{ "type": "Domain", "indicator": "this.ls", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/this.ls", "alexa": "http://www.alexa.com/siteinfo/this.ls", "indicator": "this.ls", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2489337784, "indicator": "this.ls", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "693cdc5b8ebc10664439c2fb", "name": "Project Cicada-.Christopher \u201cBuzz\u201d Ahmann - Freeman Mathis & Gary for The State of Colorado", "description": "State of Colorado attackers use DGA domains set up multiple Law Firms.. Christopher P. \u2019Buzz\u2019 Ahmann Is a legal consultant / attorney./ hacker \nWorks for the State of Colorado/ quasi. Is malicious and doesn\u2019t work alone. Continues to target \nState had relative contacted by a fake entity \u2018Goodness Health\u2019\nLeft vague VM for relative message \u201cWe work on the Medicare side of things.\u201d and? \nSocial engineering call , malicious domain. The State of Colorado has been on a relentless pursuit against target. Fully compromised targets relatives brand new phone. Hacked target since 10/2013.\nMultiple cyber and physical attacks carried out against target and family members.. There are attacks make to look like accidents or malfunctions. This harmful, silencing behavior is somehow illegal for anyone else.", "modified": "2026-02-10T06:05:39.764000", "created": "2025-12-13T03:24:11.414000", "tags": [ "colorado state", "freeman mathis", "history", "cyber risk", "aspen insureds", "gaig insureds", "landy insureds", "nip group", "purm insureds", "overview core", "united", "ip address", "present nov", "present may", "moved", "encrypt", "unknown", "backdoor", "passive dns", "ransom", "checkin", "trojandropper", "mtb nov", "twitter", "trojan", "data upload", "extraction", "failed", "united states", "server response", "google safe", "results may", "lowfi", "virtool", "mtb alf", "mh alf", "port", "windows nt", "destination", "msie", "khtml", "gecko", "unknown aaaa", "a domains", "meta", "for privacy", "cop supply", "urls", "as139646 hong", "hostname", "files", "hong kong", "domain add", "ip related", "hash avast", "avg clamav", "msdefender may", "ddos", "as13335", "ipv4", "certificate", "hostname add", "url analysis", "files ip", "name strings", "category", "united states", "pulse indicator", "address", "error", "null", "object", "string", "number", "google maps", "promise", "javascript api", "dataset", "bigint", "dark", "android", "infinity", "internal", "roboto", "trident", "void", "small", "lightrail", "false", "span", "close", "light", "hybrid", "embed", "iframe", "keygen", "this", "february", "bounce", "drop", "inside", "outside", "marker", "present dec", "pulses otx", "aaaa", "asnone country", "record value", "title", "pulse pulses", "pulses", "showing", "unknown cname", "unknown soa", "next associated", "ipv4 add", "cycbot", "extract indic", "sneaker bots", "proxies data", "script script", "adult content", "nextimage", "porn site", "div div", "platform make", "cloudfront x", "hio52 p3", "unknown ns", "pulse submit", "title error", "reverse dns", "status", "servers", "name servers", "vashti hostname", "scan endpoints", "url http", "http", "files domain", "files related", "pulses none", "dnssec", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "domain", "emails", "cookie", "url https", "show", "filehash", "urls show", "date checked", "url hostname", "results nov", "win32", "type", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "defense evasion", "spawns", "flag", "llc name", "server", "markmonitor", "name server", "windir", "openurl c", "prefetch2", "show technique", "mitre att", "ck matrix", "pattern match", "ascii text", "sha1", "href", "show process", "file", "general", "local", "path", "germany unknown", "date", "registrar", "ip whois", "dynamicloader", "high", "medium", "search", "displayname", "tofsee", "win64", "write", "stream", "malware", "push", "entries", "tls handshake", "failure", "forbidden", "tlsv1", "april", "next", "write c", "intel", "ms windows", "sha1 add", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "sha256 add", "present jun", "present mar", "medelln", "colombia asn", "dns resolutions", "address domain", "related tags", "none google", "safe browsing", "external", "present sep", "present aug", "as54113", "present jul", "as8068", "gmt content", "total", "read", "delete", "top source", "quasi", "murderers", "christopher ahmann", "buzz ahmann", "wow64", "slcc2", "media center", "labor", "employment", "cdle", "dowc", "colorado", "workers", "coloradoif", "independent", "state", "company", "entity type", "authorized line", "analysis", "tor analysis", "process details", "network traffic", "t1071", "potential ip", "click", "found", "t1480 execution", "bad traffic", "et info", "ck techniques", "evasion att", "t1057", "refresh", "body", "strings", "tools", "look", "verify", "restart", "cname", "form", "pulse", "script domains", "script urls", "administrator", "services llc", "dns admin", "domain admin", "global llc", "domain manager", "computer system", "ltd domain", "network", "alibaba", "facebook", "phishme", "sogou", "present jan", "present feb", "present oct" ], "references": [ "https://www.fmglaw.com/lawyers/christopher-ahmann - found in adult content pulse.", "Sneaker Bots Proxies Servers Cook Groups Cop Supply", "archive.cop.supply \u2022 dev.cop.supply \u2022 https://cop.supply/ \u2022 https://cop.supply/bot-lists/", "https://cop.supply/supreme-bots/\u2022 https://cop.supply/useful-tools/", "https://cop.supply/proxies-lists/ \u2022 https://cop.supply/shopify-bots/", "dns.army \u2022 www.dcopr.dns.army \u2022 www.glsyaiwjj.dns.army \u2022 www.wgmvk.dns.army", "https://maps.googleapis.com/maps/api/js?sensor=false", "cell-0.af-south-1.prod.telemetry.console.api.aws", "howtoworkacrickoutofyourneck2.pages.dev", "firebase-auth-eich0v.pages.dev", "http://ianswertomom.com/develop-wise-woman-within-yourself", "http://ianswertomom.com/bible-verses-struggling-contentment-mom/ I", "https://i-want-to-start-an-onlyfans.pages.dev/favicon.ico| I bet you do boo boo", "makeapornsite.com \u2022 https://pornhighschool.com/ \u2022 https://ethnicerotic.com \u2022 https://twitter.com/Make", "https://khmerpornvideo.signup0.y.id/", "https://lordseriala.life/6337-zvezdnye-vojny-opornaja-komanda.html", "https://clear.ml/infrastructure-control-plane", "dev-app.project-cicada.com \u2022 http://dev-app.project-cicada.com \u2022 https://dev-app.project-cicada.com (2014 report predates 2016 reports)", "https://amano.inboundtools.com/tpcontact URL https://armg.inboundtools.com/ URL https://gaiax.inboundtools.com/internship URL https://hmk.inboundtools.com/ URL https://hmk.inboundtools.com/form/assetview_siryo_sier", "https://download.clear.ml/cpython_builds/releases/ \u2022 https://download.clear.", "https://links.mail.samsara.com/s/c/P9R6gGlExR4nfCwqwJXUmr7NmKcMNde4ZBhCFprlVtsFNgh-4tuTWla0aXN9rIWCjrWtn0Vln7x-hexxVBlY3xxvnEevR8qJU5G5xV3__wo-X7kkpSOhJVfejac-Xk8qu6zs5Z-tILwWYRkNScZNGlAqfwQuJuRw5M-n_ZKI6tuY5XGCZAqWoQepi1NnJiW4wZJkzZlOwGtNkusbuKDcMsLVrrhji2eKh4kYgrJp_SeycJRhasLFCQ3c2bPu4sahEWpcHZrQBaxvdfQgTEno8kV-RJdTDO0zK5MyWDJLeds7mnaDrxlb0O2zmhebUdlHE0R0xHi25dympBUpMlLsQV8bx1WUTOfgK4k0ci9o_2Gbfe22-jLxsJN-msV6pxWYQMaxRNFd4iZRC9J9Z1SC5MBqbvNzqdt98kFdpibnv_QIHdhFyHOR_Ip_LX67Dncc8V8OvAi-H5phfeSyDzwdzf2FQIi82", "https://voidpet.io/invite/scaredscared/1rpzxWXa61 \u2022 https://sex-doggy.net/tag/censored", "Everyone has simply asked you alll to stop. Target never asked anyone for money.", "Legal court documented agreement to allow and pay target to hire cyber investigators", "Attacks are being carried out by The State of Colorado" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "France", "Ireland", "Spain", "Italy", "Aruba", "Australia", "Denmark", "United Kingdom of Great Britain and Northern Ireland", "Germany", "T\u00fcrkiye", "Indonesia" ], "malware_families": [ { "id": "Win.Trojan.GravityRAT-6511862-0", "display_name": "Win.Trojan.GravityRAT-6511862-0", "target": null }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "target": null }, { "id": "Unix.Trojan.Tsunami-6981155-0", "display_name": "Unix.Trojan.Tsunami-6981155-0", "target": null }, { "id": "TrojanDropper:Win32/Systex.A", "display_name": "TrojanDropper:Win32/Systex.A", "target": "/malware/TrojanDropper:Win32/Systex.A" }, { "id": "Win.Trojan.Tepfer-61", "display_name": "Win.Trojan.Tepfer-61", "target": null }, { "id": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "display_name": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "target": null }, { "id": "VirTool:Win32/VBInject.gen!MH", "display_name": "VirTool:Win32/VBInject.gen!MH", "target": "/malware/VirTool:Win32/VBInject.gen!MH" }, { "id": "ALF:NID:Susp_NSIS_Stub.A", "display_name": "ALF:NID:Susp_NSIS_Stub.A", "target": null }, { "id": "#LOWFI:HSTR:Criakl.B1", "display_name": "#LOWFI:HSTR:Criakl.B1", "target": null }, { "id": "Backdoor:Win32/Arwobot.B", "display_name": "Backdoor:Win32/Arwobot.B", "target": "/malware/Backdoor:Win32/Arwobot.B" }, { "id": "Win.Packed.Bandook-9882274-1", "display_name": "Win.Packed.Bandook-9882274-1", "target": null }, { "id": "TrojanDownloader:Win32/Cutwail", "display_name": "TrojanDownloader:Win32/Cutwail", "target": "/malware/TrojanDownloader:Win32/Cutwail" }, { "id": "Win.Downloader.Small-4507", "display_name": "Win.Downloader.Small-4507", "target": null }, { "id": "Trojan:Win32/Qbot.R!MTB", "display_name": "Trojan:Win32/Qbot.R!MTB", "target": "/malware/Trojan:Win32/Qbot.R!MTB" }, { "id": "Win.Malware.Mikey-9949492-0", "display_name": "Win.Malware.Mikey-9949492-0", "target": null }, { "id": "Ransom:Win32/Crowti.A", "display_name": "Ransom:Win32/Crowti.A", "target": "/malware/Ransom:Win32/Crowti.A" }, { "id": "Backdoor:Linux/DemonBot.Aa!MTB", "display_name": "Backdoor:Linux/DemonBot.Aa!MTB", "target": "/malware/Backdoor:Linux/DemonBot.Aa!MTB" }, { "id": "Unix.Trojan.Gafgyt-6981154-0", "display_name": "Unix.Trojan.Gafgyt-6981154-0", "target": null }, { "id": "DDOS:Linux/Gafgyt.YA!MTB", "display_name": "DDOS:Linux/Gafgyt.YA!MTB", "target": "/malware/DDOS:Linux/Gafgyt.YA!MTB" }, { "id": "CVE-2017-11882", "display_name": "CVE-2017-11882", "target": null }, { "id": "ALF:Exploit:O97M/CVE-2017-8977", "display_name": "ALF:Exploit:O97M/CVE-2017-8977", "target": null }, { "id": "Cycbot", "display_name": "Cycbot", "target": null }, { "id": "Win32:BotX-gen\\ [Trj]", "display_name": "Win32:BotX-gen\\ [Trj]", "target": null }, { "id": "NIDS", "display_name": "NIDS", "target": null }, { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Worm", "display_name": "Worm", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" } ], "industries": [ "Insurance", "Construction" ], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 54118, "domain": 11153, "hostname": 18578, "email": 21, "FileHash-SHA256": 4905, "FileHash-MD5": 548, "FileHash-SHA1": 534, "CVE": 7, "SSLCertFingerprint": 20, "CIDR": 1 }, "indicator_count": 89885, "is_author": false, "is_subscribing": null, "subscriber_count": 146, "modified_text": "112 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6963596c4cd594b77b4675ec", "name": "Project Cicada-.Christopher \u201cBuzz\u201d Ahmann - PalantirFoundry | The State of Colorado | ", "description": "", "modified": "2026-02-10T06:05:39.764000", "created": "2026-01-11T08:03:56.534000", "tags": [ "colorado state", "freeman mathis", "history", "cyber risk", "aspen insureds", "gaig insureds", "landy insureds", "nip group", "purm insureds", "overview core", "united", "ip address", "present nov", "present may", "moved", "encrypt", "unknown", "backdoor", "passive dns", "ransom", "checkin", "trojandropper", "mtb nov", "twitter", "trojan", "data upload", "extraction", "failed", "united states", "server response", "google safe", "results may", "lowfi", "virtool", "mtb alf", "mh alf", "port", "windows nt", "destination", "msie", "khtml", "gecko", "unknown aaaa", "a domains", "meta", "for privacy", "cop supply", "urls", "as139646 hong", "hostname", "files", "hong kong", "domain add", "ip related", "hash avast", "avg clamav", "msdefender may", "ddos", "as13335", "ipv4", "certificate", "hostname add", "url analysis", "files ip", "name strings", "category", "united states", "pulse indicator", "address", "error", "null", "object", "string", "number", "google maps", "promise", "javascript api", "dataset", "bigint", "dark", "android", "infinity", "internal", "roboto", "trident", "void", "small", "lightrail", "false", "span", "close", "light", "hybrid", "embed", "iframe", "keygen", "this", "february", "bounce", "drop", "inside", "outside", "marker", "present dec", "pulses otx", "aaaa", "asnone country", "record value", "title", "pulse pulses", "pulses", "showing", "unknown cname", "unknown soa", "next associated", "ipv4 add", "cycbot", "extract indic", "sneaker bots", "proxies data", "script script", "adult content", "nextimage", "porn site", "div div", "platform make", "cloudfront x", "hio52 p3", "unknown ns", "pulse submit", "title error", "reverse dns", "status", "servers", "name servers", "vashti hostname", "scan endpoints", "url http", "http", "files domain", "files related", "pulses none", "dnssec", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "domain", "emails", "cookie", "url https", "show", "filehash", "urls show", "date checked", "url hostname", "results nov", "win32", "type", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "defense evasion", "spawns", "flag", "llc name", "server", "markmonitor", "name server", "windir", "openurl c", "prefetch2", "show technique", "mitre att", "ck matrix", "pattern match", "ascii text", "sha1", "href", "show process", "file", "general", "local", "path", "germany unknown", "date", "registrar", "ip whois", "dynamicloader", "high", "medium", "search", "displayname", "tofsee", "win64", "write", "stream", "malware", "push", "entries", "tls handshake", "failure", "forbidden", "tlsv1", "april", "next", "write c", "intel", "ms windows", "sha1 add", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "sha256 add", "present jun", "present mar", "medelln", "colombia asn", "dns resolutions", "address domain", "related tags", "none google", "safe browsing", "external", "present sep", "present aug", "as54113", "present jul", "as8068", "gmt content", "total", "read", "delete", "top source", "quasi", "murderers", "christopher ahmann", "buzz ahmann", "wow64", "slcc2", "media center", "labor", "employment", "cdle", "dowc", "colorado", "workers", "coloradoif", "independent", "state", "company", "entity