{ "type": "Domain", "indicator": "oldnames.lib", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/oldnames.lib", "alexa": "http://www.alexa.com/siteinfo/oldnames.lib", "indicator": "oldnames.lib", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3397065627, "indicator": "oldnames.lib", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 10, "pulses": [ { "id": "686cb765dc6737fd1e882630", "name": "2nd Attempt- VirusTotal Ransomware and Device destruction Attack", "description": "I hope this generates results. I continue to be unable to annotate. Witnesses attack and 5 very relevant graphs taken. \n#phishing #malware #trojan #ransom #virustotal", "modified": "2025-08-07T05:01:52.697000", "created": "2025-07-08T06:15:01.296000", "tags": [ "no expiration", "filehashmd5", "filehashsha1", "filehashsha256", "iocs", "review iocs", "pulse show", "search", "type indicator", "role title", "expiration", "url http", "url https", "text drag", "drop or", "enter source", "url or", "hostname", "ipv4", "related pulses", "showing", "entries", "drop", "domain", "enter", "extract", "browse to", "domain xn", "select file", "pdf report", "pcap", "stix", "openioc", "indicator role", "pulses url" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 840, "FileHash-SHA1": 725, "FileHash-SHA256": 863, "URL": 1663, "SSLCertFingerprint": 17, "domain": 520, "hostname": 734, "email": 11 }, "indicator_count": 5373, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "297 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "686cb7673e4d5a0067758fd7", "name": "2nd Attempt- VirusTotal Ransomware and Device destruction Attack", "description": "I hope this generates results. I continue to be unable to annotate. Witnesses attack and 5 very relevant graphs taken. \n#phishing #malware #trojan #ransom #virustotal", "modified": "2025-08-07T05:01:52.697000", "created": "2025-07-08T06:15:03.501000", "tags": [ "no expiration", "filehashmd5", "filehashsha1", "filehashsha256", "iocs", "review iocs", "pulse show", "search", "type indicator", "role title", "expiration", "url http", "url https", "text drag", "drop or", "enter source", "url or", "hostname", "ipv4", "related pulses", "showing", "entries", "drop", "domain", "enter", "extract", "browse to", "domain xn", "select file", "pdf report", "pcap", "stix", "openioc", "indicator role", "pulses url" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 840, "FileHash-SHA1": 725, "FileHash-SHA256": 863, "URL": 1663, "SSLCertFingerprint": 17, "domain": 520, "hostname": 734, "email": 11 }, "indicator_count": 5373, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "297 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570917294346eb331d6f0e3", "name": "nzxt cam expanded", "description": "", "modified": "2023-12-06T15:21:22.761000", "created": "2023-12-06T15:21:22.761000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 116, "FileHash-SHA256": 361, "FileHash-SHA1": 105, "domain": 5, "CVE": 1, "SSLCertFingerprint": 2, "URL": 1, "hostname": 21 }, "indicator_count": 612, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708fb3e1b74572dd4b540a", "name": "fs.zp.shiwan1688.cn/Install/Installerfszip_wkeeak001104_fsbz.exe", "description": "", "modified": "2023-12-06T15:13:55.770000", "created": "2023-12-06T15:13:55.770000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 550, "URL": 1229, "CVE": 1, "hostname": 174, "domain": 83, "FileHash-MD5": 132, "FileHash-SHA1": 24, "SSLCertFingerprint": 3, "email": 1 }, "indicator_count": 2197, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62fbf42fd780bb88e358d864", "name": "nzxt cam expanded", "description": "The full text of this article, which will appear on the BBC iPlayer, will be published at 16:00 BST on Thursday, 16 September.. and will now be available on iplayer.", "modified": "2022-09-16T00:05:57.569000", "created": "2022-08-16T19:46:55.561000", "tags": [ "trid win32", "vhash", "imphash", "rich pe", "ssdeep", "z67uw7s4l7 tlsh", "win32 exe", "magic pe32", "ms windows", "intel", "hashes files", "name sha256", "filehashsha256", "filehashsha1", "filehashmd5", "role title", "added active", "sha256", "open source", "iocs", "virustotal", "clamav", "clam", "vt item", "resource", "input file", "provider", "origin", "hashes md5", "meta entropy", "sha1", "please", "height", "width", "gif graphics", "entropy", "concurrency", "path", "access type", "usbvid04d8", "boost", "create", "temp", "handle", "queryval", "service", "error", "installer", "strings", "accept", "hybrid", "general", "click", "date", "february", "april", "june", "august", "bind", "unknown", "rest", "problem", "malicious", "suspicious", "malware", "submission info", "nzxtcamsetup", "media type", "report id", "submission id", "screen capture", "apis", "capture origin", "whois record", "ssl certificate", "whois", "vt graph", "select xmrig", "from sqlserver", "collection", "example", "log4shell", "icerat", "daxin" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AIDefenseNet", "id": "102874", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 116, "FileHash-SHA1": 105, "FileHash-SHA256": 361, "URL": 1, "domain": 5, "hostname": 21, "CVE": 1, "SSLCertFingerprint": 2 }, "indicator_count": 612, "is_author": false, "is_subscribing": null, "subscriber_count": 104, "modified_text": "1354 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62f26a9db86c050f2dd4e1b8", "name": "a bunch of malicious car /management apps - www.vxdiag.net/managecenter/apps/ford/install.exe", "description": "Fingerprint\nQueries kernel debugger information \nReads the cryptographic machine GUID\nEvasive\nMarks file for deletion \nPossibly tries to evade analysis by sleeping many times", "modified": "2022-09-08T00:01:12.540000", "created": "2022-08-09T14:09:33.374000", "tags": [ "dropped file", "comparam eid", "defaultvalue", "comparam idref", "errorcode idref", "idref", "shortname", "class", "suspicious", "entropy", "path", "delphi", "malicious", "august", "stub", "strings", "api key", "www.vxdiag.net/managecenter/apps/ford/install.exe" ], "references": [ "CVE-2021-22941", "https://hybrid-analysis.com/sample/b6ac1bdb4a31787d8e6fa5aa8cbf2ce2538c0f63313fe4e57fdbe3ec2c869ddf", "https://hybrid-analysis.com/sample/b6ac1bdb4a31787d8e6fa5aa8cbf2ce2538c0f63313fe4e57fdbe3ec2c869ddf/62f124a02adc8f11be57bbe4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 67, "hostname": 14, "FileHash-SHA256": 62, "domain": 6, "CVE": 1, "FileHash-MD5": 55, "FileHash-SHA1": 34 }, "indicator_count": 239, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1362 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62e400370539f2ffde908c3e", "name": "HFX1ENG-11.12.0.31.exe", "description": "External References\nhttp://dyna.dnsever.com/download/DDNSClient_1.0.0.5.zip \nhttps://www.virustotal.com/gui/collection/1d3bf0f66e482e0aea068b1a8826742eeddf8b7961487ffae68efbd6af7b2eee \nhttps://www.virustotal.com/graph/g10e6caece98c45f68a446bca1b5327150fdac5b1aba34ef4803ad2cdcaa4bba0\nExternal User Tags\n#http://dyna.dnsever.com/download/ddnsclient_1.0.0.5.zip", "modified": "2022-08-28T00:01:38.268000", "created": "2022-07-29T15:43:51.689000", "tags": [ "sha256", "memoryfile scan", "ansi", "unicode", "runtime data", "switch", "case", "autoit script", "autoit", "hotkey ansi", "verisign", "accept", "obsolete", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "source", "indicator", "observed import", "y ansi", "n ansi", "pattern match", "path", "entropy", "class", "hybrid", "close", "click", "strings", "suspicious" ], "references": [ "https://hybrid-analysis.com/sample/1e8e4936d1349855cec3e7f03e245a3a36bf549e35f7d2b1393ac8bc2d00bd48/62e304f35560d609b73f175a", "08bbf243bca2dd89b5b7b34736e1b81c SHA256: 