{ "type": "Domain", "indicator": "shown.bs", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/shown.bs", "alexa": "http://www.alexa.com/siteinfo/shown.bs", "indicator": "shown.bs", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2811756804, "indicator": "shown.bs", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 15, "pulses": [ { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "660b176a98b0c92ba5a962bc", "name": "\"No Problems\" - UAlberta TLD (Confirmed TLD - 08.04.24) & Subdomain compromise", "description": "Basically the above\n\n\"No Problems\", \"We are Unhackable\", etc. etc. causing problems.", "modified": "2024-09-04T05:01:56.993000", "created": "2024-04-01T20:22:02.851000", "tags": [ "BEC" ], "references": [ "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/summary", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/iocs", "https://www.virustotal.com/graph/embed/gead337f35cdd4241b225b68ff0528a3834be5d60876745fa99254ff7f8a0df22?theme=dark", "https://www.virustotal.com/graph/embed/g1e31eca6803a433a9a33437d593a2bbdf979ff77c91340d1ab624d10dc8732b3?theme=dark", "https://dnstwist.it/#ea665d15-6507-4057-b2c9-18a2e546ee95", "https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore", "https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/", "https://malpedia.caad.fkie.fraunhofer.de/details/win.mydoom", "https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 233, "FileHash-SHA1": 230, "FileHash-SHA256": 6703, "URL": 4450, "CIDR": 3, "domain": 6223, "hostname": 2863, "email": 7, "CVE": 53 }, "indicator_count": 20765, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657098ff4c59f8ac3f86f613", "name": "v2 of web.basemark.com plus all suggested ioc,s dont forget about the dropped js files from the 2nd hybrid link", "description": "", "modified": "2023-12-06T15:53:35.032000", "created": "2023-12-06T15:53:35.032000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1168, "hostname": 1366, "domain": 412, "URL": 3576, "email": 2, "FileHash-MD5": 61, "FileHash-SHA1": 54 }, "indicator_count": 6639, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708cdd2f63f24552fa3e39", "name": "BLNWX.COM", "description": "", "modified": "2023-12-06T15:01:49.772000", "created": "2023-12-06T15:01:49.772000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 400, "URL": 1905, "domain": 494, "hostname": 707 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c534aadf7adf4f27d77", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "", "modified": "2023-12-06T14:59:31.122000", "created": "2023-12-06T14:59:31.122000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 302, "domain": 634, "URL": 2988, "hostname": 1208 }, "indicator_count": 5132, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657080d20f7e10c1e37fcf89", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:10:26.301000", "created": "2023-12-06T14:10:26.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1078, "domain": 838, "hostname": 1607, "URL": 4134, "email": 3, "FileHash-SHA1": 2, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "642594b9402f0edc523a1149", "name": "http://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k'", "description": "", "modified": "2023-04-29T13:05:05.409000", "created": "2023-03-30T13:55:05.516000", "tags": [ "trojan", "apt", "ansi", "dropped file", "runtime data", "chromeua", "optout", "programfiles", "typeof e", "localappdata", "error", "date", "generator", "path", "null", "void", "win64", "twitter", "this", "critical", "desktop", "dark", "light", "meta", "roboto", "span", "class", "template", "blink", "suspicious", "facebook", "mexico", "malicious", "mozilla", "strings", "qakbot", "://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00" ], "references": [ "://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k", "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9/641e30763dcad56bc2075661" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 243, "email": 2, "domain": 240, "URL": 101, "FileHash-MD5": 61, "FileHash-SHA1": 54, "FileHash-SHA256": 99 }, "indicator_count": 800, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1128 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6425a2f9c155fd53b9922bcd", "name": "v2 of web.basemark.com plus all suggested ioc,s dont forget about the dropped js files from the 2nd hybrid link", "description": "hope peeps are gona learn from 3cx that false positives are in fact often not false", "modified": "2023-04-29T13:05:05.409000", "created": "2023-03-30T14:55:53.652000", "tags": [ "trojan", "apt", "ansi", "dropped file", "runtime data", "chromeua", "optout", "programfiles", "typeof e", "localappdata", "error", "date", "generator", "path", "null", "void", "win64", "twitter", "this", "critical", "desktop", "dark", "light", "meta", "roboto", "span", "class", "template", "blink", "suspicious", "facebook", "mexico", "malicious", "mozilla", "strings", "qakbot", "://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00" ], "references": [ "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9", "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9/641e30763dcad56bc2075661", "http://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 412, "FileHash-SHA256": 1168, "URL": 3576, "hostname": 1366, "email": 2, "FileHash-MD5": 61, "FileHash-SHA1": 54 }, "indicator_count": 6639, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1128 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62750795ebc8c475f4a3033a", "name": "aquanx.com (PegTech botnet hosting)", "description": "var b[f, g.g, is a new addition to the list of characters that can be added to a singleElement, as well as a set of numbers, if they are new.