{ "type": "Domain", "indicator": "msrtc0nngcttest.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/msrtc0nngcttest.com", "alexa": "http://www.alexa.com/siteinfo/msrtc0nngcttest.com", "indicator": "msrtc0nngcttest.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3608237250, "indicator": "msrtc0nngcttest.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 15, "pulses": [ { "id": "67a9f3def74f96146bc342d5", "name": "cobalt_loader_unpacked.exe", "description": "A guide to the Cobaltloader, a 32-bit executable for Windows, has been published by the University of Oxford.. and its website is published on the same day as the release.", "modified": "2025-02-10T12:41:02.752000", "created": "2025-02-10T12:41:02.752000", "tags": [ "sha256", "sha1", "size", "ms windows", "copy ssdeep", "copy imphash", "call", "imagescnmemread", "imagescncntcode", "e5a596d6h", "rsp20h", "e5a595f0h", "e5a595dch", "rsp10h", "rsp18h", "rsp04h", "rsp08h", "rsp0ch", "rax05h", "themida", "thumbprint md5", "serial number", "vs2022", "symantec time", "stamping", "from", "algorithm", "thumbprint", "globalsign root", "submission", "w5k0fa2", "connection", "i64d", "http", "userprofile", "studio", "ldap", "detail", "cdecl sol", "socks5 connect", "ca file", "error", "class", "combo", "delta", "bind", "unknown", "void", "rest", "problem", "procin", "httpports", "ipv4 address", "homenet", "externalnet", "tgi hunt", "curl", "ip address", "et hunting", "dotted quad", "clientendpoint", "perimeter", "hunting", "informational", "policy", "outbound", "confuserex mod", "aspirecrypt", "detects", "reactor", "beds protector", "ps2exe", "bsjb", "boxedapp", "cyaxsharp", "cyaxpng", "smartassembly", "koivm", "confuserex", "obfuscator", "aspack", "titan", "enigma", "vmprotect", "strings", "rlpack", "antiem", "antisb", "loader", "sality", "dnguard" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 23, "FileHash-SHA256": 177, "FileHash-SHA1": 7, "YARA": 52, "email": 7, "IPv4": 38, "URL": 154, "domain": 14, "hostname": 58 }, "indicator_count": 530, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "477 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570978ad58c756caaaf65fa", "name": "v2 - shopping_iframe_driver.js - and Related Hashes Samples that dropped this file", "description": "", "modified": "2023-12-06T15:47:22.317000", "created": "2023-12-06T15:47:22.317000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 521, "domain": 104, "hostname": 376, "URL": 1169, "FileHash-MD5": 8, "FileHash-SHA1": 2, "email": 1 }, "indicator_count": 2181, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709786808aed5d8ee43d19", "name": "auto_open_controller.js - all the things using this .js file ;-(", "description": "", "modified": "2023-12-06T15:47:18.949000", "created": "2023-12-06T15:47:18.949000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 380, "URL": 802, "domain": 245, "hostname": 231, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 1664, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64283256f0763ff1011db1c1", "name": "88.150.174.5:8098/EDMessage_15 - vd3kfpcr8h.dattolocal.net - 3cx duplicate", "description": "Malware analysis service Falcon Sandbox provides a comprehensive guide to how to detect, identify and remove malware from computers, mobile devices and other systems, as well as providing a free trial for the service.", "modified": "2023-05-01T13:04:38.684000", "created": "2023-04-01T13:32:06", "tags": [ "trojan", "runtime data", "ansi", "unicode", "localappdata", "hybrid analysis", "potential ip", "programfiles", "input", "wilstaging02", "suspicious", "strings", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/a02556cf24c2dba721ec815e43dfbde27af22317a37d4ac42d7299eafd7f8051/6426bffd2da2654de10c54c2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 9, "domain": 2, "hostname": 2, "FileHash-SHA256": 4, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1128 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426181ff6ddb7ccafbfac76", "name": "v2 - front.viewinter.ai - plus all suggested