{ "type": "Domain", "indicator": "smartscreen-api.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/smartscreen-api.com", "alexa": "http://www.alexa.com/siteinfo/smartscreen-api.com", "indicator": "smartscreen-api.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4100545474, "indicator": "smartscreen-api.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "69708309d2278ae3906e9e78", "name": "block ioc;s", "description": "The full text of the full report on the events of 26 March 2017:-1-18 March 2018.. and the details will appear on Facebook, Twitter, Instagram and iPlayer on Wednesday", "modified": "2026-01-21T07:40:57.535000", "created": "2026-01-21T07:40:57.535000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "krishnababu", "id": "347852", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 14, "URL": 8, "domain": 6, "hostname": 3 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 21, "modified_text": "129 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68ca4af90cc802bb30feac52", "name": "CrowdStrike Falcon Prevents NPM Package Supply Chain Attacks (Shai-Halud)", "description": "CrowdStrike Falcon Prevents NPM Package Supply Chain Attacks (Shai-Halud)\nThese indicators are provided by CrowdStrike.\nReference URL provided.", "modified": "2025-09-17T06:17:46.361000", "created": "2025-09-17T05:45:27.601000", "tags": [ "scavenger dll", "falcon platform", "ioas", "node package", "manager", "scavenger", "javascript", "chain attack", "overview", "july" ], "references": [ "https://www.crowdstrike.com/en-us/blog/crowdstrike-falcon-prevents-npm-package-supply-chain-attacks/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Scavenger", "display_name": "Scavenger", "target": null } ], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Blue-line", "id": "357171", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "URL": 11, "domain": 4 }, "indicator_count": 25, "is_author": false, "is_subscribing": null, "subscriber_count": 3, "modified_text": "256 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6889ff2cfa6a2c08cb85336a", "name": "EbeeJuly2025 Pt2", "description": "IOCs of multiple threaats observed and collected in July 2025", "modified": "2025-08-29T10:02:20.542000", "created": "2025-07-30T11:17:00.302000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 65, "FileHash-MD5": 177, "FileHash-SHA1": 132, "FileHash-SHA256": 216, "domain": 136, "email": 1, "hostname": 101 }, "indicator_count": 828, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6889ebeb317457163ab8fa42", "name": "Emmenhtal loader", "description": "Campaigns that used Emmenhtal to deliver various payloads", "modified": "2025-08-29T09:03:58.967000", "created": "2025-07-30T09:54:51.943000", "tags": [], "references": [ "Emmenhtal.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 395, "BitcoinAddress": 1, "CVE": 6, "FileHash-MD5": 240, "FileHash-SHA1": 123, "FileHash-SHA256": 392, "domain": 182, "email": 1, "hostname": 181 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 42, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "688b0dde98e8d32361238f0f", "name": "Emmenhtal Loader Campaign deliver various payloads [IMEBEEIMFINE]", "description": "", "modified": "2025-08-29T09:03:58.967000", "created": "2025-07-31T06:31:58.326000", "tags": [], "references": [ "Emmenhtal.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6889ebeb317457163ab8fa42", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 395, "BitcoinAddress": 1, "CVE": 6, "FileHash-MD5": 240, "FileHash-SHA1": 123, "FileHash-SHA256": 392, "domain": 182, "email": 1, "hostname": 181 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6887e6e0c419286be8c1f257", "name": "ACTIVIDAD MALICIOSA | Relacionada con varias RAT y Botnet 28-07-2025", "description": "Relacionada con varias Botnet 28-07-2025", "modified": "2025-07-28T21:08:48.471000", "created": "2025-07-28T21:08:48.471000", "tags": [ "lumma stealer", "xworm" ], "references": [ "https://www.virustotal.com/graph/embed/gc4f682507d3240c08d0c6a6a2f90b3daaca0f20594464570bd7d7027af57c93a?theme=light", "https://www.virustotal.com/gui/collection/ebb04dbaae5b7d6ac28dafff93afc5230e189fa9a8e4998454f68f6d2ed45944" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Scavenger", "display_name": "Scavenger", "target": null }, { "id": "ValleyRAT", "display_name": "ValleyRAT", "target": null }, { "id": "QuasarRAT - S0262", "display_name": "QuasarRAT - S0262", "target": null }, { "id": "XWorm", "display_name": "XWorm", "target": null }, { "id": "GhoLoader", "display_name": "GhoLoader", "target": null }, { "id": "NetSupport ManagerRAT", "display_name": "NetSupport ManagerRAT", "target": null }, { "id": "ClearFake", "display_name": "ClearFake", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "LummaStealer", "display_name": "LummaStealer", "target": null }, { "id": "Remvio", "display_name": "Remvio", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null }, { "id": "BEACON", "display_name": "BEACON", "target": null }, { "id": "Havoc", "display_name": "Havoc", "target": null }, { "id": "Pinkslipbot", "display_name": "Pinkslipbot", "target": null }, { "id": "AsyncRAT - S1087", "display_name": "AsyncRAT - S1087", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "hostname": 17 }, "indicator_count": 35, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "306 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6880ba80f7ea7fd17645a532", "name": "2025-07-20 - Install Linters, Get Malware - DevSecOps Speedrun Edition - Humpty's RE Blog", "description": "", "modified": "2025-07-23T10:33:36.993000", "created": "2025-07-23T10:33:36.993000", "tags": [ "get malware", "edition", "humpty", "re blog", "iocs", "hashes" ], "references": [ "https://c-b.io/2025-07-20+-+Install+Linters%2C+Get+Malware+-+DevSecOps+Speedrun+Edition" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Sand-Storm", "id": "94093", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_94093/resized/80/avatar_281f69b768.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 14, "URL": 7, "domain": 6, "hostname": 1 }, "indicator_count": 52, "is_author": false, "is_subscribing": null, "subscriber_count": 415, "modified_text": "311 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "688039a7818cda8d24f2977c", "name": "Scavenger Malware Compromises Popular npm Packages", "description": "The popular npm package eslint-config-prettier was recently published without authorization raising concerns of a supply chain attack.", "modified": "2025-07-23T01:23:51.412000", "created": "2025-07-23T01:23:51.412000", "tags": [ "urls", "hxxps" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 14, "domain": 6, "hostname": 1 }, "indicator_count": 45, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "312 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.crowdstrike.com/en-us/blog/crowdstrike-falcon-prevents-npm-package-supply-chain-attacks/", "https://www.virustotal.com/graph/embed/gc4f682507d3240c08d0c6a6a2f90b3daaca0f20594464570bd7d7027af57c93a?theme=light", "https://c-b.io/2025-07-20+-+Install+Linters%2C+Get+Malware+-+DevSecOps+Speedrun+Edition", "https://www.virustotal.com/gui/collection/ebb04dbaae5b7d6ac28dafff93afc5230e189fa9a8e4998454f68f6d2ed45944", "Emmenhtal.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Beacon", "Scavenger", "Clearfake", "Vidar", "Xworm", "Valleyrat", "Mirai", "Pinkslipbot", "Lummastealer", "Havoc", "Gholoader", "Netsupport managerrat", "Asyncrat - s1087", "Remvio", "Quasarrat - s0262" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "69708309d2278ae3906e9e78", "name": "block ioc;s", "description": "The full text of the full report on the events of 26 March 2017:-1-18 March 2018.. and the details will appear on Facebook, Twitter, Instagram and iPlayer on Wednesday", "modified": "2026-01-21T07:40:57.535000", "created": "2026-01-21T07:40:57.535000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "krishnababu", "id": "347852", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 14, "URL": 8, "domain": 6, "hostname": 3 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 21, "modified_text": "129 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68ca4af90cc802bb30feac52", "name": "CrowdStrike Falcon Prevents NPM Package Supply Chain Attacks (Shai-Halud)", "description": "CrowdStrike Falcon Prevents NPM Package Supply Chain Attacks (Shai-Halud)\nThese indicators are provided by CrowdStrike.\nReference URL provided.", "modified": "2025-09-17T06:17:46.361000", "created": "2025-09-17T05:45:27.601000", "tags": [ "scavenger dll", "falcon platform", "ioas", "node package", "manager", "scavenger", "javascript", "chain attack", "overview", "july" ], "references": [ "https://www.crowdstrike.com/en-us/blog/crowdstrike-falcon-prevents-npm-package-supply-chain-attacks/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Scavenger", "display_name": "Scavenger", "target": null } ], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Blue-line", "id": "357171", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "URL": 11, "domain": 4 }, "indicator_count": 25, "is_author": false, "is_subscribing": null, "subscriber_count": 3, "modified_text": "256 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6889ff2cfa6a2c08cb85336a", "name": "EbeeJuly2025 Pt2", "description": "IOCs of multiple threaats observed and collected in July 2025", "modified": "2025-08-29T10:02:20.542000", "created": "2025-07-30T11:17:00.302000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 65, "FileHash-MD5": 177, "FileHash-SHA1": 132, "FileHash-SHA256": 216, "domain": 136, "email": 1, "hostname": 101 }, "indicator_count": 828, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6889ebeb317457163ab8fa42", "name": "Emmenhtal loader", "description": "Campaigns that used Emmenhtal to deliver various payloads", "modified": "2025-08-29T09:03:58.967000", "created": "2025-07-30T09:54:51.943000", "tags": [], "references": [ "Emmenhtal.