{ "type": "Domain", "indicator": "ontrust.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/ontrust.com", "alexa": "http://www.alexa.com/siteinfo/ontrust.com", "indicator": "ontrust.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2776154123, "indicator": "ontrust.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 24, "pulses": [ { "id": "69dba8a0f375964d468b9ba0", "name": "Credit: DorkingBeauty1- Charles-152.199.19.160- from scan various dupont domains- malicious- Oracle Supply Chain or Turning Blind eye", "description": "", "modified": "2026-05-12T00:09:20.348000", "created": "2026-04-12T14:13:52.560000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "data", "decrypted ssl", "windows nt", "threat level", "ecacc", "gmtetag", "date", "sha256", "pcap", "path", "accept", "back", "close", "click", "solid", "class", "flame", "splash", "verify", "direct", "suspicious", "malicious", "sybuex", "core", "agent", "code", "model", "next", "first", "phase", "impact", "trim", "hybrid", "hosts", "format", "general", "strings", "dupont", "meta", "body", "local", "trident", "gynx", "mozilla" ], "references": [ "https://hybrid-analysis.com/sample/62b6cea0e6e2b40533d835de1968ce767764a36f1f9de2b603ddc2d72aa5e246?environmentId=100", "https://hybrid-analysis.com/sample/1e018f44cfe693f0cd2a5e6491a21eb65bdd0f02fb694eb131eaf5d9118f39ee?environmentId=100", "https://hybrid-analysis.com/sample/e9425c4658ad484851e6b207e7c1ebb7df9da7f793bc35216c46285ef224aa83?environmentId=100", "ok12110.ok1.chatbot.lab.works-hi.co.jp", "ns-19.awsdns-02.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": "622772a53274b509660d46af", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 902, "domain": 338, "URL": 1721, "FileHash-SHA256": 558, "email": 4, "CVE": 1, "FileHash-MD5": 159, "FileHash-SHA1": 128 }, "indicator_count": 3811, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "20 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570908823f97b5559b71806", "name": ";http://tiktok.hop3.pw/EaL8Ufp - Hybrid A report upliad", "description": "", "modified": "2023-12-06T15:17:28.460000", "created": "2023-12-06T15:17:28.460000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 239, "domain": 403, "email": 10, "URL": 1032, "hostname": 561, "FileHash-MD5": 84, "FileHash-SHA1": 49 }, "indicator_count": 2378, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ff435400450988945f1", "name": "auto.getsetpet.com - typosquat cloudfare.com with many typical subs as well", "description": "", "modified": "2023-12-06T15:15:00.581000", "created": "2023-12-06T15:15:00.581000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 733, "FileHash-SHA256": 945, "domain": 529, "URL": 1464, "email": 9, "FileHash-MD5": 82, "FileHash-SHA1": 55, "CVE": 1 }, "indicator_count": 3818, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e34d64c3320402789ef", "name": "SmartReceipt - Receipt marketing and transactional analytics software. install.receipt.com", "description": "", "modified": "2023-12-06T15:07:32.118000", "created": "2023-12-06T15:07:32.118000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 501, "domain": 358, "URL": 1779, "hostname": 962, "FileHash-MD5": 114, "FileHash-SHA1": 84, "email": 1 }, "indicator_count": 3801, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ba10e79097bb5108b8c", "name": "Dont you jus love how many bad actors dress up in the normal world these days!", "description": "", "modified": "2023-12-06T14:56:33.171000", "created": "2023-12-06T14:56:33.171000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 262, "hostname": 317, "domain": 107, "URL": 741, "CVE": 1, "FileHash-SHA1": 49, "FileHash-MD5": 46, "email": 1 }, "indicator_count": 1524, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a8f3203633312147d1e", "name": "www.virgilio. various Malacious tld's", "description": "", "modified": "2023-12-06T14:51:59.166000", "created": "2023-12-06T14:51:59.166000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 238, "URL": 818, "domain": 177, "hostname": 336, "email": 6, "FileHash-MD5": 79, "FileHash-SHA1": 47 }, "indicator_count": 1702, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657089bdb1d8a5ad0edc6614", "name": "http://www.diapers.com.sg/GOO.N-Japan-Version-Diapers-Pants/", "description": "", "modified": "2023-12-06T14:48:29.397000", "created": "2023-12-06T14:48:29.397000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 307, "domain": 149, "hostname": 299, "URL": 602, "email": 4, "FileHash-MD5": 59, "FileHash-SHA1": 53 }, "indicator_count": 1474, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708172b5b5810d62645bfe", "name": "http://adwcleaner.malwarebytes.com/ and cloudfront hosts", "description": "", "modified": "2023-12-06T14:13:06.127000", "created": "2023-12-06T14:13:06.127000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 516, "FileHash-SHA256": 340, "URL": 713, "email": 3, "domain": 356, "FileHash-MD5": 119, "FileHash-SHA1": 59, "SSLCertFingerprint": 4 }, "indicator_count": 2110, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657080d7cc6525322cdb9052", "name": "Charles-152.199.19.160- from