ioc's", "description": "", "modified": "2023-04-29T23:04:49.088000", "created": "2023-03-30T23:15:43.500000", "tags": [], "references": [ "f_00023a .js - 225016fbe7412fd92296fc35ad54fd9a58a1b747cc6d5c66dd5abb299559b053", "f_000243 .js - 312571a21f35168fbed9342d755e5df0a56a053c75bd58c6aa837351f28aa0f5", "https://hybrid-analysis.com/sample/cb3eb59660aaf4566fc75ec8d4088942fcfd40b6a65e4832cf619ba4c56b5f15", "https://hybrid-analysis.com/sample/225016fbe7412fd92296fc35ad54fd9a58a1b747cc6d5c66dd5abb299559b053", "https://hybrid-analysis.com/sample/225016fbe7412fd92296fc35ad54fd9a58a1b747cc6d5c66dd5abb299559b053/6421e770b2b593f60c066418", "Part RU .js - daa8547f1dbc8c994eed3725f3076aaf6c4e298b963fb712e53eb0fa2dc1e789" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 641, "domain": 68, "hostname": 118, "FileHash-SHA256": 46, "FileHash-MD5": 7, "FileHash-SHA1": 2 }, "indicator_count": 882, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1130 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "642620d51d298e5a95b15599", "name": "api.3f94642a.js via source of twitter login page using edge browser latest version 111.", "description": "WebpackChunk_Twitter-responsive-web=webpack chunks, as well as its own webpack, to create a single \"bundle\" for all of the sites.", "modified": "2023-03-31T00:06:55.719000", "created": "2023-03-30T23:52:53.828000", "tags": [ "malware", "vxstream", "trojan", "ansi", "memoryfile scan", "scalarfield", "linkedfield", "runtime data", "requiredfield", "throw", "user", "apiuser", "error", "path", "slice", "date", "suspicious", "unknown", "stats", "bouncer", "hybrid", "model", "close", "click", "general", "strings", "malicious", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/31ab3088c37fe023e4e38296f7083905a64aa3b77c94735815f89906418d2926/642613dabe4297d3b60d91be", "twitter.com/i/flow/login" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 322, "hostname": 61, "domain": 105, "FileHash-SHA256": 24, "FileHash-MD5": 11, "FileHash-SHA1": 2 }, "indicator_count": 525, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1160 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "641e1aa9826df264513d3535", "name": "https://javadl.oracle.com/webapps/download/GetFile/1.8.0_221-b11/230deb18db3e4014bb8e3e8324f81b43/windows-i586/au.msi", "description": "", "modified": "2023-03-24T21:48:25.431000", "created": "2023-03-24T21:48:25.431000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "runtime data", "indicator", "ck id", "hook module", "function", "mitre att", "show technique", "ck matrix", "suspicious", "path", "hybrid", "model", "close", "click", "servermain", "strings", "malicious", "qakbot", "https://javadl.oracle.com/webapps/download/GetFile/1.8.0_221-b11" ], "references": [ "https://hybrid-analysis.com/sample/e30f5dffbf25579eaf9f3d641a755fe67902dbeb42cee18d99822cdb0ae06d76/6419b01d25d93c7f9b065ce8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 44, "hostname": 5, "URL": 10, "domain": 2, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1166 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "641e17310345ddc8636a4438", "name": "NMR Information Server spincore scam site part 2", "description": "", "modified": "2023-03-24T21:33:37.339000", "created": "2023-03-24T21:33:37.339000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "dropped file", "ansi", "runtime data", "font", "span", "pattern match", "september", "march", "july", "new ansi", "june", "august", "february", "april", "date", "suspicious", "panic", "school", "munich", "mars", "istanbul", "hybrid", "general", "close", "click", "meta", "fort", "alabama", "cleaner", "king", "mexico", "troy", "strings", "qakbot", "nmr", "mri", "spectroscopy", "chemistry", "magnetic resonance", "nuclear magnetic resonance", "magnetic resonance imaging", "strong", "new software", "october", "university", "assistant" ], "references": [ "https://www.spincore.com/nmrinfo", "https://hybrid-analysis.com/sample/05347bbf321a6b28b95e8f7e7b37c76a33fbe9973a6998efbf171853cdf97501/6419af121f9ed33b920c27bb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 