{ "type": "Domain", "indicator": "pdfcoffee.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/pdfcoffee.com", "alexa": "http://www.alexa.com/siteinfo/pdfcoffee.com", "indicator": "pdfcoffee.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3225983278, "indicator": "pdfcoffee.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "69b7d96dfe022e3e33d347a2", "name": "CAPE Sandbox - \"undefined\"", "description": "", "modified": "2026-04-15T10:12:27.063000", "created": "2026-03-16T10:20:29.311000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 6, "FileHash-SHA256": 9, "domain": 24, "hostname": 112, "URL": 161, "CIDR": 9, "email": 2 }, "indicator_count": 328, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "46 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68bbf3e40e3ce8a74aa89545", "name": "HCPF \u2022 The intricate relationships between the FIN7 group and members of the Conti gang", "description": "", "modified": "2025-10-06T08:03:23.285000", "created": "2025-09-06T08:42:12.787000", "tags": [ "present feb", "united", "a domains", "present dec", "passive dns", "moved", "script domains", "script urls", "search", "title", "date", "http traffic", "http get", "match info", "downloads", "info", "https http", "mitre att", "control ta0011", "protocol t1071", "protocol t1095", "get http", "dns resolutions", "number", "azure rsa", "tls issuing", "cus subject", "stwa lredmond", "corporation cus", "algorithm", "cnamazon rsa", "m03 oamazon", "thumbprint", "msie", "windows nt", "wow64", "slcc2", "media center", "tlsv1", "ascii text", "ogoogle trust", "cngts ca", "execution", "next", "dock", "write", "capture", "persistence", "malware", "roboto", "android", "known exploited", "google", "salesloft drift", "sap s4hana", "cve202542957", "cisa", "sitecore", "linux", "france", "meta", "rokrat", "lizar", "project nemesis", "carbanak", "cobalt strike", "domino", "yara detections", "contacted", "av detections", "ids detections", "alerts", "analysis date", "file score", "malicious ids", "detections tls", "indicator role", "title added", "active related", "entries", "role title", "added active", "filehashmd5", "ipv4" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Lizar", "display_name": "Lizar", "target": null }, { "id": "Project Nemesis", "display_name": "Project Nemesis", "target": null }, { "id": "Carbanak", "display_name": "Carbanak", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Domino", "display_name": "Domino", "target": null }, { "id": "RokRAT", "display_name": "RokRAT", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Hospitality", "Financial" ], "TLP": "green", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 539, "FileHash-SHA1": 389, "FileHash-SHA256": 3386, "domain": 862, "hostname": 1155, "URL": 4091, "CVE": 3, "SSLCertFingerprint": 5 }, "indicator_count": 10430, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "237 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "684372ff5583805271227c01", "name": "APPJIAGU.COM", "description": "ad-wars/hosts at master \u00b7 jdlingyu/ad-wars - GitHub | a.appjiagu.com 127.0.0.7 | adds with malware | \nTrojan.AndroidOS.KyVu.C!c\nAlibaba\nDownloader:Android/Jiagu.b93fa477\nAvast-Mobile\nAPK:RepMetagen [Trj]\nClamAV\nAndr.Malware.Agent-1463020\nCyren\nAndroidOS/Trojan.QWGI-0", "modified": "2025-07-06T22:00:55.300000", "created": "2025-06-06T23:00:15.505000", "tags": [ "server", "domain status", "date", "dnssec", "domain name", "file format", "github pages", "github", "kilimrazh", "xb core", "rule", "html element", "cyberspace", "scribd", "discuz", "summary", "google", "android", "zip archive", "android package", "java archive", "sweet home", "mozilla archive", "format", "history" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 73, "hostname": 96, "URL": 70, "FileHash-MD5": 34, "FileHash-SHA1": 33, "FileHash-SHA256": 345 }, "indicator_count": 651, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "328 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6776742b3dc3a0e46cc14a9a", "name": "Chrome Cache Entry: 843 MD5-16cba75f4b9969077ff30bea2f494e12, sha256-241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde", "description": "Matched