{ "type": "Domain", "indicator": "newfolder.click", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/newfolder.click", "alexa": "http://www.alexa.com/siteinfo/newfolder.click", "indicator": "newfolder.click", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4138033958, "indicator": "newfolder.click", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "69f296e6f8d22e6594cd87c2", "name": "dfhbdfhbfth", "description": "", "modified": "2026-05-29T23:35:16.304000", "created": "2026-04-29T23:40:22.053000", "tags": [ "eio4" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "harshandc123", "id": "378589", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 95, "FileHash-MD5": 47, "FileHash-SHA1": 42, "FileHash-SHA256": 149, "URL": 1251, "hostname": 783 }, "indicator_count": 2367, "is_author": false, "is_subscribing": null, "subscriber_count": 16, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f29701e8ef05a0558464d1", "name": "dfhbdfhbfth", "description": "", "modified": "2026-05-29T23:35:16.304000", "created": "2026-04-29T23:40:49.785000", "tags": [ "eio4" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "harshandc123", "id": "378589", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 95, "FileHash-MD5": 47, "FileHash-SHA1": 42, "FileHash-SHA256": 149, "URL": 1251, "hostname": 783 }, "indicator_count": 2367, "is_author": false, "is_subscribing": null, "subscriber_count": 15, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a05c0a13c66d638dc13240a", "name": "Werewolf Clusters Exploit Telegram and Starlink Themes for Malware Delivery", "description": "", "modified": "2026-05-14T12:31:29.431000", "created": "2026-05-14T12:31:29.431000", "tags": [ "eio4" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "vijayrajesh1052", "id": "366175", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 14, "IPv4": 1, "domain": 12 }, "indicator_count": 61, "is_author": false, "is_subscribing": null, "subscriber_count": 16, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f5e9457c510da7d95e0e38", "name": "qwdqawdQA", "description": "A security alert has been issued by the European Commission (TI) over a TeamPCP-linked cyber-attack on the SAP cloud development ecosystem. and its associated systems, including its own database.", "modified": "2026-05-02T12:08:37.650000", "created": "2026-05-02T12:08:37.650000", "tags": [ "sap cloud", "advisory", "github", "apple mac", "os sap", "windows linux", "node packager", "manager", "github summary", "sap cap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "harshandc123", "id": "378589", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 2, "FileHash-MD5": 31, "FileHash-SHA1": 31, "FileHash-SHA256": 31, "domain": 6, "hostname": 1 }, "indicator_count": 102, "is_author": false, "is_subscribing": null, "subscriber_count": 16, "modified_text": "28 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69c963c1231ba8bf66289206", "name": "Triune Evil: Werewolves Attack Law Enforcement Officers", "description": "In February 2026, a cyber espionage operation was uncovered involving three distinct clusters\u2014Paper Werewolf, Versatile Werewolf, and Eagle Werewolf\u2014engaged in distributing malware designed to exploit interest in Starlink services and drone control applications. The clusters operated autonomously, crafting malware delivery methods that exploited timely news topics as a lure for targeted attacks. Paper Werewolf utilized compromised Telegram accounts to further facilitate its operations, while Versatile Werewolf employed generative AI-developed tools to expedite their malware development processes. Eagle Werewolf was noted for infiltrating Telegram channels to disseminate its malicious payloads.", "modified": "2026-04-28T17:01:55.604000", "created": "2026-03-29T17:39:13.531000", "tags": [ "werewolf", "eagle werewolf", "temp", "powershell", "starlink", "echogather", "rust", "aquilarat", "starter", "debug", "sliver", "telegram", "phishing", "false", "nsis", "error", "main", "sysupdate", "winlog", "bypass", "execution", "capture", "service", "team", "cookie" ], "references": [ "https://bi.zone/expertise/blog/triedinoe-zlo-oborotni-atakuyut-sotrudnikov-silovykh-struktur/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 1, "FileHash-SHA256": 50, "URL": 27, "domain": 