222, "hostname": 65, "domain": 6, "FileHash-SHA256": 30, "email": 5, "FileHash-MD5": 2, "FileHash-SHA1": 2 }, "indicator_count": 332, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1166 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63f62965a39ad88202f75fca", "name": "v2 - shopping_iframe_driver.js - and Related Hashes Samples that dropped this file", "description": "Here is the full report on the Falcon Sandbox malware analysis service, available to download and view at www.falcon.com (formerly Falcon MalQuery) and the BBC iPlayer.", "modified": "2023-03-24T14:03:40.832000", "created": "2023-02-22T14:40:37.370000", "tags": [ "docmarina", "qchlemail", "utfx86", "payment advice", "note", "vendor", "gf5de", "confirm", "payment receipt", "ach transfer", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "runtime data", "memoryfile scan", "ck id", "array", "typeerror", "typeof symbol", "mitre att", "show technique", "ck matrix", "date", "path", "error", "generator", "suspicious", "format", "void", "hybrid", "model", "general", "close", "click", "ransomware", "february", "strings", "malicious", "00eb49d81e1ca0b23a15e3d902e3ee40f5069da86e6f31d79424e97c70471d56", "shopping_iframe_driver.js" ], "references": [ "00eb49d81e1ca0b23a15e3d902e3ee40f5069da86e6f31d79424e97c70471d56", "https://hybrid-analysis.com/sample/00eb49d81e1ca0b23a15e3d902e3ee40f5069da86e6f31d79424e97c70471d56/63f3de2280658c708b639a72" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 376, "URL": 1169, "domain": 104, "FileHash-SHA256": 521, "FileHash-MD5": 8, "FileHash-SHA1": 2, "email": 1 }, "indicator_count": 2181, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1166 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63f405621e834fe663c39ead", "name": "gov_bc_logo_1_.svg", "description": "", "modified": "2023-03-22T23:01:22.663000", "created": "2023-02-20T23:42:26.920000", "tags": [ "gov_bc_logo_1_.svg" ], "references": [ "//www2.gov.bc.ca/", "https://hybrid-analysis.com/sample/0ace84d69e29ba8f353d1bc777f05485fc93829a011d4b50c06d79398bcef10e/63f299a81f5ed418cf56b22d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 27, "URL": 104, "domain": 5, "FileHash-SHA256": 14, "FileHash-MD5": 17, "FileHash-SHA1": 10 }, "indicator_count": 177, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1168 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63f6270066c8508f11440e2a", "name": "shopping_iframe_driver.js - and an interesting auto ai description below!", "description": "Here is the full report on the Falcon Sandbox malware analysis service, available to download and view at www.falcon.com (formerly Falcon MalQuery) and the BBC iPlayer.", "modified": "2023-02-22T14:30:24.960000", "created": "2023-02-22T14:30:24.960000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "runtime data", "memoryfile scan", "ck id", "array", "typeerror", "typeof symbol", "mitre att", "show technique", "ck matrix", "date", "path", "error", "generator", "suspicious", "format", "void", "hybrid", "model", "general", "close", "click", "ransomware", "february", "strings", "malicious", "00eb49d81e1ca0b23a15e3d902e3ee40f5069da86e6f31d79424e97c70471d56", "shopping_iframe_driver.js" ], "references": [ "00eb49d81e1ca0b23a15e3d902e3ee40f5069da86e6f31d79424e97c70471d56", "https://hybrid-analysis.com/sample/00eb49d81e1ca0b23a15e3d902e3ee40f5069da86e6f31d79424e97c70471d56/63f3de2280658c708b639a72" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 71, "URL": 87, "domain": 6, "FileHash-SHA256": 2, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 171, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1196 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63f619404ba8714b7e063140", "name": "auto_open_controller.js - all the things using this .js file ;-(", "description": "12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609", "modified": "2023-02-22T13:31:44.806000", "created": "2023-02-22T13:31:44.806000", "tags": [ "memoryfile scan", "null", "runtime