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T11:33:41.174000", "tags": [ "function", "eu cookie", "version", "tamas schalk", "element", "lang", "datadelay", "dataexpire", "dataclass", "name", "date", "path", "null", "cookie", "regexp", "typeof e", "please", "typeof t", "pseudo", "child", "array", "error", "class", "void", "this", "extendedvps", "login register", "product group", "svssdlinux", "svssdwindows", "password", "client area", "aquanx english", "azerbaijani", "catal", "colocation\uff0ccustomized service\uff0cone-stop service\uff0caffordable cloud ", "aquanx", "metal cloud", "chat", "ddos migration", "network", "colocation", "cloud", "colocation bare", "cloud hosting", "private cloud", "bare", "service", "custom build", "https", "bootstrap", "bootstrap hover", "dropdown", "author", "cameron spear", "mattia larentis", "dropdown plugin", "http", "plugin", "copyright", "twitter", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "type", "expando", "typeof selector", "sizzle", "elem", "match", "data", "seed", "vd", "number", "string", "ienew ca", "closure library", "quota", "aafunction", "dafunction" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "https://aquanx.com/js/jquery-1.12.4.min.js", "https://aquanx.com/js/bootstrap.js", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://aquanx.com/js/modernizr-custom.js", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://aquanx.com/", "https://user.aquanx.com/clientarea.php", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "xfe-URL-raksmart.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 560, "URL": 1236, "domain": 184, "FileHash-SHA256": 79 }, "indicator_count": 2059, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62756a0d14664003affb0555", "name": "hush.com 301 to hushmail.com", "description": "var b[f, gw.b, \"dust\" - a.g - has been added to an Array by the end of the year, if there is any chance of it being added.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T18:33:49.161000", "tags": [ "widget", "null", "regexp", "array", "copyright", "license", "calltrkswap", "date", "typeof s", "xmlhttprequest", "typeof r", "script", "vd", "number", "string", "ienew ca", "closure library", "error", "quota", "aafunction", "dafunction", "function", "typeof o", "reduceright", "aw1070742489", "uint8array", "void", "code", "typeof symbol", "wickedclientid", "wickedemail", "wickedurl", "wickednullurl", "typeof e", "direct", "typeof require", "modulenotfound", "mini", "cnull", "anull", "nl50", "pnull", "okcancel", "compiled", "true", "android", "trident", "form", "window", "false", "acronym", "body", "canvas", "embed", "footer", "iframe", "keygen", "legend", "mark", "meta", "ruby", "small", "span", "template", "blank", "twitter", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "typeof module", "width", "object", "this", "accept", "fnumber", "gtmmf25krh", "host", "path" ], "references": [ "xfe-URL-Hush.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-MF25KRH", "https://www.hushmail.com/shared/javascript/jquery-3.5.1.min.js", "https://www.hushmail.com/javascriptinclude/eNrLKC3OyE3MzIkvT00qzixJtSpITE_V98lPz8xzyy_K1csqtjI0MzK2MDcwsbS0ysCq2qkov7w4tSi4JLGkGFUDAF_tIM0,.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://www.hushmail.com/javascriptinclude/eNpNzEEOQDAQQNEbtVoM7Sks7GXopB0pkQ5xfWJl-5P3JWGh4AvukSRzoKKtqlWlf0Wt4k3rnG2g641Pl6QNOU83zcIn-QMj6ZHpHQ2FF97jiHOmj0ED4FxfwQOf9yPU.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "https://widget.wickedreports.com/widget.js", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489", "https://www.hushmail.com/status/", "https://script.tapfiliate.com/tapfiliate.js", "https://www.googletagmanager.com/gtag/js?id=UA-1837381-13", "https://widget.wickedreports.com/v2/3469/wr-dafa9fae816c2f65d24d1eb593b58626.js", "https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861725881&ids%5B%5D=431115301", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861793229&ids%5B%5D=431115301", "https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=4bdc496b000064000505a89d#locale=en-US&styleHeight=28px&styleWidth=100%25&theme=light" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "OkCancel", "display_name": "OkCancel", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1917, "hostname": 698, "FileHash-SHA256": 116, "domain": 263 }, "indicator_count": 2994, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6271740be1d2d55007677274", "name": "Fiberhub.com and versaweb.com", "description": "The following is the full text of the code used to create Twitter's new web-based \"bootstrap\" - a guide to what to do if you want to use it in your browser.", "modified": "2022-06-02T00:03:59.540000", "created": "2022-05-03T18:27:23.636000", "tags": [ "html5 shiv", "jdalton", "jonneal", "mitgpl2", "typeof c", "typeof module", "null", "plugin", "function", "copyright", "twitter", "bootstrap", "http", "conflict", "focus", "object", "error", "click", "open", "next", "target", "trigger", "config", "checkbox", "delta", "false", "scroll", "vd", "number", "string", "ienew ca", "date", "closure library", "quota", "aafunction", "dafunction", "fbcd", "328373057580084", "prop", "init", "autoconfig", "protocol", "adnxsdomain", "aoldomain", "adrolltpc", "regexp", "typeof b", "pseudo", "child", "array", "width", "sufeffxa0", "class", "accept", "please", "chat", "search", "language", "feel", "file", "call", "strongstart", "address", "again" ], "references": [ "xfe-IP-76.164.203.68-stix2-2.1-export.json", "http://www.versaweb.com/js/bootstrap.