{ "type": "Domain", "indicator": "softwarezpro.net", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/softwarezpro.net", "alexa": "http://www.alexa.com/siteinfo/softwarezpro.net", "indicator": "softwarezpro.net", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3947639803, "indicator": "softwarezpro.net", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "68c5dfd6efb85eee0d549104", "name": "Lavasoft Blacklist", "description": "", "modified": "2025-10-13T21:18:10.129000", "created": "2025-09-13T21:19:18.990000", "tags": [], "references": [ "https://acscdn.lavasoft.com/urlblacklist.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 3, "URL": 7, "domain": 10938, "hostname": 208 }, "indicator_count": 11162, "is_author": false, "is_subscribing": null, "subscriber_count": 180, "modified_text": "188 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66ccbb1146fb07a45b6b97fe", "name": "Android Remotely Cracked: Swipper? | Being Sabey links found. Framing?", "description": "Targets phone and other devices cracked remotely. Phone calls made to a family member by phone. Some clues left behind.\n1 clue:mike@softwarezpro1.txt\nLong Link:http://bbd383ttka22.top/prize/luckyus-ad/nigh.php?c=69zejibbz5fz1&k=987ad34e7843dd8f3a3cb6559f188769&country_code=US&country_name=United%20States\u00aeion=New%20York&city=Plainview&isp=MCI%20Communications%20Services,%20Inc.%20d/b/a%20Verizon%20Business&lang=ja&ref_domain=&os=iOS&osv=16&browser=Chrome&browserv=115&brand=Apple&model=iPhone&marketing_name=iPhone&tablet=2&rheight=0&rwidth=0&e=5\n Stop! Swipper, Brian Sabey, Tulach, whoever you are. Arrest Jeffrey Reimer Scott DPT for groping breasts, V, assaulting so hard it separated victims hips and SI joint, Spinal Cord Injury length of spine. He literally assaulted her brain out. TBI with Arnold's Chiari. Demyelination from brain to toes. He never denied this to Employers. Hi, DPD Major crimes God Bless you...about the report?", "modified": "2024-10-14T18:03:35.631000", "created": "2024-08-26T17:27:45.763000", "tags": [ "unknown", "meta", "software", "site kit", "as53667", "free", "download full", "search", "showing", "encrypt", "date", "asnone united", "kingdom unknown", "wordpress site", "just", "passive dns", "meta http", "content", "gmt server", "a domains", "body", "server", "registrar", "dnssec", "domain name", "status", "abuse contact", "email", "registrar abuse", "contact phone", "registrar iana", "registrar url", "version crack", "crack serial", "keys license", "algorithm", "whois lookup", "creation date", "code", "namesilo", "country", "domain status", "contact email", "first", "historical ssl", "referrer", "cobalt strike", "switch dns", "query", "fraud risk", "traffic", "luna moth", "campaign", "analyzer paste", "iocs", "samples", "phishing", "malware", "maltiverse", "cyber threat", "engineering", "team phishing", "mail spammer", "telefonica co", "emotet", "download", "malicious", "team", "suppobox", "analyzer threat", "url summary", "ip summary", "summary", "sample", "detection list", "blacklist", "module load", "service", "create c", "show", "winhttp authip", "write c", "susp", "trojanspy", "related pulses", "copy", "write", "win32", "memcommit", "read c", "x00x00", "high defense", "evasion", "defense evasion", "cryptexportkey", "windows", "shellexecuteexw", "hash", "writeconsolew", "registry", "t1031", "modify existing", "trojan", "dock", "august", "push", "hostnames", "urls http", "cisco umbrella", "site", "alexa top", "million", "safe site", "malicious site", "tofsee", "google domain", "azorult", "runescape", "facebook", "bank", "alexa", "zbot", "dynamicloader", "yara rule", "high", "grum", "medium", "ids detections", "yara detections", "stream", "as15169 google", "as44273 host", "aaaa", "scan endpoints", "all scoreblue", "next", "type texthtml", "google safe", "browsing", "ipv4", "pulse pulses", "urls", "files", "co20230203", "pe resource", "url https", "archive", "posix tar", "flow t1574", "dll sideloading", "media t1091", "t1055", "spawns", "mitre att", "access ta0001", "replication", "dlls privilege", "window", "ip traffic", "udp a83f8110", "hashes", "t1055 spawns", "dlls defense", "dns resolutions", "user", "samplepath", "menu files", "written c", "files copied", "files dropped", "file", "pe32 executable", "ms windows", "intel", "win16 ne", "os2 executable", "generic windos", "executable", "contained", "info compiler", "products id", "header intel", "name md5", "type", "language", "sha256", "data", "entries", "filehash", "av detections", "as3215 orange", "related", "france unknown", "reverse dns", "singapore asn", "as16509", "united", "updated date", "pulse submit", "url analysis", "verdict", "as16342 toya", "all search", "otx scoreblue", "hostname", "ip address", "poland unknown", "moved", "gmt contenttype", "vary", "gmt content", "content length", "domain", "files ip", "address", "location poland", "asn as16342", "as16276", "as50599", "as8075", "as5617 orange", "a td", "as198921", "as29686 probe", "germany unknown", "germany", "title", "body doctype", "html public", "ietfdtd html", "head body", "as63949 linode", "united kingdom", "arial", "apache", "accept", "related nids", "files location", "flag united", "files domain", "files related", "as20940", "as4230 claro", "data redacted", "name servers", "expiration date", "invalid url", "mtb feb", "body html", "head title", "hacktool", "trojandropper", "mtb mar", "title head", "overview ip", "record value", "td tr", "tr tr", "dostpne jzyki", "tr table", "table", "utwrz stref", "modyfikuj stref", "td td", "win32vb", "win32qqpass", "worm", "win32mofksys", "worm worm", "win32salgorea", "support", "internet mobile", "win32tofsee", "as3842 inmotion", "as40676 psychz", "formbook cnc", "checkin", "exploit", "virtool", "trojan features", "file samples", "files matching", "date hash", "cname", "error", "script urls", "ezcrack all", "script", "provides", "softwares", "script domains", "pragma", "as202425 ip", "emails", "as46606", "crack", "aaaa nxdomain", "whitelisted", "nxdomain", "as36352", "malware trojan", "asnone", "virgin islands", "backdoor", "please", "win32botgor" ], "references": [ "aeuwa03.devtest.call2.team | mike@softwarezpro1.txt | softwarezpro.net | www.softwarezpro.net | mike@ hijacked targets device Attacked!", "http://cracx.net/fonepaw-iphone-data-recovery-3-8-0-crack/ | Malware: 74.208.236.140 malacrack.org ns2.filescrack.com ns1.filescrack.com", "http://softwarezpro.net/wp-content/themes/wellington/assets/js/svgxuse.min.js?ver=1.2.6", "animalpornotube.com | http://animalpornotube.com/files/gifamateurpay.gi | https://crackedvst.info/tag/k7-total-security-trial-resetter/", "https://activationskey.net/passfab-iphone-cracked-free-keys-2022 https://crackedvst.info/ui crackedvst.info: http://www.crackidea.net/", "http://activationskey.net/passfab-for-rar-full-cracked-2022/ activationskey.net: https://activationskey.net/passware-kit-forensic-2021-1-3-crack/ activationskey.net: | crackedvst.info: crackedvst.info:", "www.softwarezpro.net\thttps://i0.wp.com/softwarezpro.net/wp parking.namesilo.com softwarezpro.org softwarezap.net softwarezap.net", "anti-spyware-software.net http://softwarezpro.net/wp | | http://softwarezpro.net/xmlrpc.php | https://softwarezpro.net https://softwarezpro.net/\t URL\thttps://softwarezpro.net/comments/feed/ https://softwarezpro.net/feed/\t https://softwarezpro.net/page/2/\t URL\thttps://softwarezpro.net/wp https://softwarezpro.net/xmlrpc.php", "http://softwarezpro.net/wp-content/themes/wellington/assets/js/navigation.min.js?ver=20220224 | crackedvst.info", "pw-90cc2fc574f6dd6dccf2c3531928b039@privacyguardian.org | https://crackedvst.info/antares-autotune-pro-crack/", "www.endgame.com [Threatening] | https://mobisoft.info/dfx-audio-enhancer-crack | https://mobisoft.info/passfab-iphone-unlocker-key", "7cwork.a-poster.info