{ "type": "Domain", "indicator": "openlanguage.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/openlanguage.com", "alexa": "http://www.alexa.com/siteinfo/openlanguage.com", "indicator": "openlanguage.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3381598103, "indicator": "openlanguage.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "69b2bb3f596b9a99d6eb97c3", "name": "unnamed group SOCradar clone by fraevolquez", "description": "", "modified": "2026-04-12T00:05:39.579000", "created": "2026-03-12T13:10:23.942000", "tags": [ "indicator", "Dominican Republic", "SOC RADAR" ], "references": [], "public": 1, "adversary": "Unnamed group", "targeted_countries": [ "Dominican Republic" ], "malware_families": [ { "id": "win.sombrat", "display_name": "win.sombrat", "target": null }, { "id": "NoName057", "display_name": "NoName057", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Colbalt Strike", "display_name": "Colbalt Strike", "target": null }, { "id": "emotet", "display_name": "emotet", "target": null }, { "id": "win.puzzlemaker", "display_name": "win.puzzlemaker", "target": null }, { "id": "Trojan:Win32/SmokeLoader", "display_name": "Trojan:Win32/SmokeLoader", "target": "/malware/Trojan:Win32/SmokeLoader" }, { "id": "Network RAT", "display_name": "Network RAT", "target": null }, { "id": "GLOOXMAIL", "display_name": "GLOOXMAIL", "target": null }, { "id": "hiddentear", "display_name": "hiddentear", "target": null }, { "id": "AnyDesk", "display_name": "AnyDesk", "target": null }, { "id": "mekotio", "display_name": "mekotio", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Zombie.A", "display_name": "Zombie.A", "target": null }, { "id": "Verified", "display_name": "Verified", "target": null }, { "id": "Berbew.AA!MTB", "display_name": "Berbew.AA!MTB", "target": null }, { "id": "Floxif.E", "display_name": "Floxif.E", "target": null }, { "id": "win.fivehands", "display_name": "win.fivehands", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Glupteba.MT!MTB", "display_name": "Glupteba.MT!MTB", "target": null } ], "attack_ids": [ { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1194", "name": "Spearphishing via Service", "display_name": "T1194 - Spearphishing via Service" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1156", "name": "Malicious Shell Modification", "display_name": "T1156 - Malicious Shell Modification" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1088", "name": "Bypass User Account Control", "display_name": "T1088 - Bypass User Account Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1503", "name": "Credentials from Web Browsers", "display_name": "T1503 - Credentials from Web Browsers" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1602", "name": "Data from Configuration Repository", "display_name": "T1602 - Data from Configuration Repository" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1493", "name": "Transmitted Data Manipulation", "display_name": "T1493 - Transmitted Data Manipulation" } ], "industries": [ "Public Administration" ], "TLP": "white", "cloned_from": "67733381a0cdad5d55f5166f", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 10, "FileHash-MD5": 1148, "FileHash-SHA1": 717, "FileHash-SHA256": 2826, "domain": 886, "hostname": 1176 }, "indicator_count": 6763, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "50 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733b72d522398f5ea0a12d", "name": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar", "description": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar con Intereses en la Administraci\u00f3n P\u00fablica de la Rep\u00fablica Dominicana, Diciembre 2024", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:31:46.858000", "tags": [ "cve201711882", "cve20201472" ], "references": [], "public": 1, "adversary": "El Machete, TAG-100, Mirage, Unamed_Grooup", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2631, "FileHash-SHA1": 2168, "FileHash-SHA256": 3401, "CVE": 25, "domain": 977, "hostname": 1226 }, "indicator_count": 10428, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733381a0cdad5d55f5166f", "name": "Unnamed group Socradar december 2024 Dominican Republic", "description": "Unnamed group Socradar