type", "authorized line", "analysis", "tor analysis", "process details", "network traffic", "t1071", "potential ip", "click", "found", "t1480 execution", "bad traffic", "et info", "ck techniques", "evasion att", "t1057", "refresh", "body", "strings", "tools", "look", "verify", "restart", "cname", "form", "pulse", "script domains", "script urls", "administrator", "services llc", "dns admin", "domain admin", "global llc", "domain manager", "computer system", "ltd domain", "network", "alibaba", "facebook", "phishme", "sogou", "present jan", "present feb", "present oct" ], "references": [ "https://www.fmglaw.com/lawyers/christopher-ahmann - found in adult content pulse.", "Sneaker Bots Proxies Servers Cook Groups Cop Supply", "archive.cop.supply \u2022 dev.cop.supply \u2022 https://cop.supply/ \u2022 https://cop.supply/bot-lists/", "https://cop.supply/supreme-bots/\u2022 https://cop.supply/useful-tools/", "https://cop.supply/proxies-lists/ \u2022 https://cop.supply/shopify-bots/", "dns.army \u2022 www.dcopr.dns.army \u2022 www.glsyaiwjj.dns.army \u2022 www.wgmvk.dns.army", "https://maps.googleapis.com/maps/api/js?sensor=false", "cell-0.af-south-1.prod.telemetry.console.api.aws", "howtoworkacrickoutofyourneck2.pages.dev", "firebase-auth-eich0v.pages.dev", "http://ianswertomom.com/develop-wise-woman-within-yourself", "http://ianswertomom.com/bible-verses-struggling-contentment-mom/ I", "https://i-want-to-start-an-onlyfans.pages.dev/favicon.ico| I bet you do boo boo", "makeapornsite.com \u2022 https://pornhighschool.com/ \u2022 https://ethnicerotic.com \u2022 https://twitter.com/Make", "https://khmerpornvideo.signup0.y.id/", "https://lordseriala.life/6337-zvezdnye-vojny-opornaja-komanda.html", "https://clear.ml/infrastructure-control-plane", "dev-app.project-cicada.com \u2022 http://dev-app.project-cicada.com \u2022 https://dev-app.project-cicada.com (2014 report predates 2016 reports)", "https://amano.inboundtools.com/tpcontact URL https://armg.inboundtools.com/ URL https://gaiax.inboundtools.com/internship URL https://hmk.inboundtools.com/ URL https://hmk.inboundtools.com/form/assetview_siryo_sier", "https://download.clear.ml/cpython_builds/releases/ \u2022 https://download.clear.", "https://links.mail.samsara.com/s/c/P9R6gGlExR4nfCwqwJXUmr7NmKcMNde4ZBhCFprlVtsFNgh-4tuTWla0aXN9rIWCjrWtn0Vln7x-hexxVBlY3xxvnEevR8qJU5G5xV3__wo-X7kkpSOhJVfejac-Xk8qu6zs5Z-tILwWYRkNScZNGlAqfwQuJuRw5M-n_ZKI6tuY5XGCZAqWoQepi1NnJiW4wZJkzZlOwGtNkusbuKDcMsLVrrhji2eKh4kYgrJp_SeycJRhasLFCQ3c2bPu4sahEWpcHZrQBaxvdfQgTEno8kV-RJdTDO0zK5MyWDJLeds7mnaDrxlb0O2zmhebUdlHE0R0xHi25dympBUpMlLsQV8bx1WUTOfgK4k0ci9o_2Gbfe22-jLxsJN-msV6pxWYQMaxRNFd4iZRC9J9Z1SC5MBqbvNzqdt98kFdpibnv_QIHdhFyHOR_Ip_LX67Dncc8V8OvAi-H5phfeSyDzwdzf2FQIi82", "https://voidpet.io/invite/scaredscared/1rpzxWXa61 \u2022 https://sex-doggy.net/tag/censored", "Everyone has simply asked you alll to stop. Target never asked anyone for money.", "Legal court documented agreement to allow and pay target to hire cyber investigators", "Attacks are being carried out by The State of Colorado" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "France", "Ireland", "Spain", "Italy", "Aruba", "Australia", "Denmark", "United Kingdom of Great Britain and Northern Ireland", "Germany", "T\u00fcrkiye", "Indonesia" ], "malware_families": [ { "id": "Win.Trojan.GravityRAT-6511862-0", "display_name": "Win.Trojan.GravityRAT-6511862-0", "target": null }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "target": null }, { "id": "Unix.Trojan.Tsunami-6981155-0", "display_name": "Unix.Trojan.Tsunami-6981155-0", "target": null }, { "id": "TrojanDropper:Win32/Systex.A", "display_name": "TrojanDropper:Win32/Systex.A", "target": "/malware/TrojanDropper:Win32/Systex.A" }, { "id": "Win.Trojan.Tepfer-61", "display_name": "Win.Trojan.Tepfer-61", "target": null }, { "id": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "display_name": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "target": null }, { "id": "VirTool:Win32/VBInject.gen!MH", "display_name": "VirTool:Win32/VBInject.gen!MH", "target": "/malware/VirTool:Win32/VBInject.gen!MH" }, { "id": "ALF:NID:Susp_NSIS_Stub.A", "display_name": "ALF:NID:Susp_NSIS_Stub.A", "target": null }, { "id": "#LOWFI:HSTR:Criakl.B1", "display_name": "#LOWFI:HSTR:Criakl.B1", "target": null }, { "id": "Backdoor:Win32/Arwobot.B", "display_name": "Backdoor:Win32/Arwobot.B", "target": "/malware/Backdoor:Win32/Arwobot.B" }, { "id": "Win.Packed.Bandook-9882274-1", "display_name": "Win.Packed.Bandook-9882274-1", "target": null }, { "id": "TrojanDownloader:Win32/Cutwail", "display_name": "TrojanDownloader:Win32/Cutwail", "target": "/malware/TrojanDownloader:Win32/Cutwail" }, { "id": "Win.Downloader.Small-4507", "display_name": "Win.Downloader.Small-4507", "target": null }, { "id": "Trojan:Win32/Qbot.R!MTB", "display_name": "Trojan:Win32/Qbot.R!MTB", "target": "/malware/Trojan:Win32/Qbot.R!MTB" }, { "id": "Win.Malware.Mikey-9949492-0", "display_name": "Win.Malware.Mikey-9949492-0", "target": null }, { "id": "Ransom:Win32/Crowti.A", "display_name": "Ransom:Win32/Crowti.A", "target": "/malware/Ransom:Win32/Crowti.A" }, { "id": "Backdoor:Linux/DemonBot.Aa!MTB", "display_name": "Backdoor:Linux/DemonBot.Aa!MTB", "target": "/malware/Backdoor:Linux/DemonBot.Aa!MTB" }, { "id": "Unix.Trojan.Gafgyt-6981154-0", "display_name": "Unix.Trojan.Gafgyt-6981154-0", "target": null }, { "id": "DDOS:Linux/Gafgyt.YA!MTB", "display_name": "DDOS:Linux/Gafgyt.YA!MTB", "target": "/malware/DDOS:Linux/Gafgyt.YA!MTB" }, { "id": "CVE-2017-11882", "display_name": "CVE-2017-11882", "target": null }, { "id": "ALF:Exploit:O97M/CVE-2017-8977", "display_name": "ALF:Exploit:O97M/CVE-2017-8977", "target": null }, { "id": "Cycbot", "display_name": "Cycbot", "target": null }, { "id": "Win32:BotX-gen\\ [Trj]", "display_name": "Win32:BotX-gen\\ [Trj]", "target": null }, { "id": "NIDS", "display_name": "NIDS", "target": null }, { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Worm", "display_name": "Worm", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" } ], "industries": [ "Insurance", "Construction" ], "TLP": "green", "cloned_from": "693cdc5b8ebc10664439c2fb", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 54118, "domain": 11153, "hostname": 18578, "email": 21, "FileHash-SHA256": 4905, "FileHash-MD5": 548, "FileHash-SHA1": 534, "CVE": 7, "SSLCertFingerprint": 20, "CIDR": 1 }, "indicator_count": 89885, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "112 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6605781ad51380e5b1c22815", "name": "haul from the last two weeks of wrangling - presumed malware and IOC's found on my personal devices", "description": "nearing the two year mark of the first initial attack - unfortunately OTX was only able to pull domains from the large majority of files uploaded which seems to be a built in anti-debug feature and goes with the theme and \"look & feel\" of this latest iteration being that most of them were somehow someway remote and acting as a net file system on my machine", "modified": "2024-04-27T02:04:29.606000", "created": "2024-03-28T14:00:58.809000", "tags": [ "dddf", "target", "dddj", "path", "base o", "base", "backupfile", "base rw", "exit", "date", "hell", "gnu libtool", "please do", "linker", "lsmime3 lnss3", "lplc4 lnspr4", "ludev", "directory", "lmagic ljansson", "feugiat", "lorem ipsum", "nulla facilisi", "malesuada", "etiam tempor", "suspendisse", "consectetur", "bibendum", "amet", "eget aliquet", "basesectors", "date echo", "default", "label", "kernel", "append rhgb", "clsid", "systemroot", "webbrowser", "ispell", "imagemagick", "flex", "zle c", "whois", "locate", "rubber", "chown", "ruby", "ninja", "pacman", "restart", "kill", "django", "mark", "repl", "service", "term", "mkdir", "borg", "black", "conan", "dolphin", "dotnet", "hello", "john", "generic", "find", "shutdown", "mozilla", "first", "subsystem", "action", "goto", "load", "devtype", "idnetdriver", "drivers", "program", "interface", "nmunmanaged", "ethernet", "mac prefix", "attr", "virtualbox host", "mac address", "interface name", "hello world", "unit", "timer", "onbootsec5min", "install", "wait online", "networkmanager", "edit", "note", "typeoneshot", "cloud", "optin", "helper", "for testing", "only", "restrict", "grant", "enable debug", "trace", "killmodeprocess", "typedbus", "reload", "capdacoverride", "dhcp etc", "include", "yara", "cflags", "libs", "xxx remove", "the author", "this software", "isc license", "copyright", "schlueter", "permission", "software is", "provided", "as is", "disclaims all", "direct", "require", "semver", "comparator", "range", "releasetypes", "simple", "tilde", "09azaz", "prerelease", "same", "beta", "semverrangesgtr", "semverrangesltr", "coerce version", "ranges", "alpha", "standalone", "exits", "null", "false", "reverse", "compare", "a javascript", "copyright isaac", "typeerror", "maxsafeinteger", "maxlength", "break", "error", "number", "drop", "same direction", "symbol", "comp", "const", "caret", "flagloose", "xrange", "parse", "identifier", "object", "match", "string", "walk", "manually", "stop", "highhaspre", "major", "minor", "patch", "istanbul", "preminor", "index", "regexp", "build metadata", "meaning", "replace", "token", "zero", "star", "infinity", "return", "a cache", "build status", "coverage status", "the same", "options", "before", "lrulist", "cache", "length", "dispose", "maxage", "allowstale", "nodisposeonset", "yallist", "node", "array", "head", "function", "tail", "start", "insert", "just", "node object", "barbar", "array method", "default export", "any comparator", "complex range", "simple range", "c1 c2", "outer", "every simple", "ecomp", "must", "clone", "case", "ignore", "setmin", "determine", "version", "typeof", "contribute", "status", "node package", "manager", "benchmark suite", "installation", "direct download", "ql https", "node version", "usage", "project", "calendar", "package", "source", "license", "source form", "perl foundation", "distributor fee", "distribute", "standard", "neither", "module", "basecommand", "lifecyclecmd", "base command", "pacote", "browser", "workspace", "pkgname", "await", "boolean", "base class", "wrapwidth", "chalk", "command", "config", "npmcliconfig", "logfile", "timers", "display", "location", "audit", "arboristcmd", "arborist", "global", "whoami", "async", "json", "view", "pref", "pckmnt", "resolve", "utf8", "libnpmversion", "unstar", "update", "save", "omit", "packagelock", "dryrun", "force", "libnpmaccess", "spec", "uninstall", "todo", "enoent", "enotdir", "test", "scriptshell", "scope", "team", "create", "user", "libnpmteam", "destroy", "table", "list", "cidr", "stars", "eneedauth", "shrinkwrap", "rename", "npmcliarborist", "value", "unicode", "sbom", "cyclonedx", "build", "sbomformats", "response", "software bill", "look", "script", "runscript", "indent", "root", "minipass", "search", "pipeline", "filterstream", "libnpmsearch", "long", "grab", "packageurlcmd", "repo", "info", "repo const", "rebuild", "reifycmd", "publish", "libnpmpack", "npmclirunscript", "prune", "remove", "prefix", "args", "queryable", "packagejson", "pong", "cleanurl", "registry", "pack", "load tarball", "noise", "query", "edge", "etarget", "e403", "e404", "outdated", "homepage", "developer", "admin", "owner", "libnpmorg", "npmfetch", "logout", "getauth", "invalid", "parent", "depth", "type", "filteredby", "dedupe", "problems", "login", "link", "util", "installcitest", "runs", "prop", "password", "profile", "mode", "email", "twitter", "hook", "libnpmhook", "init", "wpath", "installtest", "complete", "globaltop", "help", "viewer", "glob", "pattern", "file", "globify", "explore", "shell", "handle", "fund", "which", "fundingsource", "archy", "explain", "helpsearch", "text", "part", "editor", "editor const", "childprocess", "check", "nodemodules", "docs", "promisify", "doctor", "cacache", "mask", "win32", "disttag", "packagespec", "semver range", "delete", "diff", "workspacepath", "actualtree", "libnpmdiff", "deprecate", "message", "write", "clean", "spawn", "compline", "comppoint", "compcword", "epipe", "completion", "compfish", "os x", "bugs", "report", "adduser", "exec", "libnpmexec", "localprefix", "runpath", "skip", "public key", "npmauditreport", "access", "item", "finddupes", "syntaxerror", "getcli", "eventemitter", "abort", "ssri", "columnify", "bundled", "tarball details", "sha1", "daily", "latest", "check daily", "weekly", "cyclonedxschema", "cyclonedxformat", "proppath", "propbundled", "propdevelopment", "propextraneous", "propprivate", "refvcs", "refwebsite", "crypto", "readpassword", "readusername", "reademail", "enter", "enter otp", "otpprompt", "afaf09", "passwordprompt", "auditerror", "getfundinginfo", "json output", "data", "append", "maybeindex", "ontimeend", "name", "returns", "noassertion", "spdxidentifer", "spdxdatalicense", "reldescribes", "reldep", "reftypepurl", "spdxid", "eotp", "e401", "setinterval", "npmlog", "proclog", "maxlogsperfile", "fsminipass", "open", "colmax", "colmin", "colgutter", "quick help", "convert", "b return", "mb return", "gb return", "sigint", "readline", "prompt", "promise", "eresolve error", "overridden", "peer", "extraneous", "optional", "isworkspace", "maxlen", "code", "unfinished", "notice", "isshellout", "matcherrorcode", "devnull", "npmcompletion", "compwords", "compreply", "o default", "f npmcompletion", "ifs compadd", "fish shell", "l cmd", "taken", "comp stuff", "lx compline", "abbrev", "please", "enyi", "json version", "cygwin", "c1 control", "numbers", "x09 x0a", "10000", "nodemodulesnpm", "builtin", "npmrc", "notsup", "notarget", "nospc", "rofs", "author", "npmclifs", "minimatch", "pathtofoo", "relative", "synopsis", "description", "field", "person", "configuration", "whether", "premajor", "prepatch", "prevents", "run git", "upgrade", "examples", "will", "shareman", "cidr whitelist", "please refer", "tokenid", "eslint", "c eslint", "compatibility", "older", "versions", "nodeoptions", "details", "output", "example", "posix", "unstarring", "lcall", "starring", "lock", "materials", "spdx", "lodash", "nodeenv", "initcwd", "boolean set", "boolean tells", "windows", "unix", "selector", "use cases", "queries", "equivalent", "boolean show", "nocolor environ", "cli look", "boolean force", "dependency", "json object", "production", "files", "cicd system", "property", "change", "url opener", "basic auth", "allow", "description