{ "type": "Domain", "indicator": "singnode.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/singnode.com", "alexa": "http://www.alexa.com/siteinfo/singnode.com", "indicator": "singnode.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3697800202, "indicator": "singnode.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 43, "pulses": [ { "id": "64edfc5ab93abb1407070292", "name": "Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)", "description": "UNC4841 has continued to show sophistication and adaptability in response to remediation efforts. Specifically, UNC4841 deployed new and novel malware designed to maintain presence at a small subset of high priority targets that it compromised either before the patch was released, or shortly following Barracuda\u2019s remediation guidance.", "modified": "2023-09-28T14:00:22.225000", "created": "2023-08-29T14:10:33.719000", "tags": [ "unc4841", "depthcharge", "foxtrot", "barracuda", "foxglove", "skipjack", "cve20232868", "ghostemperor", "unc3886", "castletap", "driedmoat" ], "references": [ "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation" ], "public": 1, "adversary": "UNC4841", "targeted_countries": [ "China", "Taiwan", "Hong Kong", "United States of America" ], "malware_families": [ { "id": "Base64", "display_name": "Base64", "target": null }, { "id": "UNC3886", "display_name": "UNC3886", "target": null }, { "id": "CASTLETAP", "display_name": "CASTLETAP", "target": null }, { "id": "DRIEDMOAT", "display_name": "DRIEDMOAT", "target": null }, { "id": "REPTILE", "display_name": "REPTILE", "target": null }, { "id": "DEPTHCHARGE", "display_name": "DEPTHCHARGE", "target": null }, { "id": "SKIPJACK", "display_name": "SKIPJACK", "target": null }, { "id": "FOXGLOVE", "display_name": "FOXGLOVE", "target": null }, { "id": "FOXTROT", "display_name": "FOXTROT", "target": null } ], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" } ], "industries": [ "Government", "Information Technology", "High Tech", "Foreign", "Aerospace", "Technology", "Telecommunications", "Manufacturing", "Healthcare", "Biotechnology", "Defense", "Foreign Affairs", "Trade", "Semiconductor" ], "TLP": "white", "cloned_from": null, "export_count": 399, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 120, "FileHash-SHA1": 16, "FileHash-SHA256": 16, "YARA": 4, "domain": 8, "hostname": 2 }, "indicator_count": 167, "is_author": false, "is_subscribing": null, "subscriber_count": 377575, "modified_text": "934 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "648b66983f37706379e0a660", "name": "Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China", "description": "On May 23, 2023, Barracuda announced that a zero-day vulnerability (CVE-2023-2868) in the Barracuda Email Security Gateway (ESG) had been exploited in-the-wild as early as October 2022 and that they engaged Mandiant to assist in the investigation. Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset of Barracuda ESG appliances to utilize as a vector for espionage, spanning a multitude of regions and sectors. Mandiant assesses with high confidence that UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People\u2019s Republic of China.", "modified": "2023-07-15T19:00:06.454000", "created": "2023-06-15T19:29:28.341000", "tags": [ "CVE-2023-2868", "Barracuda", "Phishing", "WHIRLPOOL", "C programming language", "SEASPRAY", "SANDBAR", "SEASIDE" ], "references": [ "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 350, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 76, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "YARA": 9, "domain": 8 }, "indicator_count": 105, "is_author": false, "is_subscribing": null, "subscriber_count": 377577, "modified_text": "1009 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5fa1852d337eca8e99c2ec32", "name": "Malware - Malware Domain Feed V2 - November 03 2020", "description": "Command and Control domains for Malware. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-04-17T03:00:09.717000", "created": "2020-11-03T16:28:29.011000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 508981, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo", "id": "78495", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48210, "domain": 72684 }, "indicator_count": 120894, "is_author": false, "is_subscribing": null, "subscriber_count": 1699, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6675c61d2a8e4554b9985027", "name": "BLOCK_2024", "description": "", "modified": "2026-02-04T19:03:11.880000", "created": "2024-06-21T18:27:41.885000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "65e899612f5527bad9d4e5a8", "export_count": 6864377, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BLOCKINGBLOCK", "id": "211480", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_211480/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2306, "FileHash-MD5": 4833, "URL": 1674, "hostname": 1302, "FileHash-SHA256": 6371, "FileHash-SHA1": 4014, "IPv4": 3524, "CIDR": 19, "email": 190, "CVE": 4 }, "indicator_count": 24237, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "74 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a9a77a47c528558c8ef", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:48:26.770000", "created": "2026-01-21T04:48:26.770000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 23, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a66c4042524a1ef26a8", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:47:34.615000", "created": "2026-01-21T04:47:34.615000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a57b1aa54d1ca1e9777", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:47:19.388000", "created": "2026-01-21T04:47:19.388000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a330e5bb8fbd2e958ff", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:46:43.394000", "created": "2026-01-21T04:46:43.394000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a308ae683c590bcbe71", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:46:40.973000", "created": "2026-01-21T04:46:40.973000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a3056e76df0e220c4d2", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:46:40.172000", "created": "2026-01-21T04:46:40.172000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69404b09d8296388596ecfa9", "name": "BLOCK_2025_DIC", "description": "", "modified": "2025-12-24T16:04:11.529000", "created": "2025-12-15T17:53:13.004000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6675c61d2a8e4554b9985027", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BLOCKINGBLOCK", "id": "211480", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_211480/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2300, "FileHash-MD5": 