord", "display_name": "PSW.Discord", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "HEUR:AdWare.StartSurf", "display_name": "HEUR:AdWare.StartSurf", "target": null }, { "id": "Gen:Heur.NoobyProtect", "display_name": "Gen:Heur.NoobyProtect", "target": null }, { "id": "CIL.HeapOverride", "display_name": "CIL.HeapOverride", "target": null }, { "id": "HEUR:Trojan.Tasker", "display_name": "HEUR:Trojan.Tasker", "target": null }, { "id": "XLM.Trojan.Abracadabra.27", "display_name": "XLM.Trojan.Abracadabra.27", "target": null }, { "id": "HEUR:Backdoor.MSIL.NanoBot", "display_name": "HEUR:Backdoor.MSIL.NanoBot", "target": null }, { "id": "Trojan.PSW.Mimikatz", "display_name": "Trojan.PSW.Mimikatz", "target": null }, { "id": "TrojanSpy.Python", "display_name": "TrojanSpy.Python", "target": null }, { "id": "Trojan.Ole2.Vbs", "display_name": "Trojan.Ole2.Vbs", "target": null }, { "id": "Exploit.MSOffice", "display_name": "Exploit.MSOffice", "target": null }, { "id": "DeepScan:Generic.Ransom.AmnesiaE", "display_name": "DeepScan:Generic.Ransom.AmnesiaE", "target": null }, { "id": "Wacatac.D6", "display_name": "Wacatac.D6", "target": null }, { "id": "Backdoor.Androm", "display_name": "Backdoor.Androm", "target": null }, { "id": "Packed.NetSeal", "display_name": "Packed.NetSeal", "target": null }, { "id": "Trojan.MSIL.Injector", "display_name": "Trojan.MSIL.Injector", "target": null }, { "id": "Trojan.PWS.Agent", "display_name": "Trojan.PWS.Agent", "target": null }, { "id": "TScope.Trojan", "display_name": "TScope.Trojan", "target": null }, { "id": "PSW.Stealer", "display_name": "PSW.Stealer", "target": null }, { "id": "Trojan.PackedNET", "display_name": "Trojan.PackedNET", "target": null }, { "id": "Trojan.Java", "display_name": "Trojan.Java", "target": null }, { "id": "MalwareX", "display_name": "MalwareX", "target": null }, { "id": "Trojan.PSW.Python", "display_name": "Trojan.PSW.Python", "target": null }, { "id": "malicious.11abfc", "display_name": "malicious.11abfc", "target": null }, { "id": "Generic.ASMalwS", "display_name": "Generic.ASMalwS", "target": null }, { "id": "HEUR:Trojan.MSIL.Tasker", "display_name": "HEUR:Trojan.MSIL.Tasker", "target": null }, { "id": "PossibleThreat.PALLAS", "display_name": "PossibleThreat.PALLAS", "target": null }, { "id": "Backdoor.Poison", "display_name": "Backdoor.Poison", "target": null }, { "id": "Generic.MSIL.LimeRAT", "display_name": "Generic.MSIL.LimeRAT", "target": null }, { "id": "PWS-FCZZ", "display_name": "PWS-FCZZ", "target": null }, { "id": "Trojan.Script", "display_name": "Trojan.Script", "target": null }, { "id": "Gen:Heur.MSIL.Inject", "display_name": "Gen:Heur.MSIL.Inject", "target": null }, { "id": "Trojan.PWS.Growtopia", "display_name": "Trojan.PWS.Growtopia", "target": null }, { "id": "Spyware.Bobik", "display_name": "Spyware.Bobik", "target": null }, { "id": "HackTool.BruteForce", "display_name": "HackTool.BruteForce", "target": null }, { "id": "Hack.Patcher", "display_name": "Hack.Patcher", "target": null }, { "id": "PWS.p", "display_name": "PWS.p", "target": null }, { "id": "Suppobox", "display_name": "Suppobox", "target": null }, { "id": "index.php", "display_name": "index.php", "target": null }, { "id": "Packed.VMProtect", "display_name": "Packed.VMProtect", "target": null }, { "id": "SmokeLoader", "display_name": "SmokeLoader", "target": null }, { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "HEUR:Trojan.MSOffice.SAgent", "display_name": "HEUR:Trojan.MSOffice.SAgent", "target": null }, { "id": "Script.INF", "display_name": "Script.INF", "target": null }, { "id": "JS:Trojan.JS.Likejack", "display_name": "JS:Trojan.JS.Likejack", "target": null }, { "id": "SNH:Script [Dropper]", "display_name": "SNH:Script [Dropper]", "target": null }, { "id": "Trojan.JS.Agent", "display_name": "Trojan.JS.Agent", "target": null }, { "id": "APT Notes", "display_name": "APT Notes", "target": null }, { "id": "susp.rtf.objupdate", "display_name": "susp.rtf.objupdate", "target": null }, { "id": "RedCap.zoohz", "display_name": "RedCap.zoohz", "target": null }, { "id": "Trojan.Tasker", "display_name": "Trojan.Tasker", "target": null }, { "id": "virus.office.qexvmc", "display_name": "virus.office.qexvmc", "target": null }, { "id": "Trojan.KillProc", "display_name": "Trojan.KillProc", "target": null }, { "id": "Generic.MSIL.GrwtpStealer.1", "display_name": "Generic.MSIL.GrwtpStealer.1", "target": null }, { "id": "Suspicious.Cloud", "display_name": "Suspicious.Cloud", "target": null }, { "id": "PowerShell.DownLoader", "display_name": "PowerShell.DownLoader", "target": null }, { "id": "Downldr.gen", "display_name": "Downldr.gen", "target": null }, { "id": "AGEN.1030939", "display_name": "AGEN.1030939", "target": null }, { "id": "HackTool.Binder", "display_name": "HackTool.Binder", "target": null }, { "id": "Trojan.Inject", "display_name": "Trojan.Inject", "target": null }, { "id": "Dldr.Agent", "display_name": "Dldr.Agent", "target": null }, { "id": "Dropper.MSIL", "display_name": "Dropper.MSIL", "target": null }, { "id": "Trojan.VBKryjetor", "display_name": "Trojan.VBKryjetor", "target": null }, { "id": "PWSX", "display_name": "PWSX", "target": null }, { "id": "VB:Trojan.VBA.Agent", "display_name": "VB:Trojan.VBA.Agent", "target": null }, { "id": "HEUR:Trojan.MSOffice.Stratos", "display_name": "HEUR:Trojan.MSOffice.Stratos", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0029", "name": "Privilege Escalation", "display_name": "TA0029 - Privilege Escalation" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1454", "name": "Malicious SMS Message", "display_name": "T1454 - Malicious SMS Message" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 338, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1184, "FileHash-SHA1": 949, "FileHash-SHA256": 3712, "URL": 2925, "domain": 627, "hostname": 1319, "CVE": 26, "email": 8, "CIDR": 2 }, "indicator_count": 10752, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "msftauth.net", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "msftauth.net", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780349471.3811955 }