scan various dupont domains- malicious- Oracle Supply Chain or Turning Blind eye", "description": "", "modified": "2023-12-06T14:10:31.519000", "created": "2023-12-06T14:10:31.519000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 537, "hostname": 888, "URL": 1698, "email": 4, "domain": 337, "CVE": 1, "FileHash-MD5": 159, "FileHash-SHA1": 127 }, "indicator_count": 3751, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62ff8073d5ec6f25915eee77", "name": "confirmation spam email", "description": "Small sample of an email message that has passed through Gmail's phishing and spam filter. A confirmation email from both cashapp,costco, AceHardware,Walmart, Dicks Sporting Goods, with links hosted on Amazonaws. A common theme between all messages is that the contain a link to an amazon AWS. Redirecting to the launchstore[.]quest before reaching its final destination. Clearly marked phishing by VT, but not specific malware threat based on scans on Hybrid Analysis. (UPDATE) The latest entry is now classifed as malicious.\n\nUpdate Milwaukee power drill via Acehardware.\n\n\nSame MO. Amazon AWS link > Thelaunchstore[.]quest>jongberreta[.]com > positionspot.info\n\n\nUpdate 21/13:20 Added Walmart, Acehardware, Dicks sporting goods into the description above.", "modified": "2022-09-20T00:01:18.490000", "created": "2022-08-19T12:22:11.793000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "wow64", "windows nt", "get rd", "details", "request url", "format details", "request get", "raw hex", "ed bf", "c0 a8", "date", "accept", "hybrid", "close", "click", "hosts", "august", "general", "local", "strings", "suspicious", "hybrid analysis", "api key", "vetting process", "please note", "please", "urls", "javascript" ], "references": [ "https://www.virustotal.com/gui/url/914be00fdad8f3107346a98befe3f9479c22279fdde96f791335979535cb925a/details", "https://www.virustotal.com/gui/url/229900b7e2a264dac811b9600ab1c4b8bab8db66d36c991b04ff13989a9a762f/details", "https://hybrid-analysis.com/sample/9e96b4c177ce71ec5e8abe0f7bdd6c8ed3c30c2f8cc4d2b2f8cbd563baa4e21d", "https://hybrid-analysis.com/sample/0c4d6854d2c6e4fc7f5b27d00200b4f9e1dee0d83a253b8ed3f6628369ec53b2/62feba5605ed9d19656a2cc4", "https://www.virustotal.com/gui/url/85027244b8c9b054a86f6ff56c51d7de18b7575fada1a2132f6f766b95df022d/detection", "https://tria.ge/220820-cg7v8sddcm/behavioral1", "https://www.virustotal.com/gui/url/fb0d412d69fc02afac1be2a966500bc93e2fa01347e92bd5528f630bad921b5f?nocache=1", "https://www.virustotal.com/gui/url/c2053470f4ca4ae31a379e12f6cbc90cb0a60d2f038e57fdf20fe0344b8a30dd?nocache=1" ], "public": 1, "adversary": "Mazikeen", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "BraveHeart", "id": "123797", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "FileHash-MD5": 274, "FileHash-SHA1": 256, "FileHash-SHA256": 267, "URL": 51, "domain": 96, "email": 18, "hostname": 59 }, "indicator_count": 1027, "is_author": false, "is_subscribing": null, "subscriber_count": 61, "modified_text": "1350 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62e80d56fba248bac0744780", "name": "\ud83e\udd14\ud83d\udea8 Could this be the source of all Evil? \ud83d\udea8\ud83e\udd14 Nubotnet - Team:KU Leuven/test2 - 2021.igem.org", "description": "", "modified": "2022-08-31T00:01:05.509000", "created": "2022-08-01T17:28:54.991000", "tags": [ "apt", "runtime data", "decrypted ssl", "pcap", "windows nt", "tops", "cookie", "typeof t", "element", "error", "matrix", "typeerror", "bmfloor", "frameelement", "null", "skew", "parade" ], "references": [ "https://2021.igem.org/Team:KU_Leuven/test2", "https://hybrid-analysis.com/sample/e126ff94aac3340dc05a27f062c4267cbfeaa998248bef0e72f000bba711aa76/62e6fb475edc950b894aa7b0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1696, "domain": 586, "hostname": 613, "FileHash-SHA256": 533, "FileHash-MD5": 34, "FileHash-SHA1": 33, "email": 1 }, "indicator_count": 3496, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1370 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62d9e3e8f8a916986b59d0fb", "name": ";http://tiktok.hop3.pw/EaL8Ufp - Hybrid A report upliad", "description": "", "modified": "2022-08-21T00:01:29.251000", "created": "2022-07-21T23:40:24.902000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "data", "decrypted ssl", "threat level", "date", "windows nt", "pcap", "sha256", "pcap processing", "report domain", "accept", "core", "roboto", "gondi", "twitter", "obfa", "hybrid", "close", "click", "hosts", "malicious", "general", "local", "lana", "mozi", "trident", "strings", "suspicious", "hop3.pw" ], "references": [ "https://www.hybrid-analysis.com/sample/facdbc6b7b2cb2a4ba4d45dc831c29834813a8690a81d206e3472b2aacd926bd/62d6a6da34c2b45239660f93" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 561, "domain": 403, "FileHash-SHA256": 239, "URL": 1032, "email": 10, "FileHash-MD5": 84, "FileHash-SHA1": 49 }, "indicator_count": 2378, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1380 