a", "removes", "semvermajor", "ping https", "ping http", "found", "get http", "example add", "json format", "handy", "display prefix", "g usrlocal", "mycorp", "associate", "deprecated", "libnodemodules", "caveat note", "workspace usage", "string override", "tarball", "githubrepo", "initializer", "usrfoo", "forwarding", "suppose", "commandsnpm", "hooks", "url endpoint", "browse", "consider", "ci environment", "string optional", "promzard", "top level", "expect", "javascript", "it staff", "https", "cli team", "ecmascript", "readme", "package current", "latest location", "depended", "git repos", "git dependency", "newest version", "modify package", "description add", "show", "purpose tags", "tags", "keyvalue", "16 16", "boolean ignore", "boolean do", "string source", "treat", "example make", "grep", "travis ci", "details npm", "localappdata", "tab completion", "bulk advisory", "sha256publickey", "endpoint", "quick audit", "set access", "that user", "scoped", "python", "description npm", "node javascript", "important npm", "introduction", "c code", "unix system", "integrity", "provide", "facilitate", "cli tool", "handling old", "lockfiles", "file format", "legacy", "urls", "spdx license", "most", "barney rubble", "specify", "github", "dependencies", "github urls", "node installer", "linux", "overview", "windows node", "prefixetcnpmrc", "variablename", "home", "comments", "peruser config", "global config", "builtin config", "auth", "cycles", "local install", "global install", "appdata", "below", "please note", "stage", "after", "life cycle", "runs after", "post scripts", "scripts", "slate", "synopsis so", "rf usrlocal", "modules", "with", "laf usrlocal", "l npm", "description all", "installing", "myorgmypackage", "requiring", "publishing", "private modules", "scopes", "apis", "auth related", "does", "package name", "aliases", "folders", "os equivalent", "tarballs", "teams", "orgs", "super admin", "team admins", "developer guide", "description so", "be explicit", "blank", "standard glob", "link packages", "syntax", "selectors", "querying", "log file", "location all", "log levels", "information", "headers", "logs", "alias", "certificate", "format", "docext", "content", "descriptions", "shorthands", "keyb", "print", "dir1", "manual", "input", "line", "process", "display help", "dirs", "get contents", "maxdepth", "contents", "u2665 bxe5r", "ud834udf06 baz", "single", "cssesc", "usage arborist", "commands", "options most", "npm install", "npm rm", "time", "silent", "fetch", "conf", "handler", "extract", "additional", "jackspeak", "jack", "glob v", "expand", "drive letter", "never", "true", "rob browning", "gnu library", "general", "public license", "license file", "future import", "adderror", "cdfq", "charles levert", "egrep", "egrepegrep", "fgrepfgrep", "grepgrep", "svr4 grepegrep", "times", "attributeerror", "fixcygwinid", "enhanced", "false try", "false assert", "tsns", "inetaddress", "none", "return value", "unixaddress", "localrepo", "httpserver", "valueerror", "resourcepath", "exception", "eoferror", "c version", "bytesio", "offset", "binary", "ascii", "baseversion", "commit", "throw", "in n", "send", "data end", "if 10", "copy", "send logoutn", "exitatoi", "tmplink", "lcallc binls", "varlogsetup rm", "sf tmp", "slackware", "system console", "entry", "ansi mode", "b007e", "slackware ftp", "cdrom", "miquel van", "smoorenburg", "okay", "minix", "fixme", "overwrite", "connect", "ssh connection", "subcmd", "bbupttywidth", "bupforcetty", "hashsplitter", "b options", "false def", "hack", "kbytesr", "srcpath", "tmptagfiles", "device", "tmpreply", "reply", "including", "but not", "quotesplit", "quoteerror", "not word", "split line", "mainselect", "tpxetcfstab", "select", "slackware linux", "varlogmount", "anything", "tmpswapmsg", "swappart", "ndir", "swaplist", "tmpsetswap", "linux swap", "swap space", "redir", "linux fdisk", "tmptmpscript", "eof fi", "instsets", "gnome", "tmpsetds", "tmpsetseries", "gnu emacs", "gnome desktop", "linux kernel", "k desktop", "uucp", "tmp fi", "tmpsettpx", "tpxetcshadow", "root password", "detected", "internet", "press", "linux native", "partitions", "tmpreturn", "nodes", "nextpartition", "rootdevice", "mtpt", "size", "formatting", "doformat", "main", "done", "sourcemedia", "tmpmedia", "source media", "selection", "slackware cd", "network file", "tmpsetreturn", "maketag", "choice", "mount", "tagext", "tmpsetnewtag", "tmpsettagmake", "sorry", "tmpsetkeymap", "mapname", "moorhead", "keyboard map", "us keyboard", "updown", "copying", "kernel chmod", "kernel rdev", "lilo", "fullerr", "tmpsettestfull", "partition full", "setup", "altf2", "slackware setup", "dospart", "newdir", "tmptempscript", "tmpsetdos", "partition", "ntfs", "doslist", "installscripts", "tpxproc", "atapi cd", "kerberos", "file transfer", "iana", "appletalk", "network", "control", "secure shell", "chat", "contact", "prospero", "outtag", "outshift", "if 30", "conn", "setmode", "dumb", "smart", "clienterror", "rather", "stopiteration", "firstexclusion", "appendcommit", "firstbranchitem", "filterbranch", "origtip", "oldnew", "remoterepo", "group", "prevpath", "sisdir import", "dangerous", "count", "subcount", "ioerror", "oserror", "gitmodetree", "gitmodefile", "gitmodesymlink", "stack", "nonlocal", "revision", "presdir", "admdirpackages", "warn", "tmprequiredlist", "trigger", "arch", "procscsiscsi", "luns", "scsi", "ax1b", "skript", "scsi bus", "kurt garloff", "gnu gpl", "ieee1394", "l found0", "nextrepoid", "repoid", "realpath", "usb keyboard", "d libmodules", "nousb", "procbususb a", "procbususb fi", "load input", "q input", "inet system", "hostname", "attach", "etcmotd", "newdisk", "scan", "slackkernel", "ram disk", "r sbp2", "r ieee1394", "firewire", "noieee1394", "q ieee1394", "attempt", "use f", "none def", "return password", "return none", "passwd", "nametopwdcache", "gidtogrpcache", "nametogrpcache", "tagfile", "prompt mode", "help software", "less", "removepkg", "gnu cc", "linux source", "pkgtool", "proccmdline", "termvt100", "termlinux", "homeroot lessmm", "ps1u", "home path", "display less", "term ps1", "kind", "branch", "period", "tmpsetfdisk", "minor elif", "smashedline", "l dev", "tmpsetfdisk fi", "probe", "mylex", "raid", "disksets", "packagedir", "blurb", "sourcedir", "tmptmpmsg", "tmptagfile", "media", "pcmcia", "umountcdrom", "o ro", "floppy", "pcmcia andor", "cardbus", "usedflopfalse", "libdir", "libdir exedir", "bcmd", "exedir", "openssl set", "packageversion", "versiongreater", "invert", "optdict", "intify", "limited to", "sockets layer", "argv", "normally", "shutwr", "sigexception", "demuxconn", "pipe import", "demultiplex", "openssl", "debug", "opensslversion", "static imported", "target openssl", "cmake", "shared imported", "fatalerror", "obex", "import", "stringio import", "obex service", "bdaddr channeln", "ascii character", "alength", "notfoundreturn", "use nis", "nis version", "name service", "switch config", "legal", "use dns", "domain name", "os2 boot", "os2 fdisk", "partition magic", "boot manager", "tcpip subsystem", "nfs install", "network support", "make", "sample file", "zip disk", "zip drive", "first scsi", "first ide", "atari", "solaris", "drive x", "zip100", "linkdir", "linkdir fi", "tmp directory", "asap", "linkdir tmp", "indexerror", "want", "midxversion", "wrapper", "multiple index", "filename", "desiredhwm", "domidx", "exitstack", "total", "option", "c option", "vmsize", "vmrss", "vmdata", "vmstk", "majflt", "september", "guess object", "longmatch", "raid device", "devrd", "devname", "concord", "applyerror", "metadata", "einval", "macos", "frozen", "fifo", "common code", "faildelay", "faillogenab", "logunkfailenab", "logoklogins", "lastlogenab", "mailcheckenab", "quotasenab", "syslogsuenab", "syslogsgenab", "console console", "ttywidth", "baseexception", "pythonpath", "pipe", "sigismember", "xdropaqueauth", "libcpvalloc", "rtld", "gnu c", "library", "free software", "foundation", "gnu lesser", "general public", "merchantability", "refs", "keyerror", "important", "carefully", "kwargs", "super", "true result", "priority", "pmsg", "crunch", "tmptempmsg", "localnetmask", "localipaddr", "upnrun", "ip address", "localgateway", "kversion", "eof dialog", "tmpmask", "localnetwork", "slackdevice", "fgrep", "ftp site", "tmpsetmount", "reboot machine", "tmpwhichdrv", "tmpsetmount cat", "select floppy", "drive", "tmptempmsg exit", "tmptempmsg mv", "tmpsourcedir", "drivefound", "cddvd", "rdir", "cddvd drive", "tmpsetcddev", "ide bus", "tmperrordo exit", "third", "login binsh", "l ttys0", "l ttys1", "x0 s", "reboot", "stuff", "bupdir", "iterhelper", "next", "none d", "indexhdr", "ixexists", "ixhashvalid", "ixshamissing", "indexsig", "entlen", "footersig", "tmpdir", "experimental", "bdupcache", "brestore", "bindex", "agulbra", "tcpip", "linux box", "hlinkdb", "verify", "maxpertree", "bupblobbits", "buptreeblobbits", "giterror", "mpicount", "bupnormal", "bupchunked", "refresh", "close", "dump", "dest", "commonargs", "ref dest", "pick", "btree", "missingobject", "bloom filter", "existingcount", "idxlivecount", "ram budget", "bupfs", "importerror", "fuse", "verbose", "fakemetadata", "fsdecode", "ptraceerror", "ptracesetregs", "cpu64bits", "ptraceattach", "ptracedetach", "ptracesyscall", "cpuwordsize", "runningbsd", "ext2", "proc proc", "commanderror", "optionerror", "lcctype", "iso88591", "localrepo repo", "sbine2fsck", "bfailed", "elif", "bcanary", "posix acls", "linux partition", "move", "pgdnspace", "olargefile", "onofollow", "xdev", "xdevxdev", "dirlist", "prepend", "cyan", "white", "blue", "dialog box", "yellow", "active button", "inactive button", "search box", "input box", "green", "excluderxs", "doit", "s seed", "this command", "is extremely", "dangerous n", "chunksize", "socket", "return hex", "supports python", "rethrow", "hostrs", "bnone", "bload", "branchpath", "snapshotroot", "snapshot", "tmpidx", "bashsource", "bashlineno", "int dryrun", "importing", "ux f", "sbinbrc", "eof binsync", "unmounting file", "devnull echo", "rest", "first assert", "existing", "restcount", "none path", "maxbloombits", "bloomversion", "maxbitseach", "discussion", "k4 k5", "k6 k7", "k8 k9", "rvatoi", "exitrv", "exit 1", "noblock", "sisdir", "sislnk", "writetree", "rawtreeitem", "splittreeitem", "metadataro", "meta", "builtmodulename", "dkms", "packagename", "autoinstall", "kernelrelease", "kbuild", "kerneluname", "implementation", "murmurhash3", "jens taylor", "gary court", "austin appleby", "typeof h", "later", "tls1", "fbtfr", "fbfr", "apache http", "fbefr", "fbhfr", "fbabfr", "http", "keepalive", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "getprocaddress", "access type", "ck id", "observed ja3", "mitre att", "show technique", "suspicious", "hybrid", "click", "delphi", "strings", "malicious", "february", "middle", "exploit", "gameover", "hybrid analysis", "api key", "vetting process", "ck matrix", "accept", "memoryfile scan", "invalid octet", "falcon sandbox", "tmpp59thrck", "informative", "name tactics" ], "references": [ "itl-logo.txt", "empty.exe", "libnm.la", "libyara.la", "sunjava_map.xml", "lorem.txt", "stage2", "q\u00e9\u00d5?e\u00ac\u00d2\u00b6.\u000f\u001c\u00cc", "syslinux.cfg", "x.jnlp", "desktop.ini", "a.txt", "a.txt:ads.txt", "dir:ads.txt", "b.txt:ads.txt", "no_ads.txt", ".:ads.txt", "b.txt", "nm-shared.xml", ".zcompdump-m1904-5.9", ".zcompdump", "90-nm-thunderbolt.rules", "84-nm-drivers.rules", "85-nm-unmanaged.rules", "???? ????????.txt", "notes.txt", "notes.txt:ads", "nm-cloud-setup.timer", "NetworkManager-wait-online.service", "nm-cloud-setup.service", "nm-priv-helper.service", "NetworkManager-dispatcher.service", "NetworkManager.service", "NetworkManager-ovs.conf", "nm-pppd-plugin.la", "yara.pc", "libnm.pc", "preload.js", "LICENSE", "index.js", "range.bnf", "package.json", "README.md", "semver.js", "comparator.js", "range.js", "valid.js", "sort.js", "satisfies.js", "rsort.js", "rcompare.js", "prerelease.js", "patch.js", "neq.js", "minor.js", "major.js", "lt.js", "inc.js", "parse.js", "gt.js", "eq.js", "gte.js", "compare-loose.js", "compare.js", "clean.js", "cmp.js", "coerce.js", "compare-build.js", "diff.js", "lte.js", "parse-options.js", "identifiers.js", "debug.js", "constants.js", "re.js", "yallist.js", "iterator.js", "subset.js", "to-comparators.js", "outside.js", "min-version.js", "min-satisfying.js", "max-satisfying.js", "ltr.js", "simplify.js", "intersects.js", "gtr.js", "npmrc", "cli.js", "lifecycle-cmd.js", "cli-entry.js", "package-url-cmd.js", "base-command.js", "npm.js", "arborist-cmd.js", "whoami.js", "view.js", "version.js", "unstar.js", "update.js", "unpublish.js", "uninstall.js", "test.js", "team.js", "stop.js", "start.js", "token.js", "stars.js", "shrinkwrap.js", "set.js", "star.js", "sbom.js", "run-script.js", "root.js", "search.js", "repo.js", "restart.js", "rebuild.js", "publish.js", "prune.js", "prefix.js", "pkg.js", "ping.js", "pack.js", "query.js", "outdated.js", "org.js", "owner.js", "logout.js", "ls.js", "ll.js", "login.js", "link.js", "install-ci-test.js", "profile.js", "hook.js", "init.js", "install-test.js", "install.js", "help.js", "explore.js", "fund.js", "explain.js", "help-search.js", "get.js", "edit.js", "docs.js", "doctor.js", "dist-tag.js", "dedupe.js", "deprecate.js", "ci.js", "config.js", "completion.js", "bugs.js", "adduser.js", "exec.js", "audit.js", "access.js", "cache.js", "find-dupes.js", "validate-engines.js", "web-auth.js", "tar.js", "update-notifier.js", "sbom-cyclonedx.js", "replace-info.js", "read-user-info.js", "reify-output.js", "queryable.js", "timers.js", "validate-lockfile.js", "sbom-spdx.js", "otplease.js", "pulse-till-done.js", "log-shim.js", "log-file.js", "npm-usage.js", "get-identity.js", "format-bytes.js", "open-url-prompt.js", "explain-eresolve.js", "explain-dep.js", "exit-handler.js", "open-url.js", "did-you-mean.js", "completion.sh", "completion.fish", "cmd-list.js", "auth.js", "audit-error.js", "is-windows.js", "display.js", "reify-finish.js", "error-message.js", "format-search-stream.js", "installed-shallow.js", "installed-deep.js", "update-workspaces.js", "get-workspaces.js", "npm-view.md", "npm-version.md", "npm-uninstall.md", "npm-token.md", "npx.md", "npm-team.md", "npm-stop.md", "npm-unstar.md", "npm-start.md", "npm-star.md", "npm-test.md", "npm-shrinkwrap.md", "npm-stars.md", "npm-sbom.md", "npm-root.md", "npm-run-script.md", "npm-restart.md", "npm-rebuild.md", "npm-query.md", "npm-search.md", "npm-prune.md", "npm-publish.md", "npm-profile.md", "npm-repo.md", "npm-whoami.md", "npm-pkg.md", "npm-pack.md", "npm-ping.md", "npm-org.md", "npm-owner.md", "npm-prefix.md", "npm-login.md", "npm-logout.md", "npm-link.md", "npm-install-ci-test.md", "npm-install.md", "npm-init.md", "npm-update.md", "npm-help-search.md", "npm-hook.md", "npm-help.md", "npm-find-dupes.md", "npm-explore.md", "npm-unpublish.md", "npm-exec.md", "npm-ls.md", "npm-edit.md", "npm-doctor.md", "npm-fund.md", "npm-outdated.md", "npm-docs.md", "npm-dist-tag.md", "npm-config.md", "npm-diff.md", "npm-ci.md", "npm-cache.md", "npm-bugs.md", "npm-completion.md", "npm-audit.md", "npm-access.md", "npm.md", "npm-install-test.md", "npm-adduser.md", "npm-dedupe.md", "package-lock-json.md", "package-json.md", "npm-shrinkwrap-json.md", "install.md", "npmrc.md", "folders.md", "workspaces.md", "scripts.md", "removal.md", "scope.md", "registry.md", "package-spec.md", "orgs.md", "developers.md", "dependency-selectors.md", "logging.md", "config.md", "node-which", "mkdirp", "qrcode-terminal", "installed-package-contents", "cssesc", "color-support", "arborist", "pacote", "glob", "empty", "xstat (2).py", "zgrep", "xstat.py", "wtmp", "web.py", "vt300", "vt300 (2)", "vt100 (3)", "vt100", "vint.py", "version (2).py", "version.py", "vdecmd", "unmigrate (2).sh", "unmigrate.sh", "tick.py", "termcap (2)", "termcap", "tag.py", "syslinux (2).cfg", "syslog.conf", "syslog (2).conf", "styles.css", "stdcrt (2)", "std (2)", "stage2 (3)", "stage2 (2)", "std", "ssh.py", "source_info.py", "split.py", "slackinstall", "stdcrt", "shells", "shells (2)", "shquote.py", "shadow (2)", "shadow", "setup (2)", "SeTswap (2)", "SeTPKG (2)", "setup", "SeTswap", "SeTpasswd (2)", "SeTpasswd", "SeTnopart (2)", "SeTpartitions (2)", "SeTnopart", "SeTPKG", "SeTmedia (2)", "SeTpartitions", "SeTmedia", "SeTmaketag", "slackinstall (2)", "SeTkeymap (2)", "SeTmaketag (2)", "SeTkernel", "SeTfull (2)", "SeTkernel (2)", "SeTfull", "SeTfdHELP", "SeTfdHELP (2)", "SeTkeymap", "SeTDOS (2)", "SeTconfig (2)", "services (2)", "SeTDOS", "SeTconfig", "services", "sendcmd.rc", "securetty (2)", "securetty", "server.py", "rm.py", "restore.py", "rm (2).py", "save.py", "removepkg", "rescan-scsi-bus", "removepkg (2)", "README (2)", "README", "repo.py", "rc.usb", "rc.inet1", "rc.S", "rc.ieee1394", "random.py", "pwdgrp.py", "PROMPThelp (2)", "profile (2)", "prune_older.py", "profile", "probe (2)", "probe", "pkgtool", "pkgtool (2)", "pcmcia", "path.py", "passwd (2)", "passwd", "OpenSSLConfigVersion.cmake", "options.py", "PROMPThelp", "openssl.pc", "openmachine.rc", "on__server.py", "on.py", "OpenSSLConfig.cmake", "obexstress", "nsswitch (2).conf", "nsswitch.conf", "nopartHELP (2)", "nopartHELP", "networks (2)", "networks", "network", "mux.py", "mtools (2).conf", "mtools.conf", "mtab (2)", "mtab", "motd (2)", "motd", "modules.pcimap", "modules.pnpbiosmap", "modules.parportmap", "modules.usbmap", "modules.isapnpmap", "modules.ieee1394map", "modules.generic_string", "modules.dep", "migrate (2).sh", "migrate.sh", "midx.py", "midx (2).py", "meta.py", "memtest.py", "margin.py", "makedevs (2).sh", "makedevs.sh", "metadata.py", "ls (2).py", "ls.py", "login (2).defs", "main.py", "login.defs", "list_idx.py", "libssl.pc", "libnm-wwan.la", "libnm-ppp-plugin.la", "libnm-device-plugin-wwan.la", "libnm-device-plugin-wifi.la", "libnm-device-plugin-team.la", "libnm-device-plugin-bluetooth.la", "libnm-device-plugin-ovs.la", "libnm-device-plugin-adsl.la", "libcrypto.pc", "libc6-i386_2.31-0ubuntu6_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.info", "libc6-i386_2.30-4_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.symbols", "libc6-i386_2.30-4_amd64.info", "libc6-i386_2.30-4_amd64.symbols", "libc6-i386_2.30-0ubuntu2_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.info", "libc6-i386_2.30-0ubuntu2.1_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.symbols", "libc6-i386_2.30-0ubuntu2.1_amd64.info", "libc6-i386_2.29-0ubuntu2_amd64.url", "libc6-i386_2.29-0ubuntu2_amd64.symbols", "libc6-i386_2.29-0ubuntu2_amd64.info", "libc6-i386_2.28-10_amd64.url", "libc6-i386_2.28-10_amd64.info", "libc6-i386_2.28-10_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.info", "libc6-i386_2.27-3ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.url", "libc6-i386_2.26-0ubuntu2_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.url", "libc6-i386_2.26-0ubuntu2.1_amd64.info", "libc6-i386_2.24-11+deb9u4_amd64.url", "libc6-i386_2.30-0ubuntu2.1_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.url", "libc6-i386_2.24-9ubuntu2_amd64.info", "libc6-i386_2.24-9ubuntu2.2_amd64.url", "libc6-i386_2.24-9ubuntu2.2_amd64.symbols", "libc6-i386_2.24-9ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.url", "libc6-i386_2.24-3ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.url", "libc6-i386_2.23-0ubuntu11_amd64.url", "libc6-i386_2.24-3ubuntu1_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.info", "libc6-i386_2.23-0ubuntu11_amd64.symbols", "libc6-i386_2.23-0ubuntu11_amd64.info", "libc6-i386_2.23-0ubuntu10_amd64.url", "libc6-i386_2.23-0ubuntu10_amd64.symbols", "libc6-i386_2.23-0ubuntu10_amd64.info", "libc6-i386_2.23-0ubuntu3_amd64.symbols", "libc6-i386_2.23-0ubuntu3_amd64.info", "libc6-i386_2.21-0ubuntu4_amd64.url", "libc6-i386_2.23-0ubuntu3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.info", "libc6-i386_2.21-0ubuntu4.3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.info", "libc6-i386_2.19-18+deb8u10_amd64.url", "libc6-i386_2.19-18+deb8u10_amd64.symbols", "libc6-i386_2.19-18+deb8u10_amd64.info", "libc6-i386_2.19-10ubuntu2_amd64.url", "libc6-i386_2.19-10ubuntu2_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.symbols", "libc6-i386_2.19-10ubuntu2_amd64.info", "libc6-i386_2.19-10ubuntu2.3_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.symbols", "libc6-i386_2.19-0ubuntu6.15_amd64.info", "libc6-i386_2.19-0ubuntu6.15_amd64.url", "libc6-i386_2.19-0ubuntu6.15_amd64.symbols", "libc6-i386_2.17-93ubuntu4_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.info", "libc6-i386_2.17-0ubuntu5_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.symbols", "libc6-i386_2.17-0ubuntu5_amd64.info", "libc6-i386_2.17-0ubuntu5.1_amd64.url", "libc6-i386_2.17-0ubuntu5_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.info", "libc6-i386_2.15-0ubuntu20_amd64.url", "libc6-i386_2.15-0ubuntu20.2_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.symbols", "libc6-i386_2.15-0ubuntu20.2_amd64.info", "libc6-i386_2.15-0ubuntu20.2_amd64.symbols", "libc6-i386_2.15-0ubuntu10_amd64.info", "libc6-i386_2.15-0ubuntu10_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.info", "libc6-i386_2.15-0ubuntu10.18_amd64.url", "libc6-i386_2.15-0ubuntu10_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.url", "libc6-i386_2.13-20ubuntu5_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.symbols", "libc6-i386_2.13-20ubuntu5.3_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.symbols", "libc6-i386_2.13-20ubuntu5.2_amd64.info", "libc6-i386_2.13-0ubuntu13_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.symbols", "libc6-i386_2.13-0ubuntu13.2_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.url", "libc6-i386_2.13-0ubuntu13.2_amd64.info", "libc6-i386_2.12.1-0ubuntu10.4_amd64.info", "libc6-i386_2.13-0ubuntu13.2_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.info", "libc6-i386_2.11.1-0ubuntu7_amd64.url", "libc6-i386_2.12.1-0ubuntu6_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.url", "libc6-i386_2.11.1-0ubuntu7.21_amd64.url", "libc6-i386_2.11.1-0ubuntu7.12_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.info", "libc6-i386_2.11.1-0ubuntu7.11_amd64.symbols", "libc6-i386_2.10.1-0ubuntu19_amd64.url", "libc6-i386_2.10.1-0ubuntu19_amd64.info", "libc6-i386_2.10.1-0ubuntu19_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.info", "libc6-i386_2.10.1-0ubuntu15_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.url", "libc6-i386_2.9-4ubuntu6_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.symbols", "libc6-i386_2.9-4ubuntu6.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu9_amd64.info", "libc6-i386_2.8~20080505-0ubuntu7_amd64.url", "libc6-i386_2.7-10ubuntu8.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.info", "libc6-i386_2.7-10ubuntu3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.info", "libc6-i386_2.6.1-1ubuntu10_amd64.url", "libc6-i386_2.6.1-1ubuntu10_amd64.symbols", "libc6-i386_2.6.1-1ubuntu10_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.symbols", "libc6-i386_2.6.1-1ubuntu9_amd64.url", "libc6-i386_2.6.1-1ubuntu9_amd64.info", "libc6-i386_2.6.1-1ubuntu9_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.info", "libc6-i386_2.4-1ubuntu12_amd64.url", "libc6-i386_2.4-1ubuntu12_amd64.symbols", "libc6-i386_2.4-1ubuntu12_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.symbols", "libc6-i386_2.4-1ubuntu12.3_amd64.url", "libc6-i386_2.4-1ubuntu12.3_amd64.info", "libc6-i386_2.5-0ubuntu14_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.symbols", "libc6-i386_2.3.6-0ubuntu20_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.url", "libc6-i386_2.3.6-0ubuntu20.6_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.symbols", "ldd", "libc6-i386_2.4-1ubuntu12.3_amd64.symbols", "ld.so (2).conf", "ld.so.conf", "join.py", "itl-logo (3).txt", "itl-logo (2).txt", "issue", "issue (2)", "io.py", "installpkg", "INSNFS (2)", "installpkg (2)", "INSNFS", "INShd", "INShd (2)", "INSfd (2)", "INSfd", "INSdir (2)", "INSdir", "INSCD", "INSCD (2)", "inittab (2)", "inittab", "init.py", "__init__ (2).py", "__init__.py", "index (2).py", "index.py", "import_duplicity.py", "hosts (2)", "hosts", "host (2).conf", "host.conf", "HOSTNAME", "hlinkdb.py", "help.py", "helpers.py", "HOSTNAME (2)", "hashsplit.py", "group (2)", "group", "gc (2).py", "git.py", "get.py", "gc.py", "fuse.py", "func.py", "fstab (2)", "fstab", "ftp.py", "fsck (2).ext2", "fsck (2).ext3", "fsck.ext3", "fsck.ext2", "fsck.py", "filesize", "features.py", "fdisk (2)", "fdisk", "FDhelp (2)", "FDhelp", "empty (3)", "empty (2)", "drecurse.py", "dialogrc", "dialogrc (2)", "disk2 (2)", "drecurse (2).py", "disk2", "damage.py", "daemon.py", "compat.py", "closemachine.rc", "checkout_info.py", "cfdisk (2)", "client.py", "cfdisk", "cat_file.py", "bup-import-rsnapshot", "bup-import-rdiff-backup", "brc (2)", "brc", "bloom (2).py", "bloom.py", "asyncrecv.rc", "90-nm-cloud-setup.sh", "vfs.py", "tree.py", "template-WaR2X6", "a1676298638", "a4033901479", ".X1-lock", ".X0-lock", ".X1024-lock", "b3336837578", "MozillaUpdateLock-7A4D7A8EFFB43502", "imurmurhash.min.js", ".X1025-lock", "murmur2", "b529967783", "empty.lock~", "ab.1", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/65fcd2b1519a5f86d60eed63", "https://hybrid-analysis.com/file-collection/6604df33503d4a306e01c776", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/6604e16b6b94878cbb062194", "https://hybrid-analysis.com/file-collection/6604df4bb797f028b4065601", "https://hybrid-analysis.com/sample/2eaba531c48445e241c116f61653649e403d4b1ef07bfc96390e986e1eeb5b83/6604e230edf88ab15b0d83fc", "https://hybrid-analysis.com/file-collection/66057525d9b81759df06c4b5", "https://hybrid-analysis.com/sample/d714e2a850645f9a0f8f3785dd0eedd47a417417bed470b968e0f6a1a2e746e6/652cf1f4243d9d03b90f74a1", "https://www.virustotal.com/gui/file/ea8490563a229b89f2b779217938f9eb2bcf93dd89de9f7fc5c035632f0934b5/relations" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 297, "email": 8, "hostname": 204, "URL": 382, "FileHash-SHA1": 7, "CVE": 2, "FileHash-MD5": 45, "FileHash-SHA256": 5 }, "indicator_count": 950, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "766 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "661afd962ed1f89b54a92de9", "name": "Injection #1", "description": "Injection #1", "modified": "2024-04-13T21:48:06.480000", "created": "2024-04-13T21:48:06.480000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "phoenix-choi1", "id": "278628", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 11, "domain": 63, "hostname": 109 }, "indicator_count": 183, "is_author": false, "is_subscribing": null, "subscriber_count": 24, "modified_text": "779 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ef0cdb40fa0e7d239ca", "name": "either emotet or a part of it", "description": "", "modified": "2023-12-06T15:10:40.867000", "created": "2023-12-06T15:10:40.867000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 342, "hostname": 456, "domain": 349, "URL": 1730, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "630aa58da975d104891c6565", "name": "Live Sexcams: XXX Adult Shows - Free Porn Chat - BongaCams", "description": "", "modified": "2022-08-27T23:15:25.718000", "created": "2022-08-27T23:15:25.718000", "tags": [ "hammer", "gc", "vob", "tvb", "service", "date", "check favorite", "dare", "continuecta", "vote", "goprivate", "buycredits", "ff8d00", "favorite", "error", "null", "nonce", "enterprise", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "eenterprise", "object", "customevent", "ethis", "layouttest", "faceliftlayout", "stubbutton", "similarmodels", "purchasepagev3", "langtag", "newbannerchat", "image", "typeof atrkopts", "dailagill", "strong", "streams", "your", "source of", "pleasure", "live sex", "normal", "cosplay", "fingering", "chat", "deepthroat", "close", "live", "free cams", "sex chat", "live porn", "sex cam", "livesex", "webcamsex", "adult cams", "free live sex chat", "webcam sex", "chat online", "free adults hd", "mins", "xxx cams", "xxx porn", "free live cam", "adult sex", "material", "majority", "here looking", "for child", "pornography", "move on", "on this", "website", "we will", "turn over", "free porn webcams", "live webcam", "online sex cam", "xxx girls", "live sex chat", "teen sexchat", "amateur video", "web cam", "sexcams", "shows", "porn chat", "bongacams", "function", "i2c1", "xeir", "cef4", "m4sr", "e4c4", "math", "ttmt", "y4giwe", "h5gg", "window", "css1062", "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "twitter", "web design", "iran", "author url", "github", "regexp", "pseudo", "child", "typeof n", "typeof t", "class", "attr", "typeof module", "this" ], "references": [ "xfe-URL-payvtylhwjxnr.xyz-stix2-2.1-export.json", "https://payvtylhwjxnr.xyz/Content/script?v=2", "https://payvtylhwjxnr.xyz/Content/css/banks.css", "https://payvtylhwjxnr.xyz/Content/style?v=1", "xfe-IP-104.21.72.150-stix2-2.1-export.json", "xfe-IP-172.67.151.101-stix2-2.1-export.json", "https://static.selfpuc.com/mnpw3.js", "https://bcprm.com/promo.php?c=716918&type=embed_chat&page=popular_chat&top_model=1&stream_only_size=full", "https://en.bongacams.com/popular-chat-popup?livetab=female&top_model=1&c=716918&hit_url=https%3A%2F%2Fbongacams.com%2Ftrack%3Fc%3D716918%26ps%3Dembed_chat&stream_only=1&amute=1&classic=on", "https://bongacams.com/GianaWatson", "https://m.bimbim.com/en/DailaGill?psid=crakmedia2&psprogram=revs&pstool=450_1&utm_campaign=main&utm_content=redirect&utm_medium=webmaster&utm_source=promotools", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://i.bcicdn.com/js-min/1NCJjq/27984029c73362dbf9ec0727.js", "https://www.google.com/recaptcha/enterprise.js?