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 395, "BitcoinAddress": 1, "CVE": 6, "FileHash-MD5": 240, "FileHash-SHA1": 123, "FileHash-SHA256": 392, "domain": 182, "email": 1, "hostname": 181 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 42, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "688b0dde98e8d32361238f0f", "name": "Emmenhtal Loader Campaign deliver various payloads [IMEBEEIMFINE]", "description": "", "modified": "2025-08-29T09:03:58.967000", "created": "2025-07-31T06:31:58.326000", "tags": [], "references": [ "Emmenhtal.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6889ebeb317457163ab8fa42", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 395, "BitcoinAddress": 1, "CVE": 6, "FileHash-MD5": 240, "FileHash-SHA1": 123, "FileHash-SHA256": 392, "domain": 182, "email": 1, "hostname": 181 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6887e6e0c419286be8c1f257", "name": "ACTIVIDAD MALICIOSA | Relacionada con varias RAT y Botnet 28-07-2025", "description": "Relacionada con varias Botnet 28-07-2025", "modified": "2025-07-28T21:08:48.471000", "created": "2025-07-28T21:08:48.471000", "tags": [ "lumma stealer", "xworm" ], "references": [ "https://www.virustotal.com/graph/embed/gc4f682507d3240c08d0c6a6a2f90b3daaca0f20594464570bd7d7027af57c93a?theme=light", "https://www.virustotal.com/gui/collection/ebb04dbaae5b7d6ac28dafff93afc5230e189fa9a8e4998454f68f6d2ed45944" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Scavenger", "display_name": "Scavenger", "target": null }, { "id": "ValleyRAT", "display_name": "ValleyRAT", "target": null }, { "id": "QuasarRAT - S0262", "display_name": "QuasarRAT - S0262", "target": null }, { "id": "XWorm", "display_name": "XWorm", "target": null }, { "id": "GhoLoader", "display_name": "GhoLoader", "target": null }, { "id": "NetSupport ManagerRAT", "display_name": "NetSupport ManagerRAT", "target": null }, { "id": "ClearFake", "display_name": "ClearFake", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "LummaStealer", "display_name": "LummaStealer", "target": null }, { "id": "Remvio", "display_name": "Remvio", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null }, { "id": "BEACON", "display_name": "BEACON", "target": null }, { "id": "Havoc", "display_name": "Havoc", "target": null }, { "id": "Pinkslipbot", "display_name": "Pinkslipbot", "target": null }, { "id": "AsyncRAT - S1087", "display_name": "AsyncRAT - S1087", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "hostname": 17 }, "indicator_count": 35, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "306 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6880ba80f7ea7fd17645a532", "name": "2025-07-20 - Install Linters, Get Malware - DevSecOps Speedrun Edition - Humpty's RE Blog", "description": "", "modified": "2025-07-23T10:33:36.993000", "created": "2025-07-23T10:33:36.993000", "tags": [ "get malware", "edition", "humpty", "re blog", "iocs", "hashes" ], "references": [ "https://c-b.io/2025-07-20+-+Install+Linters%2C+Get+Malware+-+DevSecOps+Speedrun+Edition" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Sand-Storm", "id": "94093", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_94093/resized/80/avatar_281f69b768.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 14, "URL": 7, "domain": 6, "hostname": 1 }, "indicator_count": 52, "is_author": false, "is_subscribing": null, "subscriber_count": 415, "modified_text": "311 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "688039a7818cda8d24f2977c", "name": "Scavenger Malware Compromises Popular npm Packages", "description": "The popular npm package eslint-config-prettier was recently published without authorization raising concerns of a supply chain attack.", "modified": "2025-07-23T01:23:51.412000", "created": "2025-07-23T01:23:51.412000", "tags": [ "urls", "hxxps" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 14, "domain": 6, "hostname": 1 }, "indicator_count": 45, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "312 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "smartscreen-api.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "smartscreen-api.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780212624.253524 }