4833, "URL": 1673, "hostname": 1297, "FileHash-SHA256": 6371, "FileHash-SHA1": 4014, "IPv4": 3235, "CIDR": 19, "email": 170, "CVE": 4 }, "indicator_count": 23916, "is_author": false, "is_subscribing": null, "subscriber_count": 79, "modified_text": "116 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "654c34e7efa40976a9dd655b", "name": "SOC2023", "description": "", "modified": "2025-08-17T17:03:38.868000", "created": "2023-11-09T01:24:55.160000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "65491efbfc3d9479076431bb", "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BLOCKINGBLOCK", "id": "211480", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_211480/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1714, "FileHash-MD5": 3448, "URL": 727, "hostname": 912, "FileHash-SHA256": 4539, "FileHash-SHA1": 2696, "IPv4": 276, "CIDR": 10, "email": 28 }, "indicator_count": 14350, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "245 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679c246da161670e959a9eec", "name": "2024-blocking-soc-ene25", "description": "", "modified": "2025-02-15T00:01:08.338000", "created": "2025-01-31T01:16:29.608000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6675c61d2a8e4554b9985027", "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BLOCKINGBLOCK", "id": "211480", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_211480/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2045, "FileHash-MD5": 4426, "URL": 1463, "hostname": 1231, "FileHash-SHA256": 5892, "FileHash-SHA1": 3625, "IPv4": 189, "CIDR": 6, "email": 163 }, "indicator_count": 19040, "is_author": false, "is_subscribing": null, "subscriber_count": 84, "modified_text": "428 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679c246c8bf7850b5096828e", "name": "2024-blocking-soc-ene25", "description": "", "modified": "2025-02-15T00:01:08.338000", "created": "2025-01-31T01:16:28.004000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6675c61d2a8e4554b9985027", "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BLOCKINGBLOCK", "id": "211480", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_211480/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2045, "FileHash-MD5": 4426, "URL": 1463, "hostname": 1231, "FileHash-SHA256": 5892, "FileHash-SHA1": 3625, "IPv4": 189, "CIDR": 6, "email": 163 }, "indicator_count": 19040, "is_author": false, "is_subscribing": null, "subscriber_count": 84, "modified_text": "428 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6758ebc2472100ac75acad69", "name": "2024-DIC-10-Clon", "description": "", "modified": "2025-01-09T23:04:00.232000", "created": "2024-12-11T01:32:50.260000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6675c61d2a8e4554b9985027", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BLOCKINGBLOCK", "id": "211480", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_211480/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2030, "FileHash-MD5": 4171, "URL": 1324, "hostname": 1222, "FileHash-SHA256": 5634, "FileHash-SHA1": 3368, "IPv4": 189, "CIDR": 6, "email": 162 }, "indicator_count": 18106, "is_author": false, "is_subscribing": null, "subscriber_count": 84, "modified_text": "465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6765eebf9ec06704f3a6ea68", "name": "CLON IPIF", "description": "", "modified": "2025-01-09T23:04:00.232000", "created": "2024-12-20T22:25:03.407000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6675c61d2a8e4554b9985027", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BLOCKINGBLOCK", "id": "211480", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_211480/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2031, "FileHash-MD5": 4171, "URL": 1324, "hostname": 1222, "FileHash-SHA256": 5634, "FileHash-SHA1": 3368, "IPv4": 189, "CIDR": 6, "email": 162 }, "indicator_count": 18107, "is_author": false, "is_subscribing": null, "subscriber_count": 84, "modified_text": "465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6732a0b6cc4c5356a823de37", "name": "_CLON_2024_NOV11", "description": "", "modified": "2024-12-11T00:00:21.805000", "created": "2024-11-12T00:26:30.524000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6675c61d2a8e4554b9985027", "export_count": 30, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BLOCKINGBLOCK", "id": "211480", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_211480/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1795, "FileHash-MD5": 3724, "URL": 1028, "hostname": 1096, "FileHash-SHA256": 5030, "FileHash-SHA1": 2927, "IPv4": 189, "CIDR": 6, "email": 28 }, "indicator_count": 15823, "is_author": false, "is_subscribing": null, "subscriber_count": 84, "modified_text": "494 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65fc23e4c36f0715310e1d95", "name": "SOC_BLOCK_NEW", "description": "", "modified": "2024-03-21T12:11:41.190000", "created": "2024-03-21T12:11:16.345000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "65e899612f5527bad9d4e5a8", "export_count": 275, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fencesense", "id": "255590", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1715, "FileHash-MD5": 3498, "URL": 729, "hostname": 911, "FileHash-SHA256": 4590, "FileHash-SHA1": 2746, "IPv4": 189, "CIDR": 6, "email": 28 }, "indicator_count": 14412, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "759 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64dd9c1d76a7807782a691d3", "name": "IOC's found on my pesonal devices; week starting 08/14/23", "description": "I had wrapped the majority of the files i'd run since the 14th into the Pulse of the same date, but at over 17k indicators i think it was time to put that one to rest. Obviously time and life allowing my intention is to keep updating and creating more of these as long as i'm kept flush with content. At current i'm pretty damned flush. This is just a preliminary dump of my /tmp folder on Arch. part of the infection chain is process hallowing and then hijacking a program close to the user, with decent call ability to the rest of the system.", "modified": "2024-02-14T21:44:02.852000", "created": "2023-08-17T04:03:41.985000", "tags": [ "o cloexec", "r procversion", "cachyos", "gnu ld", "gnu binutils", "microsoft", "f lockfd", "cygwin", "u respfd", "procselffd13", "procselffd14", "x8664", "uname", "linux", "getconf", "cpus32", "case", "m x8664", "s linux", "x8664 o", "z linux", "z x8664", "replying", "timing", "successfully", "shift", "procselffd16", "empty", "head", "dirty", "found", "splitting", "license", "index", "kill", "zfrm", "argv" ], "references": [ ".ICE-unix", ".org.chromium.Chromium.12ZdF3", ".vbox-mrkd-ipc", "@tmp", ".org.chromium.Chromium.T2jdbS", ".X11-unix", "albert_yt_ynb2tftv", "fish.root", "20230816_202710-scantemp.b14ff4bc3a", "plasma-csd-generator.LTvjbT", "pytest-of-mrkd", "runtime-root", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-ananicy-cpp.service-U5RKxp", ".org.chromium.Chromium.coQnti", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-bluetooth.service-7fh2tg", "bauh@mrkd", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-iwd.service-jnpcHR", ".org.chromium.Chromium.8GBhMA", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-polkit.service-CfCUQZ", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-systemd-logind.service-Q9OYbj", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-power-profiles-daemon.service-hSCDr7", ".org.chromium.Chromium.HMzFxo", "Temp-0c3dc677-7d66-4234-b14e-f604605b2d0c", "tmp.D4NXyZ3U4J", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-uksmd.service-oAjI9s", "Temp-0148ee46-b3e0-4c4b-aa55-b60c6b63eb6f", "tmp.ziktUZeKXL", "v8-compile-cache-0", "tmp90lfbdek", "tst-bz26353KOtJVp", "v8-compile-cache-1000", ".X0-lock", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.xtrace.log", "Temp-4d7e99a7-2d45-4347-a3b6-b64e3ae65e2e", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.xtrace.log", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.daemon.log", "gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.10291.1692217508.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.11270.1692217597.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.daemon.log", "gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.12928.1692233448.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.13309.1692233456.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.28823.1692223670.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.23930.1692220492.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.241161.1692238939.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.240792.1692238921.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.268412.1692240156.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.317097.1692240795.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.345673.1692241474.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.daemon.log", "qtsingleapp-Notifi-4c42-3e8", "gitstatus.POWERLEVEL9K.1000.2588447.1692243345.1.xtrace.log", "memmemY_2MMv.c", "gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.xtrace.log", "qtsingleapp-Notifi-4c42-3e8-lockfile", "stdbool.hcc0B2j.c", "strlcatmMvE1V.c", "qtsingleapp-Octopi-1d88-3e8-lockfile", "strlcpydb8x03.c", "stdbool.ht64kj6qw.c", "qtsingleapp-Octopi-1d88-3e8", "gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.daemon.log", "https://hybrid-analysis.com/sample/43b03483bf2b292ebb1b33469ab4b19e2ac84b1c86c0f34f60adab4bc64176b9", "https://hybrid-analysis.com/sample/320a60044adeccec22937423e859d2b095e976698133e37a83e019ce08c8bc0c", "https://hybrid-analysis.com/file-collection/64dfee6a3329552c91026445", "https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca", "https://hybrid-analysis.com/sample/8c7c7246468ffeffe01617b597622cd237fa334fb24dc4977fcac398bbe0df80", "https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/64dff1fbeab7dc252b0e56a6", "https://www.virustotal.com/gui/file/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/details", "https://otx.alienvault.com/indicator/file/5820da0bbae4f091dc0248e566d8f1076fd81485d1893effa14cdc1dc122f1fd" ], "public": 1, "adversary": "N/A", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "BV:TelegramBot-A\\ [Trj]", "display_name": "BV:TelegramBot-A\\ [Trj]", "target": null }, { "id": "Ransom:Linux/DarkRadiation.A!MTB", "display_name": "Ransom:Linux/DarkRadiation.A!MTB", "target": "/malware/Ransom:Linux/DarkRadiation.A!MTB" }, { "id": "SLF:MamacseMacro.A", "display_name": "SLF:MamacseMacro.A", "target": null }, { "id": "TrojanDownloader:Linux/Morila!MTB", "display_name": "TrojanDownloader:Linux/Morila!MTB", "target": "/malware/TrojanDownloader:Linux/Morila!MTB" }, { "id": "Backdoor:Win32/R2d2.A", "display_name": "Backdoor:Win32/R2d2.A", "target": "/malware/Backdoor:Win32/R2d2.A" }, { "id": "Sf:ShellCode-DZ\\ [Trj]", "display_name": "Sf:ShellCode-DZ\\ [Trj]", "target": null }, { "id": "NETexecutableMicrosoft", "display_name": "NETexecutableMicrosoft", "target": null }, { "id": "TrojanDropper:Win32/FakeFlexnet.A", "display_name": "TrojanDropper:Win32/FakeFlexnet.A", "target": "/malware/TrojanDropper:Win32/FakeFlexnet.A" }, { "id": "Delphi", "display_name": "Delphi", "target": null } ], "attack_ids": [], "industries": [ "individuals" ], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 206, "domain": 5129, "FileHash-MD5": 177, "FileHash-SHA1": 114, "URL": 646, "hostname": 2078, "CVE": 412, "email": 4 }, "indicator_count": 8766, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "795 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a9b042961d3e7a6a564d", "name": "bkp16oct", "description": "", "modified": "2023-12-06T17:04:48.880000", "created": "2023-12-06T17:04:48.880000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1390, "FileHash-SHA256": 3099, "hostname": 769, "FileHash-MD5": 2353, "FileHash-SHA1": 1624, "URL": 590, "email": 26, "IPv4": 150, "CIDR": 6 }, "indicator_count": 10007, "is_author": false, "is_subscribing": null, "subscriber_count": 113, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a8b5cae685fce7f5231f", "name": "bkp oct 10", "description": "", "modified": "2023-12-06T17:00:37.687000", "created": "2023-12-06T17:00:37.687000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1376, "FileHash-SHA256": 3065, "hostname": 768, "FileHash-MD5": 2320, "FileHash-SHA1": 1591, "URL": 589, "email": 26, "IPv4": 150, "CIDR": 6 }, "indicator_count": 9891, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a7d02c5746343283fc12", "name": "bkp5o23", "description": "", "modified": "2023-12-06T16:56:48.472000", "created": "2023-12-06T16:56:48.472000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1365, "FileHash-SHA256": 