december 2024 Dominican Republic", "modified": "2025-01-29T23:03:56.990000", "created": "2024-12-30T23:57:53.741000", "tags": [ "indicator", "Dominican Republic", "SOC RADAR" ], "references": [], "public": 1, "adversary": "Unnamed group", "targeted_countries": [ "Dominican Republic" ], "malware_families": [ { "id": "win.sombrat", "display_name": "win.sombrat", "target": null }, { "id": "NoName057", "display_name": "NoName057", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Colbalt Strike", "display_name": "Colbalt Strike", "target": null }, { "id": "emotet", "display_name": "emotet", "target": null }, { "id": "win.puzzlemaker", "display_name": "win.puzzlemaker", "target": null }, { "id": "Trojan:Win32/SmokeLoader", "display_name": "Trojan:Win32/SmokeLoader", "target": "/malware/Trojan:Win32/SmokeLoader" }, { "id": "Network RAT", "display_name": "Network RAT", "target": null }, { "id": "GLOOXMAIL", "display_name": "GLOOXMAIL", "target": null }, { "id": "hiddentear", "display_name": "hiddentear", "target": null }, { "id": "AnyDesk", "display_name": "AnyDesk", "target": null }, { "id": "mekotio", "display_name": "mekotio", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Zombie.A", "display_name": "Zombie.A", "target": null }, { "id": "Verified", "display_name": "Verified", "target": null }, { "id": "Berbew.AA!MTB", "display_name": "Berbew.AA!MTB", "target": null }, { "id": "Floxif.E", "display_name": "Floxif.E", "target": null }, { "id": "win.fivehands", "display_name": "win.fivehands", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Glupteba.MT!MTB", "display_name": "Glupteba.MT!MTB", "target": null } ], "attack_ids": [ { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1194", "name": "Spearphishing via Service", "display_name": "T1194 - Spearphishing via Service" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1156", "name": "Malicious Shell Modification", "display_name": "T1156 - Malicious Shell Modification" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1088", "name": "Bypass User Account Control", "display_name": "T1088 - Bypass User Account Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1503", "name": "Credentials from Web Browsers", "display_name": "T1503 - Credentials from Web Browsers" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1602", "name": "Data from Configuration Repository", "display_name": "T1602 - Data from Configuration Repository" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1493", "name": "Transmitted Data Manipulation", "display_name": "T1493 - Transmitted Data Manipulation" } ], "industries": [ "Public Administration" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 10, "FileHash-MD5": 1148, "FileHash-SHA1": 717, "FileHash-SHA256": 2826, "domain": 886, "hostname": 1176 }, "indicator_count": 6763, "is_author": false, "is_subscribing": null, "subscriber_count": 59, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733387cf721a39ea7cc07b", "name": "Unnamed group Socradar december 2024 Dominican Republic", "description": "Unnamed group Socradar december 2024 Dominican Republic", "modified": "2025-01-29T23:03:56.990000", "created": "2024-12-30T23:57:59.507000", "tags": [ "indicator", "Dominican Republic", "SOC RADAR" ], "references": [], "public": 1, "adversary": "Unnamed group", "targeted_countries": [ "Dominican Republic" ], "malware_families": [ { "id": "win.sombrat", "display_name": "win.sombrat", "target": null }, { "id": "NoName057", "display_name": "NoName057", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Colbalt Strike", "display_name": "Colbalt Strike", "target": null }, { "id": "emotet", "display_name": "emotet", "target": null }, { "id": "win.puzzlemaker", "display_name": "win.puzzlemaker", "target": null }, { "id": "Trojan:Win32/SmokeLoader", "display_name": "Trojan:Win32/SmokeLoader", "target": "/malware/Trojan:Win32/SmokeLoader" }, { "id": "Network RAT", "display_name": "Network RAT", "target": null }, { "id": "GLOOXMAIL", "display_name": "GLOOXMAIL", "target": null }, { "id": "hiddentear", "display_name": "hiddentear", "target": null }, { "id": "AnyDesk", "display_name": "AnyDesk", "target": null }, { "id": "mekotio", "display_name": "mekotio", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Zombie.A", "display_name": "Zombie.A", "target": null }, { "id": "Verified", "display_name": "Verified", "target": null }, { "id": "Berbew.AA!MTB", "display_name": "Berbew.AA!MTB", "target": null }, { "id": "Floxif.E", "display_name": "Floxif.E", "target": null }, { "id": "win.fivehands", "display_name": "win.fivehands", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Glupteba.MT!MTB", "display_name": "Glupteba.MT!MTB", "target": null } ], "attack_ids": [ { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1194", "name": "Spearphishing via Service", "display_name": "T1194 - Spearphishing via Service" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1156", "name": "Malicious Shell Modification", "display_name": "T1156 - Malicious Shell Modification" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1088", "name": "Bypass User Account Control", "display_name": "T1088 - Bypass User Account Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1503", "name": "Credentials from Web Browsers", "display_name": "T1503 - Credentials from Web Browsers" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1602", "name": "Data from Configuration Repository", "display_name": "T1602 - Data from Configuration Repository" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1493", "name": "Transmitted Data Manipulation", "display_name": "T1493 - Transmitted Data Manipulation" } ], "industries": [ "Public Administration" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 10, "FileHash-MD5": 1148, "FileHash-SHA1": 717, "FileHash-SHA256": 2826, "domain": 886, "hostname": 1176 }, "indicator_count": 6763, "is_author": false, "is_subscribing": null, "subscriber_count": 61, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6773339803fe4b775f7adbbc", "name": "Unnamed group Socradar december 2024 Dominican Republic", "description": "Unnamed group Socradar december 2024 Dominican Republic", "modified": "2025-01-29T23:03:56.990000", "created": "2024-12-30T23:58:16.590000", "tags": [ "indicator", "Dominican Republic", "SOC RADAR" ], "references": [], "public": 1, "adversary": "Unnamed group", "targeted_countries": [ "Dominican Republic" ], "malware_families": [ { "id": "win.sombrat", "display_name": "win.sombrat", "target": null }, { "id": "NoName057", "display_name": "NoName057", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Colbalt Strike", "display_name": "Colbalt Strike", "target": null }, { "id": "emotet", "display_name": "emotet", "target": null }, { "id": "win.puzzlemaker", "display_name": "win.puzzlemaker", "target": null }, { "id": "Trojan:Win32/SmokeLoader", "display_name": "Trojan:Win32/SmokeLoader", "target": "/malware/Trojan:Win32/SmokeLoader" }, { "id": "Network RAT", "display_name": "Network RAT", "target": null }, { "id": "GLOOXMAIL", "display_name": "GLOOXMAIL", "target": null }, { "id": "hiddentear", "display_name": "hiddentear", "target": null }, { "id": "AnyDesk", "display_name": "AnyDesk", "target": null }, { "id": "mekotio", "display_name": "mekotio", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Zombie.A", "display_name": "Zombie.A", "target": null }, { "id": "Verified", "display_name": "Verified", "target": null }, { "id": "Berbew.AA!MTB", "display_name": "Berbew.AA!MTB", "target": null }, { "id": "Floxif.E", "display_name": "Floxif.E", "target": null }, { "id": "win.fivehands", "display_name": "win.fivehands", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Glupteba.MT!MTB", "display_name": "Glupteba.MT!MTB", "target": null } ], "attack_ids": [ { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1194", "name": "Spearphishing via Service", "display_name": "T1194 - Spearphishing via Service" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1156", "name": "Malicious Shell Modification", "display_name": "T1156 - Malicious Shell Modification" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1088", "name": "Bypass User Account Control", "display_name": "T1088 - Bypass User Account Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1503", "name": "Credentials from Web Browsers", "display_name": "T1503 - Credentials from Web Browsers" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1602", "name": "Data