{
  "type": "Domain",
  "indicator": "pubmatic.com",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/pubmatic.com",
    "alexa": "http://www.alexa.com/siteinfo/pubmatic.com",
    "indicator": "pubmatic.com",
    "type": "domain",
    "type_title": "Domain",
    "validation": [
      {
        "source": "ad_network",
        "message": "Whitelisted ad network domain pubmatic.com",
        "name": "Whitelisted ad network domain"
      },
      {
        "source": "akamai",
        "message": "Akamai rank: #147",
        "name": "Akamai Popular Domain"
      },
      {
        "source": "majestic",
        "message": "Whitelisted domain pubmatic.com",
        "name": "Whitelisted domain"
      },
      {
        "source": "whitelist",
        "message": "Whitelisted domain pubmatic.com",
        "name": "Whitelisted domain"
      }
    ],
    "base_indicator": {
      "id": 2253839170,
      "indicator": "pubmatic.com",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 37,
      "pulses": [
        {
          "id": "69cec10621c1502a529923bb",
          "name": "VirusTotal report\n                    for AccountingAll-in-OneForDummiesPDFDrive.pdf",
          "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.",
          "modified": "2026-05-02T19:36:13.629000",
          "created": "2026-04-02T19:18:30.126000",
          "tags": [
            "united",
            "as14061",
            "present apr",
            "script urls",
            "as13335",
            "as13768 aptum",
            "singapore",
            "aaaa",
            "as31898 oracle",
            "united kingdom",
            "date",
            "win32",
            "body",
            "title",
            "fury",
            "file type",
            "chrome cache",
            "entry",
            "cache entry",
            "jpeg image",
            "jfif",
            "gif image",
            "png image",
            "ascii text",
            "malicious",
            "next",
            "windows sandbox",
            "calls process",
            "default",
            "file size",
            "mwdb",
            "bazaar",
            "sha3384",
            "ssdeep",
            "win1",
            "acrongl integ",
            "adc4240758",
            "accept",
            "shutdown",
            "json",
            "code",
            "persistence",
            "phishing",
            "value a",
            "pdf document",
            "adobe portable",
            "document format",
            "algorithm",
            "key identifier",
            "number",
            "cus ogoogle",
            "trust",
            "cnwe1 validity",
            "subject public",
            "key info",
            "key algorithm",
            "ec oid",
            "germany create",
            "domain",
            "expiry date",
            "name",
            "germany update",
            "researchgate",
            "discover",
            "research jobs",
            "gate",
            "find",
            "access",
            "join",
            "login",
            "email",
            "password",
            "x509v3 subject",
            "v3 serial",
            "issuer",
            "cbe cnalphassl",
            "sha256",
            "g2 oglobalsign",
            "validity",
            "public key",
            "info"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%",
            "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR",
            "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7",
            "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh",
            "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2",
            "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1189",
              "name": "Drive-by Compromise",
              "display_name": "T1189 - Drive-by Compromise"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 272,
            "FileHash-MD5": 149,
            "FileHash-SHA1": 151,
            "FileHash-SHA256": 783,
            "domain": 140,
            "email": 4,
            "hostname": 144
          },
          "indicator_count": 1643,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 69,
          "modified_text": "31 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69cec0fd4e0b04227b505a5f",
          "name": "VirusTotal report\n                    for AccountingAll-in-OneForDummiesPDFDrive.pdf",
          "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.",
          "modified": "2026-05-02T19:36:13.629000",
          "created": "2026-04-02T19:18:21.797000",
          "tags": [
            "united",
            "as14061",
            "present apr",
            "script urls",
            "as13335",
            "as13768 aptum",
            "singapore",
            "aaaa",
            "as31898 oracle",
            "united kingdom",
            "date",
            "win32",
            "body",
            "title",
            "fury",
            "file type",
            "chrome cache",
            "entry",
            "cache entry",
            "jpeg image",
            "jfif",
            "gif image",
            "png image",
            "ascii text",
            "malicious",
            "next",
            "windows sandbox",
            "calls process",
            "default",
            "file size",
            "mwdb",
            "bazaar",
            "sha3384",
            "ssdeep",
            "win1",
            "acrongl integ",
            "adc4240758",
            "accept",
            "shutdown",
            "json",
            "code",
            "persistence",
            "phishing",
            "value a",
            "pdf document",
            "adobe portable",
            "document format",
            "algorithm",
            "key identifier",
            "number",
            "cus ogoogle",
            "trust",
            "cnwe1 validity",
            "subject public",
            "key info",
            "key algorithm",
            "ec oid",
            "germany create",
            "domain",
            "expiry date",
            "name",
            "germany update",
            "researchgate",
            "discover",
            "research jobs",
            "gate",
            "find",
            "access",
            "join",
            "login",
            "email",
            "password",
            "x509v3 subject",
            "v3 serial",
            "issuer",
            "cbe cnalphassl",
            "sha256",
            "g2 oglobalsign",
            "validity",
            "public key",
            "info"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%",
            "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR",
            "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7",
            "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh",
            "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2",
            "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1189",
              "name": "Drive-by Compromise",
              "display_name": "T1189 - Drive-by Compromise"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 272,
            "FileHash-MD5": 149,
            "FileHash-SHA1": 151,
            "FileHash-SHA256": 783,
            "domain": 140,
            "email": 4,
            "hostname": 144
          },
          "indicator_count": 1643,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 69,
          "modified_text": "31 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69ca5d583057aaefed16789a",
          "name": "CAPE Sandbox- Stealc Config CNCs\thttp://170.130.55.38\\/ad23d4a47cfd4c13.php botnet\tnewbuild2",
          "description": "A complete list of details about who is registered on the Whois website:..1.0/16:30 GMT on 1 January 2019. (00:00 GMT).-1:<Pretext -- Stealc Config\nCNCs\thttp://170.130.55.38\\/ad23d4a47cfd4c13.php\nbotnet\tnewbuild2",
          "modified": "2026-04-29T11:26:13.615000",
          "created": "2026-03-30T11:24:08.053000",
          "tags": [
            "file size",
            "mwdb",
            "bazaar",
            "sha3384",
            "ssdeep",
            "file type",
            "default",
            "sha256",
            "sha1",
            "data",
            "info",
            "accept",
            "win64",
            "damage",
            "openssl",
            "shutdown",
            "direct",
            "explorer",
            "title",
            "payload",
            "rdap",
            "ip version",
            "address range",
            "cidr",
            "network name",
            "allocation type",
            "whois server",
            "entity sg679",
            "handle",
            "stealc config",
            "cncs http"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/1ca8b15684a1143e38ef87f31d8a89c7b25a1107aeaf03d43ad9fd611c4a35ba_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774869821&Signature=dm0pQf9ykZMucZEHHViqEfYFoBozAF57ZHYUPo3i79Fb6al02qn6AeYk%2FxR1vzLE4NQkG40Rm1LFUVN79w5CNETgwiRzCx%2BSpUCvPnYIv7E3SEmv5wZrhcuObW%2FE%2B1Ef7e53KrnREKePmmVmLYO34EXBewDpQF4DTIUvGnHdoQkf8pmNquGPuJZRRodaPAkoAEufbI%2BMk4zTqA%2BXbEP%2FpFBi5v30azilsKQ8R%2BLyJYHnYE"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 351,
            "URL": 392,
            "FileHash-MD5": 149,
            "FileHash-SHA1": 168,
            "FileHash-SHA256": 197,
            "email": 12,
            "hostname": 68,
            "CIDR": 4
          },
          "indicator_count": 1341,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 70,
          "modified_text": "35 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c093748442bdddcab64347",
          "name": "Clone by Q.Vashti credit - \" emotet-is-not-dead-yet.html\"",
          "description": "",
          "modified": "2026-04-21T00:02:11.941000",
          "created": "2026-03-23T01:12:20.012000",
          "tags": [
            "learn",
            "ck id",
            "name tactics",
            "suspicious",
            "informative",
            "adversaries",
            "command",
            "defense evasion",
            "ssl certificate",
            "spawns",
            "sha1",
            "copy md5",
            "copy sha1",
            "copy sha256",
            "ascii text",
            "sha256",
            "united",
            "size",
            "pattern match",
            "png image",
            "path",
            "date",
            "encrypt",
            "mask",
            "june",
            "hybrid",
            "general",
            "local",
            "click",
            "strings",
            "domains",
            "hashes",
            "value",
            "variables",
            "optanonwrapper",
            "parsely",
            "typeof function",
            "handlebars",
            "stq function",
            "x string",
            "optanon",
            "verified",
            "ecdsa",
            "automattic",
            "linux x8664",
            "khtml",
            "gecko",
            "aes128gcm",
            "cloudflarenet",
            "europedublin",
            "facebook",
            "accept",
            "emotet",
            "dead",
            "twitter",
            "unit",
            "thursday",
            "january",
            "google tag",
            "utc gtm53l4wgzn",
            "utc na",
            "server nginx",
            "date mon",
            "gmt contenttype",
            "connection",
            "wordpress vip",
            "https",
            "link",
            "contentencoding",
            "miss xrq",
            "html document",
            "unicode text",
            "utf8 text",
            "crlf",
            "lf line",
            "resolved ips",
            "cname",
            "http",
            "ip address",
            "gmt ifnonematch",
            "info file",
            "network dropped",
            "duration cuckoo",
            "version file",
            "machine label",
            "shutdown",
            "address port",
            "url data",
            "address range",
            "cidr",
            "network name",
            "type",
            "status",
            "whois server",
            "entity autom93",
            "handle",
            "key identifier",
            "x509v3 subject",
            "v3 serial",
            "number",
            "cus olet",
            "encrypt cne6",
            "validity",
            "subject public",
            "key info",
            "key algorithm",
            "thumbprint",
            "inc abuse",
            "email",
            "street",
            "service",
            "arin rdapwhois",
            "rdapwhois",
            "reporting",
            "copyright",
            "registry",
            "allocation",
            "geofeed https",
            "range",
            "name automattic",
            "parent net192",
            "net1920000",
            "net type",
            "origin as",
            "autom93",
            "restful link",
            "arin search",
            "whoisrws",
            "delegation",
            "ta0007 command",
            "control ta0011",
            "catalog tree",
            "cndigicert sha2",
            "secure server",
            "ca odigicert",
            "inc cus",
            "subject",
            "corporation cus",
            "algorithm",
            "azure rsa",
            "tls issuing",
            "cus subject",
            "stwa lredmond",
            "corporation c",
            "get http",
            "request",
            "response",
            "windows nt",
            "win64",
            "dns resolutions"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1553",
              "name": "Subvert Trust Controls",
              "display_name": "T1553 - Subvert Trust Controls"
            },
            {
              "id": "T1568",
              "name": "Dynamic Resolution",
              "display_name": "T1568 - Dynamic Resolution"
            },
            {
              "id": "T1583",
              "name": "Acquire Infrastructure",
              "display_name": "T1583 - Acquire Infrastructure"
            },
            {
              "id": "T1590",
              "name": "Gather Victim Network Information",
              "display_name": "T1590 - Gather Victim Network Information"
            },
            {
              "id": "T1113",
              "name": "Screen Capture",
              "display_name": "T1113 - Screen Capture"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": "6846c463106765b93b44335a",
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 446,
            "FileHash-SHA1": 349,
            "FileHash-SHA256": 1979,
            "SSLCertFingerprint": 15,
            "URL": 362,
            "domain": 120,
            "hostname": 329,
            "CIDR": 8,
            "email": 2
          },
          "indicator_count": 3610,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 70,
          "modified_text": "43 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "695089cbedad5c86f39b1363",
          "name": "Tracking Domains 03.03.26 (Updated Test)",
          "description": "Privacy Badger - Update on 01.09.26\nTracking domains on a hybrid (mobile laptop) clone of an AHS/Covenant Health, UAlberta (University of Alberta), and Government of Alberta Laptop.\nHealthcare: No Cybersecurity, EDU: No Cybersecurity / Remote only, GoA = Informed & don't quite know what to do or to whom this should be brought up with.",
          "modified": "2026-04-05T06:35:43.679000",
          "created": "2025-12-28T01:37:15.993000",
          "tags": [
            "privacy badger",
            "sites general",
            "settings widget",
            "domains manage",
            "data privacy",
            "badger",
            "hide"
          ],
          "references": [
            "https://hybrid-analysis.com/sample/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86",
            "https://yaraify.abuse.ch/scan/results/32bfc760-1757-11f1-b47f-42010aa4000b",
            "https://polyswarm.network/scan/results/file/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86",
            "https://app.threat.zone/submission/c8b0b1e4-0c9b-4210-b5ce-1dc2303445df/overview",
            "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/iocs",
            "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/summary",
            "https://www.virustotal.com/graph/embed/g6d4bce6162064ac09cd20411c1947e69d7d5a1d475f0447da023ac933d338fce?theme=dark",
            "https://viz.greynoise.io/ip/analysis/6356f330-63a7-4ce3-91fa-7ab355a1dc1a"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "Canada",
            "United States of America",
            "Netherlands"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Healthcare",
            "Government",
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 50404,
            "hostname": 10879,
            "URL": 715,
            "FileHash-MD5": 1
          },
          "indicator_count": 61999,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 132,
          "modified_text": "59 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "64ed117e2308a042e50e1e9e",
          "name": "Investigation of Distribution Vectors and Threat Network Infrastructure",
          "description": "Targets: Individual(s), University of Alberta Infrastructure, Covenant Health (Alberta Health Services), TELUS Communications (Network & Mobile infrastructure), Government of Alberta, Government of Canada. International entities spanning primarily government, healthcare, and educational institutions.",
          "modified": "2025-11-23T23:20:07.571000",
          "created": "2023-08-28T21:28:30.294000",
          "tags": [
            "Domains",
            "ip addresses",
            "URLs",
            "Files",
            "Alberta Health Services",
            "BEC",
            "Education",
            "University of Alberta",
            "Government of Alberta",
            "Covenant Health Alberta",
            "Telus Communications",
            "Canadian Universities",
            "Malicious Certificates",
            "Digital Identity Theft / Credential Theft"
          ],
          "references": [
            "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376",
            "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b",
            "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb",
            "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783",
            "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9",
            "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e",
            "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328",
            "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305",
            "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98",
            "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352",
            "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary",
            "https://www.virustotal.com/gui/collection/3bf1c0922ee6f4d041effbf9f72a21a1e9f4b38d0593cfbeaca24851cf712eac",
            "https://www.virustotal.com/gui/collection/2cdadbf6aa2ec4f9815c038b0e9375b1475ac7e049fd123861d6e925e7802c6a",
            "https://www.virustotal.com/gui/collection/ba238f4d585b87abb85c126f927090cb866facfa9e4e2e0db8e307aff553397d",
            "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5/summary",
            "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2",
            "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327",
            "https://www.virustotal.com/gui/collection/fd8ebe64d72b2ad9e90773791522c3ec5863868dc3b9c58a929c6b4e01bb3042",
            "https://www.virustotal.com/gui/collection/8d65d93130b4775903adbffbb53820d40bb9425dcf1848b806ffee65ee883984",
            "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5",
            "https://www.virustotal.com/gui/collection/6434f0cf09638991baf3be289834696b46e11c4c6cbe1e7b9548f9ac27372b53",
            "https://www.virustotal.com/gui/collection/bc7e252dcc07855314e153efe890d70e7a7e9b8a743e171eac31e5951260c1b7",
            "https://www.virustotal.com/gui/collection/dbf356b0a281fa94308e2e24738d839491491bfb2defa4e6c42662646e52c8f8",
            "https://www.virustotal.com/gui/collection/f60b8061133367a1047262a1e90d54cd72de4d59885c267906c6eeb557a35500",
            "https://www.virustotal.com/gui/collection/da124f42943c08f1cafdc1c42635457b0c69ccce41b4031263af3235717996a2/summary",
            "https://www.virustotal.com/gui/collection/daab0521ae533cbdfeec047e51a9499aedfd27c8cc05c644950126c1947131f9",
            "https://www.virustotal.com/gui/collection/12100cb4982365cfe5122fcedda2c084d60cebe09314846cae980c36fc90fc8c/iocs",
            "https://www.virustotal.com/graph/embed/g9219350397134ff3a645319a88b67833077c9cf0f50d4979aa0239a3d0b6ecea?theme=dark",
            "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602",
            "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/graph",
            "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/iocs",
            "https://www.virustotal.com/gui/collection/da35693aa528a682ca91aee332c8155d99ac8e4a13077cc73b2a8921c8fea36b",
            "https://www.virustotal.com/gui/collection/1497c56a475d73236c67292964eabd7f8961f88c57fa5a2e3f30720dc29a51e7",
            "https://www.virustotal.com/gui/collection/8228434e85241bd42ae063de8cf2ee2afb86f0848675ed11e3f33b967e8c3c7c",
            "https://www.virustotal.com/gui/collection/aabd4abecf7099202ccbfbc1cec130ea266329ade38b040169399c6abf97a188",
            "https://www.virustotal.com/gui/collection/6a4e699473879d39e15ed7cd130f2ee9543f842b92c9ad8b78e310968f4b086f",
            "https://www.virustotal.com/graph/embed/g3dae42eb79cc447182e3a3dd746e462f0903d71c784d4f5cacf970954deea221?theme=dark",
            "https://www.virustotal.com/graph/embed/gc0d82762363b4aa88991027c391afdbfe9585395bd8d4273bbe09907fbfaf532?theme=light",
            "https://www.virustotal.com/graph/embed/g78ea5ea9b68b4a4bbcd2bc078e23b321985e72d90da146c19d8d80ede366c1fa?theme=dark",
            "https://www.virustotal.com/gui/collection/8f89eb9579ca53d15294ec27a4c1e763998ce57d3644ea746621d9fe0cb57e55/iocs",
            "https://www.virustotal.com/graph/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076",
            "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f/iocs",
            "https://www.virustotal.com/graph/g38632f8b939b443ab3b69f6a3171d02ffd2696a0f3714325a84b9a5f227a7d1c",
            "https://www.virustotal.com/gui/collection/4b166c2c1752d85215da951b15a065688bfe24ea92c65228a45ded6f2d94685b/iocs",
            "https://www.virustotal.com/graph/embed/g798b5e01446c4711ba22802009d71f5ba78553df16794088a907ae7456e2a017?theme=dark",
            "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f",
            "https://www.virustotal.com/gui/collection/a6a81c8412b19ac6357a7c6e978c31a38d52a75fbb3b2e44f0f1a2bf0deb8a58/iocs",
            "https://www.virustotal.com/graph/embed/g699a7b9bfb324855859555181d01666c372310cf233441e08a095459b3394dea?theme=dark",
            "https://www.virustotal.com/graph/embed/g6a67af8ffa22446da35d6989d7d0bc47efcd295eb893471e9b4912080c1dddef?theme=dark",