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c0f67de71e1a7105c84885", "name": "www.firstsportz.com", "description": "", "modified": "2022-08-02T00:03:03.164000", "created": "2022-07-03T01:53:01.448000", "tags": [ "timo" ], "references": [ "https://hybrid-analysis.com/sample/de899c3feee092fe028bc50148544f31b8901675743fc0f97bfce327259dbee3/62c044d92ef9da07aa01321d", "URL www.apache.org/licenses/LICENSE-2.0http://www.apache.org/licenses/LICENSE-2.0Open", "http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL8-@", "https://rtb.da.us.criteo.com/google/auction/notify?profile=14&payload=UPmfDtqCMOgCgAXiIp0XAgAAAPYoFff2TiA6EJ2IymBKkkrxCNowD06JjQAS&wp=YMqInQAE53wKZIjPAA9S9H1IbXvGlF_g6pMG-Q", "https://secure.gravatar.com/avatar/6121f5a38f7526427becf34cc1e7bb2f?d=https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/default-avatar-2.png];https://5res.atlassian.net/secure/ViewProfile.jspa?accountId=6204fb88f38765006f673bf3;https://p4dx.s3.eu-west-3.amazonaws.com/Mcafee/mcafeech.html;https://p4dx.s3.eu-west-3.amazonaws.com/Mcafee/McAfee.jpg];https://p4dx.s3.eu-west-3.amazonaws.com/Mcafee/mcafeech.html;https://p4dx.s3.eu-west-3.amazonaws.com/Mcafee/mcafeech.html;https://p4dx.s3.eu-wes", "URL http://ert-banner.s3-website-eu-west-1.amazonaws.com/hu-banner.min.js", "URL https://cs.media.net/cksync?cs=1&type=ttd&ovsid=d0e0d23f-e88f-4ddb-868b-66da2a5995fc", "http://d1biim3gqfg2c3.cloudfront.net/installer/2012861567342/10902508", "www-linuxbabe-com.webpkgcache.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 258, "URL": 462, "domain": 106, "FileHash-SHA256": 329, "FileHash-MD5": 73, "CVE": 1, "FileHash-SHA1": 52, "email": 2 }, "indicator_count": 1283, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1399 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62bc67d92c92ae06d9df38b4", "name": "auto.getsetpet.com - typosquat cloudfare.com with many typical subs as well", "description": "", "modified": "2022-07-29T00:00:24.010000", "created": "2022-06-29T14:55:21.812000", "tags": [ "windows nt", "malicious", "suspicious", "february", "moved", "gmt content", "set cookie", "gmt path", "x sorting", "hat podid", "hat shopid", "x storefront" ], "references": [ "https://hybrid-analysis.com/sample/93aad12ffc4a15052f6e133ce509b9c676c7a0b0eb118d714ecd6a6699fd0c9c/62bc50d0c273e7065f4cfbcb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 529, "URL": 1464, "hostname": 733, "FileHash-SHA256": 945, "email": 9, "FileHash-MD5": 82, "CVE": 1, "FileHash-SHA1": 55 }, "indicator_count": 3818, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1403 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62b05f8c261c86a70d541ee2", "name": "http://irs.gov/efile", "description": "", "modified": "2022-07-20T00:04:04.226000", "created": "2022-06-20T11:52:44.182000", "tags": [ "malware", "trojan", "apt", "windows nt", "patch", "june", "local", "team", "february", "b3sitos" ], "references": [ "Hybrid-A gives clean bill of health with all this nastyness ??????", "Found malicious artifacts related to \"108.156.107.37\": ... URL: https://daycoval.facildepagar.com.br/ (AV positives: 8/95 scanned on 06/19/2022 01:54:19) URL: https://search.thejobspotter.com/ (AV positives: 1/95 scanned on 06/17/2022 18:02:39) URL: http://www.onlyonesearch.com/?q=caixa%20geral%20de%20dep%C3%B3sitos%20caixadirecta (AV positives: 1/95 scanned on 06/17/2022 04:21:41) URL: https://dp.la/search (AV positives: 1/95 scanned on 06/14/2022 18:12:11) URL: http://www.ute.com/templates/email_signatur", "https://hybrid-analysis.com/sample/f5c28aaa1eed64eb2abcc9bf3208dbd597b01d0eff7cb0abbcecaf70b77eec3c/62afaa107abd8e4632069a53" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 333, "URL": 509, "domain": 285, "FileHash-SHA256": 196, "CVE": 1, "FileHash-MD5": 56, "FileHash-SHA1": 51, "email": 2 }, "indicator_count": 1433, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1412 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629ad2b4ed4cab2266d9a4cf", "name": "thenextstorey.com", "description": "", "modified": "2022-07-04T00:03:29.389000", "created": "2022-06-04T03:34:12.844000", "tags": [ "mozi", "wind", "february", "thenextstorey.com", "T1012", "T1071", "T1132" ], "references": [ "http://thenextstorey.com/", "https://hybrid-analysis.com/sample/8a6afc994835900da86434db53a420b10cdf924eb16c614b91e6108d5bb259c2/628ec34427f35342c97e1402" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 263, "hostname": 139, "domain": 87, "FileHash-SHA256": 203, "email": 4, "CVE": 1, "FileHash-MD5": 42, "FileHash-SHA1": 39 }, "indicator_count": 778, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1428 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629031fc81694b5d8c4772bb", "name": "www.account.serbantbank.com", "description": "", "modified": "2022-06-26T00:00:14.021000", "created": "2022-05-27T02:05:48.516000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "threat level", "pcap", "pcap processing", "date", "sha256", "windows nt", "data", "decrypted ssl", "size", "accept", "path", "suspicious", "malicious", "mozilla", "stop", "hybrid", "close", "click", "hosts", "trident", "general", "local", "factory", "mozi", "heck", "strings", "format", "team", "february", "network