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/languages/en.js", "http://www.versaweb.com/css/1024.css", "https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js", "https://d.adroll.com/pixel/LZLVHVDGLRC6BEJRRIQDVW/HBKRUDDSQJCU7GD5KH3RWC?adroll_fpc=fd1d5ad32fd771b6d89af530ec6ca1cf-1651601137287&arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&pv=14491019928.1296&cookie=&adroll_s_ref=&keyw=", "https://d.adroll.com/consent/check/LZLVHVDGLRC6BEJRRIQDVW?arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&_s=1b87c8c5132a03372125d888e43b0a86&_b=2", "https://s.adroll.com/j/exp/LZLVHVDGLRC6BEJRRIQDVW/index.js", "xfe-URL-versaweb.com-stix2-2.1-export.json", "xfe-URL-fiberhub.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=UA-33008870-1", "https://www.fiberhub.com/js/bootstrap.js", "https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 590, "URL": 1312, "domain": 376, "FileHash-SHA256": 203 }, "indicator_count": 2481, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1459 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626acbf5b18bf4679059431e", "name": "BLNWX.COM", "description": "Users of the Internet Archive are being asked to login to the service to access the archive's archive, or PURL, and to view the Archive's collection of archived material. \u00c2\u00a31.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T17:16:37.507000", "tags": [ "error", "modulenotfound", "knew promise", "parseint", "date", "fsettimeout", "typeof module", "null", "plugin", "function", "copyright", "twitter", "bootstrap", "http", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "regexp", "pseudo", "child", "sufeffxa0", "class", "attr", "foundation", "close", "user login", "cancel", "close user", "complete", "come", "sign", "cancel toggle", "purl", "administration" ], "references": [ "xfe-IP-193.149.176.62-stix2-2.1-export.json", "xfe-URL-Purl.com-stix2-2.1-export.json", "xfe-URL-Easydns.com-stix2-2.1-export.json", "xfe-URL-creativecommons.org-stix2-2.1-export.json", "https://purl.archive.org/", "https://purl.archive.org/static/jquery/jquery.js", "https://purl.archive.org/static/bootstrap/js/bootstrap.js", "https://purl.archive.org/static/app.js", "xfe-URL-modernizr.com-stix2-2.1-export.json", "https://modernizr.com/js/build.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1905, "hostname": 707, "domain": 494, "FileHash-SHA256": 400 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1464 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62616627ee302d24b23523c3", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T14:11:51.629000", "tags": [ "tbody", "span", "thead", "tfoot", "multiple", "type", "href", "input", "halflings", "gradienttype1", "twitter", "false", "fontface", "fatface", "woff2", "u0259", "u1e001eff", "u2020", "u20a020ab", "u20ad20cf", "u2113", "u2c602c7f", "typesubmit", "function", "typeof c", "formdata", "this", "typeof define", "null", "typeof f", "object", "boolean", "typeof module", "error", "reflect", "math", "regexp", "number", "array", "typeerror", "string", "symbol", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "account", "open", "navitem", "text", "mainnav", "click", "blank", "copyright", "u0027", "value", "body", "firefox", "enum", "html", "msie", "applewebkit", "traceconsole", "form", "iframe", "legend", "nonmsdombrowser", "callbackindex", "callbackframeid", "eventtarget", "eventargument", "validation", "explorer", "target", "plugin", "bootstrap", "https", "conflict", "focus", "next", "trigger", "checkbox", "delta", "scroll", "sourceid", "date", "sessiontoken", "sessionexpires", "void", "rangeerror", "utf16", "illegal input", "global", "chrome", "opredge", "opera", "safari", "version", "sxa0", "browser", "typeof require", "dom node", "typeof d", "component", "typeof h", "bubble", "reduceright", "script", "typeof n", "jhnew ia", "gtm5sn6brv", "path", "host", "trackpageview", "gw8yd4p2eny", "select", "strong", "uint8array", "android", "verify", "stop", "enterprise", "widget", "window", "generator", "reload", "r300", "caca", "closure library", "xdfunction", "adfunction", "cdfunction", "ddfunction", "bded", "please", "typeemail", "email", "jarallaxinner", "webkit", "property", "transform", "trident", "edge", "ipodi", "ipadi", "androidi", "blackberryi", "windows phonei", "xfunction", "pfunction", "wfunction", "show navigation", "mjquery", "typeof", "defaulttype", "hidden", "show", "shown", "startr", "endr", "federico zivolo", "distributed", "mit license", "statict", "flip" ], "references": [ "xfe-IP-78.142.35.163-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export.json", "xfe-URL-4vendeta.com-stix2-2.1-export.json", "https://4vendeta.com/assets/js/jquery.min.js", "https://4vendeta.com/assets/js/popper.min.js", "https://4vendeta.com/assets/js/bootstrap.min.js", "https://4vendeta.com/assets/js/meanmenu.min.js", "https://4vendeta.com/assets/js/parallax.min.js", "https://4vendeta.com/assets/js/ajaxchimp.