{ "type": "Domain", "indicator": "runtime.name", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/runtime.name", "alexa": "http://www.alexa.com/siteinfo/runtime.name", "indicator": "runtime.name", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3529873828, "indicator": "runtime.name", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6318085594d87ef658b9ce3d", "name": "fortnite", "description": "The following is the full analysis of the FortniteLauncher data, which is used to measure the risk of compromised data being exposed to the public via a secure link on the internet or in the browser.", "modified": "2022-10-07T00:03:59.629000", "created": "2022-09-07T02:56:21.162000", "tags": [ "origin", "urls100 ioc", "verdict http", "domains28 ioc", "verdict", "ips10 ioc", "location", "sha256s5 ioc", "url http", "url https", "ipv4 url", "show", "search", "type indicator", "source url", "hostname", "input", "united", "ashburn", "iocs", "san francisco", "compromise", "files urls42", "ioc verdict", "domains13 ioc" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AIDefenseNet", "id": "102874", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 17, "URL": 75, "FileHash-SHA256": 19, "FileHash-MD5": 7, "FileHash-SHA1": 7, "domain": 4 }, "indicator_count": 129, "is_author": false, "is_subscribing": null, "subscriber_count": 103, "modified_text": "1332 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62ec6b1800ba76b4dee4d7dc", "name": "frph.exe - URL golang.org/x/net/bpf - http://x4k.sh/get/EXFgs/OneDrive.exe", "description": "Created from Old Safari Booknark syncing to an old unremovabke icloud account \nhttps://bitcoin-fortune.com/profile", "modified": "2022-09-04T00:01:06.223000", "created": "2022-08-05T00:58:00.740000", "tags": [ "yunohost portal", "yunohost please", "apt", "memoryfile scan", "unicode", "uint8", "h ansi", "interface", "int32", "chan", "string", "l ansi", "entropy", "malicious" ], "references": [ "x4k.dev - urlscan.io.pdf", "x4k.dev - urlscan.io behaviours js.pdf", "x4k.dev - urlscan.io - simular too.pdf", "x4k.dev - urlscan.io content.pdf", "dom.pdf", "x4k.dev - urlscan.io dom .pdf", "https://hybrid-analysis.com/sample/42ef8fb1eadf609c84262dcfa569ba63c8e31dce25347ab0dd79bb778e7790a1/61f5ec666491152e286edf81", "https://golang.org/x/net/bpf", "Source", "http://x4k.sh/get/EXFgs/OneDrive.exe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 41, "URL": 80, "domain": 15, "hostname": 32, "CVE": 1, "FileHash-MD5": 8, "FileHash-SHA1": 1 }, "indicator_count": 178, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1365 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62ec6cd855f72a8a011ea906", "name": "x4k.sh", "description": "", "modified": "2022-08-05T01:05:28.315000", "created": "2022-08-05T01:05:28.315000", "tags": [], "references": [ "x4k dev second exe scan hybrid.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 47, "hostname": 8, "domain": 5, "URL": 39, "FileHash-MD5": 8, "FileHash-SHA1": 1 }, "indicator_count": 108, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1395 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "x4k.dev - urlscan.io.pdf", "x4k dev second exe scan hybrid.pdf", "x4k.dev - urlscan.io content.pdf", "https://hybrid-analysis.com/sample/42ef8fb1eadf609c84262dcfa569ba63c8e31dce25347ab0dd79bb778e7790a1/61f5ec666491152e286edf81", "Source", "x4k.dev - urlscan.io dom .pdf", "x4k.dev - urlscan.io - simular too.pdf", "x4k.dev - urlscan.io behaviours js.pdf", "https://golang.org/x/net/bpf", "http://x4k.sh/get/EXFgs/OneDrive.exe", "dom.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6318085594d87ef658b9ce3d", "name": "fortnite", "description": "The following is the full analysis of the FortniteLauncher data, which is used to measure the risk of compromised data being exposed to the public via a secure link on the internet or in the browser.", "modified": "2022-10-07T00:03:59.629000", "created": "2022-09-07T02:56:21.162000", "tags": [ "origin", "urls100 ioc", "verdict http", "domains28 ioc", "verdict", "ips10 ioc", "location", "sha256s5 ioc", "url http", "url https", "ipv4 url", "show", "search", "type indicator", "source url", "hostname", "input", "united", "ashburn", "iocs", "san francisco", "compromise", "files urls42", "ioc verdict", "domains13 ioc" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AIDefenseNet", "id": "102874", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 17, "URL": 75, "FileHash-SHA256": 19, "FileHash-MD5": 7, "FileHash-SHA1": 7, "domain": 4 }, "indicator_count": 129, "is_author": false, "is_subscribing": null, "subscriber_count": 103, "modified_text": "1332 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62ec6b1800ba76b4dee4d7dc", "name": "frph.exe - URL golang.org/x/net/bpf - http://x4k.sh/get/EXFgs/OneDrive.exe", "description": "Created from Old Safari Booknark syncing to an old unremovabke icloud account \nhttps://bitcoin-fortune.com/profile", "modified": "2022-09-04T00:01:06.223000", "created": "2022-08-05T00:58:00.740000", "tags": [ "yunohost portal", "yunohost please", "apt", "memoryfile scan", "unicode", "uint8", "h ansi", "interface", "int32", "chan", "string", "l ansi", "entropy", "malicious" ], "references": [ "x4k.dev - urlscan.io.pdf", "x4k.dev - urlscan.io behaviours js.pdf", "x4k.dev - urlscan.io - simular too.pdf", "x4k.dev - urlscan.io content.pdf", "dom.pdf", "x4k.dev - urlscan.io dom .pdf", "https://hybrid-analysis.com/sample/42ef8fb1eadf609c84262dcfa569ba63c8e31dce25347ab0dd79bb778e7790a1/61f5ec666491152e286edf81", "https://golang.org/x/net/bpf", "Source", "http://x4k.sh/get/EXFgs/OneDrive.exe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 41, "URL": 80, "domain": 15, "hostname": 32, "CVE": 1, "FileHash-MD5": 8, "FileHash-SHA1": 1 }, "indicator_count": 178, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1365 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62ec6cd855f72a8a011ea906", "name": "x4k.sh", "description": "", "modified": "2022-08-05T01:05:28.315000", "created": "2022-08-05T01:05:28.315000", "tags": [], "references": [ "x4k dev second exe scan hybrid.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 47, "hostname": 8, "domain": 5, "URL": 39, "FileHash-MD5": 8, "FileHash-SHA1": 1 }, "indicator_count": 108, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1395 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "runtime.name", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "runtime.name", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780243186.6674647 }