3021, "hostname": 764, "FileHash-MD5": 2278, "FileHash-SHA1": 1539, "URL": 589, "email": 26, "IPv4": 150, "CIDR": 6 }, "indicator_count": 9738, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a7aaee2e95f7517277d3", "name": "bkp03test", "description": "", "modified": "2023-12-06T16:56:10.492000", "created": "2023-12-06T16:56:10.492000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1362, "FileHash-SHA256": 2891, "hostname": 755, "FileHash-MD5": 2159, "FileHash-SHA1": 1420, "URL": 589, "email": 26, "IPv4": 148, "CIDR": 6 }, "indicator_count": 9356, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a7a346ec10c12d5b15b5", "name": "BKPo3", "description": "", "modified": "2023-12-06T16:56:03.381000", "created": "2023-12-06T16:56:03.381000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1362, "FileHash-SHA256": 2891, "hostname": 755, "FileHash-MD5": 2159, "FileHash-SHA1": 1420, "URL": 589, "email": 26, "IPv4": 148, "CIDR": 6 }, "indicator_count": 9356, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a602c1e9c47280c247e4", "name": "SOC2023", "description": "", "modified": "2023-12-06T16:49:06.159000", "created": "2023-12-06T16:49:06.159000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1420, "FileHash-SHA256": 3123, "hostname": 769, "FileHash-MD5": 2379, "FileHash-SHA1": 1642, "URL": 590, "email": 26, "IPv4": 150, "CIDR": 6 }, "indicator_count": 10105, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a5f81702fdce6c496a1c", "name": "Undefined Name", "description": "", "modified": "2023-12-06T16:48:56.950000", "created": "2023-12-06T16:48:56.950000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1345, "FileHash-SHA256": 2819, "hostname": 741, "FileHash-MD5": 2106, "FileHash-SHA1": 1371, "URL": 571, "email": 26, "IPv4": 148, "CIDR": 6 }, "indicator_count": 9133, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a5a5f6bf793f823e6397", "name": "Undefined Name", "description": "", "modified": "2023-12-06T16:47:33.032000", "created": "2023-12-06T16:47:33.032000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1345, "FileHash-SHA256": 2819, "hostname": 741, "FileHash-MD5": 2106, "FileHash-SHA1": 1371, "URL": 571, "email": 26, "IPv4": 148, "CIDR": 6 }, "indicator_count": 9133, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709ffcf3ffe737f8cb8dfd", "name": "IOC's found on my pesonal devices; week starting 08/14/23", "description": "", "modified": "2023-12-06T16:23:24.919000", "created": "2023-12-06T16:23:24.919000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 103, "hostname": 524, "domain": 1292, "FileHash-SHA256": 95, "FileHash-MD5": 54, "FileHash-SHA1": 39, "URL": 169, "email": 1 }, "indicator_count": 2277, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657093164553ecf08ba4a8bd", "name": "SOC2022ALL", "description": "", "modified": "2023-12-06T15:28:22.905000", "created": "2023-12-06T15:28:22.905000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1345, "FileHash-SHA256": 2819, "hostname": 741, "FileHash-MD5": 2106, "FileHash-SHA1": 1371, "URL": 571, "email": 26, "IPv4": 148, "CIDR": 6 }, "indicator_count": 9133, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6346ee707f119521a426ecc9", "name": "SOC2022ALL", "description": "DD", "modified": "2023-10-21T14:02:41.990000", "created": "2022-10-12T16:42:24.004000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16454, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BLOCKINGBLOCK", "id": "211480", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_211480/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1490, "FileHash-MD5": 2606, "URL": 611, "hostname": 831, "FileHash-SHA256": 3518, "FileHash-SHA1": 1794, "IPv4": 187, "CIDR": 6, "email": 26 }, "indicator_count": 11069, "is_author": false, "is_subscribing": null, "subscriber_count": 102, "modified_text": "911 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64f089a1db3faccfc533cbff", "name": "Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) | Mandiant", "description": "Mandiant is the world's leading provider of threat intelligence and incident response services, with products, services and resources designed to help businesses and government agencies defend against cyber crime and threats from cyber criminals.", "modified": "2023-09-30T12:01:18.504000", "created": "2023-08-31T12:37:53.769000", "tags": [ "unc4841", "mandiant", "depthcharge", "foxtrot", "barracuda", "foxglove", "barracuda esg", "skipjack", "cve20232868", "june", "february", "ghostemperor", "reptile", "base64", "unc3886", "castletap", "driedmoat" ], "references": [ "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Taiwan", "Hong Kong", "United States of America" ], "malware_families": [ { "id": "Base64", "display_name": "Base64", "target": null }, { "id": "UNC3886", "display_name": "UNC3886", "target": null }, { "id": "CASTLETAP", "display_name": "CASTLETAP", "target": null }, { "id": "DRIEDMOAT", "display_name": "DRIEDMOAT", "target": null }, { "id": "REPTILE", "display_name": "REPTILE", "target": null }, { "id": "DEPTHCHARGE", "display_name": "DEPTHCHARGE", "target": null } ], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" } ], "industries": [ "Government", "Information Technology", "High Tech", "Foreign", "Aerospace", "Technology", "Telecommunications", "Manufacturing", "Healthcare", "Biotechnology", "Defense", "Foreign Affairs", "Trade", "Semiconductor" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 121, "FileHash-SHA1": 20, "FileHash-SHA256": 20, "YARA": 4, "domain": 8, "hostname": 3 }, "indicator_count": 177, "is_author": false, "is_subscribing": null, "subscriber_count": 845, "modified_text": "932 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64f025da85fd3c8ea2f0fa27", "name": "Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)", "description": "", "modified": "2023-09-28T14:00:22.225000", "created": "2023-08-31T05:32:10.946000", "tags": [ "unc4841", "depthcharge", "foxtrot", "barracuda", "foxglove", "skipjack", "cve20232868", "ghostemperor", "unc3886", "castletap", "driedmoat" ], "references": [ "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation" ], "public": 1, "adversary": "UNC4841", "targeted_countries": [ "China", "Taiwan", "Hong Kong", "United States of America" ], "malware_families": [ { "id": "Base64", "display_name": "Base64", "target": null }, { "id": "UNC3886", "display_name": "UNC3886", "target": null }, { "id": "CASTLETAP", "display_name": "CASTLETAP", "target": null }, { "id": "DRIEDMOAT", "display_name": "DRIEDMOAT", "target": null }, { "id": "REPTILE", "display_name": "REPTILE", "target": null }, { "id": "DEPTHCHARGE", "display_name": "DEPTHCHARGE", "target": null }, { "id": "SKIPJACK", "display_name": "SKIPJACK", "target": null }, { "id": "FOXGLOVE", "display_name": "FOXGLOVE", "target": null }, { "id": "FOXTROT", "display_name": "FOXTROT", "target": null } ], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" } ], "industries": [ "Government", "Information Technology", "High Tech", "Foreign", "Aerospace", "Technology", "Telecommunications", "Manufacturing", "Healthcare", "Biotechnology", "Defense", "Foreign Affairs", "Trade", "Semiconductor" ], "TLP": "white", "cloned_from": "64f0100c80f7e6493dd56daf", "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 120, "FileHash-SHA1": 16, "FileHash-SHA256": 16, "YARA": 4, "domain": 8, "hostname": 2 }, "indicator_count": 167, "is_author": false, "is_subscribing": null, "subscriber_count": 265, "modified_text": "934 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64f0100c80f7e6493dd56daf", "name": "Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)", "description": "", "modified": "2023-09-28T14:00:22.225000", "created": "2023-08-31T03:59:08.759000", "tags": [ "unc4841", "depthcharge", "foxtrot", "barracuda", "foxglove", "skipjack", "cve20232868", "ghostemperor", "unc3886", "castletap", "driedmoat" ], "references": [ "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation" ], "public": 1, "adversary": "UNC4841", "targeted_countries": [ "China", "Taiwan", "Hong Kong", "United States of America" ], "malware_families": [ { "id": "Base64", "display_name": "Base64", "target": null }, { "id": "UNC3886", "display_name": "UNC3886", "target": null }, { "id": "CASTLETAP", "display_name": "CASTLETAP", "target": null }, { "id": "DRIEDMOAT", "display_name": "DRIEDMOAT", "target": null }, { "id": "REPTILE", "display_name": "REPTILE", "target": null }, { "id": "DEPTHCHARGE", "display_name": "DEPTHCHARGE", "target": null }, { "id": "SKIPJACK", "display_name": "SKIPJACK", "target": null }, { "id": "FOXGLOVE", "display_name": "FOXGLOVE", "target": null }, { "id": "FOXTROT", "display_name": "FOXTROT", "target": null } ], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" } ], "industries": [ "Government", "Information Technology", "High Tech", "Foreign", "Aerospace", "Technology", "Telecommunications", "Manufacturing", "Healthcare", "Biotechnology", "Defense", "Foreign Affairs", "Trade", "Semiconductor" ], "TLP": "white", "cloned_from": "64edfc5ab93abb1407070292", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 120, "FileHash-SHA1": 16, "FileHash-SHA256": 16, "YARA": 4, "domain": 8, "hostname": 2 }, "indicator_count": 167, "is_author": false, "is_subscribing": null, "subscriber_count": 184, "modified_text": "934 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64ec44bd531914683f1a0d2a", "name": "Suspected PRC Cyber ActorsContinue to Globally Exploit Barracuda (@Tra1sa111) ", "description": "", "modified": "2023-09-24T07:00:54.802000", "created": "2023-08-28T06:54:53.114000", "tags": [ "CVE-2023-2868", "ESG", "PRC cyber actors", "data exfiltration", "credential harvesting", "email scanning,", "persistent access", "SUBMARINE", "WHIRLPOOL", "SEASPY" ], "references": [ "https://www.ic3.gov/Media/News/2023/230823.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "64ec3691ba8ffb01f4b54bfe", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "domain": 7 }, "indicator_count": 8, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "938 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64ec3691ba8ffb01f4b54bfe", "name": "Suspected PRC Cyber ActorsContinue to Globally Exploit Barracuda ESG Zero-Day Vulnerability", "description": "", "modified": "2023-09-24T07:00:54.802000", "created": "2023-08-28T05:54:25.114000", "tags": [ "CVE-2023-2868", "ESG", "PRC cyber actors", "data exfiltration", "credential harvesting", "email scanning,", "persistent access", "SUBMARINE", "WHIRLPOOL", "SEASPY" ], "references": [ "https://www.ic3.gov/Media/News/2023/230823.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "64e85599afbecba4a3b09b3e", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "domain": 7 }, "indicator_count": 8, "is_author": false, "is_subscribing": null, "subscriber_count": 263, "modified_text": "938 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e85599afbecba4a3b09b3e", "name": "Suspected PRC Cyber ActorsContinue to Globally Exploit Barracuda ESG Zero-Day Vulnerability", "description": "As a part of the FBI investigation into the exploitation of CVE-2023-2868, a zero-day\nvulnerability in Barracuda Network\u2019s Email Security Gateway (ESG) appliances, the FBI has\nindependently verified that all exploited ESG appliances, even those with patches pushed out\nby Barracuda, remain at risk for continued computer network compromise from suspected PRC\ncyber actors exploiting this vulnerability", "modified": "2023-09-24T07:00:54.802000", "created": "2023-08-25T07:17:45.287000", "tags": [ "CVE-2023-2868", "ESG", "PRC cyber actors", "data exfiltration", "credential harvesting", "email scanning,", "persistent access", "SUBMARINE", "WHIRLPOOL", "SEASPY" ], "references": [ "https://www.ic3.gov/Media/News/2023/230823.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "domain": 7 }, "indicator_count": 8, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "938 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64cb8b69b908aebe22e27b8b", "name": "SUBMARINE backdoor", "description": "The CISA shared details about three backdoor malware variants that were used to abuse Barracuda ESG appliances, including a new persistent backdoor dubbed SUBMARINE. The malware were deployed by threat actors who exploited a critical RCE flaw (CVE-2023-2868) in ESG devices as zero-day last year. The China-based actor tracked as UNC4841 could be behind the attack, opined experts. The attackers utilized phishing emails with booby-trapped TAR file attachments to gain initial access and implant backdoors for persistence.", "modified": "2023-09-02T11:02:24.717000", "created": "2023-08-03T11:11:37.991000", "tags": [ "md5 hash", "domain" ], "references": [ "SUBMARINE backdoor IOCs.