data", "void", "unknown", "android", "magento", "desktop", "dark", "scroll", "addressbar", "trigger", "template", "fast", "burn", "homepage", "class", "critical", "iframe", "lick", "open", "trace", "sapphire", "screen", "small", "close", "click", "ransomware", "strings", "malicious", "contains", "xnnew weakmap", "fnnew weakmap", "auto_open_controller.js", "12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609" ], "references": [ "https://hybrid-analysis.com/sample/12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609/63f3dde5af1db0386635b153", "12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 380, "URL": 802, "hostname": 231, "domain": 245, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 1664, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1196 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63f536f3d17c09ae380da074", "name": "webcomponents-sd-ce-pf_1_.js", "description": "", "modified": "2023-02-21T21:26:11.748000", "created": "2023-02-21T21:26:11.748000", "tags": [ "memoryfile scan", "typeerror", "null", "polymer project", "trident", "generator", "void", "webcomponents-sd-ce-pf_1_.js", "f2c3f35a3349d92a4ce9a246fda9dc456df516c8f3d6006b219d21690575b75b", "c.insertbefore.call" ], "references": [ "https://hybrid-analysis.com/sample/f2c3f35a3349d92a4ce9a246fda9dc456df516c8f3d6006b219d21690575b75b/63f299f3c79eb479f661e947", "c.insertbefore.call - fail" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 723, "FileHash-SHA256": 39, "hostname": 171, "domain": 91, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 1030, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1197 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63f52871b49c1db1c45d1512", "name": "clipboard.min_1_.js", "description": "", "modified": "2023-02-21T20:24:17.961000", "created": "2023-02-21T20:24:17.961000", "tags": [ "trojan", "typeerror", "memoryfile scan", "ck id", "nodelist", "htmlcollection", "path", "null", "be8125005f335d00c3b540f41699c5de81758827ba5339e390741dd8c6ce6f9b" ], "references": [ "be8125005f335d00c3b540f41699c5de81758827ba5339e390741dd8c6ce6f9b", "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic", "https://hybrid-analysis.com/sample/be8125005f335d00c3b540f41699c5de81758827ba5339e390741dd8c6ce6f9b/63f405d21d5cf733e149bb1a" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 54, "hostname": 42, "domain": 5, "FileHash-SHA256": 2, "FileHash-MD5": 6, "FileHash-SHA1": 1 }, "indicator_count": 110, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1197 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63b580a925bb698985fa83ea", "name": "vendor.bundle.js", "description": "", "modified": "2023-02-03T13:00:02.804000", "created": "2023-01-04T13:35:37.535000", "tags": [ "vxstream", "trojan", "apt", "memoryfile scan", "error", "progresstype", "graytext", "typeof e", "highlight", "bg96gwp", "typeof", "window", "null", "date", "span", "path", "meta", "push", "unknown", "roboto", "scroll", "suspicious", "close", "light", "template", "abcd", "android", "trident", "backspace", "insert", "4096", "void", "legend", "iframe", "webview", "infinity", "ransomware", "malicious", "accept toggle", "voice", "upgrade" ], "references": [ "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d", "This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.", "original dropped file discovery url", "http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css", "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 205, "URL": 1340, "FileHash-SHA256": 407, "hostname": 491, "FileHash-MD5": 8, "email": 1, "FileHash-SHA1": 1 }, "indicator_count": 2453, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1215 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d", "https://hybrid-analysis.com/sample/a02556cf24c2dba721ec815e43dfbde27af22317a37d4ac42d7299eafd7f8051/6426bffd2da2654de10c54c2", "https://hybrid-analysis.com/sample/31ab3088c37fe023e4e38296f7083905a64aa3b77c94735815f89906418d2926/642613dabe4297d3b60d91be", "https://www.spincore.com/nmrinfo", "https://hybrid-analysis.com/sample/12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609/63f3dde5af1db0386635b153", "original dropped file discovery