traffic" ], "references": [ "https://hybrid-analysis.com/sample/57bf0fb1bb3f7cc8fb6f2bb13548daef686c7f85cf4e361c30e67fca737f9bb5/628ec3b7a12f79752a4ea6f5" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 168, "hostname": 98, "domain": 49, "FileHash-SHA256": 246, "email": 7, "CVE": 1, "FileHash-MD5": 48, "FileHash-SHA1": 46 }, "indicator_count": 663, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1436 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62817f1b91113f114df6d446", "name": "SmartReceipt - Receipt marketing and transactional analytics software. install.receipt.com", "description": "", "modified": "2022-06-14T00:00:05.659000", "created": "2022-05-15T22:30:51.437000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "dropped file", "unicode", "path", "n ansi", "q ansi", "k ansi", "t ansi", "j ansi", "explorer", "winrar", "suspicious", "info", "installer", "body", "install", "template", "hybrid", "general", "little", "close", "click", "obsolete", "win32", "delphi", "class", "strings", "malicious", "team", "february", "novo dicionrio", "hybrid analysis", "api key", "vetting process", "please note", "please", "runtime data", "size", "sha256", "sha1", "hkcuclsid", "threat level", "seen", "date", "hosts", "factory", "accept", "found", "local", "mozilla", "network related", "network traffic", "data", "decrypted ssl", "windows nt", "pcap", "pcap processing", "core", "personalized marketing", "coupon marketing", "marketing solutions software", "receipt advertising", "smartreceipt", "increase ave", "learn", "conditions", "privacy policy" ], "references": [ "https://receipt.com/", "https://hybrid-analysis.com/sample/00fa255f524660ffa461a44b9ae6715b254f1ab51e818439547ad4ae805351be/627e3e1fed152c27dc0ef614", "https://hybrid-analysis.com/sample/a8183b1c3d75f7fbf3353f8c0f8fb21ff973a260e72f24de64a86926a2aa8bb5/6280f05d68d40e7cb006d8dd", "https://hybrid-analysis.com/sample/c7a96105da4991cb58d47f15aac375f2d91ea033660a85b89a442852d5fa3e48/6281316b07368855823e564a", "https://hybrid-analysis.com/sample/f71e0ac05ae415be952b5f2d55689b10085395def7e132c27dca3fe60ed487f7/62348a15e307d42349571684" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1001.002", "name": "Steganography", "display_name": "T1001.002 - Steganography" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1011", "name": "Exfiltration Over Other Network Medium", "display_name": "T1011 - Exfiltration Over Other Network Medium" }, { "id": "T1011.001", "name": "Exfiltration Over Bluetooth", "display_name": "T1011.001 - Exfiltration Over Bluetooth" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1015", "name": "Accessibility Features", "display_name": "T1015 - Accessibility Features" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1034", "name": "Path Interception", "display_name": "T1034 - Path Interception" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1052.001", "name": "Exfiltration over USB", "display_name": "T1052.001 - Exfiltration over USB" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1067", "name": "Bootkit", "display_name": "T1067 - Bootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" }, { "id": "T1070.006", "name": "Timestomp", "display_name": "T1070.006 - Timestomp" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 358, "URL": 1779, "FileHash-SHA256": 501, "hostname": 962, "email": 1, "CVE": 2, "FileHash-MD5": 114, "FileHash-SHA1": 84 }, "indicator_count": 3801, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6264b524008ccee1d221f967", "name": "statcounter nefarious ad and analytics in platform webapp delivered ads", "description": "", "modified": "2022-05-24T00:01:27.321000", "created": "2022-04-24T02:25:40.062000", "tags": [ "associated urls", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "section", "ansi", "threat level", "header", "messages", "surveymonkey", "chrome", "firefox", "safari", "microsoft", "date", "span", "path", "body", "accept", "explorer", "suspicious", "main", "hybrid", "close", "click", "hosts", "april", "malicious", "general", "local", "factory", "strings", "team", "february", "hybrid analysis", "input", "report", "falcon sandbox", "please note", "data protection", "policy", "https", "memoryfile scan", "windir", "openurl c", "urlhttps", "pmuid", "no expiration", "filehashsha256", "url http", "expiration" ], "references": [ "https://onetag-sys.com/usync/?pubId=6b859b96c564fbe", "https://sync.richaudience.com/74889303289e27f327ad0c6de7be7264/?p=1BTOoaD22a&consentString=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA&ccpa_", "https://ssbsync.smartadserver.com/api/sync?callerId=43&gdpr=1&gdpr_consent=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA", "https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&gdpr=1&gdpr_consent=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA&us_privacy=1---", "https://hybrid-analysis.com/sample/de66bd83860e9dc66969b28f3b93b36c07c5f9d9568f13b07f0e1928490d6945/62649e273fcef808fa4c2bbb", "https://hybrid-analysis.com/sample/9116e707b9da6b1047df9412e29b816726ba3aa6ebc91d77f7f47741ccb7b7bd/6264a22fa3836270e73495b3", "https://hybrid-analysis.com/sample/b3d7008253008166b2abeb2fcc642d9c5e354435f7cb83a681b3cba82840002e/62626a096a89191d343c4546", "usync.