a-poster.info: members.a-poster.info work.a-poster.info a-poster.info: http://20work.a-poster.info a-poster.info:", "http://250awork.a-poster.info/ a-poster.info: http://252fwork.a-poster.info a-poster.info: http://252fwork.a-poster.info/", "20work.a-poster.info a-poster.info: 250awork.a-poster.info a-poster.info: 252fwork.a-poster.info a-poster.info: a-poster.info:", "Trojan:Win32/Salgorea: FileHash-SHA256 e82334440ceddd927f35831fda83594f3657ca56187f7f7ddd7d60cba1be793", "Worm:Win32/Fasong: FileHash-SHA256 c7f2f4a6ed374bac385fa81177967fd013248652556e4ee95cea7f064f6b25dd", "Trojan:Win32/Glupteba: FileHash-SHA256 5e7fdbc4c66fbefd6aa95047a56c709765f18b3a3a65d5942acb4e4349b09039", "Worm:Win32/Mofksys: FileHash-SHA256 ef1a66214e210bc9ae0aef471b0a09f6083078343a0338fcaf1f2b04ebddbd9a", "Trojan:Win32/QQpass: FileHash-SHA256 86df64999ed25a02debca89a586c931b0f32b1edc0e7aa800c360be3ef456439", "TrojanSpy:Win32/Nivdort.DI: FileHash-SHA256 00734b135321562e7e0df7c2f8eb554435cc25c47f46747f79fc2116ac2cc6ef", "Win32:CrypterX-gen\\ [Trj]: FileHash-SHA256 002ea0849da3c63ce6c09c084567e9470c3616084ef19402316e9d52f35c62a7", "Trojan:Win32/Emotet.PC!MTB: FileHash-SHA256 02b9cac1880e348302125664c4955fd163a219b1eb8b50de0ad350e0c147a0b0", "Trojan:Win32/Zbot.SIBB3!MTB: FileHash-SHA256 bc1739628aadbcc99bcb93caab4a7a73534694c817d57cc0ed735bf4bd0f6e45", "ELF:Hajime-Q\\ [Trj] : FileHash-SHA256 aa310469926150f9d6f980dd6ba200d1c9c7dec7c4b66c7de4cff6a30c038560", "Win32/Tasekjom.A : FileHash-SHA256 1230ac0c362b6049b9de011229707e05852dd11af75ca7071a1f089e6aca61f5", "Win32/Muldrop FileHash-SHA256 67a5e78bb2897b15d510dfce0d89f60330db01d7944ebb4f1dd90ce36c907e1b", "PWS:Win32/VB : FileHash-SHA256 dbc78d07e96562c6370ab515f5d65cea88a1b163ad10718c66d15155f4075630", "Backdoor:Win32/Tofsee: FileHash-SHA256 5b616ad2410bef0bc894c4bff013afe2d7f44dcdeb79420bab14c766cc460aa7", "VirTool:Win32/Obfuscator FileHash-SHA256 874e78143b683016ef8e41977f9d3ee34b97b145b313cdefdeb3e8900db6df73", "RASMONTR.DLL 192.168.56.101", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/http://activationskey.net/wp-content/uploads/2021/02/download-2-7.jpg", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/00734b135321562e7e0df7c2f8eb554435cc25c47f46747f79fc2116ac2cc6ef", "Parked: www.easycrypto.team | 'Parking Crew' ? Several names exist for advesarial 'Parking Hacker Groups' parking.namesilo.com", "Ranks high in search results because device is typically compromised with Convection engine and Keyword Tool", "a-fondness-for-beauty.com", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/ | http://activationskey.net/wp-content/uploads/2021/02/download-2-7.jpg", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/ | https://cracklink.info/iobit-uninstaller-pro-key/", "iobit: https://ezcrack.info/iobit-uninstaller-pro-crack | https://ezcrack.info/iobit-uninstaller-pro-crack/", "http://crackedvst.info/plugin-alliance-bundle-crack/: sedoparking.com | sedoparking.com/frmpark/ -", "Trojan:Win32/Zbot: FileHash-SHA256 b7875b426ce25f1d4785ba7043bbfdba49feb726cc829d681acdd67c3c302c70", "ALF:Trojan:Win32/Cassini_f28c33a2:\tFileHash-SHA256 6fc35cb8e18f0d9d72bc1a7037ae88f8036362799f930a1a30e290d31be3b216", "Backdoor:Win32/Botgor: FileHash-SHA256 b70353b3ecf532ad51e7d6a1790275df02c7393b87d40add47a3baccab39802f", "TrojanDropper:Win32/Muldrop: FileHash-SHA256 bf8e919cf6ce208f1c2f98f07df835099f14e2f8708197b0165479468079d902", "#LowFiCreateRemoteThread: FileHash-SHA256 0ab94d890afef8ebae42007a119a8686f71bdd9bdf357262481daa7c9c7a283e", "Trojan:Win32/Blihan: FileHash-SHA256 dada5208109416153937db5a6f44f03b8b9025347c235acdc70edfa24a2a882e", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635 | itunes.apple.com", "http://appleid.com-index-manager-info-verify-receipt-account.usa.cc/ |", "https://realcrack.info/sidify-apple-music-converter-crack/ | applehouse-jp.com | iappletech.com | http://apple.int-access-accounts.usa.cc/", "http://apple-store.jspi304es-services-fixedbilling-responsive-managed-update-card.appleid-storeext.usa.cc/", "http://apple-unlocked-login.usa.cc/\t| http://apple.com.locked-account-verify-login.usa.cc/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort.DI", "display_name": "TrojanSpy:Win32/Nivdort.DI", "target": "/malware/TrojanSpy:Win32/Nivdort.DI" }, { "id": "Win32:CrypterX-gen\\ [Trj]", "display_name": "Win32:CrypterX-gen\\ [Trj]", "target": null }, { "id": "Trojan:Win32/Emotet.PC!MTB", "display_name": "Trojan:Win32/Emotet.PC!MTB", "target": "/malware/Trojan:Win32/Emotet.PC!MTB" }, { "id": "Trojan:Win32/CryptInject", "display_name": "Trojan:Win32/CryptInject", "target": "/malware/Trojan:Win32/CryptInject" }, { "id": "RASMONTR.DLL", "display_name": "RASMONTR.DLL", "target": null }, { "id": "Trojan:Win32/Salgorea", "display_name": "Trojan:Win32/Salgorea", "target": "/malware/Trojan:Win32/Salgorea" }, { "id": "Worm:Win32/Fasong", "display_name": "Worm:Win32/Fasong", "target": "/malware/Worm:Win32/Fasong" }, { "id": "Trojan:Win32/Glupteba", "display_name": "Trojan:Win32/Glupteba", "target": "/malware/Trojan:Win32/Glupteba" }, { "id": "Worm:Win32/Mofksys", "display_name": "Worm:Win32/Mofksys", "target": "/malware/Worm:Win32/Mofksys" }, { "id": "Trojan:Win32/QQpass", "display_name": "Trojan:Win32/QQpass", "target": "/malware/Trojan:Win32/QQpass" }, { "id": "Trojan:Win32/Zbot.SIBB3!MTB", "display_name": "Trojan:Win32/Zbot.SIBB3!MTB", "target": "/malware/Trojan:Win32/Zbot.SIBB3!MTB" }, { "id": "ELF:Hajime-Q\\ [Trj]", "display_name": "ELF:Hajime-Q\\ [Trj]", "target": null }, { "id": "Win32/Tasekjom.A", "display_name": "Win32/Tasekjom.A", "target": null }, { "id": "TEL:Trojan:Win32/TrojanDownloader", "display_name": "TEL:Trojan:Win32/TrojanDownloader", "target": null }, { "id": "Win32/TrojanDropper", "display_name": "Win32/TrojanDropper", "target": null }, { "id": "Trojan:Win32/Muldrop", "display_name": "Trojan:Win32/Muldrop", "target": "/malware/Trojan:Win32/Muldrop" }, { "id": "PWS:Win32/VB", "display_name": "PWS:Win32/VB", "target": "/malware/PWS:Win32/VB" }, { "id": "Backdoor:Win32/Tofsee", "display_name": "Backdoor:Win32/Tofsee", "target": "/malware/Backdoor:Win32/Tofsee" }, { "id": "Trojan:Win32/Blihan", "display_name": "Trojan:Win32/Blihan", "target": "/malware/Trojan:Win32/Blihan" }, { "id": "#LowFiCreateRemoteThread", "display_name": "#LowFiCreateRemoteThread", "target": null }, { "id": "Backdoor:Win32/Botgor", "display_name": "Backdoor:Win32/Botgor", "target": "/malware/Backdoor:Win32/Botgor" }, { "id": "ALF:Trojan:Win32/Cassini_f28c33a2", "display_name": "ALF:Trojan:Win32/Cassini_f28c33a2", "target": null } ], "attack_ids": [ { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" } ], "industries": [ "Technology", "Telecommunications", "Civilian Devices" ], "TLP": "green", "cloned_from": null, "export_count": 112, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1629, "FileHash-MD5": 4822, "URL": 2002, "email": 18, "hostname": 1725, "FileHash-SHA1": 3921, "FileHash-SHA256": 9019, "URI": 1 }, "indicator_count": 23137, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "553 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66ccc0e15d2c624ffa080a50", "name": "Botgor | See OG Link: https://otx.alienvault.com/pulse/66ccbb1146fb07a45b6b97fe", "description": "", "modified": "2024-09-25T15:03:34.890000", "created": "2024-08-26T17:52:33.104000", "tags": [ "unknown", "meta", "software", "site kit", "as53667", "free", "download full", "search", "showing", "encrypt", "date", "asnone united", "kingdom unknown", "wordpress site", "just", "passive dns", "meta http", "content", "gmt server", "a domains", "body", "server", "registrar", "dnssec", "domain name", "status", "abuse contact", "email", "registrar abuse", "contact phone", "registrar iana", "registrar url", "version crack", "crack serial", "keys license", "algorithm", "whois