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ASQ505sa", "id": "217420", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 73, "FileHash-SHA1": 14, "FileHash-SHA256": 14, "domain": 8 }, "indicator_count": 109, "is_author": false, "is_subscribing": null, "subscriber_count": 34, "modified_text": "960 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6493880df550dfa06eb8290c", "name": "Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by threat actor UNC2529", "description": "", "modified": "2023-07-21T23:04:31.937000", "created": "2023-06-21T23:30:21.181000", "tags": [ "OSINT", "CVE-2023-2868", "Barracuda", "RCE", "Exploit", "Vulnerability" ], "references": [ "https://community.riskiq.com/article/f15e2c46" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 76, "FileHash-SHA1": 2, "domain": 8, "FileHash-SHA256": 2 }, "indicator_count": 88, "is_author": false, "is_subscribing": null, "subscriber_count": 1604, "modified_text": "1003 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "648c21c01d8b78d4da9a4fc8", "name": "Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant", "description": "Mandiant, the world's leading cyber security provider, has announced that it is expanding its services and offering products and services to help companies and governments defend against cyber crime. and other cyber threats.", "modified": "2023-07-16T08:01:59.875000", "created": "2023-06-16T08:48:00.230000", "tags": [ "whirlpool", "seaspy", "unc4841", "mandiant", "barracuda", "cve20232868", "barracuda esg", "esgip", "seaspray", "base64", "download", "june", "python", "team" ], "references": [ "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally" ], "public": 1, "adversary": "", "targeted_countries": [ "Hong Kong", "Taiwan", "China" ], "malware_families": [ { "id": "SEASPY", "display_name": "SEASPY", "target": null }, { "id": "WHIRLPOOL", "display_name": "WHIRLPOOL", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [ "Trade", "Foreign", "Foreign Affairs", "Academics", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 76, "FileHash-SHA1": 12, "FileHash-SHA256": 12, "URL": 5, "YARA": 9, "domain": 8 }, "indicator_count": 123, "is_author": false, "is_subscribing": null, "subscriber_count": 849, "modified_text": "1008 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "648c09454c6a8d654d136228", "name": "Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China", "description": "", "modified": "2023-07-15T19:00:06.454000", "created": "2023-06-16T07:03:33.908000", "tags": [ "CVE-2023-2868", "Barracuda", "Phishing", "WHIRLPOOL", "C programming language", "SEASPRAY", "SANDBAR", "SEASIDE" ], "references": [ "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "white", "cloned_from": "648bf96b54c25e391b14810f", "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 76, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "YARA": 9, "domain": 8 }, "indicator_count": 105, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "1009 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "648bf96b54c25e391b14810f", "name": "Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China", "description": "", "modified": "2023-07-15T19:00:06.454000", "created": "2023-06-16T05:55:55.165000", "tags": [ "CVE-2023-2868", "Barracuda", "Phishing", "WHIRLPOOL", "C programming language", "SEASPRAY", "SANDBAR", "SEASIDE" ], "references": [ "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "white", "cloned_from": "648b66983f37706379e0a660", "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 76, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "YARA": 9, "domain": 8 }, "indicator_count": 105, "is_author": false, "is_subscribing": null, "subscriber_count": 183, "modified_text": "1009 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "648b45c5b203342c262673ef", "name": "Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China", "description": "", "modified": "2023-07-15T13:00:39.873000", "created": "2023-06-15T17:09:25.797000", "tags": [ "whirlpool", "seaspy", "unc4841", "mandiant", "barracuda", "cve20232868", "barracuda esg", "esgip", "seaspray", "base64", "download", "june", "python", "team" ], "references": [ "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally" ], "public": 1, "adversary": "", "targeted_countries": [ "Hong Kong", "Taiwan", "China" ], "malware_families": [ { "id": "SEASPY", "display_name": "SEASPY", "target": null }, { "id": "WHIRLPOOL", "display_name": "WHIRLPOOL", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [ "Trade", "Foreign", "Foreign Affairs", "Academics", "Government" ], "TLP": "white", "cloned_from": "648b1300ccc64d3a1aa18f71", "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mxdrthreat", "id": "230035", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 76, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "URL": 5, "YARA": 9, "domain": 8 }, "indicator_count": 111, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "1009 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "648b1300ccc64d3a1aa18f71", "name": "Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant", "description": "Mandiant, the world's leading cyber security provider, has announced that it is expanding its services and offering products and services to help companies and governments defend against cyber crime. and other cyber threats.", "modified": "2023-07-15T13:00:39.873000", "created": "2023-06-15T13:32:48.349000", "tags": [ "whirlpool", "seaspy", "unc4841", "mandiant", "barracuda", "cve20232868", "barracuda esg", "esgip", "seaspray", "base64", "download", "june", "python", "team" ], "references": [ "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally" ], "public": 1, "adversary": "", "targeted_countries": [ "Hong Kong", "Taiwan", "China" ], "malware_families": [ { "id": "SEASPY", "display_name": "SEASPY", "target": null }, { "id": "WHIRLPOOL", "display_name": "WHIRLPOOL", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [ "Trade", "Foreign", "Foreign Affairs", "Academics", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "burtcha15", "id": "207697", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 76, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "URL": 5, "YARA": 9, "domain": 8 }, "indicator_count": 111, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "1009 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "gitstatus.POWERLEVEL9K.1000.23930.1692220492.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.345673.1692241474.