&render=6LeY5wkeAAAAAHNlJZXiHgJrpCTsD-Qu0O2GlYgB", "https://staticx1.dditscdn.com/mbl/frontend_backbone/static/_common/modular-member-client/script/maincontext_9af26.min.js" ], "public": 1, "adversary": "", "targeted_countries": [ "New Caledonia", "New Zealand" ], "malware_families": [ { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "Tvb", "display_name": "Tvb", "target": null }, { "id": "Vob", "display_name": "Vob", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": "62509a05316b00bcca30c693", "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Hardtogiveafuck", "id": "205637", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 425, "domain": 459, "URL": 1412, "FileHash-SHA256": 125 }, "indicator_count": 2421, "is_author": false, "is_subscribing": null, "subscriber_count": 7, "modified_text": "1374 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628e790d414886e18b33c262", "name": "either emotet or a part of it", "description": "var a.tldDomains, AWIN.Tracking.com, has a new name for its basket, but how do you find it in your browser?.. and what does this mean?", "modified": "2022-06-24T00:01:00.706000", "created": "2022-05-25T18:44:29.280000", "tags": [ "tfunction", "cnullvvoid", "wnullgvoid", "bnullhvoid", "gnullcvoid", "guidewrapper", "blog", "lfunction", "hotjar", "iab2", "code", "number", "party", "n strictly", "life spann", "azuren n", "cookie tracking", "tablen n", "n cookies", "cookie", "null", "date", "error", "ffffff", "typeof t", "uint16array", "regexp", "uint8array", "array", "uint32array", "helvetica", "void", "execution", "body", "roboto", "prop", "object", "param", "cookies", "getcookie", "name", "typeof", "uri component", "obj2", "typeof e", "webkit", "component", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "function", "typeof n", "typeof window", "uuidv4", "ajsanonymousid", "suffix", "bill", "viewed", "pavel krayzel", "psd2", "bt prorata", "amex", "squad", "march", "new visitors", "promise", "nthis", "eventprocessor", "typeof define", "info", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "window", "value", "customevent", "image", "samesitelax", "invalid pixel", "snap", "afaf09", "sfunction", "cfunction", "post", "appcuesdeps", "typeerror", "hki3", "ogr1", "typeof self", "full selector", "heatmaps", "sans", "version", "releaseid", "appcues", "dashboard2", "dashboard3", "technology", "selector", "click", "next", "import", "generic", "started", "dismissed", "completed", "contextual help", "symbol", "appcuesfunction", "widget", "iframe", "pnull", "html", "style", "ctnull", "fanull", "license", "ynull", "config", "meta", "accept", "contabo gmbh", "typeof hj", "https", "learn", "surveyv2", "surveyisolated", "safari", "firefox", "chrome", "remove", "edge", "correct", "section", "segoe ui", "emoji", "opera", "path", "span", "this", "typeof document", "small", "blank", "pass", "core", "footer", "close", "form", "main", "direct", "reduceright", "string", "f420", "gyfpnzbgtf3", "copyright", "json", "sesprops", "href", "input", "class", "logger", "target", "push", "awalt", "awinawin", "explorer", "awatp", "ccampid", "impid", "tag1" ], "references": [ "https://www.dwin1.com/13976.js", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://contabo.com/client/client.a529db28.js", "https://contabo.com/client/client-30e55c50.css", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://www.clarity.ms/tag/uet/5739677", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "https://fast.appcues.com/79878.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://sc-static.net/scevent.min.js", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.hotjar.com/ensureSegmentId.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://www.hotjar.com/persistUtmParams.js", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 349, "hostname": 456, "URL": 1730, "FileHash-SHA256": 342, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1439 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62509a05316b00bcca30c693", "name": "Live Sexcams: XXX Adult Shows - Free Porn Chat - BongaCams", "description": "Here is the full text of the code for the new animation, which will take place at 20:00 GMT on Friday, 1:30 BST.. (19:45 GMT)..", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T20:24:37.141000", "tags": [ "hammer", "gc", "vob", "tvb", "service", "date", "check favorite", "dare", "continuecta", "vote", "goprivate", "buycredits", "ff8d00", "favorite", "error", "null", "nonce", "enterprise", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "eenterprise", "object", "customevent", "ethis", "layouttest", "faceliftlayout", "stubbutton", "similarmodels", "purchasepagev3", "langtag", "newbannerchat", "image", "typeof atrkopts", "dailagill", "strong", "streams", "your", "source of", "pleasure", "live sex", "normal", "cosplay", "fingering", "chat", "deepthroat", "close", "live", "free cams", "sex chat", "live porn", "sex cam", "livesex", "webcamsex", "adult cams", "free live sex chat", "webcam sex", "chat online", "free adults hd", "mins", "xxx cams", "xxx porn", "free live cam", "adult sex", "material", "majority", "here looking", "for child", "pornography", "move on", "on this", "website", "we will", "turn over", "free porn webcams", "live webcam", "online sex cam", "xxx girls", "live sex chat", "teen sexchat", "amateur video", "web cam", "sexcams", "shows", "porn chat", "bongacams", "function", "i2c1", "xeir", "cef4", "m4sr", "e4c4", "math", "ttmt", "y4giwe", "h5gg", "window", "css1062", "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "twitter", "web design", "iran", "author url", "github", "regexp", "pseudo", "child", "typeof n", "typeof t", "class", "attr", "typeof module", "this" ], "references": [ "xfe-URL-payvtylhwjxnr.xyz-stix2-2.1-export.json", "https://payvtylhwjxnr.xyz/Content/script?v=2", "https://payvtylhwjxnr.xyz/Content/css/banks.css", "https://payvtylhwjxnr.xyz/Content/style?v=1", "xfe-IP-104.21.72.150-stix2-2.1-export.json", "xfe-IP-172.67.151.101-stix2-2.1-export.json", "https://static.selfpuc.com/mnpw3.js", "https://bcprm.com/promo.php?c=716918&type=embed_chat&page=popular_chat&top_model=1&stream_only_size=full", "https://en.bongacams.com/popular-chat-popup?livetab=female&top_model=1&c=716918&hit_url=https%3A%2F%2Fbongacams.com%2Ftrack%3Fc%3D716918%26ps%3Dembed_chat&stream_only=1&amute=1&classic=on", "https://bongacams.com/GianaWatson", "https://m.bimbim.com/en/DailaGill?psid=crakmedia2&psprogram=revs&pstool=450_1&utm_campaign=main&utm_content=redirect&utm_medium=webmaster&utm_source=promotools", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://i.bcicdn.com/js-min/1NCJjq/27984029c73362dbf9ec0727.js", "https://www.google.com/recaptcha/enterprise.js?&render=6LeY5wkeAAAAAHNlJZXiHgJrpCTsD-Qu0O2GlYgB", "https://staticx1.dditscdn.com/mbl/frontend_backbone/static/_common/modular-member-client/script/maincontext_9af26.min.js" ], "public": 1, "adversary": "", "targeted_countries": [ "New Caledonia", "New Zealand" ], "malware_families": [ { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "Tvb", "display_name": "Tvb", "target": null }, { "id": "Vob", "display_name": "Vob", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 425, "domain": 459, "URL": 1412, "FileHash-SHA256": 125 }, "indicator_count": 2421, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1486 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "compat.py", "scripts.md", "removal.md", "libc6-i386_2.13-20ubuntu5_amd64.info", "import_duplicity.py", "dir:ads.txt", "obexstress", "libnm-wwan.la", "arborist", ".:ads.txt", "npm-stars.md", "libc6-i386_2.23-0ubuntu11_amd64.url", "bloom (2).py", "https://maps.googleapis.com/maps/api/js?sensor=false", "cli.js", "rebuild.js", "replace-info.js", "auth.js", "install.js", "nsswitch.conf", "libc6-i386_2.19-10ubuntu2_amd64.info", "imurmurhash.min.js", "iterator.js", "http://ianswertomom.com/develop-wise-woman-within-yourself", "yara.pc", "libc6-i386_2.30-0ubuntu2.1_amd64.info", "audit-error.js", "nopartHELP (2)", "q\u00e9\u00d5?e\u00ac\u00d2\u00b6.\u000f\u001c\u00cc", "libc6-i386_2.28-10_amd64.url", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "prefix.js", "restore.py", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "INSdir", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "libc6-i386_2.19-10ubuntu2.3_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.url", "drecurse.py", "a4033901479", "libc6-i386_2.5-0ubuntu14_amd64.url", "makedevs (2).sh", "libc6-i386_2.19-18+deb8u10_amd64.symbols", "https://amano.inboundtools.com/tpcontact URL https://armg.inboundtools.com/ URL https://gaiax.inboundtools.com/internship URL https://hmk.inboundtools.com/ URL https://hmk.inboundtools.com/form/assetview_siryo_sier", ".zcompdump-m1904-5.9", "query.js", "gt.js", "libc6-i386_2.4-1ubuntu12_amd64.url", "ftp.py", "get.py", "vfs.py", "nm-cloud-setup.timer", "libc6-i386_2.11.1-0ubuntu7.21_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.symbols", "cmp.js", "xfe-IP-172.67.151.101-stix2-2.1-export.json", "libnm-ppp-plugin.la", "closemachine.rc", "SeTfull (2)", "howtoworkacrickoutofyourneck2.pages.dev", "libc6-i386_2.28-10_amd64.info", "libc6-i386_2.24-3ubuntu1_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.url", "libc6-i386_2.23-0ubuntu10_amd64.symbols", "itl-logo (2).txt", "libc6-i386_2.3.6-0ubuntu20.6_amd64.symbols", "lorem.txt", "migrate.sh", "INSCD (2)", "libc6-i386_2.13-20ubuntu5_amd64.symbols", "b3336837578", "installed-deep.js", "is-windows.js", "libc6-i386_2.13-0ubuntu13.2_amd64.info", "pkg.js", "HOSTNAME", "libc6-i386_2.24-9ubuntu2_amd64.url", "brc", "nm-cloud-setup.service", "unpublish.js", "libc6-i386_2.13-0ubuntu13.2_amd64.symbols", "b.txt:ads.txt", "update-notifier.js", "server.py", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "package-spec.md", "modules.generic_string", "libc6-i386_2.8~20080505-0ubuntu9_amd64.info", "bup-import-rsnapshot", "pulse-till-done.js", "SeTmedia (2)", "90-nm-cloud-setup.sh", "libnm-device-plugin-bluetooth.la", "team.js", "libc6-i386_2.24-11+deb9u4_amd64.symbols", "mtools (2).conf", "logout.js", "set.js", "xfe-IP-104.21.72.150-stix2-2.1-export.json", "services", "OpenSSLConfig.cmake", "npm-help.md", "libc6-i386_2.9-4ubuntu6_amd64.url", "options.py", "sbom-spdx.js", "host (2).conf", "npm-install-ci-test.md", "libc6-i386_2.17-0ubuntu5_amd64.url", "libc6-i386_2.24-3ubuntu1_amd64.info", "INSCD", "ldd", "libc6-i386_2.23-0ubuntu11_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.url", "meta.py", "npm-cache.md", "https://i-want-to-start-an-onlyfans.pages.dev/favicon.ico| I bet you do boo boo", "libc6-i386_2.17-93ubuntu4_amd64.symbols", "validate-lockfile.js", "ab.1", "zgrep", "audit.js", "__init__ (2).py", "compare-loose.js", "passwd (2)", "get-identity.js", "libc6-i386_2.4-1ubuntu12_amd64.symbols", "npm-docs.md", "INSNFS", "npm-shrinkwrap.md", "npm-restart.md", "archive.cop.supply \u2022 dev.cop.supply \u2022 https://cop.supply/ \u2022 https://cop.supply/bot-lists/", "reify-output.js", "libc6-i386_2.28-10_amd64.symbols", "libc6-i386_2.30-0ubuntu2_amd64.info", "npm-link.md", "SeTswap", "git.py", "package.json", "compare.js", "shquote.py", "FDhelp", "version (2).py", "npm-login.md", "npm-bugs.md", "root.js", "gtr.js", "https://sc-static.net/scevent.min.js", "libc6-i386_2.21-0ubuntu4.3_amd64.info", "x.jnlp", "range.bnf", "npm-shrinkwrap-json.md", "xfe-URL-payvtylhwjxnr.xyz-stix2-2.1-export.json", "helpers.py", "npm-completion.md", "dist-tag.js", "fsck.ext3", "sbom-cyclonedx.js", "pwdgrp.py", "libc6-i386_2.10.1-0ubuntu15_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.url", "scope.md", "empty.exe", "libc6-i386_2.28-0ubuntu1_amd64.info", "itl-logo.txt", "patch.js", "libc6-i386_2.9-4ubuntu6.3_amd64.symbols", "daemon.py", "rc.inet1", "preload.js", "start.js", "INShd (2)", "https://hybrid-analysis.com/sample/2eaba531c48445e241c116f61653649e403d4b1ef07bfc96390e986e1eeb5b83/6604e230edf88ab15b0d83fc", "empty.lock~", "drecurse (2).py", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "installpkg", "https://lordseriala.life/6337-zvezdnye-vojny-opornaja-komanda.html", "npm-pack.md", "npm-start.md", "vt100 (3)", "https://khmerpornvideo.signup0.y.id/", "group", "npm-owner.md", "index.js", "makedevs.sh", "libc6-i386_2.15-0ubuntu10.18_amd64.url", "nm-priv-helper.service", "cmd-list.js", "nopartHELP", "libc6-i386_2.21-0ubuntu4_amd64.url", "libc6-i386_2.24-9ubuntu2.2_amd64.info", "error-message.js", "outside.js", "pkgtool", "stdcrt", "package-lock-json.md", "https://voidpet.io/invite/scaredscared/1rpzxWXa61 \u2022 https://sex-doggy.net/tag/censored", "SeTPKG (2)", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "template-WaR2X6", "range.js", "list_idx.py", "libc6-i386_2.26-0ubuntu2_amd64.info", "fdisk (2)", "libc6-i386_2.3.6-0ubuntu20.6_amd64.info", "func.py", "npm-logout.md", "format-bytes.js", "restart.js", "ssh.py", "format-search-stream.js", "libc6-i386_2.7-10ubuntu8.3_amd64.info", "shadow", "reify-finish.js", "libc6-i386_2.13-0ubuntu13_amd64.symbols", "SeTfdHELP (2)", "outdated.js", "libc6-i386_2.13-20ubuntu5.2_amd64.info", "libc6-i386_2.7-10ubuntu3_amd64.url", "mkdirp", "vt300", "libc6-i386_2.15-0ubuntu10_amd64.url", "libc6-i386_2.23-0ubuntu3_amd64.url", "libc6-i386_2.17-0ubuntu5.1_amd64.url", "libc6-i386_2.15-0ubuntu10.18_amd64.symbols", "libc6-i386_2.26-0ubuntu2_amd64.url", "sort.js", "SeTfull", "passwd", "mux.py", ".X0-lock", "INSdir (2)", "PROMPThelp (2)", "orgs.md", "libc6-i386_2.23-0ubuntu3_amd64.symbols", "empty (2)", "libc6-i386_2.19-0ubuntu6.15_amd64.info", "Everyone has simply asked you alll to stop. Target never asked anyone for money.", "version.js", "libc6-i386_2.11.1-0ubuntu7.21_amd64.info", "cell-0.af-south-1.prod.telemetry.console.api.aws", "glob", "libc6-i386_2.24-9ubuntu2_amd64.info", "INSfd (2)", "NetworkManager-dispatcher.service", "libc6-i386_2.30-0ubuntu2.1_amd64.url", "libc6-i386_2.12.1-0ubuntu10.4_amd64.symbols", "libc6-i386_2.13-0ubuntu13_amd64.info", "cssesc", "removepkg (2)", "pkgtool (2)", "installed-shallow.js", "node-which", "mtab (2)", "folders.md", "qrcode-terminal", "ls.py", "update-workspaces.js", "npm-audit.md", "https://www.virustotal.com/gui/file/ea8490563a229b89f2b779217938f9eb2bcf93dd89de9f7fc5c035632f0934b5/relations", "libc6-i386_2.9-4ubuntu6.3_amd64.info", "compare-build.js", "display.js", "npm-update.md", "libc6-i386_2.13-20ubuntu5.2_amd64.url", "libc6-i386_2.11.1-0ubuntu7.11_amd64.symbols", "tag.py", "SeTDOS (2)", "neq.js", "satisfies.js", "NetworkManager.service", "gte.js", "libc6-i386_2.30-0ubuntu2_amd64.url", "min-satisfying.js", "install-ci-test.js", "fsck.py", "libc6-i386_2.6.1-1ubuntu9_amd64.symbols", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "yallist.js", "npm-unstar.md", "dialogrc", "cfdisk", "web-auth.js", "https://www.hotjar.com/ensureSegmentId.js", "NetworkManager-wait-online.service", "syslog.conf", "test.js", "open-url-prompt.js", "init.js", "PROMPThelp", "unmigrate.sh", "https://www.fmglaw.com/lawyers/christopher-ahmann - found in adult content pulse.", "link.js", "host.conf", "fstab (2)", "https://m.bimbim.com/en/DailaGill?psid=crakmedia2&psprogram=revs&pstool=450_1&utm_campaign=main&utm_content=redirect&utm_medium=webmaster&utm_source=promotools", "libssl.pc", "read-user-info.js", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "mtab", "libc6-i386_2.19-0ubuntu6_amd64.info", "fsck.ext2", "install-test.js", "90-nm-thunderbolt.rules", "libnm.pc", "libc6-i386_2.31-0ubuntu6_amd64.info", "https://contabo.com/client/client.a529db28.js", "get.js", "std (2)", "modules.ieee1394map", "ll.js", "help-search.js", "libc6-i386_2.17-0ubuntu5.1_amd64.info", "tar.js", "probe (2)", "stage2", "libc6-i386_2.11.1-0ubuntu7.12_amd64.symbols", "hosts", "https://fast.appcues.com/79878.js", "slackinstall", "libnm-device-plugin-team.la", "libc6-i386_2.10.1-0ubuntu19_amd64.symbols", "b529967783", "version.py", "stage2 (2)", "securetty (2)", "bugs.js", "dependency-selectors.md", "memtest.py", "login (2).defs", "libc6-i386_2.7-10ubuntu8.3_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.url", "workspaces.md", "npm-edit.md", "shrinkwrap.js", "SeTconfig (2)", "probe", "libc6-i386_2.30-0ubuntu2.1_amd64.symbols", "vdecmd", "SeTnopart", "sendcmd.rc", "https://www.dwin1.com/13976.js", "stop.js", "libc6-i386_2.15-0ubuntu10_amd64.info", "Legal court documented agreement to allow and pay target to hire cyber investigators", "nm-shared.xml", "update.js", "stage2 (3)", "join.py", "open-url.js", "rm.py", "npm-config.md", "subset.js", "modules.parportmap", "README (2)", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "libc6-i386_2.15-0ubuntu20.2_amd64.info", "npm-exec.md", "libc6-i386_2.5-0ubuntu14_amd64.symbols", "rescan-scsi-bus", "https://hybrid-analysis.com/file-collection/6604df33503d4a306e01c776", "midx (2).py", "README.md", "npm-view.md", "intersects.js", "libc6-i386_2.17-93ubuntu4_amd64.info", "lt.js", "bloom.py", "a.txt:ads.txt", "libc6-i386_2.30-4_amd64.symbols", "io.py", "tick.py", "libcrypto.pc", "libc6-i386_2.15-0ubuntu10.18_amd64.info", "filesize", "dev-app.project-cicada.com \u2022 http://dev-app.project-cicada.com \u2022 https://dev-app.project-cicada.com (2014 report predates 2016 reports)", "uninstall.js", "libc6-i386_2.26-0ubuntu2.1_amd64.symbols", "https://www.google.com/recaptcha/enterprise.js?&render=6LeY5wkeAAAAAHNlJZXiHgJrpCTsD-Qu0O2GlYgB", "notes.txt:ads", "INSfd", "SeTDOS", "simplify.js", "libc6-i386_2.8~20080505-0ubuntu7_amd64.symbols", "syslinux (2).cfg", ".zcompdump", "explore.js", "find-dupes.js", "checkout_info.py", "libc6-i386_2.12.1-0ubuntu10.4_amd64.info", "libc6-i386_2.6.1-1ubuntu9_amd64.info", "ld.so.conf", "rc.ieee1394", "dedupe.js", ".X1-lock", "libnm-device-plugin-wifi.la", "https://payvtylhwjxnr.xyz/Content/script?v=2", "npm-test.md", "libc6-i386_2.24-11+deb9u4_amd64.info", "rc.S", "SeTPKG", "vt300 (2)", "https://cop.supply/proxies-lists/ \u2022 https://cop.supply/shopify-bots/", "libc6-i386_2.3.6-0ubuntu20_amd64.url", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "explain.js", "https://bcprm.com/promo.php?c=716918&type=embed_chat&page=popular_chat&top_model=1&stream_only_size=full", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js", "b.txt", "libc6-i386_2.24-9ubuntu2.2_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.info", "LICENSE", "ls (2).py", "networks (2)", "https://en.bongacams.com/popular-chat-popup?livetab=female&top_model=1&c=716918&hit_url=https%3A%2F%2Fbongacams.com%2Ftrack%3Fc%3D716918%26ps%3Dembed_chat&stream_only=1&amute=1&classic=on", "timers.js", "npm-pkg.md", "https://staticx1.dditscdn.com/mbl/frontend_backbone/static/_common/modular-member-client/script/maincontext_9af26.min.js", "SeTkeymap", "libc6-i386_2.26-0ubuntu2.1_amd64.info", "xstat (2).py", "libc6-i386_2.17-0ubuntu5_amd64.symbols", "identifiers.js", "constants.js", "index.py", "libc6-i386_2.30-4_amd64.info", "motd (2)", "https://payvtylhwjxnr.xyz/Content/style?v=1", "npm-star.md", "dialogrc (2)", "pacote", "SeTswap (2)", "SeTconfig", "pcmcia", "login.defs", "libc6-i386_2.29-0ubuntu2_amd64.info", "libc6-i386_2.27-3ubuntu1_amd64.symbols", "fsck (2).ext2", "libc6-i386_2.19-0ubuntu6.15_amd64.symbols", "npmrc", "ci.js", "itl-logo (3).txt", "libc6-i386_2.13-20ubuntu5.2_amd64.symbols", "85-nm-unmanaged.rules", "ls.js", "base-command.js", "hook.js", "repo.js", "SeTmaketag (2)", "libc6-i386_2.28-0ubuntu1_amd64.symbols", "npm-outdated.md", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "npm-team.md", "SeTpartitions (2)", "libc6-i386_2.13-20ubuntu5.3_amd64.info", "libc6-i386_2.4-1ubuntu12_amd64.info", "split.py", "libc6-i386_2.3.6-0ubuntu20_amd64.info", "npm-explore.md", "rcompare.js", "libc6-i386_2.9-4ubuntu6_amd64.info", "issue (2)", "fstab", "libnm.la", "libc6-i386_2.24-9ubuntu2_amd64.symbols", "major.js", "motd", "termcap", "libc6-i386_2.19-0ubuntu6.15_amd64.url", "npm-help-search.md", "SeTpasswd (2)", "NetworkManager-ovs.conf", "libc6-i386_2.17-0ubuntu5.1_amd64.symbols", "help.py", "libc6-i386_2.4-1ubuntu12.3_amd64.url", "gc.py", "fund.js", "cat_file.py", "web.py", "brc (2)", "libc6-i386_2.13-20ubuntu5.3_amd64.symbols", "damage.py", "npm-prune.md", "SeTkeymap (2)", "installed-package-contents", "libc6-i386_2.9-4ubuntu6.3_amd64.url", "owner.js", "libc6-i386_2.15-0ubuntu20.2_amd64.symbols", "config.js", "libc6-i386_2.24-9ubuntu2.2_amd64.symbols", "explain-dep.js", "empty", "84-nm-drivers.rules", "libc6-i386_2.15-0ubuntu20_amd64.info", "libc6-i386_2.21-0ubuntu4.3_amd64.url", "libc6-i386_2.3.6-0ubuntu20.6_amd64.url", "features.py", "exit-handler.js", "hosts (2)", "completion.fish", "npm-diff.md", "tree.py", "murmur2", "https://www.hotjar.com/persistUtmParams.js", "developers.md", "help.js", "did-you-mean.js", "libc6-i386_2.11.1-0ubuntu7.11_amd64.url", ".X1025-lock", "npm-hook.md", "inc.js", "libnm-device-plugin-adsl.la", "login.js", "npm-sbom.md", "group (2)", "libc6-i386_2.31-0ubuntu6_amd64.symbols", "init.py", "modules.pnpbiosmap", "unstar.js", "libc6-i386_2.12.1-0ubuntu6_amd64.symbols", "npm-ls.md", "bup-import-rdiff-backup", "npm-query.md", "SeTmedia", "http://ianswertomom.com/bible-verses-struggling-contentment-mom/ I", "clean.js", "npm-dedupe.md", "prerelease.js", "sunjava_map.xml", "mtools.conf", "https://l.clarity.ms/s/0.6.34/clarity.js", "npm-version.md", "cli-entry.js", "npm-fund.md", "SeTkernel (2)", "FDhelp (2)", "hlinkdb.py", "asyncrecv.rc", "no_ads.txt", "access.js", "HOSTNAME (2)", "npm.md", "npm-token.md", "libc6-i386_2.10.1-0ubuntu19_amd64.url", "libc6-i386_2.23-0ubuntu10_amd64.url", "ping.js", "libc6-i386_2.6.1-1ubuntu10_amd64.info", "semver.js", "https://links.mail.samsara.com/s/c/P9R6gGlExR4nfCwqwJXUmr7NmKcMNde4ZBhCFprlVtsFNgh-4tuTWla0aXN9rIWCjrWtn0Vln7x-hexxVBlY3xxvnEevR8qJU5G5xV3__wo-X7kkpSOhJVfejac-Xk8qu6zs5Z-tILwWYRkNScZNGlAqfwQuJuRw5M-n_ZKI6tuY5XGCZAqWoQepi1NnJiW4wZJkzZlOwGtNkusbuKDcMsLVrrhji2eKh4kYgrJp_SeycJRhasLFCQ3c2bPu4sahEWpcHZrQBaxvdfQgTEno8kV-RJdTDO0zK5MyWDJLeds7mnaDrxlb0O2zmhebUdlHE0R0xHi25dympBUpMlLsQV8bx1WUTOfgK4k0ci9o_2Gbfe22-jLxsJN-msV6pxWYQMaxRNFd4iZRC9J9Z1SC5MBqbvNzqdt98kFdpibnv_QIHdhFyHOR_Ip_LX67Dncc8V8OvAi-H5phfeSyDzwdzf2FQIi82", "lifecycle-cmd.js", "libc6-i386_2.19-0ubuntu6_amd64.url", "get-workspaces.js", "https://bongacams.com/GianaWatson", "npm-ci.md", "npm-install-test.md", "pack.js", "libc6-i386_2.13-20ubuntu5_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.info", "search.js", "stdcrt (2)", "libc6-i386_2.12.1-0ubuntu10.4_amd64.url", "arborist-cmd.js", "desktop.ini", "README", "libc6-i386_2.28-0ubuntu1_amd64.url", "npm-run-script.md", "config.md", "doctor.js", "rm (2).py", "notes.txt", "libc6-i386_2.26-0ubuntu2_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.symbols", "fdisk", "https://hybrid-analysis.com/sample/d714e2a850645f9a0f8f3785dd0eedd47a417417bed470b968e0f6a1a2e746e6/652cf1f4243d9d03b90f74a1", "libyara.la", "libc6-i386_2.17-0ubuntu5_amd64.info", "styles.css", "npm-dist-tag.md", ".X1024-lock", "minor.js", "services (2)", "libc6-i386_2.21-0ubuntu4.3_amd64.symbols", "validate-engines.js", "install.md", "modules.isapnpmap", "valid.js", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/65fcd2b1519a5f86d60eed63", "npm-install.md", "syslinux.cfg", "rc.usb", "npm-repo.md", "modules.pcimap", "ld.so (2).conf", "libc6-i386_2.31-0ubuntu6_amd64.url", "index (2).py", "main.py", "package-json.md", "npm-init.md", "source_info.py", "libc6-i386_2.27-3ubuntu1_amd64.info", "libc6-i386_2.23-0ubuntu11_amd64.symbols", "star.js", "sbom.js", "setup", "libc6-i386_2.8~20080505-0ubuntu9_amd64.symbols", "hashsplit.py", "stars.js", "profile.js", "log-file.js", "npm-access.md", "setup (2)", "libnm-device-plugin-wwan.la", "libc6-i386_2.10.1-0ubuntu15_amd64.symbols", "INShd", "max-satisfying.js", "libc6-i386_2.23-0ubuntu10_amd64.info", "libc6-i386_2.19-10ubuntu2_amd64.symbols", "shells", "libc6-i386_2.6.1-1ubuntu9_amd64.url", "libc6-i386_2.13-0ubuntu13.2_amd64.url", "https://cop.supply/supreme-bots/\u2022 https://cop.supply/useful-tools/", "package-url-cmd.js", "exec.js", "npm.js", "xstat.py", "SeTkernel", "libc6-i386_2.19-10ubuntu2.3_amd64.info", "makeapornsite.com \u2022 https://pornhighschool.com/ \u2022 https://ethnicerotic.com \u2022 https://twitter.com/Make", "npm-usage.js", "libc6-i386_2.15-0ubuntu10_amd64.symbols", "network", "libc6-i386_2.27-3ubuntu1_amd64.url", "OpenSSLConfigVersion.cmake", "libc6-i386_2.11.1-0ubuntu7.21_amd64.symbols", "libc6-i386_2.19-10ubuntu2.3_amd64.url", "eq.js", "libc6-i386_2.19-18+deb8u10_amd64.url", "a.txt", "npm-rebuild.md", "org.js", "wtmp", "vt100", "logging.md", "to-comparators.js", "parse.js", "libc6-i386_2.7-10ubuntu3_amd64.info", "libc6-i386_2.4-1ubuntu12.3_amd64.info", "adduser.js", "modules.usbmap", "https://www.clarity.ms/tag/uet/5739677", "debug.js", "view.js", "npm-stop.md", "npm-publish.md", "libnm-device-plugin-ovs.la", "libc6-i386_2.24-3ubuntu2.2_amd64.info", "libc6-i386_2.12.1-0ubuntu6_amd64.info", "firebase-auth-eich0v.pages.dev", "color-support", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "prune_older.py", "libc6-i386_2.24-11+deb9u4_amd64.url", "completion.js", "empty (3)", "https://clear.ml/infrastructure-control-plane", "libc6-i386_2.26-0ubuntu2.1_amd64.url", "Sneaker Bots Proxies Servers Cook Groups Cop Supply", "https://payvtylhwjxnr.xyz/Content/css/banks.css", "SeTnopart (2)", "dns.army \u2022 www.dcopr.dns.army \u2022 www.glsyaiwjj.dns.army \u2022 www.wgmvk.dns.army", "cache.js", "fuse.py", "openssl.pc", "deprecate.js", "std", "libc6-i386_2.11.1-0ubuntu7.12_amd64.info", "securetty", "profile", "libc6-i386_2.29-0ubuntu2_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.url", "MozillaUpdateLock-7A4D7A8EFFB43502", "libc6-i386_2.15-0ubuntu20.2_amd64.url", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "coerce.js", "libc6-i386_2.19-10ubuntu2_amd64.url", "vint.py", "libc6-i386_2.10.1-0ubuntu19_amd64.info", "re.js", "libc6-i386_2.8~20080505-0ubuntu7_amd64.url", "disk2", "explain-eresolve.js", "run-script.js", "min-version.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://contabo.com/client/client-30e55c50.css", "nm-pppd-plugin.la", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "midx.py", "prune.js", "npm-search.md", "inittab (2)", "publish.js", "npm-prefix.md", "completion.sh", "npm-profile.md", "cfdisk (2)", "ltr.js", "modules.dep", "repo.py", "shells (2)", "issue", "registry.md", "inittab", "https://i.bcicdn.com/js-min/1NCJjq/27984029c73362dbf9ec0727.js", "libc6-i386_2.9-4ubuntu6_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.url", "libc6-i386_2.23-0ubuntu3_amd64.info", "openmachine.rc", "libc6-i386_2.7-10ubuntu8.3_amd64.symbols", "https://static.selfpuc.com/mnpw3.js", "path.py", "SeTfdHELP", "libc6-i386_2.6.1-1ubuntu10_amd64.url", "libc6-i386_2.19-0ubuntu6_amd64.symbols", "???? ????????.txt", "libc6-i386_2.19-18+deb8u10_amd64.info", "libc6-i386_2.5-0ubuntu14_amd64.info", "libc6-i386_2.15-0ubuntu20_amd64.symbols", "installpkg (2)", "token.js", "https://hybrid-analysis.com/file-collection/66057525d9b81759df06c4b5", "comparator.js", "client.py", "shadow (2)", "libc6-i386_2.30-4_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.symbols", "SeTpasswd", "log-shim.js", "SeTmaketag", "libc6-i386_2.6.1-1ubuntu10_amd64.symbols", "fsck (2).ext3", "npx.md", "npm-whoami.md", "npm-ping.md", "npm-org.md", "npm-uninstall.md", "unmigrate (2).sh", "libc6-i386_2.24-3ubuntu1_amd64.symbols", "INSNFS (2)", "libc6-i386_2.15-0ubuntu20_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.info", "lte.js", "on__server.py", "npm-doctor.md", "npm-find-dupes.md", "slackinstall (2)", "parse-options.js", "profile (2)", "libc6-i386_2.29-0ubuntu2_amd64.symbols", "libc6-i386_2.24-3ubuntu2.2_amd64.symbols", "__init__.py", "SeTpartitions", "libc6-i386_2.3.6-0ubuntu20_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.info", "gc (2).py", "edit.js", "otplease.js", "disk2 (2)", "nsswitch (2).conf", "margin.py", "random.py", "https://hybrid-analysis.com/file-collection/6604df4bb797f028b4065601", "syslog (2).conf", "diff.js", "docs.js", "libc6-i386_2.4-1ubuntu12.3_amd64.symbols", "queryable.js", "npm-root.md", "libc6-i386_2.10.1-0ubuntu15_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.symbols", "Attacks are being carried out by The State of Colorado", "networks", "a1676298638", "npm-adduser.md", "npm-unpublish.md", "termcap (2)", "on.py", "libc6-i386_2.13-0ubuntu13_amd64.url", "metadata.py", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/6604e16b6b94878cbb062194", "https://download.clear.ml/cpython_builds/releases/ \u2022 https://download.clear.", "save.py", "rsort.js", "npmrc.md", "whoami.js", "migrate (2).sh", "removepkg" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Ddos:linux/gafgyt.ya!mtb", "Cve-2017-11882", "Gc", "Unix.trojan.gafgyt-6981154-0", "Tvb", "Alf:nid:susp_nsis_stub.a", "Win.malware.mikey-9949492-0", "Virtool:win32/vbinject.gen!mh", "Hammer", "Win.packed.bandook-9882274-1", "Trojandropper:win32/systex.a", "Win32:botx-gen\\ [trj]", "Trojandownloader:win32/cutwailransom:win32/crowti.a", "Nids", "Mirai (elf)", "Trojan:win32/qbot.r!mtb", "Win.trojan.gravityrat-6511862-0", "Worm", "Backdoor:linux/demonbot.aa!mtb", "Alf:exploit:o97m/cve-2017-8977", "Reduceright", "Unix.trojan.tsunami-6981155-0", "Win.trojan.tepfer-61", "Cycbot", "Ransom:win32/crowti.a", "Trojandownloader:win32/cutwail", "Alf:heraklezeval:trojan:msil/gravityrat!rfn", "Backdoor:win32/arwobot.b", "Vob", "#lowfi:hstr:criakl.b1", "Win.downloader.small-4507" ], "industries": [ "Insurance", "Construction" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "693cdc5b8ebc10664439c2fb", "name": "Project Cicada-.Christopher \u201cBuzz\u201d Ahmann - Freeman Mathis & Gary for The State of Colorado", "description": "State of Colorado attackers use DGA domains set up multiple Law Firms.. Christopher P. \u2019Buzz\u2019 Ahmann Is a legal consultant / attorney./ hacker \nWorks for the State of Colorado/ quasi. Is malicious and doesn\u2019t work alone. Continues to target \nState had relative contacted by a fake entity \u2018Goodness Health\u2019\nLeft vague VM for relative message \u201cWe work on the Medicare side of things.