url", "https://hybrid-analysis.com/sample/cb3eb59660aaf4566fc75ec8d4088942fcfd40b6a65e4832cf619ba4c56b5f15", "https://hybrid-analysis.com/sample/225016fbe7412fd92296fc35ad54fd9a58a1b747cc6d5c66dd5abb299559b053", "be8125005f335d00c3b540f41699c5de81758827ba5339e390741dd8c6ce6f9b", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8", "This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.", "https://hybrid-analysis.com/sample/be8125005f335d00c3b540f41699c5de81758827ba5339e390741dd8c6ce6f9b/63f405d21d5cf733e149bb1a", "f_00023a .js - 225016fbe7412fd92296fc35ad54fd9a58a1b747cc6d5c66dd5abb299559b053", "Part RU .js - daa8547f1dbc8c994eed3725f3076aaf6c4e298b963fb712e53eb0fa2dc1e789", "c.insertbefore.call - fail", "https://hybrid-analysis.com/sample/f2c3f35a3349d92a4ce9a246fda9dc456df516c8f3d6006b219d21690575b75b/63f299f3c79eb479f661e947", "https://hybrid-analysis.com/sample/05347bbf321a6b28b95e8f7e7b37c76a33fbe9973a6998efbf171853cdf97501/6419af121f9ed33b920c27bb", "f_000243 .js - 312571a21f35168fbed9342d755e5df0a56a053c75bd58c6aa837351f28aa0f5", "//www2.gov.bc.ca/", "12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609", "https://hybrid-analysis.com/sample/00eb49d81e1ca0b23a15e3d902e3ee40f5069da86e6f31d79424e97c70471d56/63f3de2280658c708b639a72", "https://hybrid-analysis.com/sample/e30f5dffbf25579eaf9f3d641a755fe67902dbeb42cee18d99822cdb0ae06d76/6419b01d25d93c7f9b065ce8", "00eb49d81e1ca0b23a15e3d902e3ee40f5069da86e6f31d79424e97c70471d56", "http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css", "twitter.com/i/flow/login", "https://hybrid-analysis.com/sample/0ace84d69e29ba8f353d1bc777f05485fc93829a011d4b50c06d79398bcef10e/63f299a81f5ed418cf56b22d", "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)", "https://hybrid-analysis.com/sample/225016fbe7412fd92296fc35ad54fd9a58a1b747cc6d5c66dd5abb299559b053/6421e770b2b593f60c066418" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 15, "pulses": [ { "id": "67a9f3def74f96146bc342d5", "name": "cobalt_loader_unpacked.exe", "description": "A guide to the Cobaltloader, a 32-bit executable for Windows, has been published by the University of Oxford.. and its website is published on the same day as the release.", "modified": "2025-02-10T12:41:02.752000", "created": "2025-02-10T12:41:02.752000", "tags": [ "sha256", "sha1", "size", "ms windows", "copy ssdeep", "copy imphash", "call", "imagescnmemread", "imagescncntcode", "e5a596d6h", "rsp20h", "e5a595f0h", "e5a595dch", "rsp10h", "rsp18h", "rsp04h", "rsp08h", "rsp0ch", "rax05h", "themida", "thumbprint md5", "serial number", "vs2022", "symantec time", "stamping", "from", "algorithm", "thumbprint", "globalsign root", "submission", "w5k0fa2", "connection", "i64d", "http", "userprofile", "studio", "ldap", "detail", "cdecl sol", "socks5 connect", "ca file", "error", "class", "combo", "delta", "bind", "unknown", "void", "rest", "problem", "procin", "httpports", "ipv4 address", "homenet", "externalnet", "tgi hunt", "curl", "ip address", "et hunting", "dotted quad", "clientendpoint", "perimeter", "hunting", "informational", "policy", "outbound", "confuserex mod", "aspirecrypt", "detects", "reactor", "beds protector", "ps2exe", "bsjb", "boxedapp", "cyaxsharp", "cyaxpng", "smartassembly", "koivm", "confuserex", "obfuscator", "aspack", "titan", "enigma", "vmprotect", "strings", "rlpack", "antiem", "antisb", "loader", "sality", "dnguard" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 23, "FileHash-SHA256": 177, "FileHash-SHA1": 7, "YARA": 52, "email": 7, "IPv4": 38, "URL": 154, "domain": 14, "hostname": 58 }, "indicator_count": 530, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "477 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570978ad58c756caaaf65fa", "name": "v2 - shopping_iframe_driver.js - and Related Hashes Samples that dropped this file", "description": "", "modified": "2023-12-06T15:47:22.317000", "created": "2023-12-06T15:47:22.317000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 521, "domain": 104, "hostname": 376, "URL": 1169, "FileHash-MD5": 8, "FileHash-SHA1": 2, "email": 