from Configuration Repository", "display_name": "T1602 - Data from Configuration Repository" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1493", "name": "Transmitted Data Manipulation", "display_name": "T1493 - Transmitted Data Manipulation" } ], "industries": [ "Public Administration" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 10, "FileHash-MD5": 1148, "FileHash-SHA1": 717, "FileHash-SHA256": 2826, "domain": 886, "hostname": 1176 }, "indicator_count": 6763, "is_author": false, "is_subscribing": null, "subscriber_count": 60, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a58fadce1f44dcda2a1b", "name": "Malware Site", "description": "", "modified": "2023-12-06T16:47:11.663000", "created": "2023-12-06T16:47:11.663000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "hostname": 348, "URL": 724, "domain": 38, "FileHash-SHA256": 181, "FileHash-MD5": 9, "FileHash-SHA1": 7 }, "indicator_count": 1310, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707ebbecca5c4a33dbdce7", "name": "Faking Accessibility - Accessibility as a service!!", "description": "", "modified": "2023-12-06T14:01:31.679000", "created": "2023-12-06T14:01:31.679000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7, "hostname": 26, "URL": 155, "FileHash-SHA256": 26, "FileHash-MD5": 2, "FileHash-SHA1": 1 }, "indicator_count": 217, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650a29f4627bc5bfa0c38742", "name": "Malware Site", "description": "http://preprod42.phonepe.com/", "modified": "2023-10-19T22:01:26.319000", "created": "2023-09-19T23:08:36.058000", "tags": [ "whois whois", "referrer", "historical ssl", "resolutions", "communicating", "siblings", "collections", "Autonomous System", "heur", "malware", "cisco umbrella", "safe site", "filerepmalware", "unsafe", "malware site", "phishing site", "malicious site", "site", "outbreak", "installcore", "acint", "conduit", "iobit", "rostpay", "artemis", "dropper", "mediaget", "crack", "Suricata", "obsfucation" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "China" ], "malware_families": [ { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Trojan:Win32/Conduit", "display_name": "Trojan:Win32/Conduit", "target": "/malware/Trojan:Win32/Conduit" }, { "id": "Trojan:Win32/InstallCore", "display_name": "Trojan:Win32/InstallCore", "target": "/malware/Trojan:Win32/InstallCore" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Backdoor:Win32/Outbreak", "display_name": "Backdoor:Win32/Outbreak", "target": "/malware/Backdoor:Win32/Outbreak" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1001.001", "name": "Junk Data", "display_name": "T1001.001 - Junk Data" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [ "Telecommunications", "Technology", "Communication" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 7, "FileHash-SHA256": 181, "domain": 38, "hostname": 348, "URL": 724, "CVE": 3 }, "indicator_count": 1310, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "955 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62136787827045c0479d7cc7", "name": "Faking Accessibility - Accessibility as a service!!", "description": "", "modified": "2022-03-23T00:02:04.887000", "created": "2022-02-21T10:20:55.017000", "tags": [ "date", "found", "ssdeep", "file type", "elf magic", "msb executable", "mips", "mipsi version", "sysv", "trid elf", "executable", "file size" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 26, "URL": 155, "domain": 7, "FileHash-SHA256": 26, "FileHash-MD5": 2, "FileHash-SHA1": 1 }, "indicator_count": 217, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1531 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Unnamed group", "El Machete, TAG-100, Mirage, Unamed_Grooup", "[Unnamed group]" ], "malware_families": [ "Alf:program:win32/mediaget", "Hiddentear", "Verified", "Hacktool:win32/crack", "Emotet", "Artemis", "Noname057", "Win.sombrat", "Worm:win32/acint", "Glupteba.mt!mtb", "Network rat", "Alf:pua:win32/iobit", "Mekotio", "Trojan:win32/conduit", "Filerepmalware", "Alf:pua:win32/rostpay", "Backdoor:win32/outbreak", "Floxif.e", "Et", "Win.fivehands", "Zombie.a", "Anydesk", "Glooxmail", "Colbalt strike", "Trojanspy", "Trojan:win32/smokeloader", "Trojan:win32/installcore", "Berbew.aa!mtb", "Win.puzzlemaker", "Floxif" ], "industries": [ "Communication", "Technology", "Telecommunications", "Public administration" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "69b2bb3f596b9a99d6eb97c3", "name": "unnamed group SOCradar clone by fraevolquez", "description": "", "modified": "2026-04-12T00:05:39.579000", "created": "2026-03-12T13:10:23.942000", "tags": [ "indicator", "Dominican Republic", "SOC RADAR" ], "references": [], "public": 1, "adversary": "Unnamed group", "targeted_countries": [ "Dominican Republic" ], "malware_families": [ { "id": "win.sombrat", "display_name": "win.sombrat", "target": null }, { "id": "NoName057", "display_name": "NoName057", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Colbalt Strike", "display_name": "Colbalt Strike", "target": null }, { "id": "emotet", "display_name": "emotet", "target": null }, { "id": "win.puzzlemaker", "display_name": "win.puzzlemaker", "target": null }, { "id": "Trojan:Win32/SmokeLoader", "display_name": "Trojan:Win32/SmokeLoader", "target": "/malware/Trojan:Win32/SmokeLoader" }, { "id": "Network RAT", "display_name": "Network RAT", "target": null }, { "id": "GLOOXMAIL", "display_name": "GLOOXMAIL", "target": null }, { "id": "hiddentear", "display_name": "hiddentear", "target": null }, { "id": "AnyDesk", "display_name": "AnyDesk", "target": null }, { "id": "mekotio", "display_name": "mekotio", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Zombie.A", "display_name": "Zombie.A", "target": null }, { "id": "Verified", "display_name": "Verified", "target": null }, { "id": "Berbew.AA!MTB", "display_name": "Berbew.AA!MTB", "target": null }, { "id": "Floxif.E", "display_name": "Floxif.E", "target": null }, { "id": "win.fivehands", "display_name": "win.fivehands", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Glupteba.MT!MTB", "display_name": "Glupteba.MT!MTB", "target": null } ], "attack_ids": [ { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1194", "name": "Spearphishing via Service", "display_name": "T1194 - Spearphishing via Service" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1156", "name": "Malicious Shell Modification", "display_name": "T1156 - Malicious Shell Modification" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1088", "name": "Bypass User Account Control", "display_name": "T1088 - Bypass User Account Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1503", "name": "Credentials from Web Browsers", "display_name": "T1503 - Credentials from Web Browsers" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1602", "name": "Data from Configuration Repository", "display_name": "T1602 - Data from Configuration Repository" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1493", "name": "Transmitted Data Manipulation", "display_name": "T1493 - Transmitted Data Manipulation" } ], "industries": [ "Public Administration" ], "TLP": "white", "cloned_from": "67733381a0cdad5d55f5166f", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 10, "FileHash-MD5": 1148, "FileHash-SHA1": 717, "FileHash-SHA256": 2826, "domain": 886, "hostname": 1176 }, "indicator_count": 6763, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "50 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733b72d522398f5ea0a12d", "name": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar", "description": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar con Intereses en la Administraci\u00f3n P\u00fablica de la Rep\u00fablica Dominicana, Diciembre 2024", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:31:46.858000", "tags": [ "cve201711882", "cve20201472" ], "references": [], "public": 1, "adversary": "El Machete, TAG-100, Mirage, Unamed_Grooup", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2631, "FileHash-SHA1": 2168, "FileHash-SHA256": 3401, "CVE": 25, "domain": 977, "hostname": 1226 }, "indicator_count": 10428, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733381a0cdad5d55f5166f", "name": "Unnamed group Socradar december 2024 Dominican Republic", "description": "Unnamed group Socradar december 2024 Dominican Republic", "modified": "2025-01-29T23:03:56.990000", "created": "2024-12-30T23:57:53.741000", "tags": [ "indicator", "Dominican Republic", "SOC