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-92521958-1", "https://www.googletagmanager.com/gtag/js?id=G-W8YD4P2ENY&l=dataLayer&cx=c", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5SN6BRV", "https://static.zdassets.com/ekr/snippet.js?key=7342b695-e394-4f25-89a0-da9d262a48da", "https://cp.enom.com/js/jquery-3.5.1.min.js", "https://cp.enom.com/responsive/_js/knockout-3.3.0.min.js", "https://cp.enom.com/js/global-functions.js", "https://cp.enom.com/js/punycode.min.js", "https://cp.enom.com/js/jquery.disableonsubmit.min.js", "https://cp.enom.com/js/jquery.cookie.min.js", "https://cp.enom.com/js/cart.minicart.min.js", "https://cp.enom.com/js/openWin.min.js", "https://cp.enom.com/js/jquery.jgrowl.min.js", "https://cp.enom.com/scripts/Session.min.js", "https://cp.enom.com/responsive/_js/init.min.js", "https://cp.enom.com/responsive/_js/bootstrap.js", "https://cp.enom.com/WebResource.axd?d=6rtXrDcnyiYD-9dFDFOkxTRcPVSrAN8fR-cHKzNqPTy7bHic-2LLMHDnielTzEI-sd1KplHrRBudcZJOm0-lxubO7k41&t=637453818340000000", "https://cp.enom.com/ScriptResource.axd?d=fVjQa-0YyNqO6JmV36bw6eBJdTjE2YSdtcunOWcKYcBNn73MOJKQA_rxX3YMhcxLTgyDsGTKy0p9NEPvxzpqEpBKtm3GLb2GgI1LFYMC0Xr2lh71ZCttzgNGFnc5mS_Fc_DY5UH0M19Mr958h1jvmK4kzAM1&t=363be08", "https://cp.enom.com/ScriptResource.axd?d=lDjPFfAIWSrEAVNgTHTrISQmLEFmHAaibvNJQuGRZDbWpGFPLrFwaGVpjCUsI6HkqzbpwmaAa0cJCrq8f0eqEvIsQM8lvN_dVYVyESnohON4oTvdMZHDmwG83uJA4m2oqykP8TTTSIeV2oaNrlIXaX8cOxC5Cv6aGmjpdB2u-227wdn30&t=363be08", "https://cdn.optimizely.com/js/26241557.js", "https://cp.enom.com/verisign-seal.htm", "https://cp.enom.com/global/TopMenu.ascx.js", "http://alp-vision.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "http://alp-vision.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "http://alp-vision.com/wp-content/cache/autoptimize/js/autoptimize_78b4f9b28399aa3c8a405e45931ad058.js", "http://alp-vision.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.6", "http://fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&subset=latin%2Ccyrillic&ver=5.7.6", "http://alp-vision.com/wp-content/themes/alp-vision/css/bootstrap.css?ver=1.0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2989, "hostname": 1208, "domain": 634, "FileHash-SHA256": 302 }, "indicator_count": 5133, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1471 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f86049cb1c945f7701075", "name": "Hetzner - malware hosting", "description": "function ar(aw,av,au,at) is a new type of tracking, which uses the same code as the Matomo tracking tool and its built-up functionality to track where a tracker is located.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T04:03:16.817000", "tags": [ "param", "locale", "return", "stripped", "regexp", "html", "lang", "lightweight", "dual", "javascript i18n", "entity", "body", "meta", "typeradio", "ttav", "width", "ttaelt", "shadowwidth", "tagtotip", "html element", "shadow", "closebtncolors", "fadein", "null", "sticky", "close", "false", "path", "config", "span", "iframe", "kill", "inside", "first", "typetext", "typepassword", "input", "typeof define", "typeof module", "html tags", "px20trnf", "dom element", "date", "this", "typeof e", "function", "left", "bottom", "nullt", "right", "next", "february", "april", "june", "august", "atom", "cookie", "back", "bounce", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "error", "captcha", "access site", "click", "strong", "ddos", "hetzner online", "gmbh element", "lztextlink", "script", "lzrscr", "scrb64d", "livezilladata", "ovlcwm", "activedocument", "lzsds", "lzsde", "lzsdeg", "cant load", "gv1023", "typecheckbox", "5deg", "20deg", "45deg", "2000px00", "2000px0", "10px00", "60px0", "mintime", "await", "number", "typeof n", "typeof symbol", "cookieconsent", "showcookiemodal", "cookie banner", "agree", "agreed", "expiresthu", "anchorregex", "typeerror", "swiper", "hammer", "bnm", "software", "azaz", "form", "void", "zert", "accept", "android", "trace", "import", "string", "please", "blob", "matomo", "post", "javascript", "link", "license" ], "references": [ "xfe-IP-136.243.64.87-stix2-2.1-export.json", "https://matomo.hetzner.com/matomo.js", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://accounts.hetzner.com/login", "https://accounts.hetzner.com/build/runtime.188fa053.js", "https://accounts.hetzner.com/build/755.5a8586e9.js", "https://accounts.hetzner.com/build/app.dc073715.js", "https://accounts.hetzner.com/build/802.3a7546ef.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ActiveDocument", "display_name": "ActiveDocument", "target": null }, { "id": "OVLCWM", "display_name": "OVLCWM", "target": null }, { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "BNM", "display_name": "BNM", "target": null } ], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2308, "hostname": 949, "FileHash-SHA256": 125, "domain": 372, "FileHash-SHA1": 3, "FileHash-MD5": 256 }, "indicator_count": 4013, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62276abfaa65cd33f64331f8", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-08T14:39:59.235000", "tags": [ "march", "lookup go", "rescan add", "verdict report", "de summary", "http", "redirects links", "behaviour", "similar dom", "content api", "value", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "motor vehicle", "aqb1", "eventsevent10", "meta", "show", "download go", "full url", "reverse dns", "resource", "windows nt", "win64", "khtml", "gecko", "response", "main", "milan", "apache", "paris", "accept" ], "references": [ "TarrantCounty3df.pdf", "TarantCounty2df.pdf", "TarrantCounty4df.pdf", "TarrantCounty5df.pdf", "tarrant23df.pdf", "TarrantCounty1df.pdf", "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "TarrantCounty6df.pdf", "TarrantCounty7df.pdf", "TarrantCounty10df.pdf", "TarrantCounty9df.pdf", "TarrantCounty17df.pdf", "TarrantCounty15df.pdf", "TarrantCounty12df.pdf", "TarrantCounty14df.pdf", "tarrantcounty8df.pdf", "TarrantCounty18df.pdf", "TarrantCounty19df.pdf", "TarrantCounty21df.pdf", "tarrantcounty22df.pdf", "TarrantCounty20df.pdf", "tarrantcountydf.