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 693, "hostname": 325, "domain": 205, "FileHash-SHA256": 148, "FileHash-MD5": 31, "CVE": 1, "FileHash-SHA1": 22, "email": 3 }, "indicator_count": 1428, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1469 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6254d6b1c0ca4b5186a5ed99", "name": "Dont you jus love how many bad actors dress up in the normal world these days!", "description": "", "modified": "2022-05-12T00:04:24.089000", "created": "2022-04-12T01:32:33.859000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "threat level", "ansi", "pcap", "pcap processing", "date", "runtime data", "sha256", "united", "report domain", "report", "accept", "hybrid", "close", "click", "hosts", "april", "malicious", "general", "local", "path", "strings", "suspicious", "team", "february", "found", "1618380672450", "a9rica", "pagespcscpink2" ], "references": [ "https://hybrid-analysis.com/sample/6f7e0fc1efd88ab0abc05c8ebb8b4d50cedaf91b0975cb870a44e6c0d72e1413?environmentId=120" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 317, "domain": 107, "URL": 741, "FileHash-SHA256": 262, "FileHash-SHA1": 49, "CVE": 1, "FileHash-MD5": 46, "email": 1 }, "indicator_count": 1524, "is_author": false, "is_subscribing": null, "subscriber_count": 398, "modified_text": "1481 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62498485afc3d6ebba050b8b", "name": "www.virgilio. various Malacious tld's", "description": "", "modified": "2022-05-03T00:01:26.398000", "created": "2022-04-03T11:27:01.556000", "tags": [ "virgillo" ], "references": [ "https://hybrid-analysis.com/sample/c914c5cc1371bbc7d2285bbbeec77a94a0d1586c73d3a3f95b48766f1452cca8/6248c9f1f90df91459524ac8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 336, "domain": 177, "URL": 818, "FileHash-SHA256": 238, "CVE": 1, "FileHash-MD5": 79, "FileHash-SHA1": 47, "email": 6 }, "indicator_count": 1702, "is_author": false, "is_subscribing": null, "subscriber_count": 398, "modified_text": "1490 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6236fd4f28c3eb5b44fc33ae", "name": "http://www.diapers.com.sg/GOO.N-Japan-Version-Diapers-Pants/", "description": "", "modified": "2022-04-19T00:01:05.210000", "created": "2022-03-20T10:09:19.042000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "data", "decrypted ssl", "threat level", "date", "windows nt", "sha256", "pcap", "pcap processing", "report domain", "accept", "path", "error", "suspicious", "malicious", "this", "vvsc", "hybrid", "close", "click", "hosts", "general", "local", "trident", "strings" ], "references": [ "https://hybrid-analysis.com/sample/d6efd0eda408fff305f6281307657f61e344e24345dfbbb166b4ca50f7abff0d/6236eaf4900f62451b39492f" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 602, "hostname": 299, "domain": 149, "FileHash-SHA256": 307, "email": 4, "CVE": 1, "FileHash-MD5": 59, "FileHash-SHA1": 53 }, "indicator_count": 1474, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1504 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "622c42836d7c741d4156fc83", "name": "http://adwcleaner.malwarebytes.com/ and cloudfront hosts", "description": "T1553", "modified": "2022-04-11T00:04:29.819000", "created": "2022-03-12T06:49:39.036000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "tcomparer", "tlist", "tarray", "path", "icomparer", "tcomparison", "tenumerator", "suspicious", "date", "delphi", "error", "hybrid", "close", "click", "hosts", "stack", "win32", "malicious", "general", "pecompact", "strings", "code", "data", "decrypted ssl", "threat level", "windows nt", "pcap", "pcap processing", "sha256", "report domain", "accept", "core", "false", "local", "mozilla" ], "references": [ "https://hybrid-analysis.com/sample/ac15b6c5ede04e496b08523bf7deac3694dc3cd34474a9d4e57e23255f56b647/6222a011962dca32330a5c2d", "https://hybrid-analysis.com/sample/246eb0388eff22439e0b48cd3d5ffa8c434559c52638ed166d8b96b2b8fea7ac/61f4919bf315615dd65ca107" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 516, "URL": 713, "FileHash-SHA256": 340, "domain": 356, "FileHash-MD5": 119, "FileHash-SHA1": 59, "email": 3, "SSLCertFingerprint": 4 }, "indicator_count": 2110, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1512 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "622772a53274b509660d46af", "name": "Charles-152.199.19.160- from scan various dupont domains- malicious- Oracle Supply Chain or Turning Blind eye", "description": "so much familiarity here from the last 5 Years, this is by far compromise on supply chain of the century all the big boys are featured no surprise to me. The question is just how many are compromised from home routers and personal devices", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-08T15:13:41.976000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "data", "decrypted ssl", "windows