RADAR" ], "references": [], "public": 1, "adversary": "Unnamed group", "targeted_countries": [ "Dominican Republic" ], "malware_families": [ { "id": "win.sombrat", "display_name": "win.sombrat", "target": null }, { "id": "NoName057", "display_name": "NoName057", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Colbalt Strike", "display_name": "Colbalt Strike", "target": null }, { "id": "emotet", "display_name": "emotet", "target": null }, { "id": "win.puzzlemaker", "display_name": "win.puzzlemaker", "target": null }, { "id": "Trojan:Win32/SmokeLoader", "display_name": "Trojan:Win32/SmokeLoader", "target": "/malware/Trojan:Win32/SmokeLoader" }, { "id": "Network RAT", "display_name": "Network RAT", "target": null }, { "id": "GLOOXMAIL", "display_name": "GLOOXMAIL", "target": null }, { "id": "hiddentear", "display_name": "hiddentear", "target": null }, { "id": "AnyDesk", "display_name": "AnyDesk", "target": null }, { "id": "mekotio", "display_name": "mekotio", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Zombie.A", "display_name": "Zombie.A", "target": null }, { "id": "Verified", "display_name": "Verified", "target": null }, { "id": "Berbew.AA!MTB", "display_name": "Berbew.AA!MTB", "target": null }, { "id": "Floxif.E", "display_name": "Floxif.E", "target": null }, { "id": "win.fivehands", "display_name": "win.fivehands", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Glupteba.MT!MTB", "display_name": "Glupteba.MT!MTB", "target": null } ], "attack_ids": [ { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1194", "name": "Spearphishing via Service", "display_name": "T1194 - Spearphishing via Service" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1156", "name": "Malicious Shell Modification", "display_name": "T1156 - Malicious Shell Modification" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1088", "name": "Bypass User Account Control", "display_name": "T1088 - Bypass User Account Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1503", "name": "Credentials from Web Browsers", "display_name": "T1503 - Credentials from Web Browsers" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1602", "name": "Data from Configuration Repository", "display_name": "T1602 - Data from Configuration Repository" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1493", "name": "Transmitted Data Manipulation", "display_name": "T1493 - Transmitted Data Manipulation" } ], "industries": [ "Public Administration" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 10, "FileHash-MD5": 1148, "FileHash-SHA1": 717, "FileHash-SHA256": 2826, "domain": 886, "hostname": 1176 }, "indicator_count": 6763, "is_author": false, "is_subscribing": null, "subscriber_count": 59, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733387cf721a39ea7cc07b", "name": "Unnamed group Socradar december 2024 Dominican Republic", "description": "Unnamed group Socradar december 2024 Dominican Republic", "modified": "2025-01-29T23:03:56.990000", "created": "2024-12-30T23:57:59.507000", "tags": [ "indicator", "Dominican Republic", "SOC RADAR" ], "references": [], "public": 1, "adversary": "Unnamed group", "targeted_countries": [ "Dominican Republic" ], "malware_families": [ { "id": "win.sombrat", "display_name": "win.sombrat", "target": null }, { "id": "NoName057", "display_name": "NoName057", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Colbalt Strike", "display_name": "Colbalt Strike", "target": null }, { "id": "emotet", "display_name": "emotet", "target": null }, { "id": "win.puzzlemaker", "display_name": "win.puzzlemaker", "target": null }, { "id": "Trojan:Win32/SmokeLoader", "display_name": "Trojan:Win32/SmokeLoader", "target": "/malware/Trojan:Win32/SmokeLoader" }, { "id": "Network RAT", "display_name": "Network RAT", "target": null }, { "id": "GLOOXMAIL", "display_name": "GLOOXMAIL", "target": null }, { "id": "hiddentear", "display_name": "hiddentear", "target": null }, { "id": "AnyDesk", "display_name": "AnyDesk", "target": null }, { "id": "mekotio", "display_name": "mekotio", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Zombie.A", "display_name": "Zombie.A", "target": null }, { "id": "Verified", "display_name": "Verified", "target": null }, { "id": "Berbew.AA!MTB", "display_name": "Berbew.AA!MTB", "target": null }, { "id": "Floxif.E", "display_name": "Floxif.E", "target": null }, { "id": "win.fivehands", "display_name": "win.fivehands", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Glupteba.MT!MTB", "display_name": "Glupteba.MT!MTB", "target": null } ], "attack_ids": [ { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1194", "name": "Spearphishing via Service", "display_name": "T1194 - Spearphishing via Service" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1156", "name": "Malicious Shell Modification", "display_name": "T1156 - Malicious Shell Modification" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1088", "name": "Bypass User Account Control", "display_name": "T1088 - Bypass User Account Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1503", "name": "Credentials from Web Browsers", "display_name": "T1503 - Credentials from Web Browsers" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1602", "name": "Data from Configuration Repository", "display_name": "T1602 - Data from Configuration Repository" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1493", "name": "Transmitted Data Manipulation", "display_name": "T1493 - Transmitted Data Manipulation" } ], "industries": [ "Public Administration" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 10, "FileHash-MD5": 1148, "FileHash-SHA1": 717, "FileHash-SHA256": 2826, "domain": 886, "hostname": 1176 }, "indicator_count": 6763, "is_author": false, "is_subscribing": null, "subscriber_count": 61, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6773339803fe4b775f7adbbc", "name": "Unnamed group Socradar december 2024 Dominican Republic", "description": "Unnamed group Socradar december 2024 Dominican Republic", "modified": "2025-01-29T23:03:56.990000", "created": "2024-12-30T23:58:16.590000", "tags": [ "indicator", "Dominican Republic", "SOC RADAR" ], "references": [], "public": 1, "adversary": "Unnamed group", "targeted_countries": [ "Dominican Republic" ], "malware_families": [ { "id": "win.sombrat", "display_name": "win.sombrat", "target": null }, { "id": "NoName057", "display_name": "NoName057", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Colbalt Strike", "display_name": "Colbalt Strike", "target": null }, { "id": "emotet", "display_name": "emotet", "target": null }, { "id": "win.puzzlemaker", "display_name": "win.puzzlemaker", "target": null }, { "id": "Trojan:Win32/SmokeLoader", "display_name": "Trojan:Win32/SmokeLoader", "target": "/malware/Trojan:Win32/SmokeLoader" }, { "id": "Network RAT", "display_name": "Network RAT", "target": null }, { "id": "GLOOXMAIL", "display_name": "GLOOXMAIL", "target": null }, { "id": "hiddentear", "display_name": "hiddentear", "target": null }, { "id": "AnyDesk", "display_name": "AnyDesk", "target": null }, { "id": "mekotio", "display_name": "mekotio", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Zombie.A", "display_name": "Zombie.A", "target": null }, { "id": "Verified", "display_name": "Verified", "target": null }, { "id": "Berbew.AA!MTB", "display_name": "Berbew.AA!MTB", "target": null }, { "id": "Floxif.E", "display_name": "Floxif.E", "target": null }, { "id": "win.fivehands", "display_name": "win.fivehands", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Glupteba.MT!MTB", "display_name": "Glupteba.MT!MTB", "target": null } ], "attack_ids": [ { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1194", "name": "Spearphishing via Service", "display_name": "T1194 - Spearphishing via Service" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1156", "name": "Malicious Shell Modification", "display_name": "T1156 - Malicious Shell Modification" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1088", "name": "Bypass User Account Control", "display_name": "T1088 - Bypass User Account Control" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1503", "name": "Credentials from Web Browsers", "display_name": "T1503 - Credentials from Web Browsers" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1602", "name": "Data from Configuration Repository", "display_name": "T1602 - Data from Configuration Repository" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1493", "name": "Transmitted