            "https://www.virustotal.com/graph/embed/g23481631a7c745c6ba19f72ce9f853643d17706c08ab44eb8851eb5c56c0f073?theme=dark",
            "https://www.virustotal.com/graph/embed/g3b316b58b8c54064b322b2e186d62950d7632add2f3f408f8d8a1706563fd3c0?theme=dark",
            "https://www.virustotal.com/graph/embed/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076?theme=dark",
            "https://www.virustotal.com/graph/g40f442f2b5d64cba818cac88855ba4ce274d109ce4ef4fb496f1af4efb993886",
            "https://www.virustotal.com/gui/collection/0c9360cb9f8601bd6cdf912eb414d67902487f0c4eec96e952377e300ff4e983/iocs",
            "https://www.virustotal.com/gui/collection/a1866f4c7dbc79920d0c7e914a3bace0d3dc424a2aac06bf30bf724c6c8b0375/iocs",
            "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/iocs",
            "https://viz.greynoise.io/ip/analysis/ae06b3b5-c746-4b44-b2ac-19bb3aea14a1 [11.23.25 - 1000ipv4]"
          ],
          "public": 1,
          "adversary": "Unknown APT Group(s) / Threat Actor (s)",
          "targeted_countries": [
            "Canada",
            "United States of America",
            "Philippines",
            "Panama",
            "Netherlands",
            "Anguilla",
            "Saint Vincent and the Grenadines",
            "Aruba",
            "Mexico",
            "Guatemala",
            "Costa Rica",
            "Tanzania, United Republic of"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Healthcare",
            "Government"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 111,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 236,
            "FileHash-SHA1": 139,
            "FileHash-SHA256": 1421,
            "URL": 9580,
            "CIDR": 30,
            "domain": 10205,
            "email": 12,
            "hostname": 517612,
            "IPv4": 11,
            "CVE": 62
          },
          "indicator_count": 539308,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 146,
          "modified_text": "191 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "691b61e16cea7624a6606a69",
          "name": "For Later",
          "description": "***",
          "modified": "2025-11-17T18:46:19.094000",
          "created": "2025-11-17T17:56:49.875000",
          "tags": [
            "wormhole",
            "want",
            "sign",
            "submit send",
            "copy",
            "share show",
            "report delete",
            "faq roadmap",
            "security legal",
            "twitter discord",
            "protected"
          ],
          "references": [
            "https://wormhole.app/Pp5DdP#3EpzsqLhw5lJdQ0Xe_mRQA",
            "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/iocs"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 4,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 72127,
            "hostname": 16700,
            "URL": 50
          },
          "indicator_count": 88877,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 131,
          "modified_text": "197 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "624f122d52ca4bdcd527c673",
          "name": "Traffic Summary by Host Calls March 7 - April 7",
          "description": "Default: Anghon.co, anonymity.com, is the name given to a computer that can be used to measure the speed of internet traffic, but it is not the only one that has made the headlines.",
          "modified": "2025-10-25T13:36:37.528000",
          "created": "2022-04-07T16:32:45.779000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "mantunez0410",
            "id": "178995",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 30,
            "domain": 180,
            "URL": 2
          },
          "indicator_count": 212,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 35,
          "modified_text": "221 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "66e9c8e63a72c7cb531a58ba",
          "name": "08.09.24 URLscanio 2 weeks.csv",
          "description": "",
          "modified": "2025-10-25T02:09:23.619000",
          "created": "2024-09-17T18:22:30.731000",
          "tags": [],
          "references": [
            "https://x.com/NorrisN60014/status/1836092481978486802",
            "https://x.com/NorrisN60014/status/1836092481978486802",
            "https://www.hybrid-analysis.com/sample/a4f03d9a35524a7c0596777ea2b1fe5d98161b2462435e6056e4e39eb869396d/66e9ae1eb806d5b3300b842f",
            "https://viz.greynoise.io/analysis/79a3ab55-982c-4fb7-9952-abde6f1219c2",
            "https://www.filescan.io/uploads/66e9b5494a48170ff00c8102/reports",
            "https://report.netcraft.com/submission/9R7KbGQKOvzU9GBdraRBpUJ4C",
            "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcn"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 7,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "skocherhan",
            "id": "249290",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CVE": 3,
            "FileHash-MD5": 6,
            "URL": 1074,
            "domain": 1530,
            "email": 2,
            "hostname": 2849
          },
          "indicator_count": 5464,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 189,
          "modified_text": "221 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "686dc31588057c828d99de65",
          "name": "Darpapox CNC Beacon \u2022 Tethered to T-Mobile iOS",
          "description": "In November 2021  T-mobile.com/tethering/upsell.do\ttethered to a heavily targeted crime victim\u2019s phone. It\u2019s seemed to trigger an outage in Early November 2021. (IoC\u2019s left out of graph and Pulse) related to Palantir / Foundry/ Twitter \nI can anssume they are being spoofed, unfortunately, this harmful, powerfully dangerous \u2019tool\u2019 is a real a weapon that can and has lead to great harm or death ; is a product for sale.\n\nVictim was assaulted by PT under quasi government care. She has been injured, stalked,  nearly assassinated, confronted, recorded, spied on denied healthcare, legal representation & relentlessly bullied online and otherwise to death.\nNOT EVERYONE SHOULD HAVE THIS TOOL. IT IS A WEAPON!",
          "modified": "2025-08-08T00:05:09.846000",
          "created": "2025-07-09T01:17:09.803000",
          "tags": [
            "united",
            "status",
            "name servers",
            "search",
            "servers",
            "ip address",
            "creation date",
            "telekom ag",
            "present aug",
            "present dec",
            "date",
            "date checked",
            "url hostname",
            "server response",
            "google safe",
            "results jan",
            "next related",
            "domains show",
            "domain related",
            "learn",
            "command",
            "ck id",
            "name tactics",
            "suspicious",
            "informative",
            "spawns",
            "mitre att",
            "ck techniques",
            "evasion att",
            "copy md5",
            "copy sha1",
            "copy sha256",
            "sha256",
            "sha1",
            "ascii text",
            "pattern match",
            "size",
            "null",
            "refresh",
            "body",
            "span",
            "hybrid",
            "local",
            "path",
            "click",
            "strings",
            "error",
            "tools",
            "look",
            "verify",
            "restart",
            "update",
            "whois field",
            "value address",
            "city bonn",
            "country de",
            "dnssec",
            "domain name",
            "name",
            "expiration date",
            "domain",
            "passive dns",
            "urls",
            "files ip",
            "address domain",
            "ip whois",
            "registrar",
            "entries",
            "next associated",
            "urls show",
            "results apr",
            "showing",
            "present nov",
            "results dec",
            "present jan",
            "results feb",
            "present mar",
            "results may",
            "results mar",
            "results aug",
            "present may",
            "present jun",
            "results jun",
            "t-mobile",
            "log4",
            "whois show",
            "record value",
            "name domain",
            "admin name",
            "org deutsche",
            "whois",
            "related",
            "comments",
            "status hostname",
            "query type",
            "address first",
            "seen last",
            "seen asn",
            "country",
            "emails",
            "services",
            "org principal",
            "financial",
            "high st",
            "ag organization",
            "server",
            "flag",
            "contacted hosts",
            "process details",
            "found cache",
            "control",
            "pragma",
            "present oct",
            "present feb",
            "moved",
            "name legal",
            "referral url",
            "wa status",
            "updated date",
            "whois server",
            "zipcode",
            "present apr",
            "content type",
            "gmt p3p",
            "noi nid",
            "cura adma",
            "deva psaa",
            "psda our",
            "sama bus",
            "pur com",
            "hostname add",
            "pulse pulses",
            "files",
            "domain add",
            "show",
            "copy",
            "reads",
            "total",
            "read",
            "write",
            "delete",
            "kawaii unicorn",
            "tethering",
            "iphone",
            "ios",
            "apple",
            "gmt content",
            "type",
            "dynamicloader",
            "yara rule",
            "medium",
            "high",
            "vmware",
            "msie",
            "windows nt",
            "wow64",
            "slcc2",
            "media center",
            "malware",
            "unknown",
            "ta0002 defense",
            "evasion ta0005",
            "ta0009",
            "lowfi",
            "ipv4 add",
            "location united",
            "america flag",
            "ransom",
            "trojandropper",
            "yara detections",
            "lehash",
            "av detections",
            "ids detections",
            "alerts",
            "analysis date",
            "file score",
            "medium risk",
            "none related",
            "defender",
            "pulses none",
            "cnc beacon",
            "winver",
            "search host",
            "all ipv4",
            "hosting",
            "trojan",
            "tlsv1",
            "odigicert inc",
            "cndigicert sha2",
            "secure server",
            "stwashington",
            "lseattle",
            "as16509",
            "stcalifornia",
            "next",
            "execution",
            "dock",
            "persistence",
            "encrypt",
            "project",
            "process32nextw",
            "service",
            "t1003",
            "hacktool",
            "pe32",
            "win64",
            "cowboy server",
            "jakuz",
            "mimikatz",
            "darpapox",
            "default",
            "codeoverlap",
            "date hash",
            "deletes_executed_files",
            "ue codeoverlap",
            "pe section",
            "ipv4",
            "arkei stealer",
            "hash apr",
            "ma ma",
            "win32spigot may",
            "ub euj",
            "e ep",
            "ub uj",
            "program",
            "python",
            "write c",
            "intel",
            "ms windows",
            "updater",
            "launcher",
            "powershell",
            "langchinese",
            "ip check",
            "http host",
            "icmp traffic",
            "win32",
            "download",
            "handle",
            "address range",
            "cidr",
            "network name",
            "allocation type",
            "entity bns34",
            "ip addresses",
            "tsara brashears"
          ],
          "references": [
            "https://offers.Tethered to target iPhone - T-mobile.com/tethering/upsell.do",
            "Kawaii-Unicorn.exe",
            "IDS Detections: Win32/Unruy Rogue Search Host Observed | Yara Detections: EnigmaProtector",
            "High Priority Alerts: infostealer_cookies persistence_autorun procmem_yara static_pe_anomaly",
            "High Priority Alerts:  suricata_alert antivm_bochs_keys physical_drive_access",
            "Priority Alerts: physical_drive_access dynamic_function_loading resumethread_remote_process",
            "Priority Alerts:  enumerates_running_processes reads_self network_http",
            "Priority Alerts: packer_entropy antidebug_ntsetinformationthread injection_rwx",
            "Priority Alerts: createtoolhelp32snapshot_module_enumeration packer_unknown_pe_section_name",
            "High Priority Alerts IDS:  Backdoor.Darpapox/Jaku  \u2022 CNAME CnC Beacon (WinVer 6.1)",
            "High Priority Alerts IDS: ADWARE/InstallCore.Gen Checkin \u2022 Adware.InstallCore.B Checkin",
            "High Priority Alerts IDS: Arkei Stealer \u2022 Config Download Request Vidar/Arkei Stealer Client Data Upload \u2022 192.157.56.140",
            "High Priority Alerts IDS: Potentially Unwanted Application AirInstaller CnC Beacon Backdoor.Win32.Hupigon.dpgy Checkin",
            "High Priority Alerts IDS: Possible Win32/Hupigon ip.txt with a Non-Mozilla UA \u2022 192.157.56.140",
            "High Priority Alerts IDS: Suspicious Zipped Filename in Outbound POST Request (Passwords.log) M2 \u2022 192.157.56.140",
            "High Priority Alerts IDS: Win32/Spigot Activity Potentially Unwanted Application AirInstaller \u2022  192.157.56.140",
            "High Priority Alerts IDS:  \u2022 199.59.243.228",
            "High Priority Alerts IDS: Win32.Renos/Artro Trojan Checkin M1 Garveep POST CnC Beacon \u2022 199.59.243.228",
            "High Priority Alerts IDS: Best-targeted-traffic.com Spyware Install \u2022 199.59.243.228",
            "High Priority Alerts IDS: Win32.AdWare.iBryte.C Install Win32/Scudy.A Checkin \u2022 199.59.243.228",
            "High Priority Alerts IDS: iebaru Spyware User Agent Win32/Snojan Variant Uploading EXE \u2022 199.59.243.228",
            "High Priority Alerts IDS: (iebar) Dropper Checkin 2 (often scripts.dlv4.com related) \u2022 199.59.243.228",
            "High Priority Alerts IDS: Downloader (P2P Zeus dropper UA) Zeus Bot Connectivity Check \u2022 199.59.243.228",
            "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing. \u2022 www.anyxxxtube.net \u2022",
            "ai-fairness-360.dev-lfprojects5.linuxfoundation.org \u2022-ran-sc.dev-lfprojects5.linuxfoundation.org",
            "[Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 6.1) / Jacuz /Mimikatz] continues\u2026.",
            "[iRegarding - Serving IPs: 192.157.56.141 & 192.157.56.140 for http://tagram.com/ & continues",
            "http://titkok.com/ Final URL: http://survey-smiles.com/ | URL that may infect its visitors with malware. (DigitalMistica)]",
            "URL that may infect its visitors with malware. Last 4 references (DigitalMistica)]"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Win.Trojan.Barys-10005825-0",
              "display_name": "Win.Trojan.Barys-10005825-0",
              "target": null
            },
            {
              "id": "#fp539598-VBS/LoveLetter.BT",
              "display_name": "#fp539598-VBS/LoveLetter.BT",
              "target": null
            },
            {
              "id": "Ransom:Win32/Haperlock",
              "display_name": "Ransom:Win32/Haperlock",
              "target": "/malware/Ransom:Win32/Haperlock"
            },
            {
              "id": "Backdoor.Darpapox/Jaku",
              "display_name": "Backdoor.Darpapox/Jaku",
              "target": null
            },
            {
              "id": "Win.Trojan.Badur-8004052-0",
              "display_name": "Win.Trojan.Badur-8004052-0",
              "target": null
            },
            {
              "id": "Win.Dropper.Unruy-9994363-0",
              "display_name": "Win.Dropper.Unruy-9994363-0",
              "target": null
            },
            {
              "id": "Ransom:Win32/Haperlock.A",
              "display_name": "Ransom:Win32/Haperlock.A",
              "target": "/malware/Ransom:Win32/Haperlock.A"
            },
            {
              "id": "Win.Malware.Bzub-9969513-0",
              "display_name": "Win.Malware.Bzub-9969513-0",
              "target": null
            },
            {
              "id": "Trojan:Win32/Dorv.A",
              "display_name": "Trojan:Win32/Dorv.A",
              "target": "/malware/Trojan:Win32/Dorv.A"
            },
            {
              "id": "HackTool:Win32/Mimikatz",
              "display_name": "HackTool:Win32/Mimikatz",
              "target": "/malware/HackTool:Win32/Mimikatz"
            },
            {
              "id": "ALF:JASYP:TrojanDownloader:Win32/Upatre!atmn",
              "display_name": "ALF:JASYP:TrojanDownloader:Win32/Upatre!atmn",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1568",
              "name": "Dynamic Resolution",
              "display_name": "T1568 - Dynamic Resolution"
            },
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1210",
              "name": "Exploitation of Remote Services",
              "display_name": "T1210 - Exploitation of Remote Services"
            },
            {
              "id": "T1449",
              "name": "Exploit SS7 to Redirect Phone Calls/SMS",
              "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS"
            },
            {
              "id": "T1059.002",
              "name": "AppleScript",
              "display_name": "T1059.002 - AppleScript"
            },
            {
              "id": "TA0011",
              "name": "Command and Control",
              "display_name": "TA0011 - Command and Control"
            },
            {
              "id": "T1598",
              "name": "Phishing for Information",
              "display_name": "T1598 - Phishing for Information"
            },
            {
              "id": "T1429",
              "name": "Capture Audio",
              "display_name": "T1429 - Capture Audio"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1119",
              "name": "Automated Collection",
              "display_name": "T1119 - Automated Collection"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1143",
              "name": "Hidden Window",
              "display_name": "T1143 - Hidden Window"
            },
            {
              "id": "T1003",
              "name": "OS Credential Dumping",
              "display_name": "T1003 - OS Credential Dumping"
            },
            {
              "id": "T1031",
              "name": "Modify Existing Service",
              "display_name": "T1031 - Modify Existing Service"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 12,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1130,
            "FileHash-SHA1": 1094,
            "FileHash-SHA256": 4332,
            "URL": 413,
            "domain": 444,
            "hostname": 903,
            "email": 12,
            "SSLCertFingerprint": 34,
            "CIDR": 1
          },
          "indicator_count": 8363,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 143,
          "modified_text": "299 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6846c463106765b93b44335a",
          "name": "emotet-is-not-dead-yet.html",
          "description": "https://blogs.vmware.com/\n\n[ emotet-is-not-dead-yet.html ]\n\nFileHash-SHA256\n3f7f582dc3ea77d4a5ca6d5d1964ae459d6a187c9c5d49cbd3405447975e4f15 ||\n\nCrowdsourced IDS:\nMatches rule PROTOCOL-ICMP PATH MTU denial of service attempt\nMatches rule PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set\nMatches rule PROTOCOL-ICMP Echo Reply",
          "modified": "2025-07-09T11:03:10.334000",
          "created": "2025-06-09T11:24:19.234000",
          "tags": [
            "learn",
            "ck id",
            "name tactics",
            "suspicious",
            "informative",
            "adversaries",
            "command",
            "defense evasion",
            "ssl certificate",
            "spawns",
            "sha1",
            "copy md5",
            "copy sha1",
            "copy sha256",
            "ascii text",
            "sha256",
            "united",
            "size",
            "pattern match",
            "png image",
            "path",
            "date",
            "encrypt",
            "mask",
            "june",
            "hybrid",
            "general",
            "local",
            "click",
            "strings",
            "domains",
            "hashes",
            "value",
            "variables",
            "optanonwrapper",
            "parsely",
            "typeof function",
            "handlebars",
            "stq function",
            "x string",
            "optanon",
            "verified",
            "ecdsa",
            "automattic",
            "linux x8664",
            "khtml",
            "gecko",
            "aes128gcm",
            "cloudflarenet",
            "europedublin",
            "facebook",
            "accept",
            "emotet",
            "dead",
            "twitter",
            "unit",
            "thursday",
            "january",
            "google tag",
            "utc gtm53l4wgzn",
            "utc na",
            "server nginx",
            "date mon",
            "gmt contenttype",
            "connection",
            "wordpress vip",
            "https",
            "link",
            "contentencoding",
            "miss xrq",
            "html document",
            "unicode text",
            "utf8 text",
            "crlf",
            "lf line",
            "resolved ips",
            "cname",
            "http",
            "ip address",
            "gmt ifnonematch",
            "info file",
            "network dropped",
            "duration cuckoo",
            "version file",
            "machine label",
            "shutdown",
            "address port",
            "url data",
            "address range",
            "cidr",
            "network name",
            "type",
            "status",
            "whois server",
            "entity autom93",
            "handle",
            "key identifier",
            "x509v3 subject",
            "v3 serial",
            "number",
            "cus olet",
            "encrypt cne6",
            "validity",
            "subject public",
            "key info",
            "key algorithm",
            "thumbprint",
            "inc abuse",
            "email",
            "street",
            "service",
            "arin rdapwhois",
            "rdapwhois",
            "reporting",
            "copyright",
            "registry",
            "allocation",
            "geofeed https",
            "range",