1e8e4936d1349855cec3e7f03e245a3a36bf549e35f7d2b1393ac8bc2d00bd48" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 292, "hostname": 99, "domain": 83, "FileHash-SHA256": 9, "FileHash-MD5": 10, "FileHash-SHA1": 1, "SSLCertFingerprint": 3 }, "indicator_count": 497, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1373 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62b65e444d3744704646194b", "name": "fs.zp.shiwan1688.cn/Install/Installerfszip_wkeeak001104_fsbz.exe", "description": "CVE-2021-22941", "modified": "2022-07-24T00:00:42.127000", "created": "2022-06-25T01:00:52.820000", "tags": [ "trojan", "apt", "memoryfile scan", "raw size", "virtual address", "virtual size", "pcap", "pcap processing", "khtml", "delphi", "stub", "spin", "unizeto", "june", "team", "february", "b1900", "fs.zp.shiwan1688.cn/Install/Installerfszip_wkeeak001104_fsbz.exe", "CVE-2021-22941" ], "references": [ "https://hybrid-analysis.com/sample/348dbfa9286ec5e20609f8e6c1e679e341ff2c9afd60ab99a823765724e3ffb5/62b607fc0c8c2d3cea074459", "fs.zp.shiwan1688.cn/Install/Installerfszip_wkeeak001104_fsbz.exe", "CVE-2021-22941" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1237, "FileHash-SHA256": 550, "hostname": 175, "domain": 83, "CVE": 1, "FileHash-MD5": 132, "FileHash-SHA1": 24, "SSLCertFingerprint": 3, "email": 1 }, "indicator_count": 2206, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1408 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "627d0cd56cee8724cffe49a3", "name": "https://ulm.aeroadmin.com/AeroAdmin.exe - CVE-2021-22941", "description": "Relates to Medovivo Titi 2 Cocima", "modified": "2022-06-11T00:03:07.696000", "created": "2022-05-12T13:34:13.638000", "tags": [ "malware", "vxstream", "trojan", "apt", "memoryfile scan", "ansi", "cryptopp", "unicode", "boost", "concurrency", "dropped file", "asio", "exceptiondetail", "rijndael", "aeroadmin", "february", "bogus", "executor", "error", "april", "june", "august", "shutdown", "click", "strings", "malicious", "Medovivo Titi 2 Cocima", "CVE-2021-22941" ], "references": [ "https://hybrid-analysis.com/sample/491f92041ebaae0afd01d0b7121365bb276f7ec76dd02ecd90d8167320b8b0fa/62703bcf1813df6b8e6c7d3b", "Medovivo Titi 2 Cocima", "CVE-2021-22941" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 38, "URL": 46, "hostname": 20, "domain": 4, "FileHash-MD5": 12, "FileHash-SHA1": 4, "SSLCertFingerprint": 3, "email": 2 }, "indicator_count": 129, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1451 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "622d1bfcc803885f68218e49", "name": ";utty.exe", "description": "", "modified": "2022-03-12T22:17:32.730000", "created": "2022-03-12T22:17:32.730000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "network error", "unicode", "proxy error", "server", "ssh1", "pageant", "bold ansi", "socks proxy", "middle", "general", "path", "agent", "turkish", "backspace", "local", "push", "format", "hybrid", "close", "click", "barry", "internal", "shift", "terminal", "window", "strings", "suspicious", "nutty.exe" ], "references": [ "https://hybrid-analysis.com/sample/c97446c3eea88c9d0b7af2172ba1a7e30df97bf4135fecb1d9522aaf9f1b1a8e?environmentId=100" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 35, "domain": 5, "URL": 29, "FileHash-MD5": 6, "FileHash-SHA1": 1, "FileHash-SHA256": 2, "email": 3 }, "indicator_count": 81, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1541 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/1e8e4936d1349855cec3e7f03e245a3a36bf549e35f7d2b1393ac8bc2d00bd48/62e304f35560d609b73f175a", "fs.zp.shiwan1688.cn/Install/Installerfszip_wkeeak001104_fsbz.exe", "08bbf243bca2dd89b5b7b34736e1b81c SHA256: 