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4134, "hostname": 1607, "domain": 838, "FileHash-SHA256": 1078, "FileHash-SHA1": 2, "email": 3, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://s.adroll.com/j/exp/LZLVHVDGLRC6BEJRRIQDVW/index.js", "http://www.versaweb.com/js/bootstrap.js", "https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/", "https://cp.enom.com/js/cart.minicart.min.js", "TarrantCounty4df.pdf", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "TarrantCounty17df.pdf", "https://accounts.hetzner.com/login", "https://purl.archive.org/static/app.js", "xfe-URL-Purl.com-stix2-2.1-export.json", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://embed.tawk.to/_s/v4/app/625d36b405c/languages/en.js", "https://dnstwist.it/#ea665d15-6507-4057-b2c9-18a2e546ee95", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/graph/embed/gead337f35cdd4241b225b68ff0528a3834be5d60876745fa99254ff7f8a0df22?theme=dark", "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "http://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k", "https://matomo.hetzner.com/matomo.js", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://widget.wickedreports.com/widget.js", "https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://d.adroll.com/consent/check/LZLVHVDGLRC6BEJRRIQDVW?arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&_s=1b87c8c5132a03372125d888e43b0a86&_b=2", "xfe-URL-versaweb.com-stix2-2.1-export.json", "https://cp.enom.com/responsive/_js/bootstrap.js", "https://tria.ge/240521-q4s79agb25/static1", "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "https://widget.wickedreports.com/v2/3469/wr-dafa9fae816c2f65d24d1eb593b58626.js", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://cp.enom.com/js/openWin.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-33008870-1", "https://cp.enom.com/ScriptResource.axd?d=fVjQa-0YyNqO6JmV36bw6eBJdTjE2YSdtcunOWcKYcBNn73MOJKQA_rxX3YMhcxLTgyDsGTKy0p9NEPvxzpqEpBKtm3GLb2GgI1LFYMC0Xr2lh71ZCttzgNGFnc5mS_Fc_DY5UH0M19Mr958h1jvmK4kzAM1&t=363be08", "http://alp-vision.com/wp-content/cache/autoptimize/js/autoptimize_78b4f9b28399aa3c8a405e45931ad058.js", "https://script.tapfiliate.com/tapfiliate.js", "xfe-URL-modernizr.com-stix2-2.1-export.json", "TarrantCounty12df.pdf", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "TarrantCounty21df.pdf", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://www.hushmail.com/javascriptinclude/eNpNzEEOQDAQQNEbtVoM7Sks7GXopB0pkQ5xfWJl-5P3JWGh4AvukSRzoKKtqlWlf0Wt4k3rnG2g641Pl6QNOU83zcIn-QMj6ZHpHQ2FF97jiHOmj0ED4FxfwQOf9yPU.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://accounts.hetzner.com/build/runtime.188fa053.js", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://4vendeta.com/assets/js/popper.min.js", "https://cp.enom.com/js/jquery.cookie.min.js", "https://www.criminalip.io/domain/report?scan_id=13798622", "TarrantCounty1df.pdf", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "tarrantcounty22df.pdf", "TarrantCounty14df.pdf", "xfe-IP-76.164.203.68-stix2-2.1-export.json", "http://www.versaweb.com/css/1024.css", "http://alp-vision.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "https://cp.enom.com/responsive/_js/knockout-3.3.0.min.js", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/iocs", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json", "https://cp.enom.com/scripts/Session.min.js", "https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=4bdc496b000064000505a89d#locale=en-US&styleHeight=28px&styleWidth=100%25&theme=light", "https://cp.enom.com/WebResource.axd?d=6rtXrDcnyiYD-9dFDFOkxTRcPVSrAN8fR-cHKzNqPTy7bHic-2LLMHDnielTzEI-sd1KplHrRBudcZJOm0-lxubO7k41&t=637453818340000000", "AppRegistrationList.csv", "xfe-URL-4vendeta.com-stix2-2.1-export.json", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://urlscan.io/search/#ualberta.ca", "TarrantCounty9df.pdf", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "https://4vendeta.com/assets/js/parallax.min.js", "https://www.googletagmanager.com/gtag/js?id=G-W8YD4P2ENY&l=dataLayer&cx=c", "https://modernizr.com/js/build.js", "https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "All - EnterpriseAppsList.csv", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489", "https://www.fiberhub.com/js/bootstrap.js", "xfe-IP-193.149.176.62-stix2-2.1-export.json", "https://purl.archive.org/static/bootstrap/js/bootstrap.js", "https://cdn.optimizely.com/js/26241557.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "TarrantCounty19df.pdf", "http://alp-vision.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "https://aquanx.com/js/jquery-1.12.4.min.js", "TarrantCounty18df.pdf", "Thor Scan: S-I9VvMTB6cZU", "xfe-URL-Easydns.com-stix2-2.1-export.json", "https://4vendeta.com/assets/js/ajaxchimp.min.js", "http://alp-vision.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.6", "https://4vendeta.com/assets/js/meanmenu.min.