24, "hostname": 1 }, "indicator_count": 105, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69a046863c1c92107079f81b", "name": "EbeeFeb2026 Pt5", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-03-31T06:00:59.128000", "created": "2026-02-26T13:11:34.763000", "tags": [ "filehashsha1", "filehashsha256", "filehashmd5" ], "references": [ "IOCs.2026.csv" ], "public": 1, "adversary": "Contagious Interview Campaign, Triton fork campaign, CRESCENTHARVEST, MIMICRAT, Operation Olalampo", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 78, "FileHash-MD5": 191, "FileHash-SHA1": 220, "FileHash-SHA256": 192, "CVE": 2, "URL": 58, "domain": 220 }, "indicator_count": 961, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "699a1b91987e3a07295248d9", "name": "\"Charity\" phishing: What we know about attacks using the Solana blockchain", "description": "In January 2026, the Expert Security Center's cyber intelligence team identified a series of attacks exploiting the Solana blockchain through malicious XLL files containing obfuscated JavaScript, deployed via phishing emails. The attack was initiated with a ZIP archive, which included a malicious payload disguised as a legitimate document. The malicious XLL file decodes a Base64-encoded PowerShell command upon execution, allowing the attackers to drop various harmful components onto the victim's system.", "modified": "2026-03-23T20:05:30.881000", "created": "2026-02-21T20:54:41.182000", "tags": [ "\u0431\u043b\u043e\u043a\u0447\u0435\u0439\u043d", "solana", "rat", "javascript", "powershell", "excel", "base64", "snsdomain", "http", "html", "positive", "intelligence", "service", "fusion" ], "references": [ "https://habr.com/ru/companies/pt/articles/1001196/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1021.004", "name": "SSH", "display_name": "T1021.004 - SSH" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 10, "URL": 1, "domain": 15 }, "indicator_count": 32, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "68 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://bi.zone/expertise/blog/triedinoe-zlo-oborotni-atakuyut-sotrudnikov-silovykh-struktur/", "IOCs.2026.csv", "https://habr.com/ru/companies/pt/articles/1001196/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Contagious Interview Campaign, Triton fork campaign, CRESCENTHARVEST, MIMICRAT, Operation Olalampo" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "69f296e6f8d22e6594cd87c2", "name": "dfhbdfhbfth", "description": "", "modified": "2026-05-29T23:35:16.304000", "created": "2026-04-29T23:40:22.053000", "tags": [ "eio4" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "harshandc123", "id": "378589", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 95, "FileHash-MD5": 47, "FileHash-SHA1": 42, "FileHash-SHA256": 149, "URL": 1251, "hostname": 783 }, "indicator_count": 2367, "is_author": false, "is_subscribing": null, "subscriber_count": 16, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f29701e8ef05a0558464d1", "name": "dfhbdfhbfth", "description": "", "modified": "2026-05-29T23:35:16.304000", "created": "2026-04-29T23:40:49.785000", "tags": [ "eio4" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "harshandc123", "id": "378589", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 95, "FileHash-MD5": 47, "FileHash-SHA1": 42, "FileHash-SHA256": 149, "URL": 1251, "hostname": 783 }, "indicator_count": 2367, "is_author": false, "is_subscribing": null, "subscriber_count": 15, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a05c0a13c66d638dc13240a", "name": "Werewolf Clusters Exploit Telegram and Starlink Themes for Malware Delivery", "description": "", "modified": "2026-05-14T12:31:29.431000", "created": "2026-05-14T12:31:29.431000", "tags": [ "eio4" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "vijayrajesh1052", "id": "366175", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 14, "IPv4": 1, "domain": 12 }, "indicator_count": 61, "is_author": false, "is_subscribing": null, "subscriber_count": 16, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f5e9457c510da7d95e0e38", "name": "qwdqawdQA", "description": "A security alert has been issued by the European Commission (TI) over a TeamPCP-linked cyber-attack on the SAP cloud development ecosystem. and its