            "name automattic",
            "parent net192",
            "net1920000",
            "net type",
            "origin as",
            "autom93",
            "restful link",
            "arin search",
            "whoisrws",
            "delegation",
            "ta0007 command",
            "control ta0011",
            "catalog tree",
            "cndigicert sha2",
            "secure server",
            "ca odigicert",
            "inc cus",
            "subject",
            "corporation cus",
            "algorithm",
            "azure rsa",
            "tls issuing",
            "cus subject",
            "stwa lredmond",
            "corporation c",
            "get http",
            "request",
            "response",
            "windows nt",
            "win64",
            "dns resolutions"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1553",
              "name": "Subvert Trust Controls",
              "display_name": "T1553 - Subvert Trust Controls"
            },
            {
              "id": "T1568",
              "name": "Dynamic Resolution",
              "display_name": "T1568 - Dynamic Resolution"
            },
            {
              "id": "T1583",
              "name": "Acquire Infrastructure",
              "display_name": "T1583 - Acquire Infrastructure"
            },
            {
              "id": "T1590",
              "name": "Gather Victim Network Information",
              "display_name": "T1590 - Gather Victim Network Information"
            },
            {
              "id": "T1113",
              "name": "Screen Capture",
              "display_name": "T1113 - Screen Capture"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 13,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 446,
            "FileHash-SHA1": 349,
            "FileHash-SHA256": 1979,
            "SSLCertFingerprint": 15,
            "URL": 361,
            "domain": 120,
            "hostname": 329,
            "CIDR": 8,
            "email": 2
          },
          "indicator_count": 3609,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 144,
          "modified_text": "329 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "67f5555b6ce863d998e83e26",
          "name": "macOS Threat Infrastructure Leveraging Remote Agents via remotewd.com and rtmsprod.net",
          "description": "This pulse identifies an actively observed macOS-focused remote access infrastructure abusing trusted native Apple agents (ARDAgent.app, SSMenuAgent.app) and communicating with a distributed network of C2-like endpoints under domains such as remotewd.com, idsremoteurlconnectionagent.app, and rtmsprod.net.\n\nThe infrastructure is composed of dynamically generated subdomains \u2014 many in the form of device-<UUID>.remotewd.com \u2014 indicative of automated deployment, system tracking, or per-host remote access configurations.\n\nAdditional indicators include HTTP/S URLs pointing directly to embedded binary paths within macOS agents, suggesting possible delivery vectors, staging, or persistence techniques.\n\nThis campaign shows signs of structured, programmatic targeting and is highly likely to be pre-operational infrastructure for wide-scale surveillance or access operations. All listed indicators should be considered high-risk. If observed in your environment, initiate a full forensic and IR process immediately.",
          "modified": "2025-05-11T19:03:59.885000",
          "created": "2025-04-08T16:56:59.641000",
          "tags": [
            "generated from",
            "do not",
            "edit uri",
            "urls",
            "edit",
            "rewriteengine",
            "rewritecond",
            "rewriterule",
            "r301",
            "xml2encalias",
            "beralloct",
            "berbvarrayadd",
            "berbvarrayfree",
            "berbvdup",
            "berbvecadd",
            "berbvecfree",
            "berbvfree",
            "berdump",
            "berdup",
            "berdupbv",
            "laerrordomain",
            "laerrornoncekey",
            "lamechanismtree",
            "lacontext",
            "ladomainstate",
            "laenvironment",
            "lanotification",
            "laprivatekey",
            "lapublickey",
            "laright",
            "apple swift",
            "o librarylevel",
            "combine import",
            "foundation",
            "swift import",
            "mcpeerid",
            "mcsession",
            "property",
            "copyright",
            "protocol",
            "class",
            "bonjour",
            "ascii lowercase",
            "abc company",
            "section",
            "bonjour txt",
            "note",
            "ui element",
            "utf8 encoding",
            "nscopying",
            "nsdictionary",
            "nsstring",
            "mcextern",
            "attribute",
            "mcextern extern",
            "mcexternweak",
            "nsenum",
            "nsinteger",
            "mcerrorcode",
            "mcerrorunknown",
            "mcerrortimedout",
            "peer",
            "example",
            "bonjour apis",
            "stop",
            "tags",
            "session",
            "nsprogress",
            "nserror",
            "nsurl",
            "nsarray",
            "create",
            "nsuinteger",
            "notifies",
            "mcsession api",
            "interface",
            "dbictrace",
            "dbivporth",
            "dbictracelevel",
            "dbdtffoo",
            "dbihseterrchar",
            "dbicstate",
            "dbictraceflags",
            "provides macros",
            "dbi release",
            "only",
            "sqlsuccess",
            "odbc",
            "sqlok",
            "tim bunce",
            "england",
            "sql cli",
            "sql datatype",
            "sqlguid",
            "sqlwlongvarchar",
            "main",
            "beware",
            "sv sth",
            "sv dbh",
            "impsth",
            "impdbh",
            "sv keysv",
            "sv params",
            "sv attr",
            "sv attribs",
            "sv drh",
            "void",
            "fri jul",
            "mixed",
            "dbixsrevision",
            "plsvundef",
            "license",
            "spagain",
            "perlioprintf",
            "dbiclogpio",
            "putback",
            "ireland",
            "gnu general",
            "super",
            "magic",
            "dbicflags",
            "dbis",
            "svrv",
            "null",
            "imp2com",
            "dbicactivekids",
            "dbicfiadestroy",
            "sv h",
            "dbicdbistate",
            "code",
            "copy",
            "refer",
            "trace",
            "error",
            "unknown",
            "hookopcheckh",
            "startexternc",
            "hookopcheckcb",
            "userdata",
            "endexternc",
            "isinternalbuild",
            "kickmcxdforuid",
            "loadappkit",
            "ardconfig",
            "authenticator",
            "dsauthenticator",
            "dsnode",
            "dsrecord",
            "group",
            "hostconfig",
            "apfsvolumelock",
            "apfsvolumerole",
            "aoskgetosinfo",
            "aoskgetuserinfo",
            "aosaddappleid",
            "aosdisablepcs",
            "aosenablepcs",
            "aoslog",
            "aoslogforce",
            "aosrelaycookie",
            "didfailcallback",
            "kaosaccountkey",
            "kapcsbundle",
            "kapcspath",
            "kjsonextension",
            "apcsbucketid",
            "apcsreports",
            "apconfiguration",
            "apversiondata",
            "apversionhelper",
            "systemvolumesvm",
            "name size",
            "identifier",
            "gb disk0s3",
            "devdisk3",
            "apfs container",
            "scheme",
            "physical store",
            "macintosh hd",
            "apfs snapshot",
            "preboot",
            "refs address",
            "size wired",
            "name",
            "version",
            "uuid",
            "linked against",
            "renderer",
            "helper",
            "chrome helper",
            "contains",
            "cloud ui",
            "macintosh",
            "khtml",
            "gecko",
            "ui helper",
            "plugin",
            "service",
            "good",
            "battery power",
            "apfs encryption",
            "jumpcloud go",
            "chrome web",
            "store",
            "privacy badger",
            "flowcrypt",
            "encrypt gmail",
            "simple",
            "google",
            "b2b phone",
            "number",
            "apollo",
            "future",
            "exccrash",
            "sigkill",
            "code signature",
            "invalid",
            "sigabrt",
            "protonvpn",
            "excguard",
            "excbreakpoint",
            "sigtrap",
            "excbadaccess",
            "appl",
            "english",
            "adobe crash",
            "adobe",
            "acrobat dcadobe",
            "processor",
            "uninstaller",
            "assistant",
            "install",
            "cloud",
            "dock",
            "calendar",
            "music",
            "terminal",
            "tips",
            "installer",
            "updater",
            "proton",
            "tools",
            "stub",
            "python",
            "clock",
            "powershell",
            "team",
            "rave scout",
            "cookies",
            "public folder",
            "key cert",
            "sign",
            "crl sign",
            "root ca",
            "authority",
            "public primary",
            "global root",
            "verisign",
            "academic",
            "premium",
            "adaptive",
            "interactive",
            "background",
            "standard",
            "launchd sandbox",
            "s mdworker",
            "agent",
            "command line",
            "progress",
            "yubico",
            "macos13action",
            "disableoverride",
            "disableairdrop",
            "denyactivation",
            "enable",
            "loginwindowtext",
            "jumpcloud",
            "autoupdate",
            "loggingoption",
            "enablefirewall",
            "arm64e",
            "apple m2",
            "mac142",
            "kjqqtw7pqt",
            "daemon",
            "server",
            "open directory",
            "user",
            "account",
            "kerberos admin",
            "kerberos change",
            "device daemon",
            "network",
            "desktop",
            "screensaver",
            "bridge",
            "aesxtsarm",
            "aesecbarm",
            "sha512vngarmhw",
            "sha384vngarmhw",
            "sha256vngarm",
            "sha1vngarm",
            "darwin kernel",
            "wed mar",
            "wkarraycreate",
            "wkbooleancreate",
            "wkcontextcreate",
            "wkdatacreate",
            "wkdatagettypeid",
            "wkdoublecreate",
            "wkframecopyurl",
            "wkgettypeid",
            "wkimagecreate",
            "wkpagecandelete",
            "webview",
            "notice",
            "this software",
            "including",
            "but not",
            "limited to",
            "redistribution",
            "is provided",
            "by apple",
            "direct",
            "damage",
            "apiavailable",
            "webkit",
            "nsswiftname",
            "document",
            "a block",
            "as is",
            "hasinclude",
            "wkdownload",
            "abstract",
            "wkerrorcode",
            "wkerrorunknown",
            "discussion",
            "bool",
            "whether",
            "wkcontentworld",
            "wkwebview",
            "javascript",
            "nsunavailable",
            "vaargs",
            "nsswiftasync",
            "wkswiftasync",
            "wkcookiepolicy",
            "wkswiftuiactor",
            "nshttpcookie",
            "targetosiphone",
            "wknavigation",
            "decides",
            "boolean value",
            "apideprecated",
            "methodkind",
            "wkerrordomain",
            "wkscriptmessage",
            "promise",
            "fulfill",
            "const",
            "url scheme",
            "mark",
            "wkuserscript",
            "targetosvision",
            "param",
            "wkframeinfo",
            "targetosios",
            "pass",
            "window",
            "mime type",
            "link",
            "nsimage",
            "returns",
            "nsset",
            "checks",
            "matches",
            "a boolean",
            "defaults",
            "wkwebextension",
            "cgsize",
            "uiimage",
            "apis",
            "nsdate",
            "wkcontentmode",
            "wkextern",
            "possible",
            "cgfloat",
            "media",
            "cgrect",
            "apiunavailable",
            "framework",
            "nsswiftuiactor",
            "targetoswatch",
            "confirms",
            "apple upgrade",
            "nsstring user",
            "nsobject",
            "provider",
            "apple",
            "password",
            "uicontrol",
            "nscontrol",
            "asuseragerange",
            "check",
            "opaque user",
            "apple id",
            "initiate",
            "asauthorization",
            "operation",
            "state",
            "nserrorenum",
            "nsdata",
            "relying party",
            "asapiavailable",
            "perform",
            "realm",
            "http response",
            "authorization",
            "http",
            "oauth",
            "saml",
            "a byte",
            "nsdata userid",
            "relying",
            "a string",
            "nsdata readdata",
            "bool didwrite",
            "a cose",
            "nsdata first",
            "nsdata second",
            "nsstring name",
            "bool appid",
            "targetosxr",
            "nsstring appid",
            "bluetooth",
            "mdm profile",
            "nsurl url",
            "returns yes",
            "a state",
            "a json",
            "web token",
            "private seckeys",
            "enables",
            "keychain",
            "asswiftsendable",
            "cose algorithm",
            "ecdsa",
            "sha256",
            "cose curve",
            "p256",
            "nullable",
            "bool success",
            "remove",
            "call",
            "complete",
            "initializes",
            "time code",
            "extensions",
            "asextern extern",
            "asextern",
            "nsswiftsendable",
            "prepare",
            "list",
            "nsextension",
            "attempt",
            "nsstring label",
            "creates",
            "nsstring code",
            "a key",
            "webauthn",
            "nssecurecoding",
            "input",
            "output",
            "initialize",
            "nsinteger rank",
            "json",
            "inputs",
            "hash",
            "nsstring origin",
            "settings app",
            "extension",
            "https urls",
            "safari",
            "cancel",
            "nsuuid uuid",
            "r uftpexu",
            "nsmutabledata",
            "vnsdate",
            "mprcjy",
            "postfix",
            "domain",
            "canonical",
            "tables",
            "ldap",
            "post",
            "replace user",
            "address",
            "wietse venema",
            "bugs",
            "mail",
            "aliases",
            "postfix version",
            "restrict",
            "sample",
            "person",
            "basic system",
            "general",
            "reject empty",
            "postfix smtp",
            "ipv6 host",
            "reject",
            "reply",
            "access",
            "prior",
            "hold",
            "info",
            "mail delivery",
            "charset",
            "system",
            "report",
            "postfix dsn",
            "mail returned",
            "this",
            "generic",
            "smtp",
            "isp mail",
            "mime",
            "headerchecks",
            "readme files",
            "filters while",
            "posix",
            "empty",
            "body",
            "write",
            "date",
            "smtp server",
            "specify",
            "mx host",
            "unix password",
            "user unknown",
            "pathbin",
            "postfix queue",
            "unix",
            "cyrus",
            "path",
            "uucp",
            "shell",
            "local",
            "program",
            "agreement",
            "contributor",
            "recipient",
            "contribution",
            "the program",
            "corporation",
            "contributors",
            "product x",
            "as expressly",
            "arch",
            "arch x8664",
            "pipe wall",
            "wimplicit",
            "ranlib",
            "warn",
            "switch",
            "start",
            "systype",
            "outlook",
            "postfix master",
            "begin",
            "server admin",
            "mail backend",
            "modern smtp",
            "iana",
            "many",
            "postfix pipe",
            "recent cyrus",
            "amos gouaux",
            "old example",
            "or even",
            "lutz jaenicke",
            "technology",
            "cottbus",
            "germany",
            "openssl package",
            "openssl project",
            "europe",
            "remember that",
            "use of",
            "file",
            "update",
            "usrsbin",
            "file format",
            "no group",
            "daemondirectory",
            "deliver mail",
            "transport",
            "description",
            "result format",
            "virtual",
            "virtual alias",
            "redirect mail",
            "relocated",
            "matches user",
            "synopsis",
            "lastname",
            "firstname",
            "apple computer",
            "tcpip",
            "supported",
            "quantum",
            "facility",
            "level",
            "level info",
            "broadcast",
            "ignore",
            "rules",
            "sender",
            "automounter map",
            "use directory",
            "get home",
            "home autohome",
            "true",
            "t option",
            "mount",
            "force",
            "environment",
            "automountdenv",
            "promptcommand",
            "shellsessiondir",
            "histfile",
            "histfilesize",
            "myvar",
            "histtimeformat",
            "arrange",
            "bashrematch",
            "tell",
            "ps1h",
            "make bash",
            "s checkwinsize",
            "etcbashrc",
            "termprogram",
            "inpck",
            "nnnbaud",
            "berkeley",
            "parity",
            "pc entry",
            "pass8",
            "parenb istrip",
            "fixed speed",
            "entry",
            "clocal mode",
            "maxhistsize",
            "promptmode",
            "verbose end",
            "etcirbrcloaded",
            "default",
            "setup",
            "history file",
            "kernel",
            "readline",
            "jabber",
            "group database",
            "dovecot",
            "postfix scsd",
            "networkd",
            "searchpaths",
            "freebsd",
            "tmpdir",
            "fcodes",
            "prunepaths",
            "vartmp",
            "prunedirs",
            "filesystems",
            "nroff",
            "manpath",
            "uncomment",
            "manpager",
            "whatispager",
            "manlocale",
            "every",
            "manpath optman",
            "maybe",
            "troff",
            "status mailfrom",
            "returnpath via",
            "pidfile",
            "flags",
            "bcgjnuwz",
            "bin usrsbin",
            "sbin",
            "default pf",
            "care",
            "audio",
            "user database",
            "unix copy",
            "gate daemon",
            "bashno",
            "r etcbashrc",
            "rfc1323",
            "m1460",
            "macos x",
            "signature",
            "linux",
            "opera",
            "xp sp1",
            "windows sp1",
            "nmap syn",
            "m265",
            "synack",
            "mind",
            "macos",
            "warp",
            "ipv6",
            "internet",
            "icmp",
            "cisco",
            "monitoring",
            "argus",
            "chaos",
            "rsvp",
            "encapsulation",
            "aris",
            "isis",
            "netbootmount",
            "netbootshadow",
            "computername",
            "localonly",
            "localnetbootdir",
            "netboot",
            "define",
            "purpose",
            "networkonly",
            "waiting",
            "networkup",
            "term",
            "devnull",
            "common setup",
            "configure",
            "set command",
            "dns hostname",
            "dns query",
            "see also",
            "kame",
            "sunnet manager",
            "rpcsrc",
            "netlicense",
            "ftpd",
            "bindash binksh",
            "binsh bintcsh",
            "jumpcloud ldap",
            "smb2",
            "security",
            "workgroup",
            "standalone",
            "samba server",
            "enforce",
            "smb3",
            "example share",
            "improper use",
            "ctrlc",
            "none",
            "fax reception",
            "hardwired",
            "0007",
            "must",
            "visudo",
            "blocksize",
            "charset lang",
            "language lcall",
            "lines columns",
            "lscolors",
            "sshauthsock",
            "orion",
            "setup user",
            "home",
            "zdotdir",
            "delete",
            "beep",
            "vendor",
            "kf10",
            "kf11",
            "kf12",
            "kf13",
            "backspace",
            "insert",
            "resume",
            "termsessionid",
            "savehist",
            "sharehistory",
            "h do",
            "volume",
            "de l",
            "l uuid",
            "m tra",
            "n est",
            "suuid",
            "prfen",
            "fusion",
            "syst",