1 }, "indicator_count": 2181, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709786808aed5d8ee43d19", "name": "auto_open_controller.js - all the things using this .js file ;-(", "description": "", "modified": "2023-12-06T15:47:18.949000", "created": "2023-12-06T15:47:18.949000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 380, "URL": 802, "domain": 245, "hostname": 231, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 1664, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64283256f0763ff1011db1c1", "name": "88.150.174.5:8098/EDMessage_15 - vd3kfpcr8h.dattolocal.net - 3cx duplicate", "description": "Malware analysis service Falcon Sandbox provides a comprehensive guide to how to detect, identify and remove malware from computers, mobile devices and other systems, as well as providing a free trial for the service.", "modified": "2023-05-01T13:04:38.684000", "created": "2023-04-01T13:32:06", "tags": [ "trojan", "runtime data", "ansi", "unicode", "localappdata", "hybrid analysis", "potential ip", "programfiles", "input", "wilstaging02", "suspicious", "strings", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/a02556cf24c2dba721ec815e43dfbde27af22317a37d4ac42d7299eafd7f8051/6426bffd2da2654de10c54c2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 9, "domain": 2, "hostname": 2, "FileHash-SHA256": 4, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1128 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426181ff6ddb7ccafbfac76", "name": "v2 - front.viewinter.ai - plus all suggested ioc's", "description": "", "modified": "2023-04-29T23:04:49.088000", "created": "2023-03-30T23:15:43.500000", "tags": [], "references": [ "f_00023a .js - 225016fbe7412fd92296fc35ad54fd9a58a1b747cc6d5c66dd5abb299559b053", "f_000243 .js - 312571a21f35168fbed9342d755e5df0a56a053c75bd58c6aa837351f28aa0f5", "https://hybrid-analysis.com/sample/cb3eb59660aaf4566fc75ec8d4088942fcfd40b6a65e4832cf619ba4c56b5f15", "https://hybrid-analysis.com/sample/225016fbe7412fd92296fc35ad54fd9a58a1b747cc6d5c66dd5abb299559b053", "https://hybrid-analysis.com/sample/225016fbe7412fd92296fc35ad54fd9a58a1b747cc6d5c66dd5abb299559b053/6421e770b2b593f60c066418", "Part RU .js - daa8547f1dbc8c994eed3725f3076aaf6c4e298b963fb712e53eb0fa2dc1e789" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 641, "domain": 68, "hostname": 118, "FileHash-SHA256": 46, "FileHash-MD5": 7, "FileHash-SHA1": 2 }, "indicator_count": 882, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1130 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "642620d51d298e5a95b15599", "name": "api.3f94642a.js via source of twitter login page using edge browser latest version 111.", "description": "WebpackChunk_Twitter-responsive-web=webpack chunks, as well as its own webpack, to create a single \"bundle\" for all of the sites.", "modified": "2023-03-31T00:06:55.719000", "created": "2023-03-30T23:52:53.828000", "tags": [ "malware", "vxstream", "trojan", "ansi", "memoryfile scan", "scalarfield", "linkedfield", "runtime data", "requiredfield", "throw", "user", "apiuser", "error", "path", "slice", "date", "suspicious", "unknown", "stats", "bouncer", "hybrid", "model", "close", "click", "general", "strings", "malicious", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/31ab3088c37fe023e4e38296f7083905a64aa3b77c94735815f89906418d2926/642613dabe4297d3b60d91be", "twitter.com/i/flow/login" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 322, "hostname": 61, "domain": 105, "FileHash-SHA256": 24, "FileHash-MD5": 11, "FileHash-SHA1": 2 }, "indicator_count": 525, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1160 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "641e1aa9826df264513d3535", "name": "https://javadl.oracle.com/webapps/download/GetFile/1.8.0_221-b11/230deb18db3e4014bb8e3e8324f81b43/windows-i586/au.msi", "description": "", "modified": "2023-03-24T21:48:25.431000", "created": "2023-03-24T21:48:25.431000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "runtime data", "indicator", "ck id", "hook module", "function", "mitre att", "show technique", "ck