\u201d and? \nSocial engineering call , malicious domain. The State of Colorado has been on a relentless pursuit against target. Fully compromised targets relatives brand new phone. Hacked target since 10/2013.\nMultiple cyber and physical attacks carried out against target and family members.. There are attacks make to look like accidents or malfunctions. This harmful, silencing behavior is somehow illegal for anyone else.", "modified": "2026-02-10T06:05:39.764000", "created": "2025-12-13T03:24:11.414000", "tags": [ "colorado state", "freeman mathis", "history", "cyber risk", "aspen insureds", "gaig insureds", "landy insureds", "nip group", "purm insureds", "overview core", "united", "ip address", "present nov", "present may", "moved", "encrypt", "unknown", "backdoor", "passive dns", "ransom", "checkin", "trojandropper", "mtb nov", "twitter", "trojan", "data upload", "extraction", "failed", "united states", "server response", "google safe", "results may", "lowfi", "virtool", "mtb alf", "mh alf", "port", "windows nt", "destination", "msie", "khtml", "gecko", "unknown aaaa", "a domains", "meta", "for privacy", "cop supply", "urls", "as139646 hong", "hostname", "files", "hong kong", "domain add", "ip related", "hash avast", "avg clamav", "msdefender may", "ddos", "as13335", "ipv4", "certificate", "hostname add", "url analysis", "files ip", "name strings", "category", "united states", "pulse indicator", "address", "error", "null", "object", "string", "number", "google maps", "promise", "javascript api", "dataset", "bigint", "dark", "android", "infinity", "internal", "roboto", "trident", "void", "small", "lightrail", "false", "span", "close", "light", "hybrid", "embed", "iframe", "keygen", "this", "february", "bounce", "drop", "inside", "outside", "marker", "present dec", "pulses otx", "aaaa", "asnone country", "record value", "title", "pulse pulses", "pulses", "showing", "unknown cname", "unknown soa", "next associated", "ipv4 add", "cycbot", "extract indic", "sneaker bots", "proxies data", "script script", "adult content", "nextimage", "porn site", "div div", "platform make", "cloudfront x", "hio52 p3", "unknown ns", "pulse submit", "title error", "reverse dns", "status", "servers", "name servers", "vashti hostname", "scan endpoints", "url http", "http", "files domain", "files related", "pulses none", "dnssec", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "domain", "emails", "cookie", "url https", "show", "filehash", "urls show", "date checked", "url hostname", "results nov", "win32", "type", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "defense evasion", "spawns", "flag", "llc name", "server", "markmonitor", "name server", "windir", "openurl c", "prefetch2", "show technique", "mitre att", "ck matrix", "pattern match", "ascii text", "sha1", "href", "show process", "file", "general", "local", "path", "germany unknown", "date", "registrar", "ip whois", "dynamicloader", "high", "medium", "search", "displayname", "tofsee", "win64", "write", "stream", "malware", "push", "entries", "tls handshake", "failure", "forbidden", "tlsv1", "april", "next", "write c", "intel", "ms windows", "sha1 add", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "sha256 add", "present jun", "present mar", "medelln", "colombia asn", "dns resolutions", "address domain", "related tags", "none google", "safe browsing", "external", "present sep", "present aug", "as54113", "present jul", "as8068", "gmt content", "total", "read", "delete", "top source", "quasi", "murderers", "christopher ahmann", "buzz ahmann", "wow64", "slcc2", "media center", "labor", "employment", "cdle", "dowc", "colorado", "workers", "coloradoif", "independent", "state", "company", "entity type", "authorized line", "analysis", "tor analysis", "process details", "network traffic", "t1071", "potential ip", "click", "found", "t1480 execution", "bad traffic", "et info", "ck techniques", "evasion att", "t1057", "refresh", "body", "strings", "tools", "look", "verify", "restart", "cname", "form", "pulse", "script domains", "script urls", "administrator", "services llc", "dns admin", "domain admin", "global llc", "domain manager", "computer system", "ltd domain", "network", "alibaba", "facebook", "phishme", "sogou", "present jan", "present feb", "present oct" ], "references": [ "https://www.fmglaw.com/lawyers/christopher-ahmann - found in adult content pulse.", "Sneaker Bots Proxies Servers Cook Groups Cop Supply", "archive.cop.supply \u2022 dev.cop.supply \u2022 https://cop.supply/ \u2022 https://cop.supply/bot-lists/", "https://cop.supply/supreme-bots/\u2022 https://cop.supply/useful-tools/", "https://cop.supply/proxies-lists/ \u2022 https://cop.supply/shopify-bots/", "dns.army \u2022 www.dcopr.dns.army \u2022 www.glsyaiwjj.dns.army \u2022 www.wgmvk.dns.army", "https://maps.googleapis.com/maps/api/js?sensor=false", "cell-0.af-south-1.prod.telemetry.console.api.aws", "howtoworkacrickoutofyourneck2.pages.dev", "firebase-auth-eich0v.pages.dev", "http://ianswertomom.com/develop-wise-woman-within-yourself", "http://ianswertomom.com/bible-verses-struggling-contentment-mom/ I", "https://i-want-to-start-an-onlyfans.pages.dev/favicon.ico| I bet you do boo boo", "makeapornsite.com \u2022 https://pornhighschool.com/ \u2022 https://ethnicerotic.com \u2022 https://twitter.com/Make", "https://khmerpornvideo.signup0.y.id/", "https://lordseriala.life/6337-zvezdnye-vojny-opornaja-komanda.html", "https://clear.ml/infrastructure-control-plane", "dev-app.project-cicada.com \u2022 http://dev-app.project-cicada.com \u2022 https://dev-app.project-cicada.com (2014 report predates 2016 reports)", "https://amano.inboundtools.com/tpcontact URL https://armg.inboundtools.com/ URL https://gaiax.inboundtools.com/internship URL https://hmk.inboundtools.com/ URL https://hmk.inboundtools.com/form/assetview_siryo_sier", "https://download.clear.ml/cpython_builds/releases/ \u2022 https://download.clear.", "https://links.mail.samsara.com/s/c/P9R6gGlExR4nfCwqwJXUmr7NmKcMNde4ZBhCFprlVtsFNgh-4tuTWla0aXN9rIWCjrWtn0Vln7x-hexxVBlY3xxvnEevR8qJU5G5xV3__wo-X7kkpSOhJVfejac-Xk8qu6zs5Z-tILwWYRkNScZNGlAqfwQuJuRw5M-n_ZKI6tuY5XGCZAqWoQepi1NnJiW4wZJkzZlOwGtNkusbuKDcMsLVrrhji2eKh4kYgrJp_SeycJRhasLFCQ3c2bPu4sahEWpcHZrQBaxvdfQgTEno8kV-RJdTDO0zK5MyWDJLeds7mnaDrxlb0O2zmhebUdlHE0R0xHi25dympBUpMlLsQV8bx1WUTOfgK4k0ci9o_2Gbfe22-jLxsJN-msV6pxWYQMaxRNFd4iZRC9J9Z1SC5MBqbvNzqdt98kFdpibnv_QIHdhFyHOR_Ip_LX67Dncc8V8OvAi-H5phfeSyDzwdzf2FQIi82", "https://voidpet.io/invite/scaredscared/1rpzxWXa61 \u2022 https://sex-doggy.net/tag/censored", "Everyone has simply asked you alll to stop. Target never asked anyone for money.", "Legal court documented agreement to allow and pay target to hire cyber investigators", "Attacks are being carried out by The State of Colorado" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "France", "Ireland", "Spain", "Italy", "Aruba", "Australia", "Denmark", "United Kingdom of Great Britain and Northern Ireland", "Germany", "T\u00fcrkiye", "Indonesia" ], "malware_families": [ { "id": "Win.Trojan.GravityRAT-6511862-0", "display_name": "Win.Trojan.GravityRAT-6511862-0", "target": null }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "target": null }, { "id": "Unix.Trojan.Tsunami-6981155-0", "display_name": "Unix.Trojan.Tsunami-6981155-0", "target": null }, { "id": "TrojanDropper:Win32/Systex.A", "display_name": "TrojanDropper:Win32/Systex.A", "target": "/malware/TrojanDropper:Win32/Systex.A" }, { "id": "Win.Trojan.Tepfer-61", "display_name": "Win.Trojan.Tepfer-61", "target": null }, { "id": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "display_name": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "target": null }, { "id": "VirTool:Win32/VBInject.gen!MH", "display_name": "VirTool:Win32/VBInject.gen!MH", "target": "/malware/VirTool:Win32/VBInject.gen!MH" }, { "id": "ALF:NID:Susp_NSIS_Stub.A", "display_name": "ALF:NID:Susp_NSIS_Stub.A", "target": null }, { "id": "#LOWFI:HSTR:Criakl.B1", "display_name": "#LOWFI:HSTR:Criakl.B1", "target": null }, { "id": "Backdoor:Win32/Arwobot.B", "display_name": "Backdoor:Win32/Arwobot.B", "target": "/malware/Backdoor:Win32/Arwobot.B" }, { "id": "Win.Packed.Bandook-9882274-1", "display_name": "Win.Packed.Bandook-9882274-1", "target": null }, { "id": "TrojanDownloader:Win32/Cutwail", "display_name": "TrojanDownloader:Win32/Cutwail", "target": "/malware/TrojanDownloader:Win32/Cutwail" }, { "id": "Win.Downloader.Small-4507", "display_name": "Win.Downloader.Small-4507", "target": null }, { "id": "Trojan:Win32/Qbot.R!MTB", "display_name": "Trojan:Win32/Qbot.R!MTB", "target": "/malware/Trojan:Win32/Qbot.R!MTB" }, { "id": "Win.Malware.Mikey-9949492-0", "display_name": "Win.Malware.Mikey-9949492-0", "target": null }, { "id": "Ransom:Win32/Crowti.A", "display_name": "Ransom:Win32/Crowti.A", "target": "/malware/Ransom:Win32/Crowti.A" }, { "id": "Backdoor:Linux/DemonBot.Aa!MTB", "display_name": "Backdoor:Linux/DemonBot.Aa!MTB", "target": "/malware/Backdoor:Linux/DemonBot.Aa!MTB" }, { "id": "Unix.Trojan.Gafgyt-6981154-0", "display_name": "Unix.Trojan.Gafgyt-6981154-0", "target": null }, { "id": "DDOS:Linux/Gafgyt.YA!MTB", "display_name": "DDOS:Linux/Gafgyt.YA!MTB", "target": "/malware/DDOS:Linux/Gafgyt.YA!MTB" }, { "id": "CVE-2017-11882", "display_name": "CVE-2017-11882", "target": null }, { "id": "ALF:Exploit:O97M/CVE-2017-8977", "display_name": "ALF:Exploit:O97M/CVE-2017-8977", "target": null }, { "id": "Cycbot", "display_name": "Cycbot", "target": null }, { "id": "Win32:BotX-gen\\ [Trj]", "display_name": "Win32:BotX-gen\\ [Trj]", "target": null }, { "id": "NIDS", "display_name": "NIDS", "target": null }, { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Worm", "display_name": "Worm", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" } ], "industries": [ "Insurance", "Construction" ], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 54118, "domain": 11153, "hostname": 18578, "email": 21, "FileHash-SHA256": 4905, "FileHash-MD5": 548, "FileHash-SHA1": 534, "CVE": 7, "SSLCertFingerprint": 20, "CIDR": 1 }, "indicator_count": 89885, "is_author": false, "is_subscribing": null, "subscriber_count": 146, "modified_text": "112 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6963596c4cd594b77b4675ec", "name": "Project Cicada-.Christopher \u201cBuzz\u201d Ahmann - PalantirFoundry | The State of Colorado | ", "description": "", "modified": "2026-02-10T06:05:39.764000", "created": "2026-01-11T08:03:56.534000", "tags": [ "colorado state", "freeman mathis", "history", "cyber risk", "aspen insureds", "gaig insureds", "landy insureds", "nip group", "purm insureds", "overview core", "united", "ip address", "present nov", "present may", "moved", "encrypt", "unknown", "backdoor", "passive dns", "ransom", "checkin", "trojandropper", "mtb nov", "twitter", "trojan", "data upload", "extraction", "failed", "united states", "server response", "google safe", "results may", "lowfi", "virtool", "mtb alf", "mh alf", "port", "windows nt", "destination", "msie", "khtml", "gecko", "unknown aaaa", "a domains", "meta", "for privacy", "cop supply", "urls", "as139646 hong", "hostname", "files", "hong kong", "domain add", "ip related", "hash avast", "avg clamav", "msdefender may", "ddos", "as13335", "ipv4", "certificate", "hostname add", "url analysis", "files ip", "name strings", "category", "united states", "pulse indicator", "address", "error", "null", "object", "string", "number", "google maps", "promise", "javascript api", "dataset", "bigint", "dark", "android", "infinity", "internal", "roboto", "trident", "void", "small", "lightrail", "false", "span", "close", "light", "hybrid", "embed", "iframe", "keygen", "this", "february", "bounce", "drop", "inside", "outside", "marker", "present dec", "pulses otx", "aaaa", "asnone country", "record value", "title", "pulse pulses", "pulses", "showing", "unknown cname", "unknown soa", "next associated", "ipv4 add", "cycbot", "extract indic", "sneaker bots", "proxies data", "script script", "adult content", "nextimage", "porn site", "div div", "platform make", "cloudfront x", "hio52 p3", "unknown ns", "pulse submit", "title error", "reverse dns", "status", "servers", "name servers", "vashti hostname", "scan endpoints", "url http", "http", "files domain", "files related", "pulses none", "dnssec", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "domain", "emails", "cookie", "url https", "show", "filehash", "urls show", "date checked", "url hostname", "results nov", "win32", "type", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "defense evasion", "spawns", "flag", "llc name", "server", "markmonitor", "name server", "windir", "openurl c", "prefetch2", "show technique", "mitre att", "ck matrix", "pattern match", "ascii text", "sha1", "href", "show