1e8e4936d1349855cec3e7f03e245a3a36bf549e35f7d2b1393ac8bc2d00bd48", "CVE-2021-22941", "https://hybrid-analysis.com/sample/348dbfa9286ec5e20609f8e6c1e679e341ff2c9afd60ab99a823765724e3ffb5/62b607fc0c8c2d3cea074459", "https://hybrid-analysis.com/sample/491f92041ebaae0afd01d0b7121365bb276f7ec76dd02ecd90d8167320b8b0fa/62703bcf1813df6b8e6c7d3b", "https://hybrid-analysis.com/sample/b6ac1bdb4a31787d8e6fa5aa8cbf2ce2538c0f63313fe4e57fdbe3ec2c869ddf/62f124a02adc8f11be57bbe4", "Medovivo Titi 2 Cocima", "https://hybrid-analysis.com/sample/c97446c3eea88c9d0b7af2172ba1a7e30df97bf4135fecb1d9522aaf9f1b1a8e?environmentId=100", "https://hybrid-analysis.com/sample/b6ac1bdb4a31787d8e6fa5aa8cbf2ce2538c0f63313fe4e57fdbe3ec2c869ddf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 10, "pulses": [ { "id": "686cb765dc6737fd1e882630", "name": "2nd Attempt- VirusTotal Ransomware and Device destruction Attack", "description": "I hope this generates results. I continue to be unable to annotate. Witnesses attack and 5 very relevant graphs taken. \n#phishing #malware #trojan #ransom #virustotal", "modified": "2025-08-07T05:01:52.697000", "created": "2025-07-08T06:15:01.296000", "tags": [ "no expiration", "filehashmd5", "filehashsha1", "filehashsha256", "iocs", "review iocs", "pulse show", "search", "type indicator", "role title", "expiration", "url http", "url https", "text drag", "drop or", "enter source", "url or", "hostname", "ipv4", "related pulses", "showing", "entries", "drop", "domain", "enter", "extract", "browse to", "domain xn", "select file", "pdf report", "pcap", "stix", "openioc", "indicator role", "pulses url" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 840, "FileHash-SHA1": 725, "FileHash-SHA256": 863, "URL": 1663, "SSLCertFingerprint": 17, "domain": 520, "hostname": 734, "email": 11 }, "indicator_count": 5373, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "297 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "686cb7673e4d5a0067758fd7", "name": "2nd Attempt- VirusTotal Ransomware and Device destruction Attack", "description": "I hope this generates results. I continue to be unable to annotate. Witnesses attack and 5 very relevant graphs taken. \n#phishing #malware #trojan #ransom #virustotal", "modified": "2025-08-07T05:01:52.697000", "created": "2025-07-08T06:15:03.501000", "tags": [ "no expiration", "filehashmd5", "filehashsha1", "filehashsha256", "iocs", "review iocs", "pulse show", "search", "type indicator", "role title", "expiration", "url http", "url https", "text drag", "drop or", "enter source", "url or", "hostname", "ipv4", "related pulses", "showing", "entries", "drop", "domain", "enter", "extract", "browse to", "domain xn", "select file", "pdf report", "pcap", "stix", "openioc", "indicator role", "pulses url" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 840, "FileHash-SHA1": 725, "FileHash-SHA256": 863, "URL": 1663, "SSLCertFingerprint": 17, "domain": 520, "hostname": 734, "email": 11 }, "indicator_count": 5373, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "297 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570917294346eb331d6f0e3", "name": "nzxt cam expanded", "description": "", "modified": "2023-12-06T15:21:22.761000", "created": "2023-12-06T15:21:22.761000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 116, "FileHash-SHA256": 361, "FileHash-SHA1": 105, "domain": 5, "CVE": 1, "SSLCertFingerprint": 2, "URL": 1, "hostname": 21 }, "indicator_count": 612, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708fb3e1b74572dd4b540a", "name": "fs.zp.shiwan1688.cn/Install/Installerfszip_wkeeak001104_fsbz.exe", "description": "", "modified": "2023-12-06T15:13:55.770000", "created": "2023-12-06T15:13:55.770000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 550, "URL": 1229, "CVE": 1, "hostname": 174, "domain": 83, "FileHash-MD5": 132, "FileHash-SHA1": 24, "SSLCertFingerprint": 3, "email": 1 }, "indicator_count": 2197, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62fbf42fd780bb88e358d864", "name": "nzxt cam