Data Manipulation", "display_name": "T1493 - Transmitted Data Manipulation" } ], "industries": [ "Public Administration" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 10, "FileHash-MD5": 1148, "FileHash-SHA1": 717, "FileHash-SHA256": 2826, "domain": 886, "hostname": 1176 }, "indicator_count": 6763, "is_author": false, "is_subscribing": null, "subscriber_count": 60, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a58fadce1f44dcda2a1b", "name": "Malware Site", "description": "", "modified": "2023-12-06T16:47:11.663000", "created": "2023-12-06T16:47:11.663000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "hostname": 348, "URL": 724, "domain": 38, "FileHash-SHA256": 181, "FileHash-MD5": 9, "FileHash-SHA1": 7 }, "indicator_count": 1310, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707ebbecca5c4a33dbdce7", "name": "Faking Accessibility - Accessibility as a service!!", "description": "", "modified": "2023-12-06T14:01:31.679000", "created": "2023-12-06T14:01:31.679000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7, "hostname": 26, "URL": 155, "FileHash-SHA256": 26, "FileHash-MD5": 2, "FileHash-SHA1": 1 }, "indicator_count": 217, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650a29f4627bc5bfa0c38742", "name": "Malware Site", "description": "http://preprod42.phonepe.com/", "modified": "2023-10-19T22:01:26.319000", "created": "2023-09-19T23:08:36.058000", "tags": [ "whois whois", "referrer", "historical ssl", "resolutions", "communicating", "siblings", "collections", "Autonomous System", "heur", "malware", "cisco umbrella", "safe site", "filerepmalware", "unsafe", "malware site", "phishing site", "malicious site", "site", "outbreak", "installcore", "acint", "conduit", "iobit", "rostpay", "artemis", "dropper", "mediaget", "crack", "Suricata", "obsfucation" ], "references": [], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "China" ], "malware_families": [ { "id": "FileRepMalware", "display_name": "FileRepMalware", "target": null }, { "id": "Artemis", "display_name": "Artemis", "target": null }, { "id": "Worm:Win32/Acint", "display_name": "Worm:Win32/Acint", "target": "/malware/Worm:Win32/Acint" }, { "id": "Trojan:Win32/Conduit", "display_name": "Trojan:Win32/Conduit", "target": "/malware/Trojan:Win32/Conduit" }, { "id": "Trojan:Win32/InstallCore", "display_name": "Trojan:Win32/InstallCore", "target": "/malware/Trojan:Win32/InstallCore" }, { "id": "ALF:PUA:Win32/IObit", "display_name": "ALF:PUA:Win32/IObit", "target": null }, { "id": "HackTool:Win32/Crack", "display_name": "HackTool:Win32/Crack", "target": "/malware/HackTool:Win32/Crack" }, { "id": "ALF:PUA:Win32/Rostpay", "display_name": "ALF:PUA:Win32/Rostpay", "target": null }, { "id": "ALF:Program:Win32/Mediaget", "display_name": "ALF:Program:Win32/Mediaget", "target": null }, { "id": "Backdoor:Win32/Outbreak", "display_name": "Backdoor:Win32/Outbreak", "target": "/malware/Backdoor:Win32/Outbreak" } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1001.001", "name": "Junk Data", "display_name": "T1001.001 - Junk Data" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [ "Telecommunications", "Technology", "Communication" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 7, "FileHash-SHA256": 181, "domain": 38, "hostname": 348, "URL": 724, "CVE": 3 }, "indicator_count": 1310, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "955 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62136787827045c0479d7cc7", "name": "Faking Accessibility - Accessibility as a service!!", "description": "", "modified": "2022-03-23T00:02:04.887000", "created": "2022-02-21T10:20:55.017000", "tags": [ "date", "found", "ssdeep", "file type", "elf magic", "msb executable", "mips", "mipsi version", "sysv", "trid elf", "executable", "file size" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 26, "URL": 155, "domain": 7, "FileHash-SHA256": 26, "FileHash-MD5": 2, "FileHash-SHA1": 1 }, "indicator_count": 217, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1531 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "openlanguage.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "openlanguage.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780317545.4453719 }