process", "file", "general", "local", "path", "germany unknown", "date", "registrar", "ip whois", "dynamicloader", "high", "medium", "search", "displayname", "tofsee", "win64", "write", "stream", "malware", "push", "entries", "tls handshake", "failure", "forbidden", "tlsv1", "april", "next", "write c", "intel", "ms windows", "sha1 add", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "sha256 add", "present jun", "present mar", "medelln", "colombia asn", "dns resolutions", "address domain", "related tags", "none google", "safe browsing", "external", "present sep", "present aug", "as54113", "present jul", "as8068", "gmt content", "total", "read", "delete", "top source", "quasi", "murderers", "christopher ahmann", "buzz ahmann", "wow64", "slcc2", "media center", "labor", "employment", "cdle", "dowc", "colorado", "workers", "coloradoif", "independent", "state", "company", "entity type", "authorized line", "analysis", "tor analysis", "process details", "network traffic", "t1071", "potential ip", "click", "found", "t1480 execution", "bad traffic", "et info", "ck techniques", "evasion att", "t1057", "refresh", "body", "strings", "tools", "look", "verify", "restart", "cname", "form", "pulse", "script domains", "script urls", "administrator", "services llc", "dns admin", "domain admin", "global llc", "domain manager", "computer system", "ltd domain", "network", "alibaba", "facebook", "phishme", "sogou", "present jan", "present feb", "present oct" ], "references": [ "https://www.fmglaw.com/lawyers/christopher-ahmann - found in adult content pulse.", "Sneaker Bots Proxies Servers Cook Groups Cop Supply", "archive.cop.supply \u2022 dev.cop.supply \u2022 https://cop.supply/ \u2022 https://cop.supply/bot-lists/", "https://cop.supply/supreme-bots/\u2022 https://cop.supply/useful-tools/", "https://cop.supply/proxies-lists/ \u2022 https://cop.supply/shopify-bots/", "dns.army \u2022 www.dcopr.dns.army \u2022 www.glsyaiwjj.dns.army \u2022 www.wgmvk.dns.army", "https://maps.googleapis.com/maps/api/js?sensor=false", "cell-0.af-south-1.prod.telemetry.console.api.aws", "howtoworkacrickoutofyourneck2.pages.dev", "firebase-auth-eich0v.pages.dev", "http://ianswertomom.com/develop-wise-woman-within-yourself", "http://ianswertomom.com/bible-verses-struggling-contentment-mom/ I", "https://i-want-to-start-an-onlyfans.pages.dev/favicon.ico| I bet you do boo boo", "makeapornsite.com \u2022 https://pornhighschool.com/ \u2022 https://ethnicerotic.com \u2022 https://twitter.com/Make", "https://khmerpornvideo.signup0.y.id/", "https://lordseriala.life/6337-zvezdnye-vojny-opornaja-komanda.html", "https://clear.ml/infrastructure-control-plane", "dev-app.project-cicada.com \u2022 http://dev-app.project-cicada.com \u2022 https://dev-app.project-cicada.com (2014 report predates 2016 reports)", "https://amano.inboundtools.com/tpcontact URL https://armg.inboundtools.com/ URL https://gaiax.inboundtools.com/internship URL https://hmk.inboundtools.com/ URL https://hmk.inboundtools.com/form/assetview_siryo_sier", "https://download.clear.ml/cpython_builds/releases/ \u2022 https://download.clear.", "https://links.mail.samsara.com/s/c/P9R6gGlExR4nfCwqwJXUmr7NmKcMNde4ZBhCFprlVtsFNgh-4tuTWla0aXN9rIWCjrWtn0Vln7x-hexxVBlY3xxvnEevR8qJU5G5xV3__wo-X7kkpSOhJVfejac-Xk8qu6zs5Z-tILwWYRkNScZNGlAqfwQuJuRw5M-n_ZKI6tuY5XGCZAqWoQepi1NnJiW4wZJkzZlOwGtNkusbuKDcMsLVrrhji2eKh4kYgrJp_SeycJRhasLFCQ3c2bPu4sahEWpcHZrQBaxvdfQgTEno8kV-RJdTDO0zK5MyWDJLeds7mnaDrxlb0O2zmhebUdlHE0R0xHi25dympBUpMlLsQV8bx1WUTOfgK4k0ci9o_2Gbfe22-jLxsJN-msV6pxWYQMaxRNFd4iZRC9J9Z1SC5MBqbvNzqdt98kFdpibnv_QIHdhFyHOR_Ip_LX67Dncc8V8OvAi-H5phfeSyDzwdzf2FQIi82", "https://voidpet.io/invite/scaredscared/1rpzxWXa61 \u2022 https://sex-doggy.net/tag/censored", "Everyone has simply asked you alll to stop. Target never asked anyone for money.", "Legal court documented agreement to allow and pay target to hire cyber investigators", "Attacks are being carried out by The State of Colorado" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "France", "Ireland", "Spain", "Italy", "Aruba", "Australia", "Denmark", "United Kingdom of Great Britain and Northern Ireland", "Germany", "T\u00fcrkiye", "Indonesia" ], "malware_families": [ { "id": "Win.Trojan.GravityRAT-6511862-0", "display_name": "Win.Trojan.GravityRAT-6511862-0", "target": null }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "target": null }, { "id": "Unix.Trojan.Tsunami-6981155-0", "display_name": "Unix.Trojan.Tsunami-6981155-0", "target": null }, { "id": "TrojanDropper:Win32/Systex.A", "display_name": "TrojanDropper:Win32/Systex.A", "target": "/malware/TrojanDropper:Win32/Systex.A" }, { "id": "Win.Trojan.Tepfer-61", "display_name": "Win.Trojan.Tepfer-61", "target": null }, { "id": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "display_name": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "target": null }, { "id": "VirTool:Win32/VBInject.gen!MH", "display_name": "VirTool:Win32/VBInject.gen!MH", "target": "/malware/VirTool:Win32/VBInject.gen!MH" }, { "id": "ALF:NID:Susp_NSIS_Stub.A", "display_name": "ALF:NID:Susp_NSIS_Stub.A", "target": null }, { "id": "#LOWFI:HSTR:Criakl.B1", "display_name": "#LOWFI:HSTR:Criakl.B1", "target": null }, { "id": "Backdoor:Win32/Arwobot.B", "display_name": "Backdoor:Win32/Arwobot.B", "target": "/malware/Backdoor:Win32/Arwobot.B" }, { "id": "Win.Packed.Bandook-9882274-1", "display_name": "Win.Packed.Bandook-9882274-1", "target": null }, { "id": "TrojanDownloader:Win32/Cutwail", "display_name": "TrojanDownloader:Win32/Cutwail", "target": "/malware/TrojanDownloader:Win32/Cutwail" }, { "id": "Win.Downloader.Small-4507", "display_name": "Win.Downloader.Small-4507", "target": null }, { "id": "Trojan:Win32/Qbot.R!MTB", "display_name": "Trojan:Win32/Qbot.R!MTB", "target": "/malware/Trojan:Win32/Qbot.R!MTB" }, { "id": "Win.Malware.Mikey-9949492-0", "display_name": "Win.Malware.Mikey-9949492-0", "target": null }, { "id": "Ransom:Win32/Crowti.A", "display_name": "Ransom:Win32/Crowti.A", "target": "/malware/Ransom:Win32/Crowti.A" }, { "id": "Backdoor:Linux/DemonBot.Aa!MTB", "display_name": "Backdoor:Linux/DemonBot.Aa!MTB", "target": "/malware/Backdoor:Linux/DemonBot.Aa!MTB" }, { "id": "Unix.Trojan.Gafgyt-6981154-0", "display_name": "Unix.Trojan.Gafgyt-6981154-0", "target": null }, { "id": "DDOS:Linux/Gafgyt.YA!MTB", "display_name": "DDOS:Linux/Gafgyt.YA!MTB", "target": "/malware/DDOS:Linux/Gafgyt.YA!MTB" }, { "id": "CVE-2017-11882", "display_name": "CVE-2017-11882", "target": null }, { "id": "ALF:Exploit:O97M/CVE-2017-8977", "display_name": "ALF:Exploit:O97M/CVE-2017-8977", "target": null }, { "id": "Cycbot", "display_name": "Cycbot", "target": null }, { "id": "Win32:BotX-gen\\ [Trj]", "display_name": "Win32:BotX-gen\\ [Trj]", "target": null }, { "id": "NIDS", "display_name": "NIDS", "target": null }, { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Worm", "display_name": "Worm", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" } ], "industries": [ "Insurance", "Construction" ], "TLP": "green", "cloned_from": "693cdc5b8ebc10664439c2fb", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 54118, "domain": 11153, "hostname": 18578, "email": 21, "FileHash-SHA256": 4905, "FileHash-MD5": 548, "FileHash-SHA1": 534, "CVE": 7, "SSLCertFingerprint": 20, "CIDR": 1 }, "indicator_count": 89885, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "112 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6605781ad51380e5b1c22815", "name": "haul from the last two weeks of wrangling - presumed malware and IOC's found on my personal devices", "description": "nearing the two year mark of the first initial attack - unfortunately OTX was only able to pull domains from the large majority of files uploaded which seems to be a built in anti-debug feature and goes with the theme and \"look & feel\" of this latest iteration being that most of them were somehow someway remote and acting as a net file system on my machine", "modified": "2024-04-27T02:04:29.606000", "created": "2024-03-28T14:00:58.809000", "tags": [ "dddf", "target", "dddj", "path", "base o", "base", "backupfile", "base rw", "exit", "date", "hell", "gnu libtool", "please do", "linker", "lsmime3 lnss3", "lplc4 lnspr4", "ludev", "directory", "lmagic ljansson", "feugiat", "lorem ipsum", "nulla facilisi", "malesuada", "etiam tempor", "suspendisse", "consectetur", "bibendum", "amet", "eget aliquet", "basesectors", "date echo", "default", "label", "kernel", "append rhgb", "clsid", "systemroot", "webbrowser", "ispell", "imagemagick", "flex", "zle c", "whois", "locate", "rubber", "chown", "ruby", "ninja", "pacman", "restart", "kill", "django", "mark", "repl", "service", "term", "mkdir", "borg", "black", "conan", "dolphin", "dotnet", "hello", "john", "generic", "find", "shutdown", "mozilla", "first", "subsystem", "action", "goto", "load", "devtype", "idnetdriver", "drivers", "program", "interface", "nmunmanaged", "ethernet", "mac prefix", "attr", "virtualbox host", "mac address", "interface name", "hello world", "unit", "timer", "onbootsec5min", "install", "wait online", "networkmanager", "edit", "note", "typeoneshot", "cloud", "optin", "helper", "for testing", "only", "restrict", "grant", "enable debug", "trace", "killmodeprocess", "typedbus", "reload", "capdacoverride", "dhcp etc", "include", "yara", "cflags", "libs", "xxx remove", "the author", "this software", "isc license", "copyright", "schlueter", "permission", "software is", "provided", "as is", "disclaims all", "direct", "require", "semver", "comparator", "range", "releasetypes", "simple", "tilde", "09azaz", "prerelease", "same", "beta", "semverrangesgtr", "semverrangesltr", "coerce version", "ranges", "alpha", "standalone", "exits", "null", "false", "reverse", "compare", "a javascript", "copyright isaac", "typeerror", "maxsafeinteger", "maxlength", "break", "error", "number", "drop", "same direction", "symbol", "comp", "const", "caret", "flagloose", "xrange", "parse", "identifier", "object", "match", "string", "walk", "manually", "stop", "highhaspre", "major", "minor", "patch", "istanbul", "preminor", "index", "regexp", "build metadata", "meaning", "replace", "token", "zero", "star", "infinity", "return", "a cache", "build status", "coverage status", "the same", "options", "before", "lrulist", "cache", "length", "dispose", "maxage", "allowstale", "nodisposeonset", "yallist", "node", "array", "head", "function", "tail", "start", "insert", "just", "node object", "barbar", "array method", "default export", "any comparator", "complex range", "simple range", "c1 c2", "outer", "every simple", "ecomp", "must", "clone", "case", "ignore", "setmin", "determine", "version", "typeof", "contribute", "status", "node package", "manager", "benchmark suite", "installation", "direct download", "ql https", "node version", "usage", "project", "calendar", "package", "source", "license", "source form", "perl foundation", "distributor fee", "distribute", "standard", "neither", "module", "basecommand", "lifecyclecmd", "base command", "pacote", "browser", "workspace", "pkgname", "await", "boolean", "base class", "wrapwidth", "chalk", "command", "config", "npmcliconfig", "logfile", "timers", "display", "location", "audit", "arboristcmd", "arborist", "global", "whoami", "async", "json", "view", "pref", "pckmnt", "resolve", "utf8", "libnpmversion", "unstar", "update", "save", "omit", "packagelock", "dryrun", "force", "libnpmaccess", "spec", "uninstall", "todo", "enoent", "enotdir", "test", "scriptshell", "scope", "team", "create", "user", "libnpmteam", "destroy", "table", "list", "cidr", "stars", "eneedauth", "shrinkwrap", "rename", "npmcliarborist", "value", "unicode", "sbom", "cyclonedx", "build", "sbomformats", "response", "software bill", "look", "script", "runscript", "indent", "root", "minipass", "search", "pipeline", "filterstream", "libnpmsearch", "long", "grab", "packageurlcmd", "repo", "info", "repo const", "rebuild", "reifycmd", "publish", "libnpmpack", "npmclirunscript", "prune", "remove", "prefix", "args", "queryable", "packagejson", "pong", "cleanurl", "registry", "pack", "load tarball", "noise", "query", "edge", "etarget", "e403", "e404", "outdated", "homepage", "developer", "admin", "owner", "libnpmorg", "npmfetch", "logout", "getauth", "invalid", "parent", "depth", "type", "filteredby", "dedupe", "problems", "login", "link", "util", "installcitest", "runs", "prop", "password", "profile", "mode", "email", "twitter", "hook", "libnpmhook", "init", "wpath", "installtest", "complete", "globaltop", "help", "viewer", "glob", "pattern", "file", "globify", "explore", "shell", "handle", "fund", "which", "fundingsource", "archy", "explain", "helpsearch", "text", "part", "editor", "editor const", "childprocess", "check", "nodemodules", "docs", "promisify", "doctor", "cacache", "mask", "win32", "disttag", "packagespec", "semver range", "delete", "diff", "workspacepath", "actualtree", "libnpmdiff", "deprecate", "message", "write", "clean", "spawn", "compline", "comppoint", "compcword", "epipe", "completion", "compfish", "os x", "bugs", "report", "adduser", "exec", "libnpmexec", "localprefix", "runpath", "skip", "public key", "npmauditreport", "access", "item", "finddupes", "syntaxerror", "getcli", "eventemitter", "abort", "ssri", "columnify", "bundled", "tarball details", "sha1", "daily", "latest", "check daily", "weekly", "cyclonedxschema", "cyclonedxformat", "proppath", "propbundled", "propdevelopment", "propextraneous", "propprivate", "refvcs", "refwebsite", "crypto", "readpassword", "readusername", "reademail", "enter", "enter otp", "otpprompt", "afaf09", "passwordprompt", "auditerror", "getfundinginfo", "json output", "data", "append", "maybeindex", "ontimeend", "name", "returns", "noassertion", "spdxidentifer", "spdxdatalicense", "reldescribes", "reldep", "reftypepurl", "spdxid", "eotp", "e401", "setinterval", "npmlog", "proclog", "maxlogsperfile", "fsminipass", "open", "colmax", "colmin", "colgutter", "quick help", "convert", "b return", "mb return", "gb return", "sigint", "readline", "prompt", "promise", "eresolve error", "overridden", "peer", "extraneous", "optional", "isworkspace", "maxlen", "code", "unfinished", "notice", "isshellout", "matcherrorcode", "devnull", "npmcompletion", "compwords", "compreply", "o default", "f npmcompletion", "ifs compadd", "fish shell", "l cmd", "taken", "comp stuff", "lx compline", "abbrev", "please", "enyi", "json version", "cygwin", "c1 control", "numbers", "x09 x0a", "10000", "nodemodulesnpm