expanded", "description": "The full text of this article, which will appear on the BBC iPlayer, will be published at 16:00 BST on Thursday, 16 September.. and will now be available on iplayer.", "modified": "2022-09-16T00:05:57.569000", "created": "2022-08-16T19:46:55.561000", "tags": [ "trid win32", "vhash", "imphash", "rich pe", "ssdeep", "z67uw7s4l7 tlsh", "win32 exe", "magic pe32", "ms windows", "intel", "hashes files", "name sha256", "filehashsha256", "filehashsha1", "filehashmd5", "role title", "added active", "sha256", "open source", "iocs", "virustotal", "clamav", "clam", "vt item", "resource", "input file", "provider", "origin", "hashes md5", "meta entropy", "sha1", "please", "height", "width", "gif graphics", "entropy", "concurrency", "path", "access type", "usbvid04d8", "boost", "create", "temp", "handle", "queryval", "service", "error", "installer", "strings", "accept", "hybrid", "general", "click", "date", "february", "april", "june", "august", "bind", "unknown", "rest", "problem", "malicious", "suspicious", "malware", "submission info", "nzxtcamsetup", "media type", "report id", "submission id", "screen capture", "apis", "capture origin", "whois record", "ssl certificate", "whois", "vt graph", "select xmrig", "from sqlserver", "collection", "example", "log4shell", "icerat", "daxin" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AIDefenseNet", "id": "102874", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 116, "FileHash-SHA1": 105, "FileHash-SHA256": 361, "URL": 1, "domain": 5, "hostname": 21, "CVE": 1, "SSLCertFingerprint": 2 }, "indicator_count": 612, "is_author": false, "is_subscribing": null, "subscriber_count": 104, "modified_text": "1354 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62f26a9db86c050f2dd4e1b8", "name": "a bunch of malicious car /management apps - www.vxdiag.net/managecenter/apps/ford/install.exe", "description": "Fingerprint\nQueries kernel debugger information \nReads the cryptographic machine GUID\nEvasive\nMarks file for deletion \nPossibly tries to evade analysis by sleeping many times", "modified": "2022-09-08T00:01:12.540000", "created": "2022-08-09T14:09:33.374000", "tags": [ "dropped file", "comparam eid", "defaultvalue", "comparam idref", "errorcode idref", "idref", "shortname", "class", "suspicious", "entropy", "path", "delphi", "malicious", "august", "stub", "strings", "api key", "www.vxdiag.net/managecenter/apps/ford/install.exe" ], "references": [ "CVE-2021-22941", "https://hybrid-analysis.com/sample/b6ac1bdb4a31787d8e6fa5aa8cbf2ce2538c0f63313fe4e57fdbe3ec2c869ddf", "https://hybrid-analysis.com/sample/b6ac1bdb4a31787d8e6fa5aa8cbf2ce2538c0f63313fe4e57fdbe3ec2c869ddf/62f124a02adc8f11be57bbe4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 67, "hostname": 14, "FileHash-SHA256": 62, "domain": 6, "CVE": 1, "FileHash-MD5": 55, "FileHash-SHA1": 34 }, "indicator_count": 239, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1362 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62e400370539f2ffde908c3e", "name": "HFX1ENG-11.12.0.31.exe", "description": "External References\nhttp://dyna.dnsever.com/download/DDNSClient_1.0.0.5.zip \nhttps://www.virustotal.com/gui/collection/1d3bf0f66e482e0aea068b1a8826742eeddf8b7961487ffae68efbd6af7b2eee \nhttps://www.virustotal.com/graph/g10e6caece98c45f68a446bca1b5327150fdac5b1aba34ef4803ad2cdcaa4bba0\nExternal User Tags\n#http://dyna.dnsever.com/download/ddnsclient_1.0.0.5.zip", "modified": "2022-08-28T00:01:38.268000", "created": "2022-07-29T15:43:51.689000", "tags": [ "sha256", "memoryfile scan", "ansi", "unicode", "runtime data", "switch", "case", "autoit script", "autoit", "hotkey ansi", "verisign", "accept", "obsolete", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "source", "indicator", "observed import", "y ansi", "n ansi", "pattern