            "look",
            "executant",
            "alla",
            "over",
            "test",
            "overie",
            "zapis",
            "rapid",
            "disco usa",
            "de macos",
            "nie s",
            "i denne",
            "adgjmpsvx",
            "diskgthis disk",
            "01k8x j",
            "34disk",
            "levy kytt",
            "dict",
            "array",
            "plist",
            "apple root",
            "code signing",
            "inode64r",
            "xofkoxzh",
            "integer",
            "doctype",
            "brain",
            "abcd",
            "ogwo",
            "boaw",
            "cobwa",
            "uhawavauatsh",
            "ip bitmap",
            "foewdc",
            "could",
            "ip block",
            "funcs",
            "cogwo",
            "trash",
            "double",
            "hunt",
            "affa",
            "carr",
            "crypto",
            "docwbac",
            "q1b0",
            "q1 0",
            "h h5",
            "docwbag",
            "slice",
            "format",
            "zero",
            "alfa",
            "hera",
            "lelei",
            "hehe",
            "hisp",
            "fail",
            "katy",
            "zakk",
            "eodwcbgao",
            "hhk8di",
            "alma",
            "topo",
            "open",
            "huhk",
            "piper",
            "hehx",
            "eh ui",
            "h20hph",
            "hif h",
            "hmhhihqhyla hq",
            "r11b0",
            "target",
            "uus10u",
            "hifh",
            "loghookfailed",
            "loghook",
            "hell",
            "q1b 0",
            "f duh",
            "aqw1",
            "1160"
          ],
          "references": [
            "index.html.en",
            "bind.html",
            "caching.html",
            "BUILDING",
            "configuring.html",
            "content-negotiation.html",
            "custom-error.html",
            "convenience.map",
            "LDAP.tbd",
            "lber.h",
            "ldap.h",
            "LocalAuthentication.tbd",
            "arm64e-apple-macos.swiftinterface",
            "x86_64-apple-ios-macabi.swiftinterface",
            "arm64e-apple-ios-macabi.swiftinterface",
            "x86_64-apple-macos.swiftinterface",
            "MultipeerConnectivity.tbd",
            "module.modulemap",
            "MCNearbyServiceAdvertiser.h",
            "MCPeerID.h",
            "MCError.h",
            "MCNearbyServiceBrowser.h",
            "MCAdvertiserAssistant.h",
            "MultipeerConnectivity.apinotes",
            "MultipeerConnectivity.h",
            "MCSession.h",
            "MCBrowserViewController.h",
            "dbivport.h",
            "dbi_sql.h",
            "dbd_xsh.h",
            "dbixs_rev.h",
            "Driver_xst.h",
            "DBIXS.h",
            "hook_op_check.h",
            "Admin.tbd",
            "AirPlayReceiver.tbd",
            "apfs_boot_mount.tbd",
            "AOSKit.tbd",
            "APConfigurationSystem.tbd",
            "AppleFirmwareUpdate.tbd",
            "launchdaemons.txt",
            "preboot_archive_errors.log",
            "mounts.txt",
            "launchagents.txt",
            "disk_structure.txt",
            "user_launchagents.txt",
            "security_status.txt",
            "kexts.txt",
            "process_list.txt",
            "battery.csv",
            "diskEncryption.csv",
            "chromeExtensions.csv",
            "crashes.csv",
            "interfaceAddrs.csv",
            "kernel.csv",
            "interfaceDetails.csv",
            "etcHosts.csv",
            "applications.csv",
            "mounts.csv",
            "sharedFolders.csv",
            "certificates.csv",
            "sharingPreferences.csv",
            "launchD.csv",
            "usbDevices.csv",
            "managedPolicies.csv",
            "systemInfo.csv",
            "users.csv",
            "sipConfig.csv",
            "systemControls.csv",
            "canonical",
            "aliases",
            "custom_header_checks",
            "access",
            "bounce.cf.default",
            "generic",
            "header_checks",
            "main.cf.default",
            "LICENSE",
            "makedefs.out",
            "main.cf",
            "master.cf.default",
            "main.cf.proto",
            "master.cf.proto",
            "master.cf",
            "TLS_LICENSE",
            "postfix-files",
            "transport",
            "virtual",
            "relocated",
            "afpovertcp.cfg",
            "asl.conf",
            "auto_home",
            "auto_master",
            "autofs.conf",
            "bashrc_Apple_Terminal",
            "com.apple.screensharing.agent.launchd",
            "bashrc",
            "command_args.json",
            "csh.cshrc",
            "csh.login",
            "find.codes",
            "csh.logout",
            "ftpusers",
            "gettytab",
            "irbrc",
            "kern_loader.conf",
            "group",
            "locate.rc",
            "man.conf",
            "mail.rc",
            "manpaths",
            "networks",
            "nfs.conf",
            "newsyslog.conf",
            "ntp_opendirectory.conf",
            "ntp.conf",
            "notify.conf",
            "paths",
            "pf.conf",
            "passwd",
            "profile",
            "pf.os",
            "protocols",
            "rc.netboot",
            "rc.common",
            "rmtab",
            "resolv.conf",
            "rtadvd.conf",
            "rpc",
            "shells",
            "smb.conf",
            "sudo_lecture",
            "ttys",
            "syslog.conf",
            "xtab",
            "sudoers",
            "zprofile",
            "zshrc",
            "zshrc_Apple_Terminal",
            "CodeResources",
            "version.plist",
            "Info.plist"
          ],
          "public": 1,
          "adversary": "DragonForce Malaysia Hacker Group",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Lastname",
              "display_name": "Lastname",
              "target": null
            },
            {
              "id": "Firstname",
              "display_name": "Firstname",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1040",
              "name": "Network Sniffing",
              "display_name": "T1040 - Network Sniffing"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1090",
              "name": "Proxy",
              "display_name": "T1090 - Proxy"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1176",
              "name": "Browser Extensions",
              "display_name": "T1176 - Browser Extensions"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 66,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "ilyailya",
            "id": "298851",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 4449,
            "domain": 3847,
            "URL": 14263,
            "FileHash-SHA256": 2356,
            "FileHash-MD5": 223,
            "FileHash-SHA1": 523,
            "email": 223,
            "CVE": 40,
            "CIDR": 12,
            "SSLCertFingerprint": 302
          },
          "indicator_count": 26238,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 37,
          "modified_text": "387 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "66f235b9a7a94a6a61acd651",
          "name": "n0paste - Show paste: \\\"No Problems\\\" - dos meses del URLscan",
          "description": "This pulse represents a 'scattered sample' of data extracted from 'submissions of interest' made to virustotal, filescan_itsec, HybridAnalysis, anyrun_app, DynamiteLab, and triage (over a period of two months) which were submitted to urlscanio & subsequently GreyNoiseIO (which I've come across both from live samples and also those from offlined data). I don't particularly anticipate this will correlate w. anything specific - but at least will be put in one more place for further analysis & increased visibility.",
          "modified": "2025-03-07T08:38:08.584000",
          "created": "2024-09-24T03:44:57.902000",
          "tags": [
            "geoip",
            "public url",
            "as16509",
            "amazon02",
            "as20940",
            "akamaiasn1",
            "as8075",
            "as15169",
            "google",
            "akamaias",
            "facebook",
            "telecom",
            "twitter",
            "media",
            "win64",
            "level3",
            "mini",
            "ukraine",
            "proton",
            "ghost",
            "win32",
            "cuba",
            "mexico",
            "indonesia",
            "seznam",
            "as3359",
            "as852"
          ],
          "references": [
            "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1",
            "https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c",
            "https://n0paste.eu/UH6n5pD/"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "Canada",
            "Anguilla",
            "Poland",
            "Aruba",
            "Australia",
            "Barbados",
            "Costa Rica",
            "Guatemala",
            "Philippines",
            "Panama",
            "Sint Maarten (Dutch part)",
            "Saint Martin (French part)",
            "Cayman Islands",
            "Cura\u00e7ao",
            "Mexico",
            "Saint Vincent and the Grenadines",
            "Saint Kitts and Nevis",
            "Tanzania, United Republic of",
            "Netherlands",
            "Ukraine",
            "Trinidad and Tobago",
            "Japan",
            "Bahamas",
            "United Kingdom of Great Britain and Northern Ireland",
            "Georgia"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Technology",
            "Government",
            "Telecommunications",
            "Healthcare"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 29,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 2,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 1,
            "CIDR": 1186,
            "CVE": 4,
            "FileHash-MD5": 29,
            "FileHash-SHA1": 3,
            "URL": 25493,
            "domain": 5396,
            "email": 10,
            "hostname": 10770
          },
          "indicator_count": 42892,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 149,
          "modified_text": "453 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "66b0fa3624bf0384e427f2e7",
          "name": "Tracking Domains 4.2 - 08.19.24",
          "description": "Tracking Domains detected by Privacy Badger Ext. on Microsoft Edge Browser (W11 Device) using Telus ISP (ASN852)\n*Not-Enriched (08.05.24): ~50,000 suggests IOCs by AlienVault\nFrom VT: 2 IPs hosted by 45090 (Shenzhen Tencent Computer Systems Company Limited) & 4611 (CNNIC member) seem to be the problem here 118[.]89.204.198, 118[.]89.0.0/16 & 202[.]123.107.15, 202[.]123.107.0/24 (Respectively)",
          "modified": "2024-09-04T15:01:01.432000",
          "created": "2024-08-05T16:13:42.563000",
          "tags": [],
          "references": [
            "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/iocs",
            "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/summary",
            "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/graph",
            "https://www.virustotal.com/graph/embed/ge839428bb3e24a98aae8cbcc242ae4d8febdc0c46e49411ebb09d155e22b4bbc?theme=dark",
            "https://viz.greynoise.io/query/AS4611",
            "https://urlscan.io/asn/AS4611",
            "https://urlscan.io/search/#asn:%22AS4611%22",
            "https://urlscan.io/asn/AS45090",
            "https://urlscan.io/search/#asn%3A%22AS45090%22",
            "https://viz.greynoise.io/query/AS45090",
            "https://urlscan.io/result/aeb42615-79b7-465d-924e-c9bdde3eefd1/#transactions",
            "https://urlscan.io/result/d4bf08e4-88dc-4bf8-be34-6b352576882e/#behaviour",
            "Filescan[.]io report: bc47c757-0a4d-4659-98d4-5d0c86406462 (08.23.24)",
            "https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-be"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "Canada",
            "United States of America"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 17,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 6180,
            "FileHash-MD5": 1,
            "domain": 24921,
            "URL": 10854
          },
          "indicator_count": 41956,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 140,
          "modified_text": "637 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "66269b1f33258a8e26033b17",
          "name": "Tracking Domains - Part 4.1",
          "description": "More Tracking Domains",
          "modified": "2024-08-30T13:02:28.335000",
          "created": "2024-04-22T17:15:11.398000",
          "tags": [
            "Tracking Domains"
          ],
          "references": [
            "https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs",
            "https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark",
            "https://viz.greynoise.io/analysis/02a64dd4-d7e0-451c-8384-13cf23298551"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "Canada",
            "United States of America"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 16,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 94496,
            "FileHash-MD5": 63,
            "domain": 112327,
            "URL": 166918,
            "FileHash-SHA1": 33,
            "FileHash-SHA256": 103,
            "CIDR": 216
          },
          "indicator_count": 374156,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 142,
          "modified_text": "642 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "66269b204ecfba63974dc1d8",
          "name": "Tracking Domains - Part 4",
          "description": "More Tracking Domains",
          "modified": "2024-05-22T17:04:45.215000",
          "created": "2024-04-22T17:15:12.353000",
          "tags": [
            "Tracking Domains"
          ],
          "references": [
            "https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs",
            "https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "Canada",
            "United States of America"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 16,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 792,
            "FileHash-MD5": 1,
            "domain": 5803,
            "URL": 2
          },
          "indicator_count": 6598,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 136,
          "modified_text": "742 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65b7119615db47ea27706a86",
          "name": "Esurance Remote Attacks| Emotet | Lolkek  | Part I",
          "description": "Emotet is a kind of malware originally designed as a banking Trojan aimed at stealing financial data, but it's evolved to become a major threat to users everywhere.\n\nLater versions evolved to use macro-enabled documents to retrieve the virus payload from command and control. They have been advised .",
          "modified": "2024-04-12T23:03:13.367000",
          "created": "2024-01-29T02:46:46.076000",
          "tags": [
            "ssl certificate",
            "xamzexpires600",
            "whois record",
            "url collection",
            "collections",
            "historical ssl",
            "referrer",
            "contacted",
            "resolutions",
            "web gateway",
            "emotet",
            "urls http",
            "whois whois",
            "domains",
            "lolkek",
            "core",
            "caddywiper",
            "awful",
            "urls url",
            "cymulate",
            "malware",
            "com laude",
            "ltd dba",
            "first",
            "utc submissions",
            "submitters",
            "cloudflarenet",
            "internet domain",
            "service bs",
            "corp",
            "dynadot",
            "twitter",
            "optimizer",
            "amazonaes",
            "summary iocs",
            "graph community",
            "origin1",
            "ver33",
            "dtamlb",
            "smlb",
            "csc corporate",
            "gandi sas",
            "namecheap inc",
            "google",
            "amazon02",
            "apple",
            "remote attacks"
          ],
          "references": [
            "https://www.esurance.com/",
            "https://www.malwarebytes.com/emotet"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Emotet",
              "display_name": "Emotet",
              "target": null
            },
            {
              "id": "LolKek",
              "display_name": "LolKek",
              "target": null
            }
          ],
          "attack_ids": [],
          "industries": [
            "Telecom",
            "Civil Society",
            "Insurance"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 15,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 9102,
            "CVE": 5,
            "FileHash-MD5": 68,
            "FileHash-SHA1": 67,
            "FileHash-SHA256": 2209,
            "domain": 1427,
            "hostname": 4334
          },
          "indicator_count": 17212,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 226,
          "modified_text": "781 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65c68bc8b8745068608cc50d",
          "name": "Metasploit | Ransomware | PinterestPots - Pin.it",
          "description": "",
          "modified": "2024-03-10T20:03:45.513000",
          "created": "2024-02-09T20:32:08.358000",
          "tags": [
            "whois record",
            "contacted",
            "tsara brashears",
            "ssl certificate",
            "apple ios",
            "unlocker",
            "historical ssl",
            "referrer",
            "highly targeted",
            "critical risk",
            "hacktool",
            "malicious",
            "cobalt strike",
            "metasploit",
            "installer",
            "malware",
            "awful",
            "android",
            "banker",
            "keylogger",
            "jeffrey reimer",
            "emreimer",
            "emily reimer goldstien",
            "eva lisa",
            "eva lisa reimer",
            "status code",
            "http response",
            "ieedge date",
            "maxage86400",
            "path",
            "httponly xcdn",
            "connection",
            "vary useragent",
            "targeting brashears",
            "communicating",
            "whois whois",
            "collections",
            "password",
            "adult content",
            "core",
            "metro",
            "apple",
            "copy",
            "suspicious",
            "vj99",
            "threat",
            "slfrd1",
            "paste",
            "iocs",
            "analyze",
            "hostnames",
            "urls http",
            "jid1221717543",
            "slc1",
            "a domains",
            "united",
            "search",
            "date",
            "as15169 google",
            "passive dns",
            "urls",
            "record value",
            "name servers",
            "status",
            "encrypt",
            "win32",
            "next",
            "msie",
            "scan endpoints",
            "all octoseek",
            "ipv4",
            "pulse submit",
            "url analysis",
            "body",
            "domain",
            "unknown",
            "china unknown",
            "pulse pulses",
            "files",
            "ip address",
            "servers",
            "domain name",
            "showing",
            "as54113",
            "as16625 akamai",
            "as20940",
            "aaaa",
            "cname",
            "as396982 google",
            "as14061",
            "script domains",
            "hostname",
            "japan unknown",
            "gmt content",
            "gmt etag",
            "pragma",
            "accept",
            "location japan",
            "asn as131965",
            "less",
            "pulses",
            "related tags",
            "meta",
            "asn as13335",
            "443 ma2592000",
            "certificate",
            "germany unknown",
            "script urls",
            "link",
            "code",
            "moved",
            "russia unknown",
            "as51659 llc",
            "as12616 filanc",
            "welcome",
            "uhttps",
            "urls https",
            "ccb455304",
            "ccb455307",
            "vj93",
            "uyebaauqaaaaaac",
            "malvertizing",
            "tagging",
            "prefetch8",
            "script",
            "prefetch1",
            "command decode",
            "segoe ui",
            "suricata ipv4",
            "emoji",
            "mitre att",
            "suricata udpv4",
            "roboto",
            "courier",
            "february",
            "hybrid",
            "general",
            "model",
            "comspec",
            "click",
            "strings"
          ],
          "references": [
            "https://gr.pinterest.com/emreimer/",
            "Wife of Brashears SAter \u2022 Alias \u2022 Couple plays victim \u2022 Karens. HIPPA violations. Admittedly involved cyberstalking on Brashears. Legally agreed to stop.",
            "message.htm.com \u2022 CVE-2023-4966 \u2022 ransomed.vc",
            "http://neurosky.jp",
            "https://www.anyxxxtube.net/search-porn/tsara-brashears/",
            "http://45.159.189.105/bot/regex",
            "http://alohatube.xyz/search/tsara-brashears",
            "facebooksunglassshop.com [titled' Tsara Brashears GCcmwm.T ?]",
            "alohatube.xyz  [keylogger aimed at Tsara Brashears]",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
            "https://www.pornhub.com/video/search?search=tsara+brashears",
            "http://alohatube.xyz/search/tsara-brashears/",
            "https://alohatube.xyz/search/tsara-brashears",
            "https://alohatube.xyz/search/tsara-brashears+(Formerly+Botnetwork+malvertizing+campaign+targeting+Tsara+Brashears+crime+victim.+Now+",
            "https://www.sweetheartvideo.com/tsara-brashears/",
            "manvimishraa5417@gmail.com [Video of Tsara Brashears circulation]",
            "https://www.sweetheartvideo.com/tsara-brashearsAccept-Language:",
            "https://www.sweetheartvideo.com/tsara-brashearsAccept-Language",
            "https://www.sweetheartvideo.com/tsara-brashears",
            "https://www.hybrid-analysis.com/sample/92b00ee3aca1f3057ad8402229c27bfdd6fc934908ef641b36379bf47093df0b/65c63a1fbc9c5333d20354ca",
            "https://www.hybrid-analysis.com/file-inline/65c63a1fbc9c5333d20354ca/screenshot/screen_6.png",
            "https://rmy1o3xp-d182-v9.klinika-rekonstruktivnoj-kosmetologii-na-ulitse-lenina.ru/ [phishing \u2022 mitre S0154]",
            "CnC IP's: 104.124.58.137 \u2022 45.159.189.105 | Exploit source: 1.179.151.145 | scanning host: 208.115.103.34",
            "http://www.proxydocker.com/ja/proxy/43.229.135.125:8080",