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://cp.enom.com/js/jquery.disableonsubmit.min.js", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "tarrantcounty8df.pdf", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861725881&ids%5B%5D=431115301", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "http://alp-vision.com/wp-content/themes/alp-vision/css/bootstrap.css?ver=1.0", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://www.googletagmanager.com/gtag/js?id=UA-92521958-1", "https://www.googletagmanager.com/gtag/js?id=UA-1837381-13", "https://static.zdassets.com/ekr/snippet.js?key=7342b695-e394-4f25-89a0-da9d262a48da", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.hushmail.com/shared/javascript/jquery-3.5.1.min.js", "xfe-URL-creativecommons.org-stix2-2.1-export.json", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "xfe-IP-136.243.64.87-stix2-2.1-export.json", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861793229&ids%5B%5D=431115301", "https://www.googletagmanager.com/gtm.js?id=GTM-MF25KRH", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "xfe-URL-Hush.com-stix2-2.1-export.json", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/summary", "TarrantCounty15df.pdf", "https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js", "xfe-URL-Enom.com-stix2-2.1-export.json", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "https://cp.enom.com/js/jquery.jgrowl.min.js", "https://cp.enom.com/ScriptResource.axd?d=lDjPFfAIWSrEAVNgTHTrISQmLEFmHAaibvNJQuGRZDbWpGFPLrFwaGVpjCUsI6HkqzbpwmaAa0cJCrq8f0eqEvIsQM8lvN_dVYVyESnohON4oTvdMZHDmwG83uJA4m2oqykP8TTTSIeV2oaNrlIXaX8cOxC5Cv6aGmjpdB2u-227wdn30&t=363be08", "https://www.googletagmanager.com/gtm.js?id=GTM-5SN6BRV", "https://accounts.hetzner.com/build/755.5a8586e9.js", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://purl.archive.org/static/jquery/jquery.js", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "http://fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&subset=latin%2Ccyrillic&ver=5.7.6", "https://cp.enom.com/js/global-functions.js", "TarrantCounty6df.pdf", "TarrantCounty10df.pdf", "TarrantCounty20df.pdf", "https://cp.enom.com/js/jquery-3.5.1.min.js", "https://accounts.hetzner.com/build/802.3a7546ef.js", "https://purl.archive.org/", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://cp.enom.com/js/punycode.min.js", "tarrantcountydf.pdf", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://aquanx.com/", "https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js", "https://d.adroll.com/pixel/LZLVHVDGLRC6BEJRRIQDVW/HBKRUDDSQJCU7GD5KH3RWC?adroll_fpc=fd1d5ad32fd771b6d89af530ec6ca1cf-1651601137287&arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&pv=14491019928.1296&cookie=&adroll_s_ref=&keyw=", "https://4vendeta.com/assets/js/jquery.min.js", "xfe-URL-fiberhub.com-stix2-2.1-export.json", "https://aquanx.com/js/modernizr-custom.js", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://accounts.hetzner.com/build/app.dc073715.js", "TarantCounty2df.pdf", "https://cp.enom.com/verisign-seal.htm", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore", "https://tria.ge/240517-t9pc2ahb2t", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://malpedia.caad.fkie.fraunhofer.de/details/win.mydoom", "TarrantCounty3df.pdf", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://cp.enom.com/responsive/_js/init.min.js", "https://4vendeta.com/assets/js/bootstrap.min.js", "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9/641e30763dcad56bc2075661", "TarrantCounty7df.pdf", "tarrant23df.pdf", "https://user.aquanx.com/clientarea.php", "xfe-URL-raksmart.com-stix2-2.1-export.json", "https://cp.enom.com/global/TopMenu.ascx.js", "https://www.virustotal.com/graph/embed/g1e31eca6803a433a9a33437d593a2bbdf979ff77c91340d1ab624d10dc8732b3?theme=dark", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://aquanx.com/js/bootstrap.js", "xfe-IP-78.142.35.163-stix2-2.1-export.json", "TarrantCounty5df.pdf", "https://www.hushmail.com/status/", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://www.hushmail.com/javascriptinclude/eNrLKC3OyE3MzIkvT00qzixJtSpITE_V98lPz8xzyy_K1csqtjI0MzK2MDcwsbS0ysCq2qkov7w4tSi4JLGkGFUDAF_tIM0,.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://tria.ge/240517-vqxezaaa33/behavioral1", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Reduceright", "Ovlcwm", "Bnm", "Okcancel", "Vd", "Activedocument", "Hammer" ], "industries": [ "Technology", "Education", "Telecommunications", "Government", "Healthcare" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 15, "pulses": [ { "id": "6647908c09468f42bc1249f1", "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution", "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com", "modified": "2025-03-01T04:59:57.222000", "created": "2024-05-17T17:14:52.317000", "tags": [ "false", "true", "visible", "application", "microsoft teams", "microsoft azure", "office", "service", "dynamics", "hidden", "android", "explorer", "write", "connector", "test", "sharepoint", "live", "meister", "tools", "desktop", "spark", "front", "enterprise", "designer", "atlas", "premium", "assistant", "allow", "azureadmyorg", "game", "verify", "microsoft power", "channelsurfcli", "mtd1", "file transfer", "magnus", "microsoft crm", "youth" ], "references": [ "All - EnterpriseAppsList.csv", "AppRegistrationList.csv", "https://tria.ge/240517-vc7c1shc62/behavioral1", "https://tria.ge/240517-vdwb5shc71/behavioral1", "https://tria.ge/240517-vqxezaaa33/behavioral1", "https://tria.ge/240517-t9pc2ahb2t", "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph", "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary", "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb", "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7", "Thor Scan: S-I9VvMTB6cZU", "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview", "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview", "https://imp0rtp3.wordpress.com/2021/08/12/tetris/", "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview", "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview", "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview", "https://tria.ge/240521-q4s79agb25/static1", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview", "https://www.filescan.io/uploads/666d69ff6b8dba248b414767", "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3", "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b", "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2", "https://www.hudsonrock.com/search?domain=ualberta.ca", "https://www.criminalip.io/domain/report?scan_id=13798622", "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24", "https://urlscan.io/search/#ualberta.ca", "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs", "https://sitereport.netcraft.com/?url=http://ualberta.ca", "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/", "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll", "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark", "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22", "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22", "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Healthcare", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1703, "FileHash-SHA256": 90472, "URL": 99185, "domain": 82954, "hostname": 39041, "FileHash-SHA1": 1624, "email": 4658, "CVE": 12 }, "indicator_count": 319649, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "660b176a98b0c92ba5a962bc", "name": "\"No Problems\" - UAlberta TLD (Confirmed TLD - 08.04.24) & Subdomain compromise", "description": "Basically the above\n\n\"No Problems\", \"We are Unhackable\", etc. etc. causing problems.", "modified": "2024-09-04T05:01:56.993000", "created": "2024-04-01T20:22:02.851000", "tags": [ "BEC" ], "references": [ "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/summary", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/iocs", "https://www.virustotal.com/graph/embed/gead337f35cdd4241b225b68ff0528a3834be5d60876745fa99254ff7f8a0df22?theme=dark", "https://www.virustotal.com/graph/embed/g1e31eca6803a433a9a33437d593a2bbdf979ff77c91340d1ab624d10dc8732b3?theme=dark", "https://dnstwist.it/#ea665d15-6507-4057-b2c9-18a2e546ee95", "https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore", "https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/", "https://malpedia.caad.fkie.fraunhofer.de/details/win.mydoom", "https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 233, "FileHash-SHA1": 230, "FileHash-SHA256": 6703, "URL": 4450, "CIDR": 3, "domain": 6223, "hostname": 2863, "email": 7, "CVE": 53 }, "indicator_count": 20765, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657098ff4c59f8ac3f86f613", "name": "v2 of web.basemark.com plus all suggested ioc,s dont forget about the dropped js files from the 2nd hybrid link", "description": "", "modified": "2023-12-06T15:53:35.032000", "created": "2023-12-06T15:53:35.032000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1168, "hostname": 1366, "domain": 412, "URL": 3576, "email": 2, "FileHash-MD5": 61, "FileHash-SHA1": 54 }, "indicator_count": 6639, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708cdd2f63f24552fa3e39", "name": "BLNWX.COM", "description": "", "modified": "2023-12-06T15:01:49.772000", "created": "2023-12-06T15:01:49.772000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 400, "URL": 1905, "domain": 494, "hostname": 707 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c534aadf7adf4f27d77", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "", "modified": "2023-12-06T14:59:31.122000", "created": "2023-12-06T14:59:31.122000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 302, "domain": 634, "URL": 2988, "hostname": 1208 }, "indicator_count": 5132, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657080d20f7e10c1e37fcf89", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:10:26.301000", "created": "2023-12-06T14:10:26.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1078, "domain": 838, "hostname": 1607, "URL": 4134, "email": 3, "FileHash-SHA1": 2, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "642594b9402f0edc523a1149", "name": "http://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k'", "description": "", "modified": "2023-04-29T13:05:05.409000", "created": "2023-03-30T13:55:05.516000", "tags": [ "trojan", "apt", "ansi", "dropped file", "runtime data", "chromeua", "optout", "programfiles", "typeof e", "localappdata", "error", "date", "generator", "path", "null", "void", "win64", "twitter", "this", "critical", "desktop", "dark", "light", "meta", "roboto", "span", "class", "template", "blink", "suspicious", "facebook", "mexico", "malicious", "mozilla", "strings", "qakbot", "://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00" ], "references": [ "://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k", "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9/641e30763dcad56bc2075661" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 243, "email": 2, "domain": 240, "URL": 101, "FileHash-MD5": 61, "FileHash-SHA1": 54, "FileHash-SHA256": 99 }, "indicator_count": 800, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1128 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6425a2f9c155fd53b9922bcd", "name": "v2 of web.basemark.com plus all suggested ioc,s dont forget about the dropped js files from the 2nd hybrid link", "description": "hope peeps are gona learn from 3cx that false positives are in fact often not false", "modified": "2023-04-29T13:05:05.409000", "created": "2023-03-30T14:55:53.652000", "tags": [ "trojan", "apt", "ansi", "dropped file", "runtime data", "chromeua", "optout", "programfiles", "typeof