lookup", "creation date", "code", "namesilo", "country", "domain status", "contact email", "first", "historical ssl", "referrer", "cobalt strike", "switch dns", "query", "fraud risk", "traffic", "luna moth", "campaign", "analyzer paste", "iocs", "samples", "phishing", "malware", "maltiverse", "cyber threat", "engineering", "team phishing", "mail spammer", "telefonica co", "emotet", "download", "malicious", "team", "suppobox", "analyzer threat", "url summary", "ip summary", "summary", "sample", "detection list", "blacklist", "module load", "service", "create c", "show", "winhttp authip", "write c", "susp", "trojanspy", "related pulses", "copy", "write", "win32", "memcommit", "read c", "x00x00", "high defense", "evasion", "defense evasion", "cryptexportkey", "windows", "shellexecuteexw", "hash", "writeconsolew", "registry", "t1031", "modify existing", "trojan", "dock", "august", "push", "hostnames", "urls http", "cisco umbrella", "site", "alexa top", "million", "safe site", "malicious site", "tofsee", "google domain", "azorult", "runescape", "facebook", "bank", "alexa", "zbot", "dynamicloader", "yara rule", "high", "grum", "medium", "ids detections", "yara detections", "stream", "as15169 google", "as44273 host", "aaaa", "scan endpoints", "all scoreblue", "next", "type texthtml", "google safe", "browsing", "ipv4", "pulse pulses", "urls", "files", "co20230203", "pe resource", "url https", "archive", "posix tar", "flow t1574", "dll sideloading", "media t1091", "t1055", "spawns", "mitre att", "access ta0001", "replication", "dlls privilege", "window", "ip traffic", "udp a83f8110", "hashes", "t1055 spawns", "dlls defense", "dns resolutions", "user", "samplepath", "menu files", "written c", "files copied", "files dropped", "file", "pe32 executable", "ms windows", "intel", "win16 ne", "os2 executable", "generic windos", "executable", "contained", "info compiler", "products id", "header intel", "name md5", "type", "language", "sha256", "data", "entries", "filehash", "av detections", "as3215 orange", "related", "france unknown", "reverse dns", "singapore asn", "as16509", "united", "updated date", "pulse submit", "url analysis", "verdict", "as16342 toya", "all search", "otx scoreblue", "hostname", "ip address", "poland unknown", "moved", "gmt contenttype", "vary", "gmt content", "content length", "domain", "files ip", "address", "location poland", "asn as16342", "as16276", "as50599", "as8075", "as5617 orange", "a td", "as198921", "as29686 probe", "germany unknown", "germany", "title", "body doctype", "html public", "ietfdtd html", "head body", "as63949 linode", "united kingdom", "arial", "apache", "accept", "related nids", "files location", "flag united", "files domain", "files related", "as20940", "as4230 claro", "data redacted", "name servers", "expiration date", "invalid url", "mtb feb", "body html", "head title", "hacktool", "trojandropper", "mtb mar", "title head", "overview ip", "record value", "td tr", "tr tr", "dostpne jzyki", "tr table", "table", "utwrz stref", "modyfikuj stref", "td td", "win32vb", "win32qqpass", "worm", "win32mofksys", "worm worm", "win32salgorea", "support", "internet mobile", "win32tofsee", "as3842 inmotion", "as40676 psychz", "formbook cnc", "checkin", "exploit", "virtool", "trojan features", "file samples", "files matching", "date hash", "cname", "error", "script urls", "ezcrack all", "script", "provides", "softwares", "script domains", "pragma", "as202425 ip", "emails", "as46606", "crack", "aaaa nxdomain", "whitelisted", "nxdomain", "as36352", "malware trojan", "asnone", "virgin islands", "backdoor", "please", "win32botgor" ], "references": [ "aeuwa03.devtest.call2.team | mike@softwarezpro1.txt | softwarezpro.net | www.softwarezpro.net | mike@ hijacked targets device Attacked!", "http://cracx.net/fonepaw-iphone-data-recovery-3-8-0-crack/ | Malware: 74.208.236.140 malacrack.org ns2.filescrack.com ns1.filescrack.com", "http://softwarezpro.net/wp-content/themes/wellington/assets/js/svgxuse.min.js?ver=1.2.6", "animalpornotube.com | http://animalpornotube.com/files/gifamateurpay.gi | https://crackedvst.info/tag/k7-total-security-trial-resetter/", "https://activationskey.net/passfab-iphone-cracked-free-keys-2022 https://crackedvst.info/ui crackedvst.info: http://www.crackidea.net/", "http://activationskey.net/passfab-for-rar-full-cracked-2022/ activationskey.net: https://activationskey.net/passware-kit-forensic-2021-1-3-crack/ activationskey.net: | crackedvst.info: crackedvst.info:", "www.softwarezpro.net\thttps://i0.wp.com/softwarezpro.net/wp parking.namesilo.com softwarezpro.org softwarezap.net softwarezap.net", "anti-spyware-software.net http://softwarezpro.net/wp | | http://softwarezpro.net/xmlrpc.php | https://softwarezpro.net https://softwarezpro.net/\t URL\thttps://softwarezpro.net/comments/feed/ https://softwarezpro.net/feed/\t https://softwarezpro.net/page/2/\t URL\thttps://softwarezpro.net/wp https://softwarezpro.net/xmlrpc.php", "http://softwarezpro.net/wp-content/themes/wellington/assets/js/navigation.min.js?ver=20220224 | crackedvst.info", "pw-90cc2fc574f6dd6dccf2c3531928b039@privacyguardian.org | https://crackedvst.info/antares-autotune-pro-crack/", "www.endgame.com [Threatening] | https://mobisoft.info/dfx-audio-enhancer-crack | https://mobisoft.info/passfab-iphone-unlocker-key", "7cwork.a-poster.info a-poster.info: members.a-poster.info work.a-poster.info a-poster.info: http://20work.a-poster.info a-poster.info:", "http://250awork.a-poster.info/ a-poster.info: http://252fwork.a-poster.info a-poster.info: http://252fwork.a-poster.info/", "20work.a-poster.info a-poster.info: 250awork.a-poster.info a-poster.info: 252fwork.a-poster.info a-poster.info: a-poster.info:", "Trojan:Win32/Salgorea: FileHash-SHA256 e82334440ceddd927f35831fda83594f3657ca56187f7f7ddd7d60cba1be793", "Worm:Win32/Fasong: FileHash-SHA256 c7f2f4a6ed374bac385fa81177967fd013248652556e4ee95cea7f064f6b25dd", "Trojan:Win32/Glupteba: FileHash-SHA256 5e7fdbc4c66fbefd6aa95047a56c709765f18b3a3a65d5942acb4e4349b09039", "Worm:Win32/Mofksys: FileHash-SHA256 ef1a66214e210bc9ae0aef471b0a09f6083078343a0338fcaf1f2b04ebddbd9a", "Trojan:Win32/QQpass: FileHash-SHA256 86df64999ed25a02debca89a586c931b0f32b1edc0e7aa800c360be3ef456439", "TrojanSpy:Win32/Nivdort.DI: FileHash-SHA256 00734b135321562e7e0df7c2f8eb554435cc25c47f46747f79fc2116ac2cc6ef", "Win32:CrypterX-gen\\ [Trj]: FileHash-SHA256 002ea0849da3c63ce6c09c084567e9470c3616084ef19402316e9d52f35c62a7", "Trojan:Win32/Emotet.PC!MTB: FileHash-SHA256 02b9cac1880e348302125664c4955fd163a219b1eb8b50de0ad350e0c147a0b0", "Trojan:Win32/Zbot.SIBB3!MTB: FileHash-SHA256 bc1739628aadbcc99bcb93caab4a7a73534694c817d57cc0ed735bf4bd0f6e45", "ELF:Hajime-Q\\ [Trj] : FileHash-SHA256 aa310469926150f9d6f980dd6ba200d1c9c7dec7c4b66c7de4cff6a30c038560", "Win32/Tasekjom.A : FileHash-SHA256 1230ac0c362b6049b9de011229707e05852dd11af75ca7071a1f089e6aca61f5", "Win32/Muldrop FileHash-SHA256 67a5e78bb2897b15d510dfce0d89f60330db01d7944ebb4f1dd90ce36c907e1b", "PWS:Win32/VB : FileHash-SHA256 dbc78d07e96562c6370ab515f5d65cea88a1b163ad10718c66d15155f4075630", "Backdoor:Win32/Tofsee: FileHash-SHA256 5b616ad2410bef0bc894c4bff013afe2d7f44dcdeb79420bab14c766cc460aa7", "VirTool:Win32/Obfuscator FileHash-SHA256 874e78143b683016ef8e41977f9d3ee34b97b145b313cdefdeb3e8900db6df73", "RASMONTR.DLL 192.168.56.101", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/http://activationskey.net/wp-content/uploads/2021/02/download-2-7.jpg", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/00734b135321562e7e0df7c2f8eb554435cc25c47f46747f79fc2116ac2cc6ef", "Parked: www.easycrypto.team | 'Parking Crew' ? Several names exist for advesarial 'Parking Hacker Groups' parking.namesilo.com", "Ranks high in search results because device is typically compromised with Convection engine and Keyword