            "https://twitter.com/PORNO_SEXYBABES | cloud.zemana.com - porn cloud",
            "https://www.anyxxxtube.net/search-porn/a-m-c-ate-xxx-videos/",
            "www.pornhub.com",
            "http://www.pinterest.com/ideas/songwriting/945635263947/",
            "https://www.neurosky.jp/wp-content/plugins/responsive-lightbox/assets/fancybox/jquery.fancybox.min.js?ver=2.1.0",
            "webdisk.thehomemakers.nl",
            "http://connectivitycheck.gstatic.com/generate_204 [RAT]",
            "http://discover.hubpages.com/literature/Most-Beautiful-Quotes-on-Love-and-Heartbreak  [RAT| Tagging target in adult content fraud sites]",
            "https://gujarati.ent24x7.comb [RAT]",
            "http://clipper.guru/bot/online?guid=PC\\Administrator&key=ace492e9661223449782fcc8096dc6ef6289032d08d03a7b0a92179622c35bdb",
            "https://tulach.cc/socrative/internal.js",
            "http://email.birdeye.org/c/eJxkUcFuozAU_JrHsTLPYODAIYQmSqXNqmm3q-4FGfNIrAUbGTtV-_UrklRatT5ZnvGbeTNVmLWhed6HsSVXxiLNsyLniUhFyoqolp6eyPgSE4Ysjw407boSMerKWKV90kdUxhnLuMiyhEenUiZ9LjAuij6PMWdMSpnFJPKkLVQrUhHpEtl1GEuSgvG7DIss6XsZCy7jooghYa12Hb3TnXXHaChP3k8z8BXgBnDziSk7Am4mp5U2xwXim-DHZrbBKQJeT852QfmGRqkHQLGAI3U6jMDr_x-VNZ6MB15vf1SAotUd8PpLEJ9cOU5SHw3w2ppBG2omRzMZRc1CaY0cF-21NTO5s_TaGsDqidxZK5oBq62zYQKsdkYBimmQipqL3vq0e9i3-VoOf-J09_dgq-m-enupQnUEFNp0YfbuHXgNKD70dL04Omt6a5QNF_-H-5fd_e9m_fPX_hlQyPOxuTGc9EtKvF69bJvD6",
            "https://gujarati.ent24x7.com | https://otx.alienvault.com/indicator/url/https://gujarati.ent24x7.com",
            "162.159.208.8"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "Japan"
          ],
          "malware_families": [
            {
              "id": "Trojan:VBS/MetasploitVBSCmdStager",
              "display_name": "Trojan:VBS/MetasploitVBSCmdStager",
              "target": "/malware/Trojan:VBS/MetasploitVBSCmdStager"
            },
            {
              "id": "HackTool",
              "display_name": "HackTool",
              "target": null
            },
            {
              "id": "Cobalt Strike",
              "display_name": "Cobalt Strike",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1056.001",
              "name": "Keylogging",
              "display_name": "T1056.001 - Keylogging"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            }
          ],
          "industries": [
            "Technology",
            "Telecommunications",
            "Media"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 27,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 3412,
            "FileHash-MD5": 194,
            "FileHash-SHA1": 159,
            "FileHash-SHA256": 2223,
            "domain": 2117,
            "hostname": 1763,
            "CVE": 2,
            "email": 5
          },
          "indicator_count": 9875,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 225,
          "modified_text": "814 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65de941acedcdd661f0593b6",
          "name": "Esurance Remote Attacks (Cloned. Who modifies reports? This happens to me)",
          "description": "",
          "modified": "2024-02-28T02:02:02.807000",
          "created": "2024-02-28T02:02:02.807000",
          "tags": [
            "ssl certificate",
            "xamzexpires600",
            "whois record",
            "url collection",
            "collections",
            "historical ssl",
            "referrer",
            "contacted",
            "resolutions",
            "web gateway",
            "emotet",
            "urls http",
            "whois whois",
            "domains",
            "lolkek",
            "core",
            "caddywiper",
            "awful",
            "urls url",
            "cymulate",
            "malware",
            "com laude",
            "ltd dba",
            "first",
            "utc submissions",
            "submitters",
            "cloudflarenet",
            "internet domain",
            "service bs",
            "corp",
            "dynadot",
            "twitter",
            "optimizer",
            "amazonaes",
            "summary iocs",
            "graph community",
            "origin1",
            "ver33",
            "dtamlb",
            "smlb",
            "csc corporate",
            "gandi sas",
            "namecheap inc",
            "google",
            "amazon02",
            "apple",
            "remote attacks"
          ],
          "references": [
            "https://www.esurance.com/",
            "https://www.malwarebytes.com/emotet"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Emotet",
              "display_name": "Emotet",
              "target": null
            },
            {
              "id": "LolKek",
              "display_name": "LolKek",
              "target": null
            }
          ],
          "attack_ids": [],
          "industries": [
            "Telecom",
            "Civil Society",
            "Insurance"
          ],
          "TLP": "white",
          "cloned_from": "65b711a6f49f057c311f2642",
          "export_count": 21,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 8575,
            "CVE": 4,
            "FileHash-MD5": 47,
            "FileHash-SHA1": 46,
            "FileHash-SHA256": 1951,
            "domain": 1394,
            "hostname": 4095
          },
          "indicator_count": 16112,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 230,
          "modified_text": "826 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65b7119e9272b1426729e1ed",
          "name": "Esurance Remote Attacks| Emotet | Lolkek  | Part I",
          "description": "Emotet is a kind of malware originally designed as a banking Trojan aimed at stealing financial data, but it's evolved to become a major threat to users everywhere.\n\nLater versions evolved to use macro-enabled documents to retrieve the virus payload from command and control. They have been advised .",
          "modified": "2024-02-28T02:01:51.407000",
          "created": "2024-01-29T02:46:54.594000",
          "tags": [
            "ssl certificate",
            "xamzexpires600",
            "whois record",
            "url collection",
            "collections",
            "historical ssl",
            "referrer",
            "contacted",
            "resolutions",
            "web gateway",
            "emotet",
            "urls http",
            "whois whois",
            "domains",
            "lolkek",
            "core",
            "caddywiper",
            "awful",
            "urls url",
            "cymulate",
            "malware",
            "com laude",
            "ltd dba",
            "first",
            "utc submissions",
            "submitters",
            "cloudflarenet",
            "internet domain",
            "service bs",
            "corp",
            "dynadot",
            "twitter",
            "optimizer",
            "amazonaes",
            "summary iocs",
            "graph community",
            "origin1",
            "ver33",
            "dtamlb",
            "smlb",
            "csc corporate",
            "gandi sas",
            "namecheap inc",
            "google",
            "amazon02",
            "apple",
            "remote attacks"
          ],
          "references": [
            "https://www.esurance.com/",
            "https://www.malwarebytes.com/emotet"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Emotet",
              "display_name": "Emotet",
              "target": null
            },
            {
              "id": "LolKek",
              "display_name": "LolKek",
              "target": null
            }
          ],
          "attack_ids": [],
          "industries": [
            "Telecom",
            "Civil Society",
            "Insurance"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 8,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 8575,
            "CVE": 4,
            "FileHash-MD5": 47,
            "FileHash-SHA1": 46,
            "FileHash-SHA256": 1951,
            "domain": 1394,
            "hostname": 4095
          },
          "indicator_count": 16112,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 223,
          "modified_text": "826 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65b711a6f49f057c311f2642",
          "name": "Esurance Remote Attacks| Emotet | Lolkek  | Part I",
          "description": "Emotet is a kind of malware originally designed as a banking Trojan aimed at stealing financial data, but it's evolved to become a major threat to users everywhere.\n\nLater versions evolved to use macro-enabled documents to retrieve the virus payload from command and control. They have been advised .",
          "modified": "2024-02-28T02:01:51.407000",
          "created": "2024-01-29T02:47:02.117000",
          "tags": [
            "ssl certificate",
            "xamzexpires600",
            "whois record",
            "url collection",
            "collections",
            "historical ssl",
            "referrer",
            "contacted",
            "resolutions",
            "web gateway",
            "emotet",
            "urls http",
            "whois whois",
            "domains",
            "lolkek",
            "core",
            "caddywiper",
            "awful",
            "urls url",
            "cymulate",
            "malware",
            "com laude",
            "ltd dba",
            "first",
            "utc submissions",
            "submitters",
            "cloudflarenet",
            "internet domain",
            "service bs",
            "corp",
            "dynadot",
            "twitter",
            "optimizer",
            "amazonaes",
            "summary iocs",
            "graph community",
            "origin1",
            "ver33",
            "dtamlb",
            "smlb",
            "csc corporate",
            "gandi sas",
            "namecheap inc",
            "google",
            "amazon02",
            "apple",
            "remote attacks"
          ],
          "references": [
            "https://www.esurance.com/",
            "https://www.malwarebytes.com/emotet"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Emotet",
              "display_name": "Emotet",
              "target": null
            },
            {
              "id": "LolKek",
              "display_name": "LolKek",
              "target": null
            }
          ],
          "attack_ids": [],
          "industries": [
            "Telecom",
            "Civil Society",
            "Insurance"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 9,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 8575,
            "CVE": 4,
            "FileHash-MD5": 47,
            "FileHash-SHA1": 46,
            "FileHash-SHA256": 1951,
            "domain": 1394,
            "hostname": 4095
          },
          "indicator_count": 16112,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 222,
          "modified_text": "826 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65b80763e9d9e18cf87d985b",
          "name": "Esurance Remote Attacks| Emotet | Lolkek | Part I",
          "description": "",
          "modified": "2024-02-28T02:01:51.407000",
          "created": "2024-01-29T20:15:31.163000",
          "tags": [
            "ssl certificate",
            "xamzexpires600",
            "whois record",
            "url collection",
            "collections",
            "historical ssl",
            "referrer",
            "contacted",
            "resolutions",
            "web gateway",
            "emotet",
            "urls http",
            "whois whois",
            "domains",
            "lolkek",
            "core",
            "caddywiper",
            "awful",
            "urls url",
            "cymulate",
            "malware",
            "com laude",
            "ltd dba",
            "first",
            "utc submissions",
            "submitters",
            "cloudflarenet",
            "internet domain",
            "service bs",
            "corp",
            "dynadot",
            "twitter",
            "optimizer",
            "amazonaes",
            "summary iocs",
            "graph community",
            "origin1",
            "ver33",
            "dtamlb",
            "smlb",
            "csc corporate",
            "gandi sas",
            "namecheap inc",
            "google",
            "amazon02",
            "apple",
            "remote attacks"
          ],
          "references": [
            "https://www.esurance.com/",
            "https://www.malwarebytes.com/emotet"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Emotet",
              "display_name": "Emotet",
              "target": null
            },
            {
              "id": "LolKek",
              "display_name": "LolKek",
              "target": null
            }
          ],
          "attack_ids": [],
          "industries": [
            "Telecom",
            "Civil Society",
            "Insurance"
          ],
          "TLP": "white",
          "cloned_from": "65b711a6f49f057c311f2642",
          "export_count": 7,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 8575,
            "CVE": 4,
            "FileHash-MD5": 47,
            "FileHash-SHA1": 46,
            "FileHash-SHA256": 1951,
            "domain": 1394,
            "hostname": 4095
          },
          "indicator_count": 16112,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 229,
          "modified_text": "826 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65708bdef430e1a00b884a89",
          "name": "all that json file from twitter app data = this wtf",
          "description": "",
          "modified": "2023-12-06T14:57:34.504000",
          "created": "2023-12-06T14:57:34.504000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 4811,
            "hostname": 998,
            "domain": 233,
            "URL": 433,
            "FileHash-MD5": 16
          },
          "indicator_count": 6491,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 111,
          "modified_text": "910 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65708a78e8b64037edbd6a88",
          "name": "json iPhone app data 30-3-2022 2/3",
          "description": "",
          "modified": "2023-12-06T14:51:36.819000",
          "created": "2023-12-06T14:51:36.819000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CVE": 1,
            "FileHash-SHA256": 5234,
            "hostname": 1530,
            "domain": 306,
            "URL": 1478,
            "FileHash-MD5": 46
          },
          "indicator_count": 8595,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 110,
          "modified_text": "910 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65708a730765663247bf0c34",
          "name": "my iphone app data json file 31-3-2022 3/3",
          "description": "",
          "modified": "2023-12-06T14:51:31.643000",
          "created": "2023-12-06T14:51:31.643000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CVE": 1,
            "FileHash-SHA256": 2636,
            "hostname": 657,
            "domain": 126,
            "URL": 277,
            "FileHash-MD5": 1
          },
          "indicator_count": 3698,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "910 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65708191cdba4e9f07ba1f93",
          "name": "mail.ru:%22,",
          "description": "",
          "modified": "2023-12-06T14:13:36.976000",
          "created": "2023-12-06T14:13:36.976000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 2753,
            "hostname": 1341,
            "domain": 447,
            "URL": 3301,
            "CIDR": 65,
            "FileHash-MD5": 112,
            "FileHash-SHA1": 2
          },
          "indicator_count": 8021,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 110,
          "modified_text": "910 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65707f8875d8a8785dfc5a30",
          "name": "ukrzoloto.ua",
          "description": "",
          "modified": "2023-12-06T14:04:56.920000",
          "created": "2023-12-06T14:04:56.920000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 1022,
            "hostname": 129,
            "domain": 56,
            "URL": 420,
            "FileHash-MD5": 155,
            "FileHash-SHA1": 1
          },
          "indicator_count": 1783,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "910 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "653f152513c2dcc0f4e3406e",
          "name": "Threat Network Root & Distribution Vectors Probe",
          "description": "",
          "modified": "2023-10-30T02:29:57.489000",
          "created": "2023-10-30T02:29:57.489000",
          "tags": [
            "Domains",
            "ip addresses",
            "URLs",
            "Files",
            "Alberta Health Services",
            "BEC",
            "Education",
            "University of Alberta",
            "Government of Alberta",
            "Covenant Health Alberta",
            "Telus Communications",
            "Canadian Universities",
            "Malicious Certificates",
            "Digital Identity Theft / Credential Theft"
          ],
          "references": [
            "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376",
            "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b",
            "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb",
            "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783",
            "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9",
            "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e",
            "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328",
            "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305",
            "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98",
            "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352",
            "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary"
          ],
          "public": 1,
          "adversary": "Unknown APT Group(s) / Threat Actor (s)",
          "targeted_countries": [
            "Canada",
            "United States of America",
            "Philippines",
            "Panama",
            "Netherlands",
            "Anguilla",
            "Saint Vincent and the Grenadines",
            "Aruba",
            "Mexico",
            "Guatemala",
            "Costa Rica",
            "Tanzania, United Republic of"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Healthcare",
            "Government"
          ],
          "TLP": "white",
          "cloned_from": "65133d6945641812c2ccc6ee",
          "export_count": 9,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 230,
            "FileHash-SHA1": 139,
            "FileHash-SHA256": 1197,
            "URL": 9276,
            "CIDR": 16,
            "domain": 7895,
            "email": 2,
            "hostname": 1965
          },
          "indicator_count": 20720,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 226,
          "modified_text": "947 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "653f1524792f3064843d826f",
          "name": "Threat Network Root & Distribution Vectors Probe",
          "description": "",
          "modified": "2023-10-30T02:29:56.006000",
          "created": "2023-10-30T02:29:56.006000",
          "tags": [
            "Domains",
            "ip addresses",
            "URLs",
            "Files",
            "Alberta Health Services",
            "BEC",
            "Education",
            "University of Alberta",
            "Government of Alberta",
            "Covenant Health Alberta",
            "Telus Communications",
            "Canadian Universities",
            "Malicious Certificates",
            "Digital Identity Theft / Credential Theft"
          ],
          "references": [
            "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376",
            "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b",
            "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb",
            "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783",
            "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9",
            "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e",
            "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328",
            "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305",
            "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98",
            "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352",
            "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary"
          ],
          "public": 1,
          "adversary": "Unknown APT Group(s) / Threat Actor (s)",
          "targeted_countries": [
            "Canada",
            "United States of America",
            "Philippines",
            "Panama",
            "Netherlands",
            "Anguilla",
            "Saint Vincent and the Grenadines",
            "Aruba",
            "Mexico",
            "Guatemala",
            "Costa Rica",
            "Tanzania, United Republic of"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Healthcare",
            "Government"
          ],
          "TLP": "white",
          "cloned_from": "65133d6945641812c2ccc6ee",
          "export_count": 9,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 230,
            "FileHash-SHA1": 139,
            "FileHash-SHA256": 1197,
            "URL": 9276,
            "CIDR": 16,
            "domain": 7895,
            "email": 2,
            "hostname": 1965
          },
          "indicator_count": 20720,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 224,
          "modified_text": "947 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65133d6945641812c2ccc6ee",
          "name": "Threat Network Root & Distribution Vectors Probe",
          "description": "",
          "modified": "2023-09-27T21:01:26.901000",
          "created": "2023-09-26T20:22:01.290000",
          "tags": [
            "Domains",
            "ip addresses",
            "URLs",
            "Files",
            "Alberta Health Services",
            "BEC",
            "Education",
            "University of Alberta",
            "Government of Alberta",
            "Covenant Health Alberta",
            "Telus Communications",
            "Canadian Universities",
            "Malicious Certificates",
            "Digital Identity Theft / Credential Theft"
          ],
          "references": [
            "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376",
            "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b",
            "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb",
            "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783",
            "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9",
            "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e",
            "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328",
            "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305",
            "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98",
            "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352",
            "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary"