URL\tScan:\nhttps://www.adorno.pl/\nhttps://www.portugalvineyards.com/fr/\nhttps://www.adeo-web.fr/\nhttps://shotshuop.top\nhttps://offattonlinepaid.weebly.com\nhttps://talktalk08.weebly.com\nhttp://aussieracingcars.com.au/wp-admin/micros.html\nhttp://ceramicasalinas.com/js/outros/UJHYTFJGJFGDFFG\nhttps://cacabox.fr\nhttps://anamiserver.com/do/trkln.php?index=1024084673AZD&id=tipysuyopsrtoiiswyw&url=aHR0cHM6Ly9oaXJvbWktc29mdC5jb20v\nhttps://studioclic53.com\nhttps://offattonlinepaid.weebly.com/\nhttp://shelaccountfrackspaceusers.weebly.com/\nhttp://shawcawebmailserver.weebly.com/\nhttps://bsdrsorg.in\nhttps://shelaccountfrackspaceusers.weebly.com/\nhttp://shawcawebmailserver.weebly.com/\nhttp://shelaccountfrackspaceusers.weebly.com/\nhttps://banque-five.vercel.app/\nhttp://shelaccountfrackspaceusers.weebly.com/\nhttps://banque-five.vercel.app/\nhttps://shelaccountfrackspaceusers.weebly.com\nhttp://shelaccountfrackspaceusers.weebly.com/\nhttps://griselda.com.ua", "modified": "2025-02-01T00:01:06.239000", "created": "2025-01-02T11:10:35.063000", "tags": [ "nie podano", "www tls", "nazwa pospolita", "kod odpowiedzi", "script", "polityka zasobw", "raport do", "dugo treci", "serwer", "ochrona xxss", "office open", "xml document", "xml spreadsheet", "ms word", "ms excel", "document", "pdf carta", "letter", "pdf aoscx", "pdf new", "form", "fall", "zero", "sarah" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 30, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 27, "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 357, "domain": 4, "hostname": 2 }, "indicator_count": 400, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "484 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670abfc0673b3d9cd66a7ef7", "name": "http://repository.certum.pl/ctnca.cer ceidg.gov.pl.edgekey.net", "description": "Researchers have worked out how to identify and track the most common \"mystery\" in computer science - and how much of it has to work out - with the help of a few quick-fire tools.\nSuggested ATT&CK IDs:\nAD ... and 73 items more c62358c63b455d9cb97ce227733a7add2ef50f004b7dc1ab4e22ec1b6f7d013c c62358c63b455d9cb97ce227733a7add2ef50f004b7dc1ab4e22ec1b6f7d013c Type Win32 EXE Size 584.84 kB First Seen 2024-04-03 15:00:55 Last Seen 2024-04-03 15:00:55 Submissions 1 File Name acrotray .exe Detections alibabacloud Trojan[downloader]:Win/Unruy.349e75b3 CrowdStrike win/malicious_confidence_100% (D) Panda Trj/Genetic.gen AVG Win32:Unruy-AA [Trj] Fortinet W32/Unruy.", "modified": "2024-12-27T13:38:36.893000", "created": "2024-10-12T18:28:16.121000", "tags": [ "b2 dc", "c0 a8", "a9 c0", "ca b2", "d8 f6", "pobierz", "http", "mozilla", "windows nt", "trjzb7", "mb first", "seen", "file name", "size", "type android", "bkav undetected", "type win32", "exe size", "elastic", "fireeye", "trojan", "win64", "sha1", "sha256" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 45, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 20, "URL": 126, "IPv4": 5, "FileHash-SHA256": 621, "domain": 14, "IPv6": 2, "FileHash-MD5": 375, "FileHash-SHA1": 370, "CVE": 4 }, "indicator_count": 1537, "is_author": false, "is_subscribing": null, "subscriber_count": 125, "modified_text": "520 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "644b08a228ec358a31b8cf0b", "name": "mask.studio.dan.com.goo-redirects.intercom.simontok.62..pdf", "description": "https://www.virustotal.com/graph/gfe8317e059ff4ecfa78c52ccc2c31a73e6df6c6e5f334b56a7b5a3e77788a5bd", "modified": "2023-04-27T23:54:02.115000", "created": "2023-04-27T23:43:30.246000", "tags": [ "mask.studio.dan.com.goo-redirects.intercom.simontok.62..pdf", "api.cachesdata.com", "https://www.virustotal.com/graph/gfe8317e059ff4ecfa78c52ccc2c31a" ], "references": [ "mask.studio.dan.com.goo-redirects.intercom.simontok.62..pdf", "api.cachesdata.com", "https://www.virustotal.com/graph/gfe8317e059ff4ecfa78c52ccc2c31a73e6df6c6e5f334b56a7b5a3e77788a5bd" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 40, "domain": 12, "hostname": 36, "FileHash-SHA256": 509, "IPv4": 48, "FileHash-MD5": 25, "FileHash-SHA1": 26 }, "indicator_count": 696, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1129 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "api.cachesdata.com", "mask.studio.dan.com.goo-redirects.intercom.simontok.62..pdf", "https://www.virustotal.com/graph/gfe8317e059ff4ecfa78c52ccc2c31a73e6df6c6e5f334b56a7b5a3e77788a5bd" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Cobalt