{ "type": "Domain", "indicator": "system.windows", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/system.windows", "alexa": "http://www.alexa.com/siteinfo/system.windows", "indicator": "system.windows", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3088752593, "indicator": "system.windows", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6a01354e0f96f44818129b27", "name": "W11 - 05.08.26 - ASUS Clone_UAlberta AHS GoA - Files Only", "description": "Scan of AHS/Covenant Health, UAlberta, GoA Domain Joined Device\nW11 - 05.08.26 - P1-P6\nRestricted", "modified": "2026-05-11T17:13:37.959000", "created": "2026-05-11T01:47:58.771000", "tags": [ "YARA", "Jupyter_infostealer", "dependsonpythonailib", "classified", "CP_Script_Inject_Detector", "vmdetect", "Check_Dlls", "NET\thttps://yaraify.abuse.ch/search/yara/NET/", "Sus_CMD_Powershell_Usage", "test_rule_vldslv", "FreddyBearDropper" ], "references": [ "https://www.virustotal.com/graph/embed/g3944caf296a54705bdbfd7cec9e92c05e20a53d0d3814c17b06bc7057c5b2472?theme=dark", "https://www.virustotal.com/gui/collection/91b6e1b77529d1af156e6626798d259c4cef8c366359f7bd030f84a8f6e16844/iocs", "https://www.virustotal.com/graph/embed/gf16ea757421742d8b025d78d53b5bdbc437ba572bcd440ec9b1537d454bd7141?theme=dark", "https://www.virustotal.com/gui/collection/207a9894ae39ecf054b7beae2c3d3bf8cc7978562eab9a17d7c8e1db95c634df/iocs", "https://www.virustotal.com/graph/embed/gca730d4ad5d04cd9932324db97a38c0b7b4cdb8848264962ab20ef48b3e00704?theme=dark", "https://www.virustotal.com/gui/collection/f1139bc311b44effd63c5f3c895386ffb5a15c012d0e1b3efcdad7a9f43af977/iocs", "https://www.virustotal.com/gui/collection/c42190433e95fe4960d3c57ec81e869fd063c7c98fe08de1e61c5c7b82ce7951/iocs", "https://www.virustotal.com/gui/collection/c01ec3ced8ca33a975e8f41324fe1f9cf2a3e5682137084e8f61c09d3121c3c8/iocs", "https://www.virustotal.com/gui/collection/3be31d72071834427b2c433fc5bf71a8288a47ed83012931ac676d56597415ce/iocs", "https://metadefender.com/results/file/bzI2MDUxMWc0TkVtTmRpT3g3eUh5VnhWTmZV", "https://www.virustotal.com/gui/file/caf6170928c2aa757b4b40593ee640353163e51777f1e41a2cb6e0e46c000b28/detection", "https://www.filescan.io/uploads/6a01fd27df14f1cb2ad02927/reports/5891da9f-7e53-46ae-a484-185895cae2d7/overview", "https://opentip.kaspersky.com/CAF6170928C2AA757B4B40593EE640353163E51777F1E41A2CB6E0E46C000B28/results?tab=upload", "https://yaraify.abuse.ch/scan/results/0890b04c-4d59-11f1-badc-42010aa4000b", "https://hybrid-analysis.com/file-collection/6a020a3c5aacd57afc0aa061" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Healthcare", "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21693, "FileHash-SHA1": 1413, "FileHash-SHA256": 1420, "domain": 26, "hostname": 24 }, "indicator_count": 24576, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "20 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64f7efd15e05f08f517c1f9f", "name": "Ferventcoder.com malware server java.exe", "description": "283,000 files, communicating, 200 files, referring, all infected, worms, chargers, various malware.", "modified": "2023-10-06T08:04:19.660000", "created": "2023-09-06T03:19:45.968000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Hell-On-A-Stick", "id": "186907", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 143, "FileHash-SHA1": 141, "FileHash-SHA256": 1779, "domain": 51, "email": 1, "URL": 126, "hostname": 54 }, "indicator_count": 2295, "is_author": false, "is_subscribing": null, "subscriber_count": 52, "modified_text": "968 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/gui/collection/c01ec3ced8ca33a975e8f41324fe1f9cf2a3e5682137084e8f61c09d3121c3c8/iocs", "https://www.virustotal.com/gui/collection/f1139bc311b44effd63c5f3c895386ffb5a15c012d0e1b3efcdad7a9f43af977/iocs", "https://www.virustotal.com/gui/file/caf6170928c2aa757b4b40593ee640353163e51777f1e41a2cb6e0e46c000b28/detection", "https://www.virustotal.com/gui/collection/91b6e1b77529d1af156e6626798d259c4cef8c366359f7bd030f84a8f6e16844/iocs", "https://www.virustotal.com/graph/embed/gf16ea757421742d8b025d78d53b5bdbc437ba572bcd440ec9b1537d454bd7141?theme=dark", "https://metadefender.com/results/file/bzI2MDUxMWc0TkVtTmRpT3g3eUh5VnhWTmZV", "https://www.virustotal.com/gui/collection/c42190433e95fe4960d3c57ec81e869fd063c7c98fe08de1e61c5c7b82ce7951/iocs", "https://www.virustotal.com/graph/embed/gca730d4ad5d04cd9932324db97a38c0b7b4cdb8848264962ab20ef48b3e00704?theme=dark", "https://opentip.kaspersky.com/CAF6170928C2AA757B4B40593EE640353163E51777F1E41A2CB6E0E46C000B28/results?tab=upload", "https://hybrid-analysis.com/file-collection/6a020a3c5aacd57afc0aa061", "https://www.virustotal.com/graph/embed/g3944caf296a54705bdbfd7cec9e92c05e20a53d0d3814c17b06bc7057c5b2472?theme=dark", "https://www.virustotal.com/gui/collection/207a9894ae39ecf054b7beae2c3d3bf8cc7978562eab9a17d7c8e1db95c634df/iocs", "https://www.virustotal.com/gui/collection/3be31d72071834427b2c433fc5bf71a8288a47ed83012931ac676d56597415ce/iocs", "https://yaraify.abuse.ch/scan/results/0890b04c-4d59-11f1-badc-42010aa4000b", "https://www.filescan.io/uploads/6a01fd27df14f1cb2ad02927/reports/5891da9f-7e53-46ae-a484-185895cae2d7/overview" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Healthcare", "Education", "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6a01354e0f96f44818129b27", "name": "W11 - 05.08.26 - ASUS Clone_UAlberta AHS GoA - Files Only", "description": "Scan of AHS/Covenant Health, UAlberta, GoA Domain Joined Device\nW11 - 05.08.26 - P1-P6\nRestricted", "modified": "2026-05-11T17:13:37.959000", "created": "2026-05-11T01:47:58.771000", "tags": [ "YARA", "Jupyter_infostealer", "dependsonpythonailib", "classified", "CP_Script_Inject_Detector", "vmdetect", "Check_Dlls", "NET\thttps://yaraify.abuse.ch/search/yara/NET/", "Sus_CMD_Powershell_Usage", "test_rule_vldslv", "FreddyBearDropper" ], "references": [ "https://www.virustotal.com/graph/embed/g3944caf296a54705bdbfd7cec9e92c05e20a53d0d3814c17b06bc7057c5b2472?theme=dark", "https://www.virustotal.com/gui/collection/91b6e1b77529d1af156e6626798d259c4cef8c366359f7bd030f84a8f6e16844/iocs", "https://www.virustotal.com/graph/embed/gf16ea757421742d8b025d78d53b5bdbc437ba572bcd440ec9b1537d454bd7141?theme=dark", "https://www.virustotal.com/gui/collection/207a9894ae39ecf054b7beae2c3d3bf8cc7978562eab9a17d7c8e1db95c634df/iocs", "https://www.virustotal.com/graph/embed/gca730d4ad5d04cd9932324db97a38c0b7b4cdb8848264962ab20ef48b3e00704?theme=dark", "https://www.virustotal.com/gui/collection/f1139bc311b44effd63c5f3c895386ffb5a15c012d0e1b3efcdad7a9f43af977/iocs", "https://www.virustotal.com/gui/collection/c42190433e95fe4960d3c57ec81e869fd063c7c98fe08de1e61c5c7b82ce7951/iocs", "https://www.virustotal.com/gui/collection/c01ec3ced8ca33a975e8f41324fe1f9cf2a3e5682137084e8f61c09d3121c3c8/iocs", "https://www.virustotal.com/gui/collection/3be31d72071834427b2c433fc5bf71a8288a47ed83012931ac676d56597415ce/iocs", "https://metadefender.com/results/file/bzI2MDUxMWc0TkVtTmRpT3g3eUh5VnhWTmZV", "https://www.virustotal.com/gui/file/caf6170928c2aa757b4b40593ee640353163e51777f1e41a2cb6e0e46c000b28/detection", "https://www.filescan.io/uploads/6a01fd27df14f1cb2ad02927/reports/5891da9f-7e53-46ae-a484-185895cae2d7/overview", "https://opentip.kaspersky.com/CAF6170928C2AA757B4B40593EE640353163E51777F1E41A2CB6E0E46C000B28/results?tab=upload", "https://yaraify.abuse.ch/scan/results/0890b04c-4d59-11f1-badc-42010aa4000b", "https://hybrid-analysis.com/file-collection/6a020a3c5aacd57afc0aa061" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Healthcare", "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21693, "FileHash-SHA1": 1413, "FileHash-SHA256": 1420, "domain": 26, "hostname": 24 }, "indicator_count": 24576, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "20 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64f7efd15e05f08f517c1f9f", "name": "Ferventcoder.com malware server java.exe", "description": "283,000 files, communicating, 200 files, referring, all infected, worms, chargers, various malware.", "modified": "2023-10-06T08:04:19.660000", "created": "2023-09-06T03:19:45.968000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Hell-On-A-Stick", "id": "186907", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 143, "FileHash-SHA1": 141, "FileHash-SHA256": 1779, "domain": 51, "email": 1, "URL": 126, "hostname": 54 }, "indicator_count": 2295, "is_author": false, "is_subscribing": null, "subscriber_count": 52, "modified_text": "968 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "system.windows", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "system.windows", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780286084.0433378 }