          ],
          "public": 1,
          "adversary": "Unknown APT Group(s) / Threat Actor (s)",
          "targeted_countries": [
            "Canada",
            "United States of America",
            "Philippines",
            "Panama",
            "Netherlands",
            "Anguilla",
            "Saint Vincent and the Grenadines",
            "Aruba",
            "Mexico",
            "Guatemala",
            "Costa Rica",
            "Tanzania, United Republic of"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Healthcare",
            "Government"
          ],
          "TLP": "white",
          "cloned_from": "650fda65975555b2dabc023e",
          "export_count": 11,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 230,
            "FileHash-SHA1": 139,
            "FileHash-SHA256": 1197,
            "URL": 9276,
            "CIDR": 16,
            "domain": 7895,
            "email": 2,
            "hostname": 1965
          },
          "indicator_count": 20720,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 234,
          "modified_text": "979 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "650fda65975555b2dabc023e",
          "name": "Threat Network Root  & Distribution Vectors Probe ( disabe_duck curated pulse) ",
          "description": "",
          "modified": "2023-09-27T21:01:26.901000",
          "created": "2023-09-24T06:42:45.462000",
          "tags": [
            "Domains",
            "ip addresses",
            "URLs",
            "Files",
            "Alberta Health Services",
            "BEC",
            "Education",
            "University of Alberta",
            "Government of Alberta",
            "Covenant Health Alberta",
            "Telus Communications",
            "Canadian Universities",
            "Malicious Certificates",
            "Digital Identity Theft / Credential Theft"
          ],
          "references": [
            "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376",
            "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b",
            "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb",
            "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783",
            "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9",
            "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e",
            "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328",
            "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305",
            "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98",
            "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352",
            "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary"
          ],
          "public": 1,
          "adversary": "Unknown APT Group(s) / Threat Actor (s)",
          "targeted_countries": [
            "Canada",
            "United States of America",
            "Philippines",
            "Panama",
            "Netherlands",
            "Anguilla",
            "Saint Vincent and the Grenadines",
            "Aruba",
            "Mexico",
            "Guatemala",
            "Costa Rica",
            "Tanzania, United Republic of"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Healthcare",
            "Government"
          ],
          "TLP": "white",
          "cloned_from": "64ed117e2308a042e50e1e9e",
          "export_count": 31,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 230,
            "FileHash-SHA1": 139,
            "FileHash-SHA256": 1197,
            "URL": 9276,
            "CIDR": 16,
            "domain": 7895,
            "email": 2,
            "hostname": 1965
          },
          "indicator_count": 20720,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 225,
          "modified_text": "979 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "625ddde4425cfc843309e601",
          "name": "all that json file from twitter app data = this wtf",
          "description": "",
          "modified": "2022-05-18T00:01:58.010000",
          "created": "2022-04-18T21:53:40.861000",
          "tags": [],
          "references": [
            "App_Privacy_Report_v4_2022-04-17T21_58_23- sim removed 15 mins ago.json.pdf"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 10,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 4,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "dorkingbeauty1",
            "id": "80137",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 998,
            "FileHash-SHA256": 4811,
            "domain": 233,
            "URL": 433,
            "FileHash-MD5": 16
          },
          "indicator_count": 6491,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 398,
          "modified_text": "1477 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "624f122a461d8992a05648e3",
          "name": "Traffic Summary by Host Calls March 7 - April 7",
          "description": "Default: Anghon.co, anonymity.com, is the name given to a computer that can be used to measure the speed of internet traffic, but it is not the only one that has made the headlines.",
          "modified": "2022-05-07T00:03:18.570000",
          "created": "2022-04-07T16:32:42.651000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "mantunez0410",
            "id": "178995",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 30,
            "domain": 180
          },
          "indicator_count": 210,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 35,
          "modified_text": "1488 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "624894564dad1a51f309f237",
          "name": "json iPhone app data 30-3-2022 2/3",
          "description": "",
          "modified": "2022-05-02T00:00:42.176000",
          "created": "2022-04-02T18:22:14.190000",
          "tags": [
            "appinitiated",
            "google llc",
            "akamai",
            "twitter",
            "corporation",
            "fastly",
            "hubspot",
            "new relic",
            "teads",
            "luxenbourg",
            "facebook"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "dorkingbeauty1",
            "id": "80137",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 1478,
            "hostname": 1530,
            "domain": 306,
            "FileHash-SHA256": 5234,
            "CVE": 1,
            "FileHash-MD5": 46
          },
          "indicator_count": 8595,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 398,
          "modified_text": "1493 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6248580442d77854f497511d",
          "name": "my iphone app data json file 31-3-2022 3/3",
          "description": "absolute travesty and total corruption of my reality",
          "modified": "2022-05-02T00:00:42.176000",
          "created": "2022-04-02T14:04:52.844000",
          "tags": [
            "appinitiated",
            "google llc",
            "akamai",
            "facebook",
            "twitter",
            "fastly",
            "amplitude",
            "bounce exchange",
            "liveramp",
            "index exchange",
            "baidu"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "dorkingbeauty1",
            "id": "80137",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 657,
            "URL": 277,
            "CVE": 1,
            "domain": 126,
            "FileHash-SHA256": 2636,
            "FileHash-MD5": 1
          },
          "indicator_count": 3698,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 394,
          "modified_text": "1493 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "622ce493722da2314c26a477",
          "name": "mail.ru:%22,",
          "description": "",
          "modified": "2022-04-11T00:04:29.819000",
          "created": "2022-03-12T18:21:07.131000",
          "tags": [],
          "references": [
            "mail.ru:%22,.pdf"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 8,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Kailula4",
            "id": "131997",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 3301,
            "hostname": 1341,
            "domain": 447,
            "FileHash-SHA256": 2753,
            "CIDR": 65,
            "FileHash-MD5": 112,
            "FileHash-SHA1": 2
          },
          "indicator_count": 8021,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 406,
          "modified_text": "1514 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "621bd0a77b165e80ba664097",
          "name": "ukrzoloto.ua",
          "description": "",
          "modified": "2022-03-29T00:03:34.773000",
          "created": "2022-02-27T19:27:34.942000",
          "tags": [
            "image",
            "show response",
            "google get",
            "frame",
            "get h2",
            "script",
            "redirect chain",
            "font",
            "vj96",
            "selectel get",
            "http",
            "request chain",
            "origin1",
            "february",
            "uid http",
            "lookup go",
            "rescan add",
            "verdict report",
            "gb summary",
            "redirects links",
            "behaviour",
            "meta",
            "search url",
            "search domain",
            "scan url",
            "value",
            "krtb",
            "line",
            "similar dom",
            "content api"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Kailula4",
            "id": "131997",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 129,
            "URL": 420,
            "FileHash-SHA256": 1022,
            "domain": 56,
            "FileHash-MD5": 155,
            "FileHash-SHA1": 1
          },
          "indicator_count": 1783,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 405,
          "modified_text": "1527 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/iocs",
        "launchD.csv",
        "https://www.virustotal.com/gui/collection/a1866f4c7dbc79920d0c7e914a3bace0d3dc424a2aac06bf30bf724c6c8b0375/iocs",
        "sipConfig.csv",
        "https://www.filescan.io/uploads/66e9b5494a48170ff00c8102/reports",
        "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/iocs",
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR",
        "https://viz.greynoise.io/analysis/79a3ab55-982c-4fb7-9952-abde6f1219c2",
        "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb",
        "https://urlscan.io/result/d4bf08e4-88dc-4bf8-be34-6b352576882e/#behaviour",
        "LDAP.tbd",
        "High Priority Alerts IDS:  \u2022 199.59.243.228",
        "manpaths",
        "alohatube.xyz  [keylogger aimed at Tsara Brashears]",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "CnC IP's: 104.124.58.137 \u2022 45.159.189.105 | Exploit source: 1.179.151.145 | scanning host: 208.115.103.34",
        "High Priority Alerts IDS: Possible Win32/Hupigon ip.txt with a Non-Mozilla UA \u2022 192.157.56.140",
        "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98",
        "hook_op_check.h",
        "module.modulemap",
        "High Priority Alerts IDS: Win32/Spigot Activity Potentially Unwanted Application AirInstaller \u2022  192.157.56.140",
        "https://www.virustotal.com/gui/collection/4b166c2c1752d85215da951b15a065688bfe24ea92c65228a45ded6f2d94685b/iocs",
        "https://www.virustotal.com/graph/embed/g3b316b58b8c54064b322b2e186d62950d7632add2f3f408f8d8a1706563fd3c0?theme=dark",
        "ai-fairness-360.dev-lfprojects5.linuxfoundation.org \u2022-ran-sc.dev-lfprojects5.linuxfoundation.org",
        "mail.ru:%22,.pdf",
        "http://www.pinterest.com/ideas/songwriting/945635263947/",
        "afpovertcp.cfg",
        "sudo_lecture",
        "https://www.virustotal.com/gui/collection/1497c56a475d73236c67292964eabd7f8961f88c57fa5a2e3f30720dc29a51e7",
        "syslog.conf",
        "https://www.virustotal.com/gui/collection/da35693aa528a682ca91aee332c8155d99ac8e4a13077cc73b2a8921c8fea36b",
        "autofs.conf",
        "https://www.virustotal.com/graph/embed/g9219350397134ff3a645319a88b67833077c9cf0f50d4979aa0239a3d0b6ecea?theme=dark",
        "https://www.anyxxxtube.net/search-porn/a-m-c-ate-xxx-videos/",
        "MCAdvertiserAssistant.h",
        "https://hybrid-analysis.com/sample/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86",
        "rc.netboot",
        "https://vtbehaviour.commondatastorage.googleapis.com/1ca8b15684a1143e38ef87f31d8a89c7b25a1107aeaf03d43ad9fd611c4a35ba_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774869821&Signature=dm0pQf9ykZMucZEHHViqEfYFoBozAF57ZHYUPo3i79Fb6al02qn6AeYk%2FxR1vzLE4NQkG40Rm1LFUVN79w5CNETgwiRzCx%2BSpUCvPnYIv7E3SEmv5wZrhcuObW%2FE%2B1Ef7e53KrnREKePmmVmLYO34EXBewDpQF4DTIUvGnHdoQkf8pmNquGPuJZRRodaPAkoAEufbI%2BMk4zTqA%2BXbEP%2FpFBi5v30azilsKQ8R%2BLyJYHnYE",
        "https://app.threat.zone/submission/c8b0b1e4-0c9b-4210-b5ce-1dc2303445df/overview",
        "locate.rc",
        "https://gr.pinterest.com/emreimer/",
        "https://www.hybrid-analysis.com/sample/a4f03d9a35524a7c0596777ea2b1fe5d98161b2462435e6056e4e39eb869396d/66e9ae1eb806d5b3300b842f",
        "https://www.sweetheartvideo.com/tsara-brashears",
        "ntp.conf",
        "diskEncryption.csv",
        "https://www.virustotal.com/gui/collection/a6a81c8412b19ac6357a7c6e978c31a38d52a75fbb3b2e44f0f1a2bf0deb8a58/iocs",
        "makedefs.out",
        "Filescan[.]io report: bc47c757-0a4d-4659-98d4-5d0c86406462 (08.23.24)",
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%",
        "rmtab",
        "https://www.virustotal.com/gui/collection/bc7e252dcc07855314e153efe890d70e7a7e9b8a743e171eac31e5951260c1b7",
        "http://neurosky.jp",
        "https://www.virustotal.com/gui/collection/8228434e85241bd42ae063de8cf2ee2afb86f0848675ed11e3f33b967e8c3c7c",
        "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/iocs",
        "auto_master",
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7",
        "launchagents.txt",
        "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/graph",
        "paths",
        "https://www.virustotal.com/graph/embed/g78ea5ea9b68b4a4bbcd2bc078e23b321985e72d90da146c19d8d80ede366c1fa?theme=dark",
        "networks",
        "systemControls.csv",
        "MultipeerConnectivity.apinotes",
        "newsyslog.conf",
        "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327",
        "Priority Alerts: createtoolhelp32snapshot_module_enumeration packer_unknown_pe_section_name",
        "dbd_xsh.h",
        "aliases",
        "https://report.netcraft.com/submission/9R7KbGQKOvzU9GBdraRBpUJ4C",
        "smb.conf",
        "csh.logout",
        "https://www.virustotal.com/graph/embed/gc0d82762363b4aa88991027c391afdbfe9585395bd8d4273bbe09907fbfaf532?theme=light",
        "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b",
        "bashrc_Apple_Terminal",
        "usbDevices.csv",
        "gettytab",
        "kern_loader.conf",
        "passwd",
        "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376",
        "nfs.conf",
        "https://www.virustotal.com/graph/embed/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076?theme=dark",
        "sharingPreferences.csv",
        "High Priority Alerts IDS:  Backdoor.Darpapox/Jaku  \u2022 CNAME CnC Beacon (WinVer 6.1)",
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM",
        "https://www.virustotal.com/gui/collection/3bf1c0922ee6f4d041effbf9f72a21a1e9f4b38d0593cfbeaca24851cf712eac",
        "Info.plist",
        "High Priority Alerts IDS: (iebar) Dropper Checkin 2 (often scripts.dlv4.com related) \u2022 199.59.243.228",
        "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e",
        "csh.login",
        "https://www.esurance.com/",
        "https://www.virustotal.com/gui/collection/daab0521ae533cbdfeec047e51a9499aedfd27c8cc05c644950126c1947131f9",
        "https://viz.greynoise.io/ip/analysis/ae06b3b5-c746-4b44-b2ac-19bb3aea14a1 [11.23.25 - 1000ipv4]",
        "xtab",
        "header_checks",
        "access",
        "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2",
        "find.codes",
        "High Priority Alerts IDS: ADWARE/InstallCore.Gen Checkin \u2022 Adware.InstallCore.B Checkin",
        "Kawaii-Unicorn.exe",
        "manvimishraa5417@gmail.com [Video of Tsara Brashears circulation]",
        "https://www.virustotal.com/graph/embed/ge839428bb3e24a98aae8cbcc242ae4d8febdc0c46e49411ebb09d155e22b4bbc?theme=dark",
        "MCPeerID.h",
        "https://www.virustotal.com/graph/g40f442f2b5d64cba818cac88855ba4ce274d109ce4ef4fb496f1af4efb993886",
        "http://discover.hubpages.com/literature/Most-Beautiful-Quotes-on-Love-and-Heartbreak  [RAT| Tagging target in adult content fraud sites]",
        "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f",
        "https://www.virustotal.com/gui/collection/fd8ebe64d72b2ad9e90773791522c3ec5863868dc3b9c58a929c6b4e01bb3042",
        "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcn",
        "man.conf",
        "AOSKit.tbd",
        "zprofile",
        "Admin.tbd",
        "dbi_sql.h",
        "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352",
        "TLS_LICENSE",
        "MultipeerConnectivity.h",
        "https://urlscan.io/result/aeb42615-79b7-465d-924e-c9bdde3eefd1/#transactions",
        "https://alohatube.xyz/search/tsara-brashears+(Formerly+Botnetwork+malvertizing+campaign+targeting+Tsara+Brashears+crime+victim.+Now+",
        "zshrc",
        "http://email.birdeye.org/c/eJxkUcFuozAU_JrHsTLPYODAIYQmSqXNqmm3q-4FGfNIrAUbGTtV-_UrklRatT5ZnvGbeTNVmLWhed6HsSVXxiLNsyLniUhFyoqolp6eyPgSE4Ysjw407boSMerKWKV90kdUxhnLuMiyhEenUiZ9LjAuij6PMWdMSpnFJPKkLVQrUhHpEtl1GEuSgvG7DIss6XsZCy7jooghYa12Hb3TnXXHaChP3k8z8BXgBnDziSk7Am4mp5U2xwXim-DHZrbBKQJeT852QfmGRqkHQLGAI3U6jMDr_x-VNZ6MB15vf1SAotUd8PpLEJ9cOU5SHw3w2ppBG2omRzMZRc1CaY0cF-21NTO5s_TaGsDqidxZK5oBq62zYQKsdkYBimmQipqL3vq0e9i3-VoOf-J09_dgq-m-enupQnUEFNp0YfbuHXgNKD70dL04Omt6a5QNF_-H-5fd_e9m_fPX_hlQyPOxuTGc9EtKvF69bJvD6",
        "https://www.virustotal.com/graph/g38632f8b939b443ab3b69f6a3171d02ffd2696a0f3714325a84b9a5f227a7d1c",
        "master.cf",
        "facebooksunglassshop.com [titled' Tsara Brashears GCcmwm.T ?]",
        "dbixs_rev.h",
        "https://www.virustotal.com/graph/embed/g23481631a7c745c6ba19f72ce9f853643d17706c08ab44eb8851eb5c56c0f073?theme=dark",
        "shells",
        "kexts.txt",
        "[iRegarding - Serving IPs: 192.157.56.141 & 192.157.56.140 for http://tagram.com/ & continues",
        "postfix-files",
        "mounts.csv",
        "https://www.virustotal.com/gui/collection/f60b8061133367a1047262a1e90d54cd72de4d59885c267906c6eeb557a35500",
        "content-negotiation.html",
        "https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c",
        "canonical",
        "protocols",
        "ttys",
        "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328",
        "Priority Alerts: physical_drive_access dynamic_function_loading resumethread_remote_process",
        "index.html.en",
        "apfs_boot_mount.tbd",
        "https://www.malwarebytes.com/emotet",
        "generic",
        "Priority Alerts: packer_entropy antidebug_ntsetinformationthread injection_rwx",
        "https://n0paste.eu/UH6n5pD/",
        "https://www.virustotal.com/gui/collection/0c9360cb9f8601bd6cdf912eb414d67902487f0c4eec96e952377e300ff4e983/iocs",
        "http://alohatube.xyz/search/tsara-brashears/",
        "disk_structure.txt",
        "x86_64-apple-macos.swiftinterface",
        "High Priority Alerts IDS: Suspicious Zipped Filename in Outbound POST Request (Passwords.log) M2 \u2022 192.157.56.140",
        "High Priority Alerts: infostealer_cookies persistence_autorun procmem_yara static_pe_anomaly",
        "certificates.csv",
        "https://viz.greynoise.io/query/AS4611",
        "rpc",
        "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1",
        "bounce.cf.default",
        "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f/iocs",
        "162.159.208.8",
        "lber.h",
        "main.cf",
        "https://viz.greynoise.io/ip/analysis/6356f330-63a7-4ce3-91fa-7ab355a1dc1a",
        "interfaceAddrs.csv",
        "URL that may infect its visitors with malware. Last 4 references (DigitalMistica)]",
        "MultipeerConnectivity.tbd",
        "LocalAuthentication.tbd",
        "crashes.csv",
        "https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-be",
        "master.cf.proto",
        "https://www.virustotal.com/gui/collection/dbf356b0a281fa94308e2e24738d839491491bfb2defa4e6c42662646e52c8f8",
        "https://www.virustotal.com/gui/collection/2cdadbf6aa2ec4f9815c038b0e9375b1475ac7e049fd123861d6e925e7802c6a",
        "https://www.virustotal.com/graph/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076",
        "https://urlscan.io/search/#asn:%22AS4611%22",
        "convenience.map",
        "users.csv",
        "https://viz.greynoise.io/query/AS45090",
        "applications.csv",
        "profile",
        "https://www.hybrid-analysis.com/file-inline/65c63a1fbc9c5333d20354ca/screenshot/screen_6.png",
        "High Priority Alerts IDS: Arkei Stealer \u2022 Config Download Request Vidar/Arkei Stealer Client Data Upload \u2022 192.157.56.140",
        "version.plist",
        "https://www.pornhub.com/video/search?search=tsara+brashears",
        "CodeResources",
        "https://offers.Tethered to target iPhone - T-mobile.com/tethering/upsell.do",
        "High Priority Alerts IDS: Win32.Renos/Artro Trojan Checkin M1 Garveep POST CnC Beacon \u2022 199.59.243.228",
        "http://connectivitycheck.gstatic.com/generate_204 [RAT]",
        "https://www.sweetheartvideo.com/tsara-brashears/",
        "managedPolicies.csv",
        "csh.cshrc",
        "https://wormhole.app/Pp5DdP#3EpzsqLhw5lJdQ0Xe_mRQA",
        "https://www.anyxxxtube.net/search-porn/tsara-brashears/",
        "https://twitter.com/PORNO_SEXYBABES | cloud.zemana.com - porn cloud",
        "Driver_xst.h",
        "etcHosts.csv",
        "MCSession.h",
        "https://www.virustotal.com/gui/collection/6434f0cf09638991baf3be289834696b46e11c4c6cbe1e7b9548f9ac27372b53",
        "mounts.txt",
        "High Priority Alerts IDS: Win32.AdWare.iBryte.C Install Win32/Scudy.A Checkin \u2022 199.59.243.228",
        "systemInfo.csv",
        "group",
        "https://www.virustotal.com/gui/collection/6a4e699473879d39e15ed7cd130f2ee9543f842b92c9ad8b78e310968f4b086f",
        "https://polyswarm.network/scan/results/file/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86",
        "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783",
        "https://gujarati.ent24x7.com | https://otx.alienvault.com/indicator/url/https://gujarati.ent24x7.com",
        "https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs",
        "https://www.virustotal.com/gui/collection/aabd4abecf7099202ccbfbc1cec130ea266329ade38b040169399c6abf97a188",
        "http://www.proxydocker.com/ja/proxy/43.229.135.125:8080",
        "High Priority Alerts IDS: iebaru Spyware User Agent Win32/Snojan Variant Uploading EXE \u2022 199.59.243.228",
        "App_Privacy_Report_v4_2022-04-17T21_58_23- sim removed 15 mins ago.json.pdf",
        "http://alohatube.xyz/search/tsara-brashears",
        "MCError.h",
        "ftpusers",
        "https://www.neurosky.jp/wp-content/plugins/responsive-lightbox/assets/fancybox/jquery.fancybox.min.js?ver=2.1.0",
        "bashrc",