nt", "threat level", "ecacc", "gmtetag", "date", "sha256", "pcap", "path", "accept", "back", "close", "click", "solid", "class", "flame", "splash", "verify", "direct", "suspicious", "malicious", "sybuex", "core", "agent", "code", "model", "next", "first", "phase", "impact", "trim", "hybrid", "hosts", "format", "general", "strings", "dupont", "meta", "body", "local", "trident", "gynx", "mozilla" ], "references": [ "https://hybrid-analysis.com/sample/62b6cea0e6e2b40533d835de1968ce767764a36f1f9de2b603ddc2d72aa5e246?environmentId=100", "https://hybrid-analysis.com/sample/1e018f44cfe693f0cd2a5e6491a21eb65bdd0f02fb694eb131eaf5d9118f39ee?environmentId=100", "https://hybrid-analysis.com/sample/e9425c4658ad484851e6b207e7c1ebb7df9da7f793bc35216c46285ef224aa83?environmentId=100", "ok12110.ok1.chatbot.lab.works-hi.co.jp", "ns-19.awsdns-02.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 888, "domain": 337, "URL": 1698, "FileHash-SHA256": 537, "email": 4, "CVE": 1, "FileHash-MD5": 159, "FileHash-SHA1": 127 }, "indicator_count": 3751, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1516 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/62b6cea0e6e2b40533d835de1968ce767764a36f1f9de2b603ddc2d72aa5e246?environmentId=100", "https://www.virustotal.com/gui/url/fb0d412d69fc02afac1be2a966500bc93e2fa01347e92bd5528f630bad921b5f?nocache=1", "https://ssbsync.smartadserver.com/api/sync?callerId=43&gdpr=1&gdpr_consent=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA", "https://hybrid-analysis.com/sample/c914c5cc1371bbc7d2285bbbeec77a94a0d1586c73d3a3f95b48766f1452cca8/6248c9f1f90df91459524ac8", "https://hybrid-analysis.com/sample/f71e0ac05ae415be952b5f2d55689b10085395def7e132c27dca3fe60ed487f7/62348a15e307d42349571684", "https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&gdpr=1&gdpr_consent=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA&us_privacy=1---", "http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL8-@", "URL http://ert-banner.s3-website-eu-west-1.amazonaws.com/hu-banner.min.js", "https://hybrid-analysis.com/sample/00fa255f524660ffa461a44b9ae6715b254f1ab51e818439547ad4ae805351be/627e3e1fed152c27dc0ef614", "https://hybrid-analysis.com/sample/e126ff94aac3340dc05a27f062c4267cbfeaa998248bef0e72f000bba711aa76/62e6fb475edc950b894aa7b0", "https://hybrid-analysis.com/sample/ac15b6c5ede04e496b08523bf7deac3694dc3cd34474a9d4e57e23255f56b647/6222a011962dca32330a5c2d", "ok12110.ok1.chatbot.lab.works-hi.co.jp", "https://www.virustotal.com/gui/url/85027244b8c9b054a86f6ff56c51d7de18b7575fada1a2132f6f766b95df022d/detection", "https://onetag-sys.com/usync/?pubId=6b859b96c564fbe", "https://hybrid-analysis.com/sample/1e018f44cfe693f0cd2a5e6491a21eb65bdd0f02fb694eb131eaf5d9118f39ee?environmentId=100", "Hybrid-A gives clean bill of health with all this nastyness ??????", "https://tria.ge/220820-cg7v8sddcm/behavioral1", "https://hybrid-analysis.com/sample/d6efd0eda408fff305f6281307657f61e344e24345dfbbb166b4ca50f7abff0d/6236eaf4900f62451b39492f", "ns-19.awsdns-02.com", "http://d1biim3gqfg2c3.cloudfront.net/installer/2012861567342/10902508", "https://hybrid-analysis.com/sample/b3d7008253008166b2abeb2fcc642d9c5e354435f7cb83a681b3cba82840002e/62626a096a89191d343c4546", "https://www.virustotal.com/gui/url/914be00fdad8f3107346a98befe3f9479c22279fdde96f791335979535cb925a/details", "Found malicious artifacts related to \"108.156.107.37\": ... URL: https://daycoval.facildepagar.com.br/ (AV positives: 8/95 scanned on 06/19/2022 01:54:19) URL: https://search.thejobspotter.com/ (AV positives: 1/95 scanned on 06/17/2022 18:02:39) URL: http://www.onlyonesearch.com/?q=caixa%20geral%20de%20dep%C3%B3sitos%20caixadirecta (AV positives: 1/95 scanned on 06/17/2022 04:21:41) URL: https://dp.la/search (AV positives: 1/95 scanned on 06/14/2022 18:12:11) URL: http://www.ute.com/templates/email_signatur", "www-linuxbabe-com.webpkgcache.com", "https://hybrid-analysis.com/sample/6f7e0fc1efd88ab0abc05c8ebb8b4d50cedaf91b0975cb870a44e6c0d72e1413?environmentId=120", "https://hybrid-analysis.com/sample/0c4d6854d2c6e4fc7f5b27d00200b4f9e1dee0d83a253b8ed3f6628369ec53b2/62feba5605ed9d19656a2cc4", "https://www.hybrid-analysis.com/sample/facdbc6b7b2cb2a4ba4d45dc831c29834813a8690a81d206e3472b2aacd926bd/62d6a6da34c2b45239660f93", "https://hybrid-analysis.com/sample/246eb0388eff22439e0b48cd3d5ffa8c434559c52638ed166d8b96b2b8fea7ac/61f4919bf315615dd65ca107", "https://rtb.da.us.criteo.com/google/auction/notify?profile=14&payload=UPmfDtqCMOgCgAXiIp0XAgAAAPYoFff2TiA6EJ2IymBKkkrxCNowD06JjQAS&wp=YMqInQAE53wKZIjPAA9S9H1IbXvGlF_g6pMG-Q", "https://receipt.com/", "https://hybrid-analysis.com/sample/e9425c4658ad484851e6b207e7c1ebb7df9da7f793bc35216c46285ef224aa83?environmentId=100", "https://hybrid-analysis.com/sample/9116e707b9da6b1047df9412e29b816726ba3aa6ebc91d77f7f47741ccb7b7bd/6264a22fa3836270e73495b3", "https://2021.igem.org/Team:KU_Leuven/test2", "https://hybrid-analysis.com/sample/93aad12ffc4a15052f6e133ce509b9c676c7a0b0eb118d714ecd6a6699fd0c9c/62bc50d0c273e7065f4cfbcb", "https://hybrid-analysis.com/sample/a8183b1c3d75f7fbf3353f8c0f8fb21ff973a260e72f24de64a86926a2aa8bb5/6280f05d68d40e7cb006d8dd", "URL