Tool", "a-fondness-for-beauty.com", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/ | http://activationskey.net/wp-content/uploads/2021/02/download-2-7.jpg", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/ | https://cracklink.info/iobit-uninstaller-pro-key/", "iobit: https://ezcrack.info/iobit-uninstaller-pro-crack | https://ezcrack.info/iobit-uninstaller-pro-crack/", "http://crackedvst.info/plugin-alliance-bundle-crack/: sedoparking.com | sedoparking.com/frmpark/ -", "Trojan:Win32/Zbot: FileHash-SHA256 b7875b426ce25f1d4785ba7043bbfdba49feb726cc829d681acdd67c3c302c70", "ALF:Trojan:Win32/Cassini_f28c33a2:\tFileHash-SHA256 6fc35cb8e18f0d9d72bc1a7037ae88f8036362799f930a1a30e290d31be3b216", "Backdoor:Win32/Botgor: FileHash-SHA256 b70353b3ecf532ad51e7d6a1790275df02c7393b87d40add47a3baccab39802f", "TrojanDropper:Win32/Muldrop: FileHash-SHA256 bf8e919cf6ce208f1c2f98f07df835099f14e2f8708197b0165479468079d902", "#LowFiCreateRemoteThread: FileHash-SHA256 0ab94d890afef8ebae42007a119a8686f71bdd9bdf357262481daa7c9c7a283e", "Trojan:Win32/Blihan: FileHash-SHA256 dada5208109416153937db5a6f44f03b8b9025347c235acdc70edfa24a2a882e", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635 | itunes.apple.com", "http://appleid.com-index-manager-info-verify-receipt-account.usa.cc/ |", "https://realcrack.info/sidify-apple-music-converter-crack/ | applehouse-jp.com | iappletech.com | http://apple.int-access-accounts.usa.cc/", "http://apple-store.jspi304es-services-fixedbilling-responsive-managed-update-card.appleid-storeext.usa.cc/", "http://apple-unlocked-login.usa.cc/\t| http://apple.com.locked-account-verify-login.usa.cc/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort.DI", "display_name": "TrojanSpy:Win32/Nivdort.DI", "target": "/malware/TrojanSpy:Win32/Nivdort.DI" }, { "id": "Win32:CrypterX-gen\\ [Trj]", "display_name": "Win32:CrypterX-gen\\ [Trj]", "target": null }, { "id": "Trojan:Win32/Emotet.PC!MTB", "display_name": "Trojan:Win32/Emotet.PC!MTB", "target": "/malware/Trojan:Win32/Emotet.PC!MTB" }, { "id": "Trojan:Win32/CryptInject", "display_name": "Trojan:Win32/CryptInject", "target": "/malware/Trojan:Win32/CryptInject" }, { "id": "RASMONTR.DLL", "display_name": "RASMONTR.DLL", "target": null }, { "id": "Trojan:Win32/Salgorea", "display_name": "Trojan:Win32/Salgorea", "target": "/malware/Trojan:Win32/Salgorea" }, { "id": "Worm:Win32/Fasong", "display_name": "Worm:Win32/Fasong", "target": "/malware/Worm:Win32/Fasong" }, { "id": "Trojan:Win32/Glupteba", "display_name": "Trojan:Win32/Glupteba", "target": "/malware/Trojan:Win32/Glupteba" }, { "id": "Worm:Win32/Mofksys", "display_name": "Worm:Win32/Mofksys", "target": "/malware/Worm:Win32/Mofksys" }, { "id": "Trojan:Win32/QQpass", "display_name": "Trojan:Win32/QQpass", "target": "/malware/Trojan:Win32/QQpass" }, { "id": "Trojan:Win32/Zbot.SIBB3!MTB", "display_name": "Trojan:Win32/Zbot.SIBB3!MTB", "target": "/malware/Trojan:Win32/Zbot.SIBB3!MTB" }, { "id": "ELF:Hajime-Q\\ [Trj]", "display_name": "ELF:Hajime-Q\\ [Trj]", "target": null }, { "id": "Win32/Tasekjom.A", "display_name": "Win32/Tasekjom.A", "target": null }, { "id": "TEL:Trojan:Win32/TrojanDownloader", "display_name": "TEL:Trojan:Win32/TrojanDownloader", "target": null }, { "id": "Win32/TrojanDropper", "display_name": "Win32/TrojanDropper", "target": null }, { "id": "Trojan:Win32/Muldrop", "display_name": "Trojan:Win32/Muldrop", "target": "/malware/Trojan:Win32/Muldrop" }, { "id": "PWS:Win32/VB", "display_name": "PWS:Win32/VB", "target": "/malware/PWS:Win32/VB" }, { "id": "Backdoor:Win32/Tofsee", "display_name": "Backdoor:Win32/Tofsee", "target": "/malware/Backdoor:Win32/Tofsee" }, { "id": "Trojan:Win32/Blihan", "display_name": "Trojan:Win32/Blihan", "target": "/malware/Trojan:Win32/Blihan" }, { "id": "#LowFiCreateRemoteThread", "display_name": "#LowFiCreateRemoteThread", "target": null }, { "id": "Backdoor:Win32/Botgor", "display_name": "Backdoor:Win32/Botgor", "target": "/malware/Backdoor:Win32/Botgor" }, { "id": "ALF:Trojan:Win32/Cassini_f28c33a2", "display_name": "ALF:Trojan:Win32/Cassini_f28c33a2", "target": null } ], "attack_ids": [ { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" } ], "industries": [ "Technology", "Telecommunications", "Civilian Devices" ], "TLP": "green", "cloned_from": "66ccbb1146fb07a45b6b97fe", "export_count": 4029, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1492, "FileHash-MD5": 4799, "URL": 1297, "email": 17, "hostname": 1487, "FileHash-SHA1": 3901, "FileHash-SHA256": 8846, "URI": 1 }, "indicator_count": 21840, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "572 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "TrojanSpy:Win32/Nivdort.DI: FileHash-SHA256 00734b135321562e7e0df7c2f8eb554435cc25c47f46747f79fc2116ac2cc6ef", "Trojan:Win32/Blihan: FileHash-SHA256 dada5208109416153937db5a6f44f03b8b9025347c235acdc70edfa24a2a882e", "Backdoor:Win32/Tofsee: FileHash-SHA256 5b616ad2410bef0bc894c4bff013afe2d7f44dcdeb79420bab14c766cc460aa7", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/00734b135321562e7e0df7c2f8eb554435cc25c47f46747f79fc2116ac2cc6ef", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/ | http://activationskey.net/wp-content/uploads/2021/02/download-2-7.jpg", "Worm:Win32/Fasong: FileHash-SHA256 c7f2f4a6ed374bac385fa81177967fd013248652556e4ee95cea7f064f6b25dd", "Parked: www.easycrypto.team | 'Parking Crew' ? Several names exist for advesarial 'Parking Hacker Groups' parking.namesilo.com", "Win32/Tasekjom.A : FileHash-SHA256 1230ac0c362b6049b9de011229707e05852dd11af75ca7071a1f089e6aca61f5", "#LowFiCreateRemoteThread: FileHash-SHA256 0ab94d890afef8ebae42007a119a8686f71bdd9bdf357262481daa7c9c7a283e", "http://cracx.net/fonepaw-iphone-data-recovery-3-8-0-crack/ | Malware: 74.208.236.140 malacrack.org ns2.filescrack.com ns1.filescrack.com", "www.endgame.com [Threatening] | https://mobisoft.info/dfx-audio-enhancer-crack | https://mobisoft.info/passfab-iphone-unlocker-key", "Worm:Win32/Mofksys: FileHash-SHA256 ef1a66214e210bc9ae0aef471b0a09f6083078343a0338fcaf1f2b04ebddbd9a", "Win32/Muldrop FileHash-SHA256 67a5e78bb2897b15d510dfce0d89f60330db01d7944ebb4f1dd90ce36c907e1b", "a-fondness-for-beauty.com", "http://250awork.a-poster.info/ a-poster.info: http://252fwork.a-poster.info a-poster.info: http://252fwork.a-poster.info/", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/http://activationskey.net/wp-content/uploads/2021/02/download-2-7.jpg", "aeuwa03.devtest.call2.team | mike@softwarezpro1.txt | softwarezpro.net | www.softwarezpro.net | mike@ hijacked targets device Attacked!", "http://appleid.com-index-manager-info-verify-receipt-account.usa.cc/ |", "Trojan:Win32/Emotet.PC!MTB: FileHash-SHA256 02b9cac1880e348302125664c4955fd163a219b1eb8b50de0ad350e0c147a0b0", "Trojan:Win32/QQpass: FileHash-SHA256 86df64999ed25a02debca89a586c931b0f32b1edc0e7aa800c360be3ef456439", "Trojan:Win32/Zbot: FileHash-SHA256 b7875b426ce25f1d4785ba7043bbfdba49feb726cc829d681acdd67c3c302c70", "Backdoor:Win32/Botgor: FileHash-SHA256 b70353b3ecf532ad51e7d6a1790275df02c7393b87d40add47a3baccab39802f", "http://crackedvst.info/plugin-alliance-bundle-crack/: sedoparking.com | sedoparking.com/frmpark/ -", "Trojan:Win32/Zbot.SIBB3!MTB: FileHash-SHA256 bc1739628aadbcc99bcb93caab4a7a73534694c817d57cc0ed735bf4bd0f6e45", "http://softwarezpro.net/wp-content/themes/wellington/assets/js/navigation.min.js?ver=20220224 | crackedvst.info", "Ranks high in search results because device is typically compromised with Convection engine and Keyword Tool", "Win32:CrypterX-gen\\ [Trj]: FileHash-SHA256 002ea0849da3c63ce6c09c084567e9470c3616084ef19402316e9d52f35c62a7", "http://apple-unlocked-login.usa.cc/\t| http://apple.com.locked-account-verify-login.usa.cc/", "ELF:Hajime-Q\\ [Trj] : FileHash-SHA256 aa310469926150f9d6f980dd6ba200d1c9c7dec7c4b66c7de4cff6a30c038560", "iobit: https://ezcrack.info/iobit-uninstaller-pro-crack | https://ezcrack.info/iobit-uninstaller-pro-crack/", "20work.a-poster.info a-poster.info: 250awork.a-poster.info a-poster.info: 252fwork.a-poster.info a-poster.info: a-poster.info:", "VirTool:Win32/Obfuscator FileHash-SHA256 874e78143b683016ef8e41977f9d3ee34b97b145b313cdefdeb3e8900db6df73", "http://softwarezpro.net/wp-content/themes/wellington/assets/js/svgxuse.min.js?ver=1.2.6", "https://acscdn.lavasoft.com/urlblacklist.json", "www.softwarezpro.net\thttps://i0.wp.com/softwarezpro.net/wp parking.namesilo.com softwarezpro.org softwarezap.net softwarezap.net", "http://activationskey.net/passfab-for-rar-full-cracked-2022/ activationskey.net: https://activationskey.net/passware-kit-forensic-2021-1-3-crack/ activationskey.net: | crackedvst.info: crackedvst.info:", "https://realcrack.info/sidify-apple-music-converter-crack/ | applehouse-jp.com | iappletech.com | http://apple.int-access-accounts.usa.cc/", "7cwork.a-poster.info a-poster.info: members.a-poster.info work.a-poster.info a-poster.info: http://20work.a-poster.info a-poster.info:", "RASMONTR.DLL 192.168.56.101", "TrojanDropper:Win32/Muldrop: FileHash-SHA256 bf8e919cf6ce208f1c2f98f07df835099f14e2f8708197b0165479468079d902", "animalpornotube.com | http://animalpornotube.com/files/gifamateurpay.gi | https://crackedvst.info/tag/k7-total-security-trial-resetter/", "anti-spyware-software.net http://softwarezpro.net/wp | | http://softwarezpro.net/xmlrpc.php | https://softwarezpro.net https://softwarezpro.net/\t URL\thttps://softwarezpro.net/comments/feed/ https://softwarezpro.net/feed/\t https://softwarezpro.net/page/2/\t URL\thttps://softwarezpro.net/wp https://softwarezpro.net/xmlrpc.php", "pw-90cc2fc574f6dd6dccf2c3531928b039@privacyguardian.org | https://crackedvst.info/antares-autotune-pro-crack/", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635 | itunes.apple.com", "PWS:Win32/VB : FileHash-SHA256 dbc78d07e96562c6370ab515f5d65cea88a1b163ad10718c66d15155f4075630", "ALF:Trojan:Win32/Cassini_f28c33a2:\tFileHash-SHA256 6fc35cb8e18f0d9d72bc1a7037ae88f8036362799f930a1a30e290d31be3b216", "http://apple-store.jspi304es-services-fixedbilling-responsive-managed-update-card.appleid-storeext.usa.cc/", "Trojan:Win32/Salgorea: FileHash-SHA256 e82334440ceddd927f35831fda83594f3657ca56187f7f7ddd7d60cba1be793", "https://activationskey.net/passfab-iphone-cracked-free-keys-2022 https://crackedvst.info/ui crackedvst.info: http://www.crackidea.net/", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/ | https://cracklink.info/iobit-uninstaller-pro-key/", "Trojan:Win32/Glupteba: FileHash-SHA256 5e7fdbc4c66fbefd6aa95047a56c709765f18b3a3a65d5942acb4e4349b09039" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Trojan:win32/cryptinject", "Trojan:win32/glupteba", "Trojan:win32/blihan", "Rasmontr.dll", "Elf:hajime-q\\ [trj]", "Trojan:win32/qqpass", "Win32/tasekjom.a", "Win32:crypterx-gen\\ [trj]", "Backdoor:win32/tofsee", "Trojan:win32/salgorea", "Tel:trojan:win32/trojandownloader", "Trojan:win32/muldrop", "#lowficreateremotethread", "Pws:win32/vb", "Trojan:win32/emotet.pc!mtb", "Backdoor:win32/botgor", "Trojan:win32/zbot.sibb3!mtb", "Win32/trojandropper", "Alf:trojan:win32/cassini_f28c33a2", "Trojanspy:win32/nivdort.di", "Worm:win32/mofksys", "Worm:win32/fasong" ], "industries": [ "Technology", "Telecommunications", "Civilian devices" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "68c5dfd6efb85eee0d549104", "name": "Lavasoft Blacklist", "description": "", "modified": "2025-10-13T21:18:10.129000", "created": "2025-09-13T21:19:18.990000", "tags": [], "references": [ "https://acscdn.lavasoft.com/urlblacklist.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 3, "URL": 7, "domain": 10938, "hostname": 208 }, "indicator_count": 11162, "is_author": false, "is_subscribing": null, "subscriber_count": 180, "modified_text": "188 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66ccbb1146fb07a45b6b97fe", "name": "Android Remotely Cracked: Swipper? | Being Sabey links found. Framing?", "description": "Targets phone and other devices cracked remotely. Phone calls made to a family member by phone. Some clues left behind.\n1 clue:mike@softwarezpro1.txt\nLong Link:http://bbd383ttka22.top/prize/luckyus-ad/nigh.php?c=69zejibbz5fz1&k=987ad34e7843dd8f3a3cb6559f188769&country_code=US&country_name=United%20States\u00aeion=New%20York&city=Plainview&isp=MCI%20Communications%20Services,%20Inc.%20d/b/a%20Verizon%20Business&lang=ja&ref_domain=&os=iOS&osv=16&browser=Chrome&browserv=115&brand=Apple&model=iPhone&marketing_name=iPhone&tablet=2&rheight=0&rwidth=0&e=5\n Stop! Swipper, Brian Sabey, Tulach, whoever you are. Arrest Jeffrey Reimer Scott DPT for groping breasts, V, assaulting so hard it separated victims hips and SI joint, Spinal Cord Injury length of spine. He literally assaulted her brain out. TBI with Arnold's Chiari. Demyelination from brain to toes. He never denied this to Employers. Hi, DPD Major crimes God Bless you...about the report?", "modified": "2024-10-14T18:03:35.631000", "created": "2024-08-26T17:27:45.763000", "tags": [ "unknown", "meta", "software", "site kit", "as53667", "free", "download full", "search", "showing", "encrypt", "date", "asnone united", "kingdom unknown", "wordpress site", "just", "passive dns", "meta http", "content", "gmt server", "a domains", "body", "server", "registrar", "dnssec", "domain name", "status", "abuse contact", "email", "registrar abuse", "contact phone", "registrar iana", "registrar url", "version crack", "crack serial", "keys license", "algorithm", "whois lookup", "creation date", "code", "namesilo", "country", "domain status", "contact email", "first", "historical ssl", "referrer", "cobalt strike", "switch dns", "query", "fraud risk", "traffic", "luna moth", "campaign", "analyzer paste", "iocs", "samples", "phishing", "malware", "maltiverse", "cyber threat", "engineering", "team phishing", "mail spammer", "telefonica co", "emotet", "download", "malicious", "team", "suppobox", "analyzer threat", "url summary", "ip summary", "summary", "sample", "detection list", "blacklist", "module load", "service", "create c", "show", "winhttp authip", "write c", "susp", "trojanspy", "related pulses", "copy", "write", "win32", "memcommit", "read c", "x00x00", "high defense", "evasion", "defense evasion", "cryptexportkey", "windows", "shellexecuteexw", "hash", "writeconsolew", "registry", "t1031", "modify existing", "trojan", "dock", "august", "push", "hostnames", "urls http", "cisco umbrella", "site", "alexa top", "million", "safe site", "malicious site", "tofsee", "google domain", "azorult", "runescape", "facebook", "bank", "alexa", "zbot", "dynamicloader", "yara rule", "high", "grum", "medium", "ids detections", "yara detections", "stream", "as15169 google", "as44273 host", "aaaa", "scan endpoints", "all scoreblue", "next", "type texthtml", "google safe", "browsing", "ipv4", "pulse pulses", "urls", "files", "co20230203", "pe resource", "url https", "archive", "posix tar", "flow t1574", "dll sideloading", "media t1091", "t1055", "spawns", "mitre att", "access ta0001", "replication", "dlls privilege", "window", "ip traffic", "udp a83f8110", "hashes", "t1055 spawns", "dlls defense", "dns resolutions", "user", "samplepath", "menu files", "written c", "files copied", "files dropped", "file", "pe32 executable", "ms windows", "intel", "win16 ne", "os2 executable", "generic windos", "executable", "contained", "info compiler", "products id", "header intel", "name md5", "type", "language", "sha256", "data", "entries", "filehash", "av detections", "as3215 orange", "related", "france unknown", "reverse dns", "singapore asn", "as16509", "united", "updated date", "pulse submit", "url analysis", "verdict", "as16342 toya", "all search", "otx scoreblue", "hostname", "ip address", "poland unknown", "moved", "gmt