        "notify.conf",
        "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/summary",
        "resolv.conf",
        "IDS Detections: Win32/Unruy Rogue Search Host Observed | Yara Detections: EnigmaProtector",
        "[Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 6.1) / Jacuz /Mimikatz] continues\u2026.",
        "chromeExtensions.csv",
        "https://urlscan.io/asn/AS45090",
        "security_status.txt",
        "com.apple.screensharing.agent.launchd",
        "sudoers",
        "https://tulach.cc/socrative/internal.js",
        "https://www.sweetheartvideo.com/tsara-brashearsAccept-Language",
        "interfaceDetails.csv",
        "MCNearbyServiceBrowser.h",
        "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5",
        "https://gujarati.ent24x7.comb [RAT]",
        "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/iocs",
        "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/summary",
        "MCBrowserViewController.h",
        "APConfigurationSystem.tbd",
        "https://www.virustotal.com/gui/collection/ba238f4d585b87abb85c126f927090cb866facfa9e4e2e0db8e307aff553397d",
        "ldap.h",
        "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305",
        "High Priority Alerts IDS: Downloader (P2P Zeus dropper UA) Zeus Bot Connectivity Check \u2022 199.59.243.228",
        "mail.rc",
        "https://urlscan.io/asn/AS4611",
        "High Priority Alerts IDS: Best-targeted-traffic.com Spyware Install \u2022 199.59.243.228",
        "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2",
        "https://www.virustotal.com/graph/embed/g699a7b9bfb324855859555181d01666c372310cf233441e08a095459b3394dea?theme=dark",
        "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5/summary",
        "asl.conf",
        "virtual",
        "message.htm.com \u2022 CVE-2023-4966 \u2022 ransomed.vc",
        "https://www.virustotal.com/gui/collection/12100cb4982365cfe5122fcedda2c084d60cebe09314846cae980c36fc90fc8c/iocs",
        "pf.conf",
        "https://rmy1o3xp-d182-v9.klinika-rekonstruktivnoj-kosmetologii-na-ulitse-lenina.ru/ [phishing \u2022 mitre S0154]",
        "arm64e-apple-macos.swiftinterface",
        "https://www.virustotal.com/gui/collection/8d65d93130b4775903adbffbb53820d40bb9425dcf1848b806ffee65ee883984",
        "https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark",
        "http://45.159.189.105/bot/regex",
        "relocated",
        "custom_header_checks",
        "irbrc",
        "rtadvd.conf",
        "arm64e-apple-ios-macabi.swiftinterface",
        "MCNearbyServiceAdvertiser.h",
        "sharedFolders.csv",
        "master.cf.default",
        "http://clipper.guru/bot/online?guid=PC\\Administrator&key=ace492e9661223449782fcc8096dc6ef6289032d08d03a7b0a92179622c35bdb",
        "https://www.virustotal.com/gui/collection/8f89eb9579ca53d15294ec27a4c1e763998ce57d3644ea746621d9fe0cb57e55/iocs",
        "caching.html",
        "main.cf.proto",
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/graph",
        "user_launchagents.txt",
        "http://titkok.com/ Final URL: http://survey-smiles.com/ | URL that may infect its visitors with malware. (DigitalMistica)]",
        "command_args.json",
        "preboot_archive_errors.log",
        "https://viz.greynoise.io/analysis/02a64dd4-d7e0-451c-8384-13cf23298551",
        "process_list.txt",
        "AppleFirmwareUpdate.tbd",
        "main.cf.default",
        "zshrc_Apple_Terminal",
        "https://urlscan.io/search/#asn%3A%22AS45090%22",
        "www.pornhub.com",
        "launchdaemons.txt",
        "custom-error.html",
        "https://www.virustotal.com/graph/embed/g3dae42eb79cc447182e3a3dd746e462f0903d71c784d4f5cacf970954deea221?theme=dark",
        "https://www.virustotal.com/graph/embed/g6a67af8ffa22446da35d6989d7d0bc47efcd295eb893471e9b4912080c1dddef?theme=dark",
        "configuring.html",
        "webdisk.thehomemakers.nl",
        "pf.os",
        "AirPlayReceiver.tbd",
        "https://alohatube.xyz/search/tsara-brashears",
        "https://www.sweetheartvideo.com/tsara-brashearsAccept-Language:",
        "https://www.virustotal.com/graph/embed/g6d4bce6162064ac09cd20411c1947e69d7d5a1d475f0447da023ac933d338fce?theme=dark",
        "transport",
        "https://www.virustotal.com/gui/collection/da124f42943c08f1cafdc1c42635457b0c69ccce41b4031263af3235717996a2/summary",
        "Wife of Brashears SAter \u2022 Alias \u2022 Couple plays victim \u2022 Karens. HIPPA violations. Admittedly involved cyberstalking on Brashears. Legally agreed to stop.",
        "High Priority Alerts IDS: Potentially Unwanted Application AirInstaller CnC Beacon Backdoor.Win32.Hupigon.dpgy Checkin",
        "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh",
        "kernel.csv",
        "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9",
        "https://www.virustotal.com/graph/embed/g798b5e01446c4711ba22802009d71f5ba78553df16794088a907ae7456e2a017?theme=dark",
        "https://x.com/NorrisN60014/status/1836092481978486802",
        "battery.csv",
        "https://yaraify.abuse.ch/scan/results/32bfc760-1757-11f1-b47f-42010aa4000b",
        "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary",
        "bind.html",
        "High Priority Alerts:  suricata_alert antivm_bochs_keys physical_drive_access",
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602",
        "https://www.hybrid-analysis.com/sample/92b00ee3aca1f3057ad8402229c27bfdd6fc934908ef641b36379bf47093df0b/65c63a1fbc9c5333d20354ca",
        "auto_home",
        "rc.common",
        "ntp_opendirectory.conf",
        "BUILDING",
        "LICENSE",
        "x86_64-apple-ios-macabi.swiftinterface",
        "Priority Alerts:  enumerates_running_processes reads_self network_http",
        "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing. \u2022 www.anyxxxtube.net \u2022",
        "DBIXS.h",
        "dbivport.h"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [
            "Unknown APT Group(s) / Threat Actor (s)",
            "DragonForce Malaysia Hacker Group"
          ],
          "malware_families": [
            "Alf:jasyp:trojandownloader:win32/upatre!atmn",
            "Win.trojan.badur-8004052-0",
            "Win.malware.bzub-9969513-0",
            "Cobalt strike",
            "#fp539598-vbs/loveletter.bt",
            "Backdoor.darpapox/jaku",
            "Ransom:win32/haperlock.a",
            "Firstname",
            "Lolkek",
            "Trojan:vbs/metasploitvbscmdstager",
            "Lastname",
            "Trojan:win32/dorv.a",
            "Emotet",
            "Win.trojan.barys-10005825-0",
            "Hacktool:win32/mimikatz",
            "Win.dropper.unruy-9994363-0",
            "Ransom:win32/haperlock",
            "Hacktool"
          ],
          "industries": [
            "Telecommunications",
            "Technology",
            "Education",
            "Insurance",
            "Civil society",
            "Media",
            "Telecom",
            "Healthcare",
            "Government"
          ]
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 37,
  "pulses": [
    {
      "id": "69cec10621c1502a529923bb",
      "name": "VirusTotal report\n                    for AccountingAll-in-OneForDummiesPDFDrive.pdf",
      "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.",
      "modified": "2026-05-02T19:36:13.629000",
      "created": "2026-04-02T19:18:30.126000",
      "tags": [
        "united",
        "as14061",
        "present apr",
        "script urls",
        "as13335",
        "as13768 aptum",
        "singapore",
        "aaaa",
        "as31898 oracle",
        "united kingdom",
        "date",
        "win32",
        "body",
        "title",
        "fury",
        "file type",
        "chrome cache",
        "entry",
        "cache entry",
        "jpeg image",
        "jfif",
        "gif image",
        "png image",
        "ascii text",
        "malicious",
        "next",
        "windows sandbox",
        "calls process",
        "default",
        "file size",
        "mwdb",
        "bazaar",
        "sha3384",
        "ssdeep",
        "win1",
        "acrongl integ",
        "adc4240758",
        "accept",
        "shutdown",
        "json",
        "code",
        "persistence",
        "phishing",
        "value a",
        "pdf document",
        "adobe portable",
        "document format",
        "algorithm",
        "key identifier",
        "number",
        "cus ogoogle",
        "trust",
        "cnwe1 validity",
        "subject public",
        "key info",
        "key algorithm",
        "ec oid",
        "germany create",
        "domain",
        "expiry date",
        "name",
        "germany update",
        "researchgate",
        "discover",
        "research jobs",
        "gate",
        "find",
        "access",
        "join",
        "login",
        "email",
        "password",
        "x509v3 subject",
        "v3 serial",
        "issuer",
        "cbe cnalphassl",
        "sha256",
        "g2 oglobalsign",
        "validity",
        "public key",
        "info"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%",
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR",
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7",
        "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh",
        "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2",
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1189",
          "name": "Drive-by Compromise",
          "display_name": "T1189 - Drive-by Compromise"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 272,
        "FileHash-MD5": 149,
        "FileHash-SHA1": 151,
        "FileHash-SHA256": 783,
        "domain": 140,
        "email": 4,
        "hostname": 144
      },
      "indicator_count": 1643,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 69,
      "modified_text": "31 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69cec0fd4e0b04227b505a5f",
      "name": "VirusTotal report\n                    for AccountingAll-in-OneForDummiesPDFDrive.pdf",
      "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.",
      "modified": "2026-05-02T19:36:13.629000",
      "created": "2026-04-02T19:18:21.797000",
      "tags": [
        "united",
        "as14061",
        "present apr",
        "script urls",
        "as13335",
        "as13768 aptum",
        "singapore",
        "aaaa",
        "as31898 oracle",
        "united kingdom",
        "date",
        "win32",
        "body",
        "title",
        "fury",
        "file type",
        "chrome cache",
        "entry",
        "cache entry",
        "jpeg image",
        "jfif",
        "gif image",
        "png image",
        "ascii text",
        "malicious",
        "next",
        "windows sandbox",
        "calls process",
        "default",
        "file size",
        "mwdb",
        "bazaar",
        "sha3384",
        "ssdeep",
        "win1",
        "acrongl integ",
        "adc4240758",
        "accept",
        "shutdown",
        "json",
        "code",
        "persistence",
        "phishing",
        "value a",
        "pdf document",
        "adobe portable",
        "document format",
        "algorithm",
        "key identifier",
        "number",
        "cus ogoogle",
        "trust",
        "cnwe1 validity",
        "subject public",
        "key info",
        "key algorithm",
        "ec oid",
        "germany create",
        "domain",
        "expiry date",
        "name",
        "germany update",
        "researchgate",
        "discover",
        "research jobs",
        "gate",
        "find",
        "access",
        "join",
        "login",
        "email",
        "password",
        "x509v3 subject",
        "v3 serial",
        "issuer",
        "cbe cnalphassl",
        "sha256",
        "g2 oglobalsign",
        "validity",
        "public key",
        "info"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%",
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR",
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7",
        "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh",
        "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2",
        "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1189",
          "name": "Drive-by Compromise",
          "display_name": "T1189 - Drive-by Compromise"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 272,
        "FileHash-MD5": 149,
        "FileHash-SHA1": 151,
        "FileHash-SHA256": 783,
        "domain": 140,
        "email": 4,
        "hostname": 144
      },
      "indicator_count": 1643,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 69,
      "modified_text": "31 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69ca5d583057aaefed16789a",
      "name": "CAPE Sandbox- Stealc Config CNCs\thttp://170.130.55.38\\/ad23d4a47cfd4c13.php botnet\tnewbuild2",
      "description": "A complete list of details about who is registered on the Whois website:..1.0/16:30 GMT on 1 January 2019. (00:00 GMT).-1:<Pretext -- Stealc Config\nCNCs\thttp://170.130.55.38\\/ad23d4a47cfd4c13.php\nbotnet\tnewbuild2",
      "modified": "2026-04-29T11:26:13.615000",
      "created": "2026-03-30T11:24:08.053000",
      "tags": [
        "file size",
        "mwdb",
        "bazaar",
        "sha3384",
        "ssdeep",
        "file type",
        "default",
        "sha256",
        "sha1",
        "data",
        "info",
        "accept",
        "win64",
        "damage",
        "openssl",
        "shutdown",
        "direct",
        "explorer",
        "title",
        "payload",
        "rdap",
        "ip version",
        "address range",
        "cidr",
        "network name",
        "allocation type",
        "whois server",
        "entity sg679",
        "handle",
        "stealc config",
        "cncs http"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/1ca8b15684a1143e38ef87f31d8a89c7b25a1107aeaf03d43ad9fd611c4a35ba_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774869821&Signature=dm0pQf9ykZMucZEHHViqEfYFoBozAF57ZHYUPo3i79Fb6al02qn6AeYk%2FxR1vzLE4NQkG40Rm1LFUVN79w5CNETgwiRzCx%2BSpUCvPnYIv7E3SEmv5wZrhcuObW%2FE%2B1Ef7e53KrnREKePmmVmLYO34EXBewDpQF4DTIUvGnHdoQkf8pmNquGPuJZRRodaPAkoAEufbI%2BMk4zTqA%2BXbEP%2FpFBi5v30azilsKQ8R%2BLyJYHnYE"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 351,
        "URL": 392,
        "FileHash-MD5": 149,
        "FileHash-SHA1": 168,
        "FileHash-SHA256": 197,
        "email": 12,
        "hostname": 68,
        "CIDR": 4
      },
      "indicator_count": 1341,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 70,
      "modified_text": "35 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69c093748442bdddcab64347",
      "name": "Clone by Q.Vashti credit - \" emotet-is-not-dead-yet.html\"",
      "description": "",
      "modified": "2026-04-21T00:02:11.941000",
      "created": "2026-03-23T01:12:20.012000",
      "tags": [
        "learn",
        "ck id",
        "name tactics",
        "suspicious",
        "informative",
        "adversaries",
        "command",
        "defense evasion",
        "ssl certificate",
        "spawns",
        "sha1",
        "copy md5",
        "copy sha1",
        "copy sha256",
        "ascii text",
        "sha256",
        "united",
        "size",
        "pattern match",
        "png image",
        "path",
        "date",
        "encrypt",
        "mask",
        "june",
        "hybrid",
        "general",
        "local",
        "click",
        "strings",
        "domains",
        "hashes",
        "value",
        "variables",
        "optanonwrapper",
        "parsely",
        "typeof function",
        "handlebars",
        "stq function",
        "x string",
        "optanon",
        "verified",
        "ecdsa",
        "automattic",
        "linux x8664",
        "khtml",
        "gecko",
        "aes128gcm",
        "cloudflarenet",
        "europedublin",
        "facebook",
        "accept",
        "emotet",
        "dead",
        "twitter",
        "unit",
        "thursday",
        "january",
        "google tag",
        "utc gtm53l4wgzn",
        "utc na",
        "server nginx",
        "date mon",
        "gmt contenttype",
        "connection",
        "wordpress vip",
        "https",
        "link",
        "contentencoding",
        "miss xrq",
        "html document",
        "unicode text",
        "utf8 text",
        "crlf",
        "lf line",
        "resolved ips",
        "cname",
        "http",
        "ip address",
        "gmt ifnonematch",
        "info file",
        "network dropped",
        "duration cuckoo",
        "version file",
        "machine label",
        "shutdown",
        "address port",
        "url data",
        "address range",
        "cidr",
        "network name",
        "type",
        "status",
        "whois server",
        "entity autom93",
        "handle",
        "key identifier",
        "x509v3 subject",
        "v3 serial",
        "number",
        "cus olet",
        "encrypt cne6",
        "validity",
        "subject public",
        "key info",
        "key algorithm",
        "thumbprint",
        "inc abuse",
        "email",
        "street",
        "service",
        "arin rdapwhois",
        "rdapwhois",
        "reporting",
        "copyright",
        "registry",
        "allocation",
        "geofeed https",
        "range",
        "name automattic",
        "parent net192",
        "net1920000",
        "net type",
        "origin as",
        "autom93",
        "restful link",
        "arin search",
        "whoisrws",
        "delegation",
        "ta0007 command",
        "control ta0011",
        "catalog tree",
        "cndigicert sha2",
        "secure server",
        "ca odigicert",
        "inc cus",
        "subject",
        "corporation cus",
        "algorithm",
        "azure rsa",
        "tls issuing",
        "cus subject",
        "stwa lredmond",
        "corporation c",
        "get http",
        "request",
        "response",
        "windows nt",
        "win64",
        "dns resolutions"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1480",
          "name": "Execution Guardrails",
          "display_name": "T1480 - Execution Guardrails"
        },
        {
          "id": "T1553",
          "name": "Subvert Trust Controls",
          "display_name": "T1553 - Subvert Trust Controls"
        },
        {
          "id": "T1568",
          "name": "Dynamic Resolution",
          "display_name": "T1568 - Dynamic Resolution"
        },
        {
          "id": "T1583",
          "name": "Acquire Infrastructure",
          "display_name": "T1583 - Acquire Infrastructure"
        },
        {
          "id": "T1590",
          "name": "Gather Victim Network Information",
          "display_name": "T1590 - Gather Victim Network Information"
        },
        {
          "id": "T1113",
          "name": "Screen Capture",
          "display_name": "T1113 - Screen Capture"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": "6846c463106765b93b44335a",
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 446,
        "FileHash-SHA1": 349,
        "FileHash-SHA256": 1979,
        "SSLCertFingerprint": 15,
        "URL": 362,
        "domain": 120,
        "hostname": 329,
        "CIDR": 8,
        "email": 2
      },
      "indicator_count": 3610,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 70,
      "modified_text": "43 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "695089cbedad5c86f39b1363",
      "name": "Tracking Domains 03.03.26 (Updated Test)",
      "description": "Privacy Badger - Update on 01.09.26\nTracking domains on a hybrid (mobile laptop) clone of an AHS/Covenant Health, UAlberta (University of Alberta), and Government of Alberta Laptop.\nHealthcare: No Cybersecurity, EDU: No Cybersecurity / Remote only, GoA = Informed & don't quite know what to do or to whom this should be brought up with.",
      "modified": "2026-04-05T06:35:43.679000",
      "created": "2025-12-28T01:37:15.993000",
      "tags": [
        "privacy badger",
        "sites general",
        "settings widget",
        "domains manage",
        "data privacy",
        "badger",
        "hide"
      ],
      "references": [
        "https://hybrid-analysis.com/sample/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86",
        "https://yaraify.abuse.ch/scan/results/32bfc760-1757-11f1-b47f-42010aa4000b",
        "https://polyswarm.network/scan/results/file/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86",
        "https://app.threat.zone/submission/c8b0b1e4-0c9b-4210-b5ce-1dc2303445df/overview",
        "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/iocs",
        "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/summary",
        "https://www.virustotal.com/graph/embed/g6d4bce6162064ac09cd20411c1947e69d7d5a1d475f0447da023ac933d338fce?theme=dark",
        "https://viz.greynoise.io/ip/analysis/6356f330-63a7-4ce3-91fa-7ab355a1dc1a"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "Canada",
        "United States of America",
        "Netherlands"
      ],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Healthcare",
        "Government",
        "Technology",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Disable_Duck",
        "id": "244325",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 50404,
        "hostname": 10879,
        "URL": 715,
        "FileHash-MD5": 1
      },
      "indicator_count": 61999,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 132,
      "modified_text": "59 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "64ed117e2308a042e50e1e9e",
      "name": "Investigation of Distribution Vectors and Threat Network Infrastructure",
      "description": "Targets: Individual(s), University of Alberta Infrastructure, Covenant Health (Alberta Health Services), TELUS Communications (Network & Mobile infrastructure), Government of Alberta, Government of Canada. International entities spanning primarily government, healthcare, and educational institutions.",
      "modified": "2025-11-23T23:20:07.571000",
      "created": "2023-08-28T21:28:30.294000",
      "tags": [
        "Domains",
        "ip addresses",
        "URLs",
        "Files",
        "Alberta Health Services",
        "BEC",
        "Education",
        "University of Alberta",
        "Government of Alberta",
        "Covenant Health Alberta",
        "Telus Communications",
        "Canadian Universities",
        "Malicious Certificates",
        "Digital Identity Theft / Credential Theft"
      ],
      "references": [
        "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376",
        "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b",
        "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb",
        "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783",
        "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9",
        "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e",
        "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328",
        "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305",
        "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98",
        "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352",
        "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary",