strike", "Domino", "Rokrat", "Carbanak", "Lizar", "Project nemesis" ], "industries": [ "Financial", "Hospitality" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "69b7d96dfe022e3e33d347a2", "name": "CAPE Sandbox - \"undefined\"", "description": "", "modified": "2026-04-15T10:12:27.063000", "created": "2026-03-16T10:20:29.311000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 6, "FileHash-SHA256": 9, "domain": 24, "hostname": 112, "URL": 161, "CIDR": 9, "email": 2 }, "indicator_count": 328, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "46 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68bbf3e40e3ce8a74aa89545", "name": "HCPF \u2022 The intricate relationships between the FIN7 group and members of the Conti gang", "description": "", "modified": "2025-10-06T08:03:23.285000", "created": "2025-09-06T08:42:12.787000", "tags": [ "present feb", "united", "a domains", "present dec", "passive dns", "moved", "script domains", "script urls", "search", "title", "date", "http traffic", "http get", "match info", "downloads", "info", "https http", "mitre att", "control ta0011", "protocol t1071", "protocol t1095", "get http", "dns resolutions", "number", "azure rsa", "tls issuing", "cus subject", "stwa lredmond", "corporation cus", "algorithm", "cnamazon rsa", "m03 oamazon", "thumbprint", "msie", "windows nt", "wow64", "slcc2", "media center", "tlsv1", "ascii text", "ogoogle trust", "cngts ca", "execution", "next", "dock", "write", "capture", "persistence", "malware", "roboto", "android", "known exploited", "google", "salesloft drift", "sap s4hana", "cve202542957", "cisa", "sitecore", "linux", "france", "meta", "rokrat", "lizar", "project nemesis", "carbanak", "cobalt strike", "domino", "yara detections", "contacted", "av detections", "ids detections", "alerts", "analysis date", "file score", "malicious ids", "detections tls", "indicator role", "title added", "active related", "entries", "role title", "added active", "filehashmd5", "ipv4" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Lizar", "display_name": "Lizar", "target": null }, { "id": "Project Nemesis", "display_name": "Project Nemesis", "target": null }, { "id": "Carbanak", "display_name": "Carbanak", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Domino", "display_name": "Domino", "target": null }, { "id": "RokRAT", "display_name": "RokRAT", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Hospitality", "Financial" ], "TLP": "green", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 539, "FileHash-SHA1": 389, "FileHash-SHA256": 3386, "domain": 862, "hostname": 1155, "URL": 4091, "CVE": 3, "SSLCertFingerprint": 5 }, "indicator_count": 10430, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "237 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "684372ff5583805271227c01", "name": "APPJIAGU.COM", "description": "ad-wars/hosts at master \u00b7 jdlingyu/ad-wars - GitHub | a.appjiagu.com 127.0.0.7 | adds with malware | \nTrojan.AndroidOS.KyVu.C!c\nAlibaba\nDownloader:Android/Jiagu.b93fa477\nAvast-Mobile\nAPK:RepMetagen [Trj]\nClamAV\nAndr.Malware.Agent-1463020\nCyren\nAndroidOS/Trojan.QWGI-0", "modified": "2025-07-06T22:00:55.300000", "created": "2025-06-06T23:00:15.505000", "tags": [ "server", "domain status", "date", "dnssec", "domain name", "file format", "github pages", "github", "kilimrazh", "xb core", "rule", "html element", "cyberspace", "scribd", "discuz", "summary", "google", "android", "zip archive", "android package", "java archive", "sweet home", "mozilla archive", "format", "history" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 73, "hostname": 96, "URL": 70, "FileHash-MD5": 34, "FileHash-SHA1": 33, "FileHash-SHA256": 345 }, "indicator_count": 651, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "328 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6776742b3dc3a0e46cc14a9a", "name": "Chrome Cache Entry: 843 MD5-16cba75f4b9969077ff30bea2f494e12, sha256-241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde", "description": "Matched