associated systems, including its own database.", "modified": "2026-05-02T12:08:37.650000", "created": "2026-05-02T12:08:37.650000", "tags": [ "sap cloud", "advisory", "github", "apple mac", "os sap", "windows linux", "node packager", "manager", "github summary", "sap cap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "harshandc123", "id": "378589", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 2, "FileHash-MD5": 31, "FileHash-SHA1": 31, "FileHash-SHA256": 31, "domain": 6, "hostname": 1 }, "indicator_count": 102, "is_author": false, "is_subscribing": null, "subscriber_count": 16, "modified_text": "28 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69c963c1231ba8bf66289206", "name": "Triune Evil: Werewolves Attack Law Enforcement Officers", "description": "In February 2026, a cyber espionage operation was uncovered involving three distinct clusters\u2014Paper Werewolf, Versatile Werewolf, and Eagle Werewolf\u2014engaged in distributing malware designed to exploit interest in Starlink services and drone control applications. The clusters operated autonomously, crafting malware delivery methods that exploited timely news topics as a lure for targeted attacks. Paper Werewolf utilized compromised Telegram accounts to further facilitate its operations, while Versatile Werewolf employed generative AI-developed tools to expedite their malware development processes. Eagle Werewolf was noted for infiltrating Telegram channels to disseminate its malicious payloads.", "modified": "2026-04-28T17:01:55.604000", "created": "2026-03-29T17:39:13.531000", "tags": [ "werewolf", "eagle werewolf", "temp", "powershell", "starlink", "echogather", "rust", "aquilarat", "starter", "debug", "sliver", "telegram", "phishing", "false", "nsis", "error", "main", "sysupdate", "winlog", "bypass", "execution", "capture", "service", "team", "cookie" ], "references": [ "https://bi.zone/expertise/blog/triedinoe-zlo-oborotni-atakuyut-sotrudnikov-silovykh-struktur/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 1, "FileHash-SHA256": 50, "URL": 27, "domain": 24, "hostname": 1 }, "indicator_count": 105, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69a046863c1c92107079f81b", "name": "EbeeFeb2026 Pt5", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-03-31T06:00:59.128000", "created": "2026-02-26T13:11:34.763000", "tags": [ "filehashsha1", "filehashsha256", "filehashmd5" ], "references": [ "IOCs.2026.csv" ], "public": 1, "adversary": "Contagious Interview Campaign, Triton fork campaign, CRESCENTHARVEST, MIMICRAT, Operation Olalampo", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 78, "FileHash-MD5": 191, "FileHash-SHA1": 220, "FileHash-SHA256": 192, "CVE": 2, "URL": 58, "domain": 220 }, "indicator_count": 961, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "699a1b91987e3a07295248d9", "name": "\"Charity\" phishing: What we know about attacks using the Solana blockchain", "description": "In January 2026, the Expert Security Center's cyber intelligence team identified a series of attacks exploiting the Solana blockchain through malicious XLL files containing obfuscated JavaScript, deployed via phishing emails. The attack was initiated with a ZIP archive, which included a malicious payload disguised as a legitimate document. The malicious XLL file decodes a Base64-encoded PowerShell command upon execution, allowing the attackers to drop various harmful components onto the victim's system.", "modified": "2026-03-23T20:05:30.881000", "created": "2026-02-21T20:54:41.182000", "tags": [ "\u0431\u043b\u043e\u043a\u0447\u0435\u0439\u043d", "solana", "rat", "javascript", "powershell", "excel", "base64", "snsdomain", "http", "html", "positive", "intelligence", "service", "fusion" ], "references": [ "https://habr.com/ru/companies/pt/articles/1001196/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1021.004", "name": "SSH", "display_name": "T1021.004 - SSH" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 10, "URL": 1, "domain": 15 }, "indicator_count": 32, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "68 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "newfolder.click", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "newfolder.click", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780203412.4692128 }