        "https://www.virustotal.com/gui/collection/3bf1c0922ee6f4d041effbf9f72a21a1e9f4b38d0593cfbeaca24851cf712eac",
        "https://www.virustotal.com/gui/collection/2cdadbf6aa2ec4f9815c038b0e9375b1475ac7e049fd123861d6e925e7802c6a",
        "https://www.virustotal.com/gui/collection/ba238f4d585b87abb85c126f927090cb866facfa9e4e2e0db8e307aff553397d",
        "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5/summary",
        "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2",
        "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327",
        "https://www.virustotal.com/gui/collection/fd8ebe64d72b2ad9e90773791522c3ec5863868dc3b9c58a929c6b4e01bb3042",
        "https://www.virustotal.com/gui/collection/8d65d93130b4775903adbffbb53820d40bb9425dcf1848b806ffee65ee883984",
        "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5",
        "https://www.virustotal.com/gui/collection/6434f0cf09638991baf3be289834696b46e11c4c6cbe1e7b9548f9ac27372b53",
        "https://www.virustotal.com/gui/collection/bc7e252dcc07855314e153efe890d70e7a7e9b8a743e171eac31e5951260c1b7",
        "https://www.virustotal.com/gui/collection/dbf356b0a281fa94308e2e24738d839491491bfb2defa4e6c42662646e52c8f8",
        "https://www.virustotal.com/gui/collection/f60b8061133367a1047262a1e90d54cd72de4d59885c267906c6eeb557a35500",
        "https://www.virustotal.com/gui/collection/da124f42943c08f1cafdc1c42635457b0c69ccce41b4031263af3235717996a2/summary",
        "https://www.virustotal.com/gui/collection/daab0521ae533cbdfeec047e51a9499aedfd27c8cc05c644950126c1947131f9",
        "https://www.virustotal.com/gui/collection/12100cb4982365cfe5122fcedda2c084d60cebe09314846cae980c36fc90fc8c/iocs",
        "https://www.virustotal.com/graph/embed/g9219350397134ff3a645319a88b67833077c9cf0f50d4979aa0239a3d0b6ecea?theme=dark",
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602",
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/graph",
        "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/iocs",
        "https://www.virustotal.com/gui/collection/da35693aa528a682ca91aee332c8155d99ac8e4a13077cc73b2a8921c8fea36b",
        "https://www.virustotal.com/gui/collection/1497c56a475d73236c67292964eabd7f8961f88c57fa5a2e3f30720dc29a51e7",
        "https://www.virustotal.com/gui/collection/8228434e85241bd42ae063de8cf2ee2afb86f0848675ed11e3f33b967e8c3c7c",
        "https://www.virustotal.com/gui/collection/aabd4abecf7099202ccbfbc1cec130ea266329ade38b040169399c6abf97a188",
        "https://www.virustotal.com/gui/collection/6a4e699473879d39e15ed7cd130f2ee9543f842b92c9ad8b78e310968f4b086f",
        "https://www.virustotal.com/graph/embed/g3dae42eb79cc447182e3a3dd746e462f0903d71c784d4f5cacf970954deea221?theme=dark",
        "https://www.virustotal.com/graph/embed/gc0d82762363b4aa88991027c391afdbfe9585395bd8d4273bbe09907fbfaf532?theme=light",
        "https://www.virustotal.com/graph/embed/g78ea5ea9b68b4a4bbcd2bc078e23b321985e72d90da146c19d8d80ede366c1fa?theme=dark",
        "https://www.virustotal.com/gui/collection/8f89eb9579ca53d15294ec27a4c1e763998ce57d3644ea746621d9fe0cb57e55/iocs",
        "https://www.virustotal.com/graph/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076",
        "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f/iocs",
        "https://www.virustotal.com/graph/g38632f8b939b443ab3b69f6a3171d02ffd2696a0f3714325a84b9a5f227a7d1c",
        "https://www.virustotal.com/gui/collection/4b166c2c1752d85215da951b15a065688bfe24ea92c65228a45ded6f2d94685b/iocs",
        "https://www.virustotal.com/graph/embed/g798b5e01446c4711ba22802009d71f5ba78553df16794088a907ae7456e2a017?theme=dark",
        "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f",
        "https://www.virustotal.com/gui/collection/a6a81c8412b19ac6357a7c6e978c31a38d52a75fbb3b2e44f0f1a2bf0deb8a58/iocs",
        "https://www.virustotal.com/graph/embed/g699a7b9bfb324855859555181d01666c372310cf233441e08a095459b3394dea?theme=dark",
        "https://www.virustotal.com/graph/embed/g6a67af8ffa22446da35d6989d7d0bc47efcd295eb893471e9b4912080c1dddef?theme=dark",
        "https://www.virustotal.com/graph/embed/g23481631a7c745c6ba19f72ce9f853643d17706c08ab44eb8851eb5c56c0f073?theme=dark",
        "https://www.virustotal.com/graph/embed/g3b316b58b8c54064b322b2e186d62950d7632add2f3f408f8d8a1706563fd3c0?theme=dark",
        "https://www.virustotal.com/graph/embed/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076?theme=dark",
        "https://www.virustotal.com/graph/g40f442f2b5d64cba818cac88855ba4ce274d109ce4ef4fb496f1af4efb993886",
        "https://www.virustotal.com/gui/collection/0c9360cb9f8601bd6cdf912eb414d67902487f0c4eec96e952377e300ff4e983/iocs",
        "https://www.virustotal.com/gui/collection/a1866f4c7dbc79920d0c7e914a3bace0d3dc424a2aac06bf30bf724c6c8b0375/iocs",
        "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/iocs",
        "https://viz.greynoise.io/ip/analysis/ae06b3b5-c746-4b44-b2ac-19bb3aea14a1 [11.23.25 - 1000ipv4]"
      ],
      "public": 1,
      "adversary": "Unknown APT Group(s) / Threat Actor (s)",
      "targeted_countries": [
        "Canada",
        "United States of America",
        "Philippines",
        "Panama",
        "Netherlands",
        "Anguilla",
        "Saint Vincent and the Grenadines",
        "Aruba",
        "Mexico",
        "Guatemala",
        "Costa Rica",
        "Tanzania, United Republic of"
      ],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Healthcare",
        "Government"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 111,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 1,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Disable_Duck",
        "id": "244325",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 236,
        "FileHash-SHA1": 139,
        "FileHash-SHA256": 1421,
        "URL": 9580,
        "CIDR": 30,
        "domain": 10205,
        "email": 12,
        "hostname": 517612,
        "IPv4": 11,
        "CVE": 62
      },
      "indicator_count": 539308,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 146,
      "modified_text": "191 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "691b61e16cea7624a6606a69",
      "name": "For Later",
      "description": "***",
      "modified": "2025-11-17T18:46:19.094000",
      "created": "2025-11-17T17:56:49.875000",
      "tags": [
        "wormhole",
        "want",
        "sign",
        "submit send",
        "copy",
        "share show",
        "report delete",
        "faq roadmap",
        "security legal",
        "twitter discord",
        "protected"
      ],
      "references": [
        "https://wormhole.app/Pp5DdP#3EpzsqLhw5lJdQ0Xe_mRQA",
        "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/iocs"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 4,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Disable_Duck",
        "id": "244325",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 72127,
        "hostname": 16700,
        "URL": 50
      },
      "indicator_count": 88877,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 131,
      "modified_text": "197 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "624f122d52ca4bdcd527c673",
      "name": "Traffic Summary by Host Calls March 7 - April 7",
      "description": "Default: Anghon.co, anonymity.com, is the name given to a computer that can be used to measure the speed of internet traffic, but it is not the only one that has made the headlines.",
      "modified": "2025-10-25T13:36:37.528000",
      "created": "2022-04-07T16:32:45.779000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 2,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "mantunez0410",
        "id": "178995",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 30,
        "domain": 180,
        "URL": 2
      },
      "indicator_count": 212,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 35,
      "modified_text": "221 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "66e9c8e63a72c7cb531a58ba",
      "name": "08.09.24 URLscanio 2 weeks.csv",
      "description": "",
      "modified": "2025-10-25T02:09:23.619000",
      "created": "2024-09-17T18:22:30.731000",
      "tags": [],
      "references": [
        "https://x.com/NorrisN60014/status/1836092481978486802",
        "https://x.com/NorrisN60014/status/1836092481978486802",
        "https://www.hybrid-analysis.com/sample/a4f03d9a35524a7c0596777ea2b1fe5d98161b2462435e6056e4e39eb869396d/66e9ae1eb806d5b3300b842f",
        "https://viz.greynoise.io/analysis/79a3ab55-982c-4fb7-9952-abde6f1219c2",
        "https://www.filescan.io/uploads/66e9b5494a48170ff00c8102/reports",
        "https://report.netcraft.com/submission/9R7KbGQKOvzU9GBdraRBpUJ4C",
        "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcn"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 7,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "skocherhan",
        "id": "249290",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CVE": 3,
        "FileHash-MD5": 6,
        "URL": 1074,
        "domain": 1530,
        "email": 2,
        "hostname": 2849
      },
      "indicator_count": 5464,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 189,
      "modified_text": "221 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "686dc31588057c828d99de65",
      "name": "Darpapox CNC Beacon \u2022 Tethered to T-Mobile iOS",
      "description": "In November 2021  T-mobile.com/tethering/upsell.do\ttethered to a heavily targeted crime victim\u2019s phone. It\u2019s seemed to trigger an outage in Early November 2021. (IoC\u2019s left out of graph and Pulse) related to Palantir / Foundry/ Twitter \nI can anssume they are being spoofed, unfortunately, this harmful, powerfully dangerous \u2019tool\u2019 is a real a weapon that can and has lead to great harm or death ; is a product for sale.\n\nVictim was assaulted by PT under quasi government care. She has been injured, stalked,  nearly assassinated, confronted, recorded, spied on denied healthcare, legal representation & relentlessly bullied online and otherwise to death.\nNOT EVERYONE SHOULD HAVE THIS TOOL. IT IS A WEAPON!",
      "modified": "2025-08-08T00:05:09.846000",
      "created": "2025-07-09T01:17:09.803000",
      "tags": [
        "united",
        "status",
        "name servers",
        "search",
        "servers",
        "ip address",
        "creation date",
        "telekom ag",
        "present aug",
        "present dec",
        "date",
        "date checked",
        "url hostname",
        "server response",
        "google safe",
        "results jan",
        "next related",
        "domains show",
        "domain related",
        "learn",
        "command",
        "ck id",
        "name tactics",
        "suspicious",
        "informative",
        "spawns",
        "mitre att",
        "ck techniques",
        "evasion att",
        "copy md5",
        "copy sha1",
        "copy sha256",
        "sha256",
        "sha1",
        "ascii text",
        "pattern match",
        "size",
        "null",
        "refresh",
        "body",
        "span",
        "hybrid",
        "local",
        "path",
        "click",
        "strings",
        "error",
        "tools",
        "look",
        "verify",
        "restart",
        "update",
        "whois field",
        "value address",
        "city bonn",
        "country de",
        "dnssec",
        "domain name",
        "name",
        "expiration date",
        "domain",
        "passive dns",
        "urls",
        "files ip",
        "address domain",
        "ip whois",
        "registrar",
        "entries",
        "next associated",
        "urls show",
        "results apr",
        "showing",
        "present nov",
        "results dec",
        "present jan",
        "results feb",
        "present mar",
        "results may",
        "results mar",
        "results aug",
        "present may",
        "present jun",
        "results jun",
        "t-mobile",
        "log4",
        "whois show",
        "record value",
        "name domain",
        "admin name",
        "org deutsche",
        "whois",
        "related",
        "comments",
        "status hostname",
        "query type",
        "address first",
        "seen last",
        "seen asn",
        "country",
        "emails",
        "services",
        "org principal",
        "financial",
        "high st",
        "ag organization",
        "server",
        "flag",
        "contacted hosts",
        "process details",
        "found cache",
        "control",
        "pragma",
        "present oct",
        "present feb",
        "moved",
        "name legal",
        "referral url",
        "wa status",
        "updated date",
        "whois server",
        "zipcode",
        "present apr",
        "content type",
        "gmt p3p",
        "noi nid",
        "cura adma",
        "deva psaa",
        "psda our",
        "sama bus",
        "pur com",
        "hostname add",
        "pulse pulses",
        "files",
        "domain add",
        "show",
        "copy",
        "reads",
        "total",
        "read",
        "write",
        "delete",
        "kawaii unicorn",
        "tethering",
        "iphone",
        "ios",
        "apple",
        "gmt content",
        "type",
        "dynamicloader",
        "yara rule",
        "medium",
        "high",
        "vmware",
        "msie",
        "windows nt",
        "wow64",
        "slcc2",
        "media center",
        "malware",
        "unknown",
        "ta0002 defense",
        "evasion ta0005",
        "ta0009",
        "lowfi",
        "ipv4 add",
        "location united",
        "america flag",
        "ransom",
        "trojandropper",
        "yara detections",
        "lehash",
        "av detections",
        "ids detections",
        "alerts",
        "analysis date",
        "file score",
        "medium risk",
        "none related",
        "defender",
        "pulses none",
        "cnc beacon",
        "winver",
        "search host",
        "all ipv4",
        "hosting",
        "trojan",
        "tlsv1",
        "odigicert inc",
        "cndigicert sha2",
        "secure server",
        "stwashington",
        "lseattle",
        "as16509",
        "stcalifornia",
        "next",
        "execution",
        "dock",
        "persistence",
        "encrypt",
        "project",
        "process32nextw",
        "service",
        "t1003",
        "hacktool",
        "pe32",
        "win64",
        "cowboy server",
        "jakuz",
        "mimikatz",
        "darpapox",
        "default",
        "codeoverlap",
        "date hash",
        "deletes_executed_files",
        "ue codeoverlap",
        "pe section",
        "ipv4",
        "arkei stealer",
        "hash apr",
        "ma ma",
        "win32spigot may",
        "ub euj",
        "e ep",
        "ub uj",
        "program",
        "python",
        "write c",
        "intel",
        "ms windows",
        "updater",
        "launcher",
        "powershell",
        "langchinese",
        "ip check",
        "http host",
        "icmp traffic",
        "win32",
        "download",
        "handle",
        "address range",
        "cidr",
        "network name",
        "allocation type",
        "entity bns34",
        "ip addresses",
        "tsara brashears"
      ],
      "references": [
        "https://offers.Tethered to target iPhone - T-mobile.com/tethering/upsell.do",
        "Kawaii-Unicorn.exe",
        "IDS Detections: Win32/Unruy Rogue Search Host Observed | Yara Detections: EnigmaProtector",
        "High Priority Alerts: infostealer_cookies persistence_autorun procmem_yara static_pe_anomaly",
        "High Priority Alerts:  suricata_alert antivm_bochs_keys physical_drive_access",
        "Priority Alerts: physical_drive_access dynamic_function_loading resumethread_remote_process",
        "Priority Alerts:  enumerates_running_processes reads_self network_http",
        "Priority Alerts: packer_entropy antidebug_ntsetinformationthread injection_rwx",
        "Priority Alerts: createtoolhelp32snapshot_module_enumeration packer_unknown_pe_section_name",
        "High Priority Alerts IDS:  Backdoor.Darpapox/Jaku  \u2022 CNAME CnC Beacon (WinVer 6.1)",
        "High Priority Alerts IDS: ADWARE/InstallCore.Gen Checkin \u2022 Adware.InstallCore.B Checkin",
        "High Priority Alerts IDS: Arkei Stealer \u2022 Config Download Request Vidar/Arkei Stealer Client Data Upload \u2022 192.157.56.140",
        "High Priority Alerts IDS: Potentially Unwanted Application AirInstaller CnC Beacon Backdoor.Win32.Hupigon.dpgy Checkin",
        "High Priority Alerts IDS: Possible Win32/Hupigon ip.txt with a Non-Mozilla UA \u2022 192.157.56.140",
        "High Priority Alerts IDS: Suspicious Zipped Filename in Outbound POST Request (Passwords.log) M2 \u2022 192.157.56.140",
        "High Priority Alerts IDS: Win32/Spigot Activity Potentially Unwanted Application AirInstaller \u2022  192.157.56.140",
        "High Priority Alerts IDS:  \u2022 199.59.243.228",
        "High Priority Alerts IDS: Win32.Renos/Artro Trojan Checkin M1 Garveep POST CnC Beacon \u2022 199.59.243.228",
        "High Priority Alerts IDS: Best-targeted-traffic.com Spyware Install \u2022 199.59.243.228",
        "High Priority Alerts IDS: Win32.AdWare.iBryte.C Install Win32/Scudy.A Checkin \u2022 199.59.243.228",
        "High Priority Alerts IDS: iebaru Spyware User Agent Win32/Snojan Variant Uploading EXE \u2022 199.59.243.228",
        "High Priority Alerts IDS: (iebar) Dropper Checkin 2 (often scripts.dlv4.com related) \u2022 199.59.243.228",
        "High Priority Alerts IDS: Downloader (P2P Zeus dropper UA) Zeus Bot Connectivity Check \u2022 199.59.243.228",
        "https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing. \u2022 www.anyxxxtube.net \u2022",
        "ai-fairness-360.dev-lfprojects5.linuxfoundation.org \u2022-ran-sc.dev-lfprojects5.linuxfoundation.org",
        "[Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 6.1) / Jacuz /Mimikatz] continues\u2026.",
        "[iRegarding - Serving IPs: 192.157.56.141 & 192.157.56.140 for http://tagram.com/ & continues",
        "http://titkok.com/ Final URL: http://survey-smiles.com/ | URL that may infect its visitors with malware. (DigitalMistica)]",
        "URL that may infect its visitors with malware. Last 4 references (DigitalMistica)]"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America"
      ],
      "malware_families": [
        {
          "id": "Win.Trojan.Barys-10005825-0",
          "display_name": "Win.Trojan.Barys-10005825-0",
          "target": null
        },
        {
          "id": "#fp539598-VBS/LoveLetter.BT",
          "display_name": "#fp539598-VBS/LoveLetter.BT",
          "target": null
        },
        {
          "id": "Ransom:Win32/Haperlock",
          "display_name": "Ransom:Win32/Haperlock",
          "target": "/malware/Ransom:Win32/Haperlock"
        },
        {
          "id": "Backdoor.Darpapox/Jaku",
          "display_name": "Backdoor.Darpapox/Jaku",
          "target": null
        },
        {
          "id": "Win.Trojan.Badur-8004052-0",
          "display_name": "Win.Trojan.Badur-8004052-0",
          "target": null
        },
        {
          "id": "Win.Dropper.Unruy-9994363-0",
          "display_name": "Win.Dropper.Unruy-9994363-0",
          "target": null
        },
        {
          "id": "Ransom:Win32/Haperlock.A",
          "display_name": "Ransom:Win32/Haperlock.A",
          "target": "/malware/Ransom:Win32/Haperlock.A"
        },
        {
          "id": "Win.Malware.Bzub-9969513-0",
          "display_name": "Win.Malware.Bzub-9969513-0",
          "target": null
        },
        {
          "id": "Trojan:Win32/Dorv.A",
          "display_name": "Trojan:Win32/Dorv.A",
          "target": "/malware/Trojan:Win32/Dorv.A"
        },
        {
          "id": "HackTool:Win32/Mimikatz",
          "display_name": "HackTool:Win32/Mimikatz",
          "target": "/malware/HackTool:Win32/Mimikatz"
        },
        {
          "id": "ALF:JASYP:TrojanDownloader:Win32/Upatre!atmn",
          "display_name": "ALF:JASYP:TrojanDownloader:Win32/Upatre!atmn",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1480",
          "name": "Execution Guardrails",
          "display_name": "T1480 - Execution Guardrails"
        },
        {
          "id": "T1568",
          "name": "Dynamic Resolution",
          "display_name": "T1568 - Dynamic Resolution"
        },
        {
          "id": "T1045",
          "name": "Software Packing",
          "display_name": "T1045 - Software Packing"
        },
        {
          "id": "T1060",
          "name": "Registry Run Keys / Startup Folder",
          "display_name": "T1060 - Registry Run Keys / Startup Folder"
        },
        {
          "id": "T1210",
          "name": "Exploitation of Remote Services",
          "display_name": "T1210 - Exploitation of Remote Services"
        },
        {
          "id": "T1449",
          "name": "Exploit SS7 to Redirect Phone Calls/SMS",
          "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS"
        },
        {
          "id": "T1059.002",
          "name": "AppleScript",
          "display_name": "T1059.002 - AppleScript"
        },
        {
          "id": "TA0011",
          "name": "Command and Control",
          "display_name": "TA0011 - Command and Control"
        },
        {
          "id": "T1598",
          "name": "Phishing for Information",
          "display_name": "T1598 - Phishing for Information"
        },
        {
          "id": "T1429",
          "name": "Capture Audio",
          "display_name": "T1429 - Capture Audio"
        },
        {
          "id": "T1053",
          "name": "Scheduled Task/Job",
          "display_name": "T1053 - Scheduled Task/Job"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1119",
          "name": "Automated Collection",
          "display_name": "T1119 - Automated Collection"
        },
        {
          "id": "T1129",
          "name": "Shared Modules",
          "display_name": "T1129 - Shared Modules"
        },
        {
          "id": "T1143",
          "name": "Hidden Window",
          "display_name": "T1143 - Hidden Window"
        },
        {
          "id": "T1003",
          "name": "OS Credential Dumping",
          "display_name": "T1003 - OS Credential Dumping"
        },
        {
          "id": "T1031",
          "name": "Modify Existing Service",
          "display_name": "T1031 - Modify Existing Service"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 12,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Q.Vashti",
        "id": "337942",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1130,
        "FileHash-SHA1": 1094,
        "FileHash-SHA256": 4332,
        "URL": 413,
        "domain": 444,
        "hostname": 903,
        "email": 12,
        "SSLCertFingerprint": 34,
        "CIDR": 1
      },
      "indicator_count": 8363,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 143,
      "modified_text": "299 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "pubmatic.com",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "pubmatic.com",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780508426.068716
}