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.28823.1692223670.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.xtrace.log", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-ananicy-cpp.service-U5RKxp", "gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.daemon.log", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-polkit.service-CfCUQZ", "gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.daemon.log", "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally", "qtsingleapp-Octopi-1d88-3e8", "gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.daemon.log", "qtsingleapp-Octopi-1d88-3e8-lockfile", ".ICE-unix", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-bluetooth.service-7fh2tg", "gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.xtrace.log", "qtsingleapp-Notifi-4c42-3e8", "runtime-root", "https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/64dff1fbeab7dc252b0e56a6", ".org.chromium.Chromium.T2jdbS", "v8-compile-cache-0", "strlcatmMvE1V.c", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.xtrace.log", "gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.240792.1692238921.1.daemon.log", "qtsingleapp-Notifi-4c42-3e8-lockfile", "SUBMARINE backdoor IOCs.csv", "gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.xtrace.log", "stdbool.ht64kj6qw.c", "gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.daemon.log", "https://hybrid-analysis.com/sample/8c7c7246468ffeffe01617b597622cd237fa334fb24dc4977fcac398bbe0df80", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.317097.1692240795.1.xtrace.log", "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation", "gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.xtrace.log", "https://community.riskiq.com/article/f15e2c46", "20230816_202710-scantemp.b14ff4bc3a", ".vbox-mrkd-ipc", "https://otx.alienvault.com/indicator/file/5820da0bbae4f091dc0248e566d8f1076fd81485d1893effa14cdc1dc122f1fd", "albert_yt_ynb2tftv", "gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.daemon.log", "https://www.ic3.gov/Media/News/2023/230823.pdf", "gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.daemon.log", ".org.chromium.Chromium.HMzFxo", "gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.daemon.log", "pytest-of-mrkd", "Temp-0148ee46-b3e0-4c4b-aa55-b60c6b63eb6f", "https://hybrid-analysis.com/sample/43b03483bf2b292ebb1b33469ab4b19e2ac84b1c86c0f34f60adab4bc64176b9", "https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca", "gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.daemon.log", "stdbool.hcc0B2j.c", "tmp90lfbdek", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-power-profiles-daemon.service-hSCDr7", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.daemon.log", "gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.daemon.log", ".org.chromium.Chromium.coQnti", "gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.daemon.log", "gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.xtrace.log", "tmp.D4NXyZ3U4J", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.11270.1692217597.1.daemon.log", "fish.root", "gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.daemon.log", "tmp.ziktUZeKXL", ".org.chromium.Chromium.8GBhMA", "gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.13309.1692233456.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.xtrace.log", "strlcpydb8x03.c", "gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.xtrace.log", "Temp-4d7e99a7-2d45-4347-a3b6-b64e3ae65e2e", "plasma-csd-generator.LTvjbT", "gitstatus.POWERLEVEL9K.1000.12928.1692233448.1.daemon.log", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-uksmd.service-oAjI9s", "gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.241161.1692238939.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.daemon.log", "@tmp", "gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.xtrace.log", "v8-compile-cache-1000", "gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.10291.1692217508.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.2588447.1692243345.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.daemon.log", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-iwd.service-jnpcHR", "gitstatus.POWERLEVEL9K.1000.268412.1692240156.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.xtrace.log", "Temp-0c3dc677-7d66-4234-b14e-f604605b2d0c", "https://www.virustotal.com/gui/file/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/details", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.xtrace.log", "memmemY_2MMv.c", "gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.xtrace.log", "https://hybrid-analysis.com/file-collection/64dfee6a3329552c91026445", "bauh@mrkd", "https://hybrid-analysis.com/sample/320a60044adeccec22937423e859d2b095e976698133e37a83e019ce08c8bc0c", ".org.chromium.Chromium.12ZdF3", "tst-bz26353KOtJVp", "gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.xtrace.log", "systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-systemd-logind.service-Q9OYbj", ".X11-unix", "gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.xtrace.log", "gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.daemon.log", "gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.xtrace.log", ".X0-lock", "gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.xtrace.log" ], "related": { "alienvault": { "adversary": [ "UNC4841" ], "malware_families": [ "Skipjack", "Reptile", "Castletap", "Foxtrot", "Unc3886", "Foxglove", "Depthcharge", "Base64", "Driedmoat" ], "industries": [ "Foreign affairs", "Trade", "Government", "Foreign", "Semiconductor", "Healthcare", "Technology", "Aerospace", "Information technology", "Biotechnology", "Defense", "Telecommunications", "High tech", "Manufacturing" ] }, "other": { "adversary": [ "UNC4841", "N/A" ], "malware_families": [ "Unc3886", "Seaspy", "Foxglove", "Delphi", "Trojandownloader:linux/morila!mtb", "Netexecutablemicrosoft", "Skipjack", "Bv:telegrambot-a\\ [trj]", "Slf:mamacsemacro.a", "Foxtrot", "Trojandropper:win32/fakeflexnet.a", "Base64", "Driedmoat", "Whirlpool", "Ransom:linux/darkradiation.a!mtb", "Reptile", "Castletap", "Sf:shellcode-dz\\ [trj]", "Depthcharge", "Backdoor:win32/r2d2.a" ], "industries": [ "Foreign affairs", "Trade", "Government", "Foreign", "Semiconductor", "Academics", "Healthcare", "Technology", "Individuals", "Aerospace", "Information technology", "Biotechnology", "Defense", "Telecommunications", "High