contenttype", "vary", "gmt content", "content length", "domain", "files ip", "address", "location poland", "asn as16342", "as16276", "as50599", "as8075", "as5617 orange", "a td", "as198921", "as29686 probe", "germany unknown", "germany", "title", "body doctype", "html public", "ietfdtd html", "head body", "as63949 linode", "united kingdom", "arial", "apache", "accept", "related nids", "files location", "flag united", "files domain", "files related", "as20940", "as4230 claro", "data redacted", "name servers", "expiration date", "invalid url", "mtb feb", "body html", "head title", "hacktool", "trojandropper", "mtb mar", "title head", "overview ip", "record value", "td tr", "tr tr", "dostpne jzyki", "tr table", "table", "utwrz stref", "modyfikuj stref", "td td", "win32vb", "win32qqpass", "worm", "win32mofksys", "worm worm", "win32salgorea", "support", "internet mobile", "win32tofsee", "as3842 inmotion", "as40676 psychz", "formbook cnc", "checkin", "exploit", "virtool", "trojan features", "file samples", "files matching", "date hash", "cname", "error", "script urls", "ezcrack all", "script", "provides", "softwares", "script domains", "pragma", "as202425 ip", "emails", "as46606", "crack", "aaaa nxdomain", "whitelisted", "nxdomain", "as36352", "malware trojan", "asnone", "virgin islands", "backdoor", "please", "win32botgor" ], "references": [ "aeuwa03.devtest.call2.team | mike@softwarezpro1.txt | softwarezpro.net | www.softwarezpro.net | mike@ hijacked targets device Attacked!", "http://cracx.net/fonepaw-iphone-data-recovery-3-8-0-crack/ | Malware: 74.208.236.140 malacrack.org ns2.filescrack.com ns1.filescrack.com", "http://softwarezpro.net/wp-content/themes/wellington/assets/js/svgxuse.min.js?ver=1.2.6", "animalpornotube.com | http://animalpornotube.com/files/gifamateurpay.gi | https://crackedvst.info/tag/k7-total-security-trial-resetter/", "https://activationskey.net/passfab-iphone-cracked-free-keys-2022 https://crackedvst.info/ui crackedvst.info: http://www.crackidea.net/", "http://activationskey.net/passfab-for-rar-full-cracked-2022/ activationskey.net: https://activationskey.net/passware-kit-forensic-2021-1-3-crack/ activationskey.net: | crackedvst.info: crackedvst.info:", "www.softwarezpro.net\thttps://i0.wp.com/softwarezpro.net/wp parking.namesilo.com softwarezpro.org softwarezap.net softwarezap.net", "anti-spyware-software.net http://softwarezpro.net/wp | | http://softwarezpro.net/xmlrpc.php | https://softwarezpro.net https://softwarezpro.net/\t URL\thttps://softwarezpro.net/comments/feed/ https://softwarezpro.net/feed/\t https://softwarezpro.net/page/2/\t URL\thttps://softwarezpro.net/wp https://softwarezpro.net/xmlrpc.php", "http://softwarezpro.net/wp-content/themes/wellington/assets/js/navigation.min.js?ver=20220224 | crackedvst.info", "pw-90cc2fc574f6dd6dccf2c3531928b039@privacyguardian.org | https://crackedvst.info/antares-autotune-pro-crack/", "www.endgame.com [Threatening] | https://mobisoft.info/dfx-audio-enhancer-crack | https://mobisoft.info/passfab-iphone-unlocker-key", "7cwork.a-poster.info a-poster.info: members.a-poster.info work.a-poster.info a-poster.info: http://20work.a-poster.info a-poster.info:", "http://250awork.a-poster.info/ a-poster.info: http://252fwork.a-poster.info a-poster.info: http://252fwork.a-poster.info/", "20work.a-poster.info a-poster.info: 250awork.a-poster.info a-poster.info: 252fwork.a-poster.info a-poster.info: a-poster.info:", "Trojan:Win32/Salgorea: FileHash-SHA256 e82334440ceddd927f35831fda83594f3657ca56187f7f7ddd7d60cba1be793", "Worm:Win32/Fasong: FileHash-SHA256 c7f2f4a6ed374bac385fa81177967fd013248652556e4ee95cea7f064f6b25dd", "Trojan:Win32/Glupteba: FileHash-SHA256 5e7fdbc4c66fbefd6aa95047a56c709765f18b3a3a65d5942acb4e4349b09039", "Worm:Win32/Mofksys: FileHash-SHA256 ef1a66214e210bc9ae0aef471b0a09f6083078343a0338fcaf1f2b04ebddbd9a", "Trojan:Win32/QQpass: FileHash-SHA256 86df64999ed25a02debca89a586c931b0f32b1edc0e7aa800c360be3ef456439", "TrojanSpy:Win32/Nivdort.DI: FileHash-SHA256 00734b135321562e7e0df7c2f8eb554435cc25c47f46747f79fc2116ac2cc6ef", "Win32:CrypterX-gen\\ [Trj]: FileHash-SHA256 002ea0849da3c63ce6c09c084567e9470c3616084ef19402316e9d52f35c62a7", "Trojan:Win32/Emotet.PC!MTB: FileHash-SHA256 02b9cac1880e348302125664c4955fd163a219b1eb8b50de0ad350e0c147a0b0", "Trojan:Win32/Zbot.SIBB3!MTB: FileHash-SHA256 bc1739628aadbcc99bcb93caab4a7a73534694c817d57cc0ed735bf4bd0f6e45", "ELF:Hajime-Q\\ [Trj] : FileHash-SHA256 aa310469926150f9d6f980dd6ba200d1c9c7dec7c4b66c7de4cff6a30c038560", "Win32/Tasekjom.A : FileHash-SHA256 1230ac0c362b6049b9de011229707e05852dd11af75ca7071a1f089e6aca61f5", "Win32/Muldrop FileHash-SHA256 67a5e78bb2897b15d510dfce0d89f60330db01d7944ebb4f1dd90ce36c907e1b", "PWS:Win32/VB : FileHash-SHA256 dbc78d07e96562c6370ab515f5d65cea88a1b163ad10718c66d15155f4075630", "Backdoor:Win32/Tofsee: FileHash-SHA256 5b616ad2410bef0bc894c4bff013afe2d7f44dcdeb79420bab14c766cc460aa7", "VirTool:Win32/Obfuscator FileHash-SHA256 874e78143b683016ef8e41977f9d3ee34b97b145b313cdefdeb3e8900db6df73", "RASMONTR.DLL 192.168.56.101", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/http://activationskey.net/wp-content/uploads/2021/02/download-2-7.jpg", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/00734b135321562e7e0df7c2f8eb554435cc25c47f46747f79fc2116ac2cc6ef", "Parked: www.easycrypto.team | 'Parking Crew' ? Several names exist for advesarial 'Parking Hacker Groups' parking.namesilo.com", "Ranks high in search results because device is typically compromised with Convection engine and Keyword Tool", "a-fondness-for-beauty.com", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/ | http://activationskey.net/wp-content/uploads/2021/02/download-2-7.jpg", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/ | https://cracklink.info/iobit-uninstaller-pro-key/", "iobit: https://ezcrack.info/iobit-uninstaller-pro-crack | https://ezcrack.info/iobit-uninstaller-pro-crack/", "http://crackedvst.info/plugin-alliance-bundle-crack/: sedoparking.com | sedoparking.com/frmpark/ -", "Trojan:Win32/Zbot: FileHash-SHA256 b7875b426ce25f1d4785ba7043bbfdba49feb726cc829d681acdd67c3c302c70", "ALF:Trojan:Win32/Cassini_f28c33a2:\tFileHash-SHA256 6fc35cb8e18f0d9d72bc1a7037ae88f8036362799f930a1a30e290d31be3b216", "Backdoor:Win32/Botgor: FileHash-SHA256 b70353b3ecf532ad51e7d6a1790275df02c7393b87d40add47a3baccab39802f", "TrojanDropper:Win32/Muldrop: FileHash-SHA256 bf8e919cf6ce208f1c2f98f07df835099f14e2f8708197b0165479468079d902", "#LowFiCreateRemoteThread: FileHash-SHA256 0ab94d890afef8ebae42007a119a8686f71bdd9bdf357262481daa7c9c7a283e", "Trojan:Win32/Blihan: FileHash-SHA256 dada5208109416153937db5a6f44f03b8b9025347c235acdc70edfa24a2a882e", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635 | itunes.apple.com", "http://appleid.com-index-manager-info-verify-receipt-account.usa.cc/ |", "https://realcrack.info/sidify-apple-music-converter-crack/ | applehouse-jp.com | iappletech.com | http://apple.int-access-accounts.usa.cc/", "http://apple-store.jspi304es-services-fixedbilling-responsive-managed-update-card.appleid-storeext.usa.cc/", "http://apple-unlocked-login.usa.cc/\t| http://apple.com.locked-account-verify-login.usa.cc/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort.DI", "display_name": "TrojanSpy:Win32/Nivdort.DI", "target": "/malware/TrojanSpy:Win32/Nivdort.DI" }, { "id": "Win32:CrypterX-gen\\ [Trj]", "display_name": "Win32:CrypterX-gen\\ [Trj]", "target": null }, { "id": "Trojan:Win32/Emotet.PC!MTB", "display_name": "Trojan:Win32/Emotet.PC!MTB", "target": "/malware/Trojan:Win32/Emotet.PC!MTB" }, { "id": "Trojan:Win32/CryptInject", "display_name": "Trojan:Win32/CryptInject", "target": "/malware/Trojan:Win32/CryptInject" }, { "id": "RASMONTR.DLL", "display_name": "RASMONTR.DLL", "target": null }, { "id": "Trojan:Win32/Salgorea", "display_name": "Trojan:Win32/Salgorea", "target": "/malware/Trojan:Win32/Salgorea" }, { "id": "Worm:Win32/Fasong", "display_name": "Worm:Win32/Fasong", "target": "/malware/Worm:Win32/Fasong" }, { "id": "Trojan:Win32/Glupteba", "display_name": "Trojan:Win32/Glupteba", "target": "/malware/Trojan:Win32/Glupteba" }, { "id": "Worm:Win32/Mofksys", "display_name": "Worm:Win32/Mofksys", "target": "/malware/Worm:Win32/Mofksys" }, { "id": "Trojan:Win32/QQpass", "display_name": "Trojan:Win32/QQpass", "target": "/malware/Trojan:Win32/QQpass" }, { "id": "Trojan:Win32/Zbot.SIBB3!MTB", "display_name": "Trojan:Win32/Zbot.SIBB3!MTB", "target": "/malware/Trojan:Win32/Zbot.SIBB3!MTB" }, { "id": "ELF:Hajime-Q\\ [Trj]", "display_name": "ELF:Hajime-Q\\ [Trj]", "target": null }, { "id": "Win32/Tasekjom.A", "display_name": "Win32/Tasekjom.A", "target": null }, { "id": "TEL:Trojan:Win32/TrojanDownloader", "display_name": "TEL:Trojan:Win32/TrojanDownloader", "target": null }, { "id": "Win32/TrojanDropper", "display_name": "Win32/TrojanDropper", "target": null }, { "id": "Trojan:Win32/Muldrop", "display_name": "Trojan:Win32/Muldrop", "target": "/malware/Trojan:Win32/Muldrop" }, { "id": "PWS:Win32/VB", "display_name": "PWS:Win32/VB", "target": "/malware/PWS:Win32/VB" }, { "id": "Backdoor:Win32/Tofsee", "display_name": "Backdoor:Win32/Tofsee", "target": "/malware/Backdoor:Win32/Tofsee" }, { "id": "Trojan:Win32/Blihan", "display_name": "Trojan:Win32/Blihan", "target": "/malware/Trojan:Win32/Blihan" }, { "id": "#LowFiCreateRemoteThread", "display_name": "#LowFiCreateRemoteThread", "target": null }, { "id": "Backdoor:Win32/Botgor", "display_name": "Backdoor:Win32/Botgor", "target": "/malware/Backdoor:Win32/Botgor" }, { "id": "ALF:Trojan:Win32/Cassini_f28c33a2", "display_name": "ALF:Trojan:Win32/Cassini_f28c33a2", "target": null } ], "attack_ids": [ { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" } ], "industries": [ "Technology", "Telecommunications", "Civilian Devices" ], "TLP": "green", "cloned_from": null, "export_count": 112, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1629, "FileHash-MD5": 4822, "URL": 2002, "email": 18, "hostname": 1725, "FileHash-SHA1": 3921, "FileHash-SHA256": 9019, "URI": 1 }, "indicator_count": 23137, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "553 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66ccc0e15d2c624ffa080a50", "name": "Botgor | See OG Link: https://otx.alienvault.com/pulse/66ccbb1146fb07a45b6b97fe", "description": "", "modified": "2024-09-25T15:03:34.890000", "created": "2024-08-26T17:52:33.104000", "tags": [ "unknown", "meta", "software", "site kit", "as53667", "free", "download full", "search", "showing", "encrypt", "date", "asnone united", "kingdom unknown", "wordpress site", "just", "passive dns", "meta http", "content", "gmt server", "a domains", "body", "server", "registrar", "dnssec", "domain name", "status", "abuse contact", "email", "registrar abuse", "contact phone", "registrar iana", "registrar url", "version crack", "crack serial", "keys license", "algorithm", "whois lookup", "creation date", "code", "namesilo", "country", "domain status", "contact email", "first", "historical ssl", "referrer", "cobalt strike", "switch dns", "query", "fraud risk", "traffic", "luna moth", "campaign", "analyzer paste", "iocs", "samples", "phishing", "malware", "maltiverse", "cyber threat", "engineering", "team phishing", "mail spammer", "telefonica co", "emotet", "download", "malicious", "team", "suppobox", "analyzer threat", "url summary", "ip summary", "summary", "sample", "detection list", "blacklist", "module load", "service", "create c", "show", "winhttp authip", "write c", "susp", "trojanspy", "related pulses", "copy", "write", "win32", "memcommit", "read c", "x00x00", "high defense", "evasion", "defense evasion", "cryptexportkey", "windows", "shellexecuteexw", "hash", "writeconsolew", "registry", "t1031", "modify existing", "trojan", "dock", "august", "push", "hostnames", "urls http", "cisco umbrella", "site", "alexa top", "million", "safe site", "malicious site", "tofsee", "google domain", "azorult", "runescape", "facebook", "bank", "alexa", "zbot", "dynamicloader", "yara rule", "high", "grum", "medium", "ids detections", "yara detections", "stream", "as15169 google", "as44273 host", "aaaa", "scan endpoints", "all scoreblue", "next", "type texthtml", "google safe", "browsing", "ipv4", "pulse pulses", "urls", "files", "co20230203", "pe resource", "url https", "archive", "posix tar", "flow t1574", "dll sideloading", "media t1091", "t1055", "spawns", "mitre att", "access ta0001", "replication", "dlls privilege", "window", "ip traffic", "udp a83f8110", "hashes", "t1055 spawns", "dlls defense", "dns resolutions", "user", "samplepath", "menu files", "written c", "files copied", "files dropped", "file", "pe32 executable", "ms windows", "intel", "win16 ne", "os2 executable", "generic windos", "executable", "contained", "info compiler", "products id", "header intel", "name md5", "type", "language", "sha256", "data", "entries", "filehash", "av detections", "as3215 orange", "related", "france unknown", "reverse dns", "singapore asn", "as16509", "united", "updated date", "pulse submit", "url analysis", "verdict", "as16342 toya", "all search", "otx scoreblue", "hostname", "ip address", "poland unknown", "moved", "gmt contenttype", "vary", "gmt content", "content length", "domain", "files ip", "address", "location poland", "asn as16342", "as16276", "as50599", "as8075", "as5617 orange", "a td", "as198921", "as29686 probe", "germany unknown", "germany", "title", "body doctype", "html public", "ietfdtd html", "head body", "as63949 linode", "united kingdom", "arial", "apache", "accept", "related nids", "files location", "flag united", "files domain", "files related", "as20940", "as4230 claro", "data redacted", "name servers", "expiration date", "invalid url", "mtb feb", "body html", "head title", "hacktool", "trojandropper", "mtb mar", "title head", "overview ip", "record value", "td tr", "tr tr", "dostpne jzyki", "tr table", "table", "utwrz stref", "modyfikuj stref", "td td", "win32vb", "win32qqpass", "worm", "win32mofksys", "worm worm", "win32salgorea", "support", "internet mobile", "win32tofsee", "as3842 inmotion", "as40676 psychz", "formbook cnc", "checkin", "exploit", "virtool", "trojan features", "file samples", "files matching", "date hash", "cname", "error", "script urls", "ezcrack all", "script", "provides", "softwares", "script domains", "pragma", "as202425 ip", "emails", "as46606", "crack", "aaaa nxdomain", "whitelisted", "nxdomain", "as36352", "malware trojan", "asnone", "virgin islands", "backdoor", "please", "win32botgor" ], "references": [ "aeuwa03.devtest.call2.team | mike@softwarezpro1.txt | softwarezpro.net | www.softwarezpro.net | mike@ hijacked targets device Attacked!", "http://cracx.net/fonepaw-iphone-data-recovery-3-8-0-crack/ | Malware: 74.208.236.140 malacrack.org ns2.filescrack.com ns1.filescrack.com", "http://softwarezpro.net/wp-content/themes/wellington/assets/js/svgxuse.min.js?ver=1.2.6", "animalpornotube.com | http://animalpornotube.com/files/gifamateurpay.gi | https://crackedvst.info/tag/k7-total-security-trial-resetter/", "https://activationskey.net/passfab-iphone-cracked-free-keys-2022 https://crackedvst.info/ui crackedvst.info: http://www.crackidea.net/", "http://activationskey.net/passfab-for-rar-full-cracked-2022/ activationskey.net: https://activationskey.net/passware-kit-forensic-2021-1-3-crack/ activationskey.net: | crackedvst.info: crackedvst.info:", "www.softwarezpro.net\thttps://i0.wp.com/softwarezpro.net/wp parking.namesilo.com softwarezpro.org softwarezap.net softwarezap.net", "anti-spyware-software.net http://softwarezpro.net/wp | | http://softwarezpro.net/xmlrpc.php | https://softwarezpro.net https://softwarezpro.net/\t URL\thttps://softwarezpro.net/comments/feed/ https://softwarezpro.net/feed/\t https://softwarezpro.net/page/2/\t URL\thttps://softwarezpro.net/wp https://softwarezpro.net/xmlrpc.php", "http://softwarezpro.net/wp-content/themes/wellington/assets/js/navigation.min.js?ver=20220224 | crackedvst.info", "pw-90cc2fc574f6dd6dccf2c3531928b039@privacyguardian.org | https://crackedvst.info/antares-autotune-pro-crack/", "www.endgame.com [Threatening] | https://mobisoft.info/dfx-audio-enhancer-crack | https://mobisoft.info/passfab-iphone-unlocker-key", "7cwork.a-poster.info a-poster.info: members.a-poster.info work.a-poster.info a-poster.info: http://20work.a-poster.info a-poster.info:", "http://250awork.a-poster.info/ a-poster.info: http://252fwork.a-poster.info a-poster.info: http://252fwork.a-poster.info/", "20work.a-poster.info a-poster.info: 250awork.a-poster.info a-poster.info: 252fwork.a-poster.info a-poster.info: a-poster.info:", "Trojan:Win32/Salgorea: FileHash-SHA256 e82334440ceddd927f35831fda83594f3657ca56187f7f7ddd7d60cba1be793", "Worm:Win32/Fasong: FileHash-SHA256 c7f2f4a6ed374bac385fa81177967fd013248652556e4ee95cea7f064f6b25dd", "Trojan:Win32/Glupteba: FileHash-SHA256 5e7fdbc4c66fbefd6aa95047a56c709765f18b3a3a65d5942acb4e4349b09039", "Worm:Win32/Mofksys: FileHash-SHA256 ef1a66214e210bc9ae0aef471b0a09f6083078343a0338fcaf1f2b04ebddbd9a", "Trojan:Win32/QQpass: FileHash-SHA256 86df64999ed25a02debca89a586c931b0f32b1edc0e7aa800c360be3ef456439", "TrojanSpy:Win32/Nivdort.DI: FileHash-SHA256 00734b135321562e7e0df7c2f8eb554435cc25c47f46747f79fc2116ac2cc6ef", "Win32:CrypterX-gen\\ [Trj]: FileHash-SHA256 002ea0849da3c63ce6c09c084567e9470c3616084ef19402316e9d52f35c62a7", "Trojan:Win32/Emotet.PC!MTB: FileHash-SHA256 02b9cac1880e348302125664c4955fd163a219b1eb8b50de0ad350e0c147a0b0", "Trojan:Win32/Zbot.SIBB3!MTB: FileHash-SHA256 bc1739628aadbcc99bcb93caab4a7a73534694c817d57cc0ed735bf4bd0f6e45", "ELF:Hajime-Q\\ [Trj] : FileHash-SHA256 aa310469926150f9d6f980dd6ba200d1c9c7dec7c4b66c7de4cff6a30c038560", "Win32/Tasekjom.A : FileHash-SHA256 1230ac0c362b6049b9de011229707e05852dd11af75ca7071a1f089e6aca61f5", "Win32/Muldrop FileHash-SHA256 67a5e78bb2897b15d510dfce0d89f60330db01d7944ebb4f1dd90ce36c907e1b", "PWS:Win32/VB : FileHash-SHA256 dbc78d07e96562c6370ab515f5d65cea88a1b163ad10718c66d15155f4075630", "Backdoor:Win32/Tofsee: FileHash-SHA256 5b616ad2410bef0bc894c4bff013afe2d7f44dcdeb79420bab14c766cc460aa7", "VirTool:Win32/Obfuscator FileHash-SHA256 874e78143b683016ef8e41977f9d3ee34b97b145b313cdefdeb3e8900db6df73", "RASMONTR.DLL 192.168.56.101", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/http://activationskey.net/wp-content/uploads/2021/02/download-2-7.jpg", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/00734b135321562e7e0df7c2f8eb554435cc25c47f46747f79fc2116ac2cc6ef", "Parked: www.easycrypto.team | 'Parking Crew' ? Several names exist for advesarial 'Parking Hacker Groups' parking.namesilo.com", "Ranks high in search results because device is typically compromised with Convection engine and Keyword Tool", "a-fondness-for-beauty.com", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/ | http://activationskey.net/wp-content/uploads/2021/02/download-2-7.jpg", "iobit: https://cracxfree.com/iobit-malware-fighter-pro-2/ | https://cracklink.info/iobit-uninstaller-pro-key/", "iobit: https://ezcrack.info/iobit-uninstaller-pro-crack | https://ezcrack.info/iobit-uninstaller-pro-crack/", "http://crackedvst.info/plugin-alliance-bundle-crack/: sedoparking.com | sedoparking.com/frmpark/ -", "Trojan:Win32/Zbot: FileHash-SHA256 b7875b426ce25f1d4785ba7043bbfdba49feb726cc829d681acdd67c3c302c70", "ALF:Trojan:Win32/Cassini_f28c33a2:\tFileHash-SHA256 6fc35cb8e18f0d9d72bc1a7037ae88f8036362799f930a1a30e290d31be3b216", "Backdoor:Win32/Botgor: FileHash-SHA256 b70353b3ecf532ad51e7d6a1790275df02c7393b87d40add47a3baccab39802f", "TrojanDropper:Win32/Muldrop: FileHash-SHA256 bf8e919cf6ce208f1c2f98f07df835099f14e2f8708197b0165479468079d902", "#LowFiCreateRemoteThread: FileHash-SHA256 0ab94d890afef8ebae42007a119a8686f71bdd9bdf357262481daa7c9c7a283e", "Trojan:Win32/Blihan: FileHash-SHA256 dada5208109416153937db5a6f44f03b8b9025347c235acdc70edfa24a2a882e", "https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635 | itunes.apple.com", "http://appleid.com-index-manager-info-verify-receipt-account.usa.cc/ |", "https://realcrack.info/sidify-apple-music-converter-crack/ | applehouse-jp.com | iappletech.com | http://apple.int-access-accounts.usa.cc/", "http://apple-store.jspi304es-services-fixedbilling-responsive-managed-update-card.appleid-storeext.usa.cc/", "http://apple-unlocked-login.usa.cc/\t| http://apple.com.locked-account-verify-login.usa.cc/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort.DI", "display_name": "TrojanSpy:Win32/Nivdort.DI", "target": "/malware/TrojanSpy:Win32/Nivdort.DI" }, { "id": "Win32:CrypterX-gen\\ [Trj]", "display_name": "Win32:CrypterX-gen\\ [Trj]", "target": null }, { "id": "Trojan:Win32/Emotet.PC!MTB", "display_name": "Trojan:Win32/Emotet.PC!MTB", "target": "/malware/Trojan:Win32/Emotet.PC!MTB" }, { "id": "Trojan:Win32/CryptInject", "display_name": "Trojan:Win32/CryptInject", "target": "/malware/Trojan:Win32/CryptInject" }, { "id": "RASMONTR.DLL", "display_name": "RASMONTR.DLL", "target": null }, { "id": "Trojan:Win32/Salgorea", "display_name": "Trojan:Win32/Salgorea", "target": "/malware/Trojan:Win32/Salgorea" }, { "id": "Worm:Win32/Fasong", "display_name": "Worm:Win32/Fasong", "target": "/malware/Worm:Win32/Fasong" }, { "id": "Trojan:Win32/Glupteba", "display_name": "Trojan:Win32/Glupteba", "target": "/malware/Trojan:Win32/Glupteba" }, { "id": "Worm:Win32/Mofksys", "display_name": "Worm:Win32/Mofksys", "target": "/malware/Worm:Win32/Mofksys" }, { "id": "Trojan:Win32/QQpass", "display_name": "Trojan:Win32/QQpass", "target": "/malware/Trojan:Win32/QQpass" }, { "id": "Trojan:Win32/Zbot.SIBB3!MTB", "display_name": "Trojan:Win32/Zbot.SIBB3!MTB", "target": "/malware/Trojan:Win32/Zbot.SIBB3!MTB" }, { "id": "ELF:Hajime-Q\\ [Trj]", "display_name": "ELF:Hajime-Q\\ [Trj]", "target": null }, { "id": "Win32/Tasekjom.A", "display_name": "Win32/Tasekjom.A", "target": null }, { "id": "TEL:Trojan:Win32/TrojanDownloader", "display_name": "TEL:Trojan:Win32/TrojanDownloader", "target": null }, { "id": "Win32/TrojanDropper", "display_name": "Win32/TrojanDropper", "target": null }, { "id": "Trojan:Win32/Muldrop", "display_name": "Trojan:Win32/Muldrop", "target": "/malware/Trojan:Win32/Muldrop" }, { "id": "PWS:Win32/VB", "display_name": "PWS:Win32/VB", "target": "/malware/PWS:Win32/VB" }, { "id": "Backdoor:Win32/Tofsee", "display_name": "Backdoor:Win32/Tofsee", "target": "/malware/Backdoor:Win32/Tofsee" }, { "id": "Trojan:Win32/Blihan", "display_name": "Trojan:Win32/Blihan", "target": "/malware/Trojan:Win32/Blihan" }, { "id": "#LowFiCreateRemoteThread", "display_name": "#LowFiCreateRemoteThread", "target": null }, { "id": "Backdoor:Win32/Botgor", "display_name": "Backdoor:Win32/Botgor", "target": "/malware/Backdoor:Win32/Botgor" }, { "id": "ALF:Trojan:Win32/Cassini_f28c33a2", "display_name": "ALF:Trojan:Win32/Cassini_f28c33a2", "target": null } ], "attack_ids": [ { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" } ], "industries": [ "Technology", "Telecommunications", "Civilian Devices" ], "TLP": "green", "cloned_from": "66ccbb1146fb07a45b6b97fe", "export_count": 4029, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1492, "FileHash-MD5": 4799, "URL": 1297, "email": 17, "hostname": 1487, "FileHash-SHA1": 3901, "FileHash-SHA256": 8846, "URI": 1 }, "indicator_count": 21840, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "572 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "softwarezpro.net", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "softwarezpro.net", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776718306.0622897 }