https://cs.media.net/cksync?cs=1&type=ttd&ovsid=d0e0d23f-e88f-4ddb-868b-66da2a5995fc", "URL www.apache.org/licenses/LICENSE-2.0http://www.apache.org/licenses/LICENSE-2.0Open", "https://sync.richaudience.com/74889303289e27f327ad0c6de7be7264/?p=1BTOoaD22a&consentString=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA&ccpa_", "https://hybrid-analysis.com/sample/de66bd83860e9dc66969b28f3b93b36c07c5f9d9568f13b07f0e1928490d6945/62649e273fcef808fa4c2bbb", "http://thenextstorey.com/", "https://hybrid-analysis.com/sample/8a6afc994835900da86434db53a420b10cdf924eb16c614b91e6108d5bb259c2/628ec34427f35342c97e1402", "https://hybrid-analysis.com/sample/de899c3feee092fe028bc50148544f31b8901675743fc0f97bfce327259dbee3/62c044d92ef9da07aa01321d", "usync.html", "https://hybrid-analysis.com/sample/c7a96105da4991cb58d47f15aac375f2d91ea033660a85b89a442852d5fa3e48/6281316b07368855823e564a", "https://www.virustotal.com/gui/url/c2053470f4ca4ae31a379e12f6cbc90cb0a60d2f038e57fdf20fe0344b8a30dd?nocache=1", "https://hybrid-analysis.com/sample/9e96b4c177ce71ec5e8abe0f7bdd6c8ed3c30c2f8cc4d2b2f8cbd563baa4e21d", "https://hybrid-analysis.com/sample/f5c28aaa1eed64eb2abcc9bf3208dbd597b01d0eff7cb0abbcecaf70b77eec3c/62afaa107abd8e4632069a53", "https://secure.gravatar.com/avatar/6121f5a38f7526427becf34cc1e7bb2f?d=https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/default-avatar-2.png];https://5res.atlassian.net/secure/ViewProfile.jspa?accountId=6204fb88f38765006f673bf3;https://p4dx.s3.eu-west-3.amazonaws.com/Mcafee/mcafeech.html;https://p4dx.s3.eu-west-3.amazonaws.com/Mcafee/McAfee.jpg];https://p4dx.s3.eu-west-3.amazonaws.com/Mcafee/mcafeech.html;https://p4dx.s3.eu-west-3.amazonaws.com/Mcafee/mcafeech.html;https://p4dx.s3.eu-wes", "https://hybrid-analysis.com/sample/57bf0fb1bb3f7cc8fb6f2bb13548daef686c7f85cf4e361c30e67fca737f9bb5/628ec3b7a12f79752a4ea6f5", "https://www.virustotal.com/gui/url/229900b7e2a264dac811b9600ab1c4b8bab8db66d36c991b04ff13989a9a762f/details" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Mazikeen" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 24, "pulses": [ { "id": "69dba8a0f375964d468b9ba0", "name": "Credit: DorkingBeauty1- Charles-152.199.19.160- from scan various dupont domains- malicious- Oracle Supply Chain or Turning Blind eye", "description": "", "modified": "2026-05-12T00:09:20.348000", "created": "2026-04-12T14:13:52.560000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "data", "decrypted ssl", "windows nt", "threat level", "ecacc", "gmtetag", "date", "sha256", "pcap", "path", "accept", "back", "close", "click", "solid", "class", "flame", "splash", "verify", "direct", "suspicious", "malicious", "sybuex", "core", "agent", "code", "model", "next", "first", "phase", "impact", "trim", "hybrid", "hosts", "format", "general", "strings", "dupont", "meta", "body", "local", "trident", "gynx", "mozilla" ], "references": [ "https://hybrid-analysis.com/sample/62b6cea0e6e2b40533d835de1968ce767764a36f1f9de2b603ddc2d72aa5e246?environmentId=100", "https://hybrid-analysis.com/sample/1e018f44cfe693f0cd2a5e6491a21eb65bdd0f02fb694eb131eaf5d9118f39ee?environmentId=100", "https://hybrid-analysis.com/sample/e9425c4658ad484851e6b207e7c1ebb7df9da7f793bc35216c46285ef224aa83?environmentId=100", "ok12110.ok1.chatbot.lab.works-hi.co.jp", "ns-19.awsdns-02.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": "622772a53274b509660d46af", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 902, "domain": 338, "URL": 1721, "FileHash-SHA256": 558, "email": 4, "CVE": 1, "FileHash-MD5": 159, "FileHash-SHA1": 128 }, "indicator_count": 3811, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "20 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570908823f97b5559b71806", "name": ";http://tiktok.hop3.pw/EaL8Ufp - Hybrid A report upliad", "description": "", "modified": "2023-12-06T15:17:28.460000", "created": "2023-12-06T15:17:28.460000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 239, "domain": 403, "email": 10, "URL": 1032, "hostname": 561, "FileHash-MD5": 84, "FileHash-SHA1": 49 }, "indicator_count": 2378, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ff435400450988945f1", "name": "auto.getsetpet.com - typosquat cloudfare.com with many typical subs as well", "description": "", "modified": "2023-12-06T15:15:00.581000", "created": "2023-12-06T15:15:00.581000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 733, "FileHash-SHA256": 945, "domain": 529, "URL": 1464, "email": 9, "FileHash-MD5": 82, "FileHash-SHA1": 55, "CVE": 1 }, "indicator_count": 3818, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e34d64c3320402789ef", "name": "SmartReceipt - Receipt marketing and transactional analytics software. install.receipt.com", "description": "", "modified": "2023-12-06T15:07:32.118000", "created": "2023-12-06T15:07:32.118000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 501, "domain": 358, "URL": 1779, "hostname": 962, "FileHash-MD5": 114, "FileHash-SHA1": 84, "email": 1 }, "indicator_count": 