e", "localappdata", "error", "date", "generator", "path", "null", "void", "win64", "twitter", "this", "critical", "desktop", "dark", "light", "meta", "roboto", "span", "class", "template", "blink", "suspicious", "facebook", "mexico", "malicious", "mozilla", "strings", "qakbot", "://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00" ], "references": [ "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9", "https://hybrid-analysis.com/sample/e7740c893812cea8e34ffb04331dcc45762dec73def71929bfbabcbfb22e93e9/641e30763dcad56bc2075661", "http://web.basemark.com/result/?4A3D0fmu%1C%00%00%00B%00a%00s%00e%00m%00a%00r%00k" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 412, "FileHash-SHA256": 1168, "URL": 3576, "hostname": 1366, "email": 2, "FileHash-MD5": 61, "FileHash-SHA1": 54 }, "indicator_count": 6639, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1128 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62750795ebc8c475f4a3033a", "name": "aquanx.com (PegTech botnet hosting)", "description": "var b[f, g.g, is a new addition to the list of characters that can be added to a singleElement, as well as a set of numbers, if they are new.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T11:33:41.174000", "tags": [ "function", "eu cookie", "version", "tamas schalk", "element", "lang", "datadelay", "dataexpire", "dataclass", "name", "date", "path", "null", "cookie", "regexp", "typeof e", "please", "typeof t", "pseudo", "child", "array", "error", "class", "void", "this", "extendedvps", "login register", "product group", "svssdlinux", "svssdwindows", "password", "client area", "aquanx english", "azerbaijani", "catal", "colocation\uff0ccustomized service\uff0cone-stop service\uff0caffordable cloud ", "aquanx", "metal cloud", "chat", "ddos migration", "network", "colocation", "cloud", "colocation bare", "cloud hosting", "private cloud", "bare", "service", "custom build", "https", "bootstrap", "bootstrap hover", "dropdown", "author", "cameron spear", "mattia larentis", "dropdown plugin", "http", "plugin", "copyright", "twitter", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "type", "expando", "typeof selector", "sizzle", "elem", "match", "data", "seed", "vd", "number", "string", "ienew ca", "closure library", "quota", "aafunction", "dafunction" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "https://aquanx.com/js/jquery-1.12.4.min.js", "https://aquanx.com/js/bootstrap.js", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://aquanx.com/js/modernizr-custom.js", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://aquanx.com/", "https://user.aquanx.com/clientarea.php", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "xfe-URL-raksmart.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 560, "URL": 1236, "domain": 184, "FileHash-SHA256": 79 }, "indicator_count": 2059, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62756a0d14664003affb0555", "name": "hush.com 301 to hushmail.com", "description": "var b[f, gw.b, \"dust\" - a.g - has been added to an Array by the end of the year, if there is any chance of it being added.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T18:33:49.161000", "tags": [ "widget", "null", "regexp", "array", "copyright", "license", "calltrkswap", "date", "typeof s", "xmlhttprequest", "typeof r", "script", "vd", "number", "string", "ienew ca", "closure library", "error", "quota", "aafunction", "dafunction", "function", "typeof o", "reduceright", "aw1070742489", "uint8array", "void", "code", "typeof symbol", "wickedclientid", "wickedemail", "wickedurl", "wickednullurl", "typeof e", "direct", "typeof require", "modulenotfound", "mini", "cnull", "anull", "nl50", "pnull", "okcancel", "compiled", "true", "android", "trident", "form", "window", "false", "acronym", "body", "canvas", "embed", "footer", "iframe", "keygen", "legend", "mark", "meta", "ruby", "small", "span", "template", "blank", "twitter", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "typeof module", "width", "object", "this", "accept", "fnumber", "gtmmf25krh", "host", "path" ], "references": [ "xfe-URL-Hush.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-MF25KRH", "https://www.hushmail.com/shared/javascript/jquery-3.5.1.min.js", "https://www.hushmail.com/javascriptinclude/eNrLKC3OyE3MzIkvT00qzixJtSpITE_V98lPz8xzyy_K1csqtjI0MzK2MDcwsbS0ysCq2qkov7w4tSi4JLGkGFUDAF_tIM0,.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://www.hushmail.com/javascriptinclude/eNpNzEEOQDAQQNEbtVoM7Sks7GXopB0pkQ5xfWJl-5P3JWGh4AvukSRzoKKtqlWlf0Wt4k3rnG2g641Pl6QNOU83zcIn-QMj6ZHpHQ2FF97jiHOmj0ED4FxfwQOf9yPU.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "https://widget.wickedreports.com/widget.js", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489", "https://www.hushmail.com/status/", "https://script.tapfiliate.com/tapfiliate.js", "https://www.googletagmanager.com/gtag/js?id=UA-1837381-13", "https://widget.wickedreports.com/v2/3469/wr-dafa9fae816c2f65d24d1eb593b58626.js", "https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861725881&ids%5B%5D=431115301", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861793229&ids%5B%5D=431115301", "https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=4bdc496b000064000505a89d#locale=en-US&styleHeight=28px&styleWidth=100%25&theme=light" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "OkCancel", "display_name": "OkCancel", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1917, "hostname": 698, "FileHash-SHA256": 116, "domain": 263 }, "indicator_count": 2994, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "shown.bs", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "shown.bs", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780267901.7399125 }