matrix", "suspicious", "path", "hybrid", "model", "close", "click", "servermain", "strings", "malicious", "qakbot", "https://javadl.oracle.com/webapps/download/GetFile/1.8.0_221-b11" ], "references": [ "https://hybrid-analysis.com/sample/e30f5dffbf25579eaf9f3d641a755fe67902dbeb42cee18d99822cdb0ae06d76/6419b01d25d93c7f9b065ce8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 44, "hostname": 5, "URL": 10, "domain": 2, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1166 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "641e17310345ddc8636a4438", "name": "NMR Information Server spincore scam site part 2", "description": "", "modified": "2023-03-24T21:33:37.339000", "created": "2023-03-24T21:33:37.339000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "dropped file", "ansi", "runtime data", "font", "span", "pattern match", "september", "march", "july", "new ansi", "june", "august", "february", "april", "date", "suspicious", "panic", "school", "munich", "mars", "istanbul", "hybrid", "general", "close", "click", "meta", "fort", "alabama", "cleaner", "king", "mexico", "troy", "strings", "qakbot", "nmr", "mri", "spectroscopy", "chemistry", "magnetic resonance", "nuclear magnetic resonance", "magnetic resonance imaging", "strong", "new software", "october", "university", "assistant" ], "references": [ "https://www.spincore.com/nmrinfo", "https://hybrid-analysis.com/sample/05347bbf321a6b28b95e8f7e7b37c76a33fbe9973a6998efbf171853cdf97501/6419af121f9ed33b920c27bb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 222, "hostname": 65, "domain": 6, "FileHash-SHA256": 30, "email": 5, "FileHash-MD5": 2, "FileHash-SHA1": 2 }, "indicator_count": 332, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1166 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63f62965a39ad88202f75fca", "name": "v2 - shopping_iframe_driver.js - and Related Hashes Samples that dropped this file", "description": "Here is the full report on the Falcon Sandbox malware analysis service, available to download and view at www.falcon.com (formerly Falcon MalQuery) and the BBC iPlayer.", "modified": "2023-03-24T14:03:40.832000", "created": "2023-02-22T14:40:37.370000", "tags": [ "docmarina", "qchlemail", "utfx86", "payment advice", "note", "vendor", "gf5de", "confirm", "payment receipt", "ach transfer", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "runtime data", "memoryfile scan", "ck id", "array", "typeerror", "typeof symbol", "mitre att", "show technique", "ck matrix", "date", "path", "error", "generator", "suspicious", "format", "void", "hybrid", "model", "general", "close", "click", "ransomware", "february", "strings", "malicious", "00eb49d81e1ca0b23a15e3d902e3ee40f5069da86e6f31d79424e97c70471d56", "shopping_iframe_driver.js" ], "references": [ "00eb49d81e1ca0b23a15e3d902e3ee40f5069da86e6f31d79424e97c70471d56", "https://hybrid-analysis.com/sample/00eb49d81e1ca0b23a15e3d902e3ee40f5069da86e6f31d79424e97c70471d56/63f3de2280658c708b639a72" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 376, "URL": 1169, "domain": 104, "FileHash-SHA256": 521, "FileHash-MD5": 8, "FileHash-SHA1": 2, "email": 1 }, "indicator_count": 2181, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1166 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63f405621e834fe663c39ead", "name": "gov_bc_logo_1_.svg", "description": "", "modified": "2023-03-22T23:01:22.663000", "created": "2023-02-20T23:42:26.920000", "tags": [ "gov_bc_logo_1_.svg" ], "references": [ "//www2.gov.bc.ca/", "https://hybrid-analysis.com/sample/0ace84d69e29ba8f353d1bc777f05485fc93829a011d4b50c06d79398bcef10e/63f299a81f5ed418cf56b22d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 27, "URL": 104, "domain": 5, "FileHash-SHA256": 14, "FileHash-MD5": 17, "FileHash-SHA1": 10 }, "indicator_count": 177, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1168 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "msrtc0nngcttest.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "msrtc0nngcttest.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780463351.7780347 }