URL\tScan:\nhttps://www.adorno.pl/\nhttps://www.portugalvineyards.com/fr/\nhttps://www.adeo-web.fr/\nhttps://shotshuop.top\nhttps://offattonlinepaid.weebly.com\nhttps://talktalk08.weebly.com\nhttp://aussieracingcars.com.au/wp-admin/micros.html\nhttp://ceramicasalinas.com/js/outros/UJHYTFJGJFGDFFG\nhttps://cacabox.fr\nhttps://anamiserver.com/do/trkln.php?index=1024084673AZD&id=tipysuyopsrtoiiswyw&url=aHR0cHM6Ly9oaXJvbWktc29mdC5jb20v\nhttps://studioclic53.com\nhttps://offattonlinepaid.weebly.com/\nhttp://shelaccountfrackspaceusers.weebly.com/\nhttp://shawcawebmailserver.weebly.com/\nhttps://bsdrsorg.in\nhttps://shelaccountfrackspaceusers.weebly.com/\nhttp://shawcawebmailserver.weebly.com/\nhttp://shelaccountfrackspaceusers.weebly.com/\nhttps://banque-five.vercel.app/\nhttp://shelaccountfrackspaceusers.weebly.com/\nhttps://banque-five.vercel.app/\nhttps://shelaccountfrackspaceusers.weebly.com\nhttp://shelaccountfrackspaceusers.weebly.com/\nhttps://griselda.com.ua", "modified": "2025-02-01T00:01:06.239000", "created": "2025-01-02T11:10:35.063000", "tags": [ "nie podano", "www tls", "nazwa pospolita", "kod odpowiedzi", "script", "polityka zasobw", "raport do", "dugo treci", "serwer", "ochrona xxss", "office open", "xml document", "xml spreadsheet", "ms word", "ms excel", "document", "pdf carta", "letter", "pdf aoscx", "pdf new", "form", "fall", "zero", "sarah" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 30, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 27, "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 357, "domain": 4, "hostname": 2 }, "indicator_count": 400, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "484 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670abfc0673b3d9cd66a7ef7", "name": "http://repository.certum.pl/ctnca.cer ceidg.gov.pl.edgekey.net", "description": "Researchers have worked out how to identify and track the most common \"mystery\" in computer science - and how much of it has to work out - with the help of a few quick-fire tools.\nSuggested ATT&CK IDs:\nAD ... and 73 items more c62358c63b455d9cb97ce227733a7add2ef50f004b7dc1ab4e22ec1b6f7d013c c62358c63b455d9cb97ce227733a7add2ef50f004b7dc1ab4e22ec1b6f7d013c Type Win32 EXE Size 584.84 kB First Seen 2024-04-03 15:00:55 Last Seen 2024-04-03 15:00:55 Submissions 1 File Name acrotray .exe Detections alibabacloud Trojan[downloader]:Win/Unruy.349e75b3 CrowdStrike win/malicious_confidence_100% (D) Panda Trj/Genetic.gen AVG Win32:Unruy-AA [Trj] Fortinet W32/Unruy.", "modified": "2024-12-27T13:38:36.893000", "created": "2024-10-12T18:28:16.121000", "tags": [ "b2 dc", "c0 a8", "a9 c0", "ca b2", "d8 f6", "pobierz", "http", "mozilla", "windows nt", "trjzb7", "mb first", "seen", "file name", "size", "type android", "bkav undetected", "type win32", "exe size", "elastic", "fireeye", "trojan", "win64", "sha1", "sha256" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 45, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 20, "URL": 126, "IPv4": 5, "FileHash-SHA256": 621, "domain": 14, "IPv6": 2, "FileHash-MD5": 375, "FileHash-SHA1": 370, "CVE": 4 }, "indicator_count": 1537, "is_author": false, "is_subscribing": null, "subscriber_count": 125, "modified_text": "520 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "644b08a228ec358a31b8cf0b", "name": "mask.studio.dan.com.goo-redirects.intercom.simontok.62..pdf", "description": "https://www.virustotal.com/graph/gfe8317e059ff4ecfa78c52ccc2c31a73e6df6c6e5f334b56a7b5a3e77788a5bd", "modified": "2023-04-27T23:54:02.115000", "created": "2023-04-27T23:43:30.246000", "tags": [ "mask.studio.dan.com.goo-redirects.intercom.simontok.62..pdf", "api.cachesdata.com", "https://www.virustotal.com/graph/gfe8317e059ff4ecfa78c52ccc2c31a" ], "references": [ "mask.studio.dan.com.goo-redirects.intercom.simontok.62..pdf", "api.cachesdata.com", "https://www.virustotal.com/graph/gfe8317e059ff4ecfa78c52ccc2c31a73e6df6c6e5f334b56a7b5a3e77788a5bd" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 40, "domain": 12, "hostname": 36, "FileHash-SHA256": 509, "IPv4": 48, "FileHash-MD5": 25, "FileHash-SHA1": 26 }, "indicator_count": 696, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1129 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "pdfcoffee.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "pdfcoffee.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780258856.8578584 }