3801, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ba10e79097bb5108b8c", "name": "Dont you jus love how many bad actors dress up in the normal world these days!", "description": "", "modified": "2023-12-06T14:56:33.171000", "created": "2023-12-06T14:56:33.171000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 262, "hostname": 317, "domain": 107, "URL": 741, "CVE": 1, "FileHash-SHA1": 49, "FileHash-MD5": 46, "email": 1 }, "indicator_count": 1524, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a8f3203633312147d1e", "name": "www.virgilio. various Malacious tld's", "description": "", "modified": "2023-12-06T14:51:59.166000", "created": "2023-12-06T14:51:59.166000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 238, "URL": 818, "domain": 177, "hostname": 336, "email": 6, "FileHash-MD5": 79, "FileHash-SHA1": 47 }, "indicator_count": 1702, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657089bdb1d8a5ad0edc6614", "name": "http://www.diapers.com.sg/GOO.N-Japan-Version-Diapers-Pants/", "description": "", "modified": "2023-12-06T14:48:29.397000", "created": "2023-12-06T14:48:29.397000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 307, "domain": 149, "hostname": 299, "URL": 602, "email": 4, "FileHash-MD5": 59, "FileHash-SHA1": 53 }, "indicator_count": 1474, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708172b5b5810d62645bfe", "name": "http://adwcleaner.malwarebytes.com/ and cloudfront hosts", "description": "", "modified": "2023-12-06T14:13:06.127000", "created": "2023-12-06T14:13:06.127000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 516, "FileHash-SHA256": 340, "URL": 713, "email": 3, "domain": 356, "FileHash-MD5": 119, "FileHash-SHA1": 59, "SSLCertFingerprint": 4 }, "indicator_count": 2110, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657080d7cc6525322cdb9052", "name": "Charles-152.199.19.160- from scan various dupont domains- malicious- Oracle Supply Chain or Turning Blind eye", "description": "", "modified": "2023-12-06T14:10:31.519000", "created": "2023-12-06T14:10:31.519000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 537, "hostname": 888, "URL": 1698, "email": 4, "domain": 337, "CVE": 1, "FileHash-MD5": 159, "FileHash-SHA1": 127 }, "indicator_count": 3751, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62ff8073d5ec6f25915eee77", "name": "confirmation spam email", "description": "Small sample of an email message that has passed through Gmail's phishing and spam filter. A confirmation email from both cashapp,costco, AceHardware,Walmart, Dicks Sporting Goods, with links hosted on Amazonaws. A common theme between all messages is that the contain a link to an amazon AWS. Redirecting to the launchstore[.]quest before reaching its final destination. Clearly marked phishing by VT, but not specific malware threat based on scans on Hybrid Analysis. (UPDATE) The latest entry is now classifed as malicious.\n\nUpdate Milwaukee power drill via Acehardware.\n\n\nSame MO. Amazon AWS link > Thelaunchstore[.]quest>jongberreta[.]com > positionspot.info\n\n\nUpdate 21/13:20 Added Walmart, Acehardware, Dicks sporting goods into the description above.", "modified": "2022-09-20T00:01:18.490000", "created": "2022-08-19T12:22:11.793000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "wow64", "windows nt", "get rd", "details", "request url", "format details", "request get", "raw hex", "ed bf", "c0 a8", "date", "accept", "hybrid", "close", "click", "hosts", "august", "general", "local", "strings", "suspicious", "hybrid analysis", "api key", "vetting process", "please note", "please", "urls", "javascript" ], "references": [ "https://www.virustotal.com/gui/url/914be00fdad8f3107346a98befe3f9479c22279fdde96f791335979535cb925a/details", "https://www.virustotal.com/gui/url/229900b7e2a264dac811b9600ab1c4b8bab8db66d36c991b04ff13989a9a762f/details", "https://hybrid-analysis.com/sample/9e96b4c177ce71ec5e8abe0f7bdd6c8ed3c30c2f8cc4d2b2f8cbd563baa4e21d", "https://hybrid-analysis.com/sample/0c4d6854d2c6e4fc7f5b27d00200b4f9e1dee0d83a253b8ed3f6628369ec53b2/62feba5605ed9d19656a2cc4", "https://www.virustotal.com/gui/url/85027244b8c9b054a86f6ff56c51d7de18b7575fada1a2132f6f766b95df022d/detection", "https://tria.ge/220820-cg7v8sddcm/behavioral1", "https://www.virustotal.com/gui/url/fb0d412d69fc02afac1be2a966500bc93e2fa01347e92bd5528f630bad921b5f?nocache=1", "https://www.virustotal.com/gui/url/c2053470f4ca4ae31a379e12f6cbc90cb0a60d2f038e57fdf20fe0344b8a30dd?nocache=1" ], "public": 1, "adversary": "Mazikeen", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "BraveHeart", "id": "123797", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "FileHash-MD5": 274, "FileHash-SHA1": 256, "FileHash-SHA256": 267, "URL": 51, "domain": 96, "email": 18, "hostname": 59 }, "indicator_count": 1027, "is_author": false, "is_subscribing": null, "subscriber_count": 61, "modified_text": "1350 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "ontrust.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "ontrust.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780344097.506953 }