match", "path", "entropy", "class", "hybrid", "close", "click", "strings", "suspicious" ], "references": [ "https://hybrid-analysis.com/sample/1e8e4936d1349855cec3e7f03e245a3a36bf549e35f7d2b1393ac8bc2d00bd48/62e304f35560d609b73f175a", "08bbf243bca2dd89b5b7b34736e1b81c SHA256: 1e8e4936d1349855cec3e7f03e245a3a36bf549e35f7d2b1393ac8bc2d00bd48" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 292, "hostname": 99, "domain": 83, "FileHash-SHA256": 9, "FileHash-MD5": 10, "FileHash-SHA1": 1, "SSLCertFingerprint": 3 }, "indicator_count": 497, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1373 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62b65e444d3744704646194b", "name": "fs.zp.shiwan1688.cn/Install/Installerfszip_wkeeak001104_fsbz.exe", "description": "CVE-2021-22941", "modified": "2022-07-24T00:00:42.127000", "created": "2022-06-25T01:00:52.820000", "tags": [ "trojan", "apt", "memoryfile scan", "raw size", "virtual address", "virtual size", "pcap", "pcap processing", "khtml", "delphi", "stub", "spin", "unizeto", "june", "team", "february", "b1900", "fs.zp.shiwan1688.cn/Install/Installerfszip_wkeeak001104_fsbz.exe", "CVE-2021-22941" ], "references": [ "https://hybrid-analysis.com/sample/348dbfa9286ec5e20609f8e6c1e679e341ff2c9afd60ab99a823765724e3ffb5/62b607fc0c8c2d3cea074459", "fs.zp.shiwan1688.cn/Install/Installerfszip_wkeeak001104_fsbz.exe", "CVE-2021-22941" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1237, "FileHash-SHA256": 550, "hostname": 175, "domain": 83, "CVE": 1, "FileHash-MD5": 132, "FileHash-SHA1": 24, "SSLCertFingerprint": 3, "email": 1 }, "indicator_count": 2206, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1408 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "627d0cd56cee8724cffe49a3", "name": "https://ulm.aeroadmin.com/AeroAdmin.exe - CVE-2021-22941", "description": "Relates to Medovivo Titi 2 Cocima", "modified": "2022-06-11T00:03:07.696000", "created": "2022-05-12T13:34:13.638000", "tags": [ "malware", "vxstream", "trojan", "apt", "memoryfile scan", "ansi", "cryptopp", "unicode", "boost", "concurrency", "dropped file", "asio", "exceptiondetail", "rijndael", "aeroadmin", "february", "bogus", "executor", "error", "april", "june", "august", "shutdown", "click", "strings", "malicious", "Medovivo Titi 2 Cocima", "CVE-2021-22941" ], "references": [ "https://hybrid-analysis.com/sample/491f92041ebaae0afd01d0b7121365bb276f7ec76dd02ecd90d8167320b8b0fa/62703bcf1813df6b8e6c7d3b", "Medovivo Titi 2 Cocima", "CVE-2021-22941" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 38, "URL": 46, "hostname": 20, "domain": 4, "FileHash-MD5": 12, "FileHash-SHA1": 4, "SSLCertFingerprint": 3, "email": 2 }, "indicator_count": 129, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1451 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "622d1bfcc803885f68218e49", "name": ";utty.exe", "description": "", "modified": "2022-03-12T22:17:32.730000", "created": "2022-03-12T22:17:32.730000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "network error", "unicode", "proxy error", "server", "ssh1", "pageant", "bold ansi", "socks proxy", "middle", "general", "path", "agent", "turkish", "backspace", "local", "push", "format", "hybrid", "close", "click", "barry", "internal", "shift", "terminal", "window", "strings", "suspicious", "nutty.exe" ], "references": [ "https://hybrid-analysis.com/sample/c97446c3eea88c9d0b7af2172ba1a7e30df97bf4135fecb1d9522aaf9f1b1a8e?environmentId=100" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 35, "domain": 5, "URL": 29, "FileHash-MD5": 6, "FileHash-SHA1": 1, "FileHash-SHA256": 2, "email": 3 }, "indicator_count": 81, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1541 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "oldnames.lib", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "oldnames.lib", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780273001.090173 }