tech", "Manufacturing" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 43, "pulses": [ { "id": "64edfc5ab93abb1407070292", "name": "Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)", "description": "UNC4841 has continued to show sophistication and adaptability in response to remediation efforts. Specifically, UNC4841 deployed new and novel malware designed to maintain presence at a small subset of high priority targets that it compromised either before the patch was released, or shortly following Barracuda\u2019s remediation guidance.", "modified": "2023-09-28T14:00:22.225000", "created": "2023-08-29T14:10:33.719000", "tags": [ "unc4841", "depthcharge", "foxtrot", "barracuda", "foxglove", "skipjack", "cve20232868", "ghostemperor", "unc3886", "castletap", "driedmoat" ], "references": [ "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation" ], "public": 1, "adversary": "UNC4841", "targeted_countries": [ "China", "Taiwan", "Hong Kong", "United States of America" ], "malware_families": [ { "id": "Base64", "display_name": "Base64", "target": null }, { "id": "UNC3886", "display_name": "UNC3886", "target": null }, { "id": "CASTLETAP", "display_name": "CASTLETAP", "target": null }, { "id": "DRIEDMOAT", "display_name": "DRIEDMOAT", "target": null }, { "id": "REPTILE", "display_name": "REPTILE", "target": null }, { "id": "DEPTHCHARGE", "display_name": "DEPTHCHARGE", "target": null }, { "id": "SKIPJACK", "display_name": "SKIPJACK", "target": null }, { "id": "FOXGLOVE", "display_name": "FOXGLOVE", "target": null }, { "id": "FOXTROT", "display_name": "FOXTROT", "target": null } ], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" } ], "industries": [ "Government", "Information Technology", "High Tech", "Foreign", "Aerospace", "Technology", "Telecommunications", "Manufacturing", "Healthcare", "Biotechnology", "Defense", "Foreign Affairs", "Trade", "Semiconductor" ], "TLP": "white", "cloned_from": null, "export_count": 399, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 120, "FileHash-SHA1": 16, "FileHash-SHA256": 16, "YARA": 4, "domain": 8, "hostname": 2 }, "indicator_count": 167, "is_author": false, "is_subscribing": null, "subscriber_count": 377575, "modified_text": "934 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "648b66983f37706379e0a660", "name": "Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China", "description": "On May 23, 2023, Barracuda announced that a zero-day vulnerability (CVE-2023-2868) in the Barracuda Email Security Gateway (ESG) had been exploited in-the-wild as early as October 2022 and that they engaged Mandiant to assist in the investigation. Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset of Barracuda ESG appliances to utilize as a vector for espionage, spanning a multitude of regions and sectors. Mandiant assesses with high confidence that UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People\u2019s Republic of China.", "modified": "2023-07-15T19:00:06.454000", "created": "2023-06-15T19:29:28.341000", "tags": [ "CVE-2023-2868", "Barracuda", "Phishing", "WHIRLPOOL", "C programming language", "SEASPRAY", "SANDBAR", "SEASIDE" ], "references": [ "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 350, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 76, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "YARA": 9, "domain": 8 }, "indicator_count": 105, "is_author": false, "is_subscribing": null, "subscriber_count": 377577, "modified_text": "1009 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5fa1852d337eca8e99c2ec32", "name": "Malware - Malware Domain Feed V2 - November 03 2020", "description": "Command and Control domains for Malware. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-04-17T03:00:09.717000", "created": "2020-11-03T16:28:29.011000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 508981, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo", "id": "78495", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48210, "domain": 72684 }, "indicator_count": 120894, "is_author": false, "is_subscribing": null, "subscriber_count": 1699, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6675c61d2a8e4554b9985027", "name": "BLOCK_2024", "description": "", "modified": "2026-02-04T19:03:11.880000", "created": "2024-06-21T18:27:41.885000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "65e899612f5527bad9d4e5a8", "export_count": 6864377, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BLOCKINGBLOCK", "id": "211480", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_211480/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2306, "FileHash-MD5": 4833, "URL": 1674, "hostname": 1302, "FileHash-SHA256": 6371, "FileHash-SHA1": 4014, "IPv4": 3524, "CIDR": 19, "email": 190, "CVE": 4 }, "indicator_count": 24237, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "74 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a9a77a47c528558c8ef", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:48:26.770000", "created": "2026-01-21T04:48:26.770000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 23, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a66c4042524a1ef26a8", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:47:34.615000", "created": "2026-01-21T04:47:34.615000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a57b1aa54d1ca1e9777", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:47:19.388000", "created": "2026-01-21T04:47:19.388000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a330e5bb8fbd2e958ff", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:46:43.394000", "created": "2026-01-21T04:46:43.394000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a308ae683c590bcbe71", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:46:40.973000", "created": "2026-01-21T04:46:40.973000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69705a3056e76df0e220c4d2", "name": "malwarebad.txt", "description": "", "modified": "2026-01-21T04:46:40.172000", "created": "2026-01-21T04:46:40.172000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1852d337eca8e99c2ec32", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "RussianMob", "id": "378536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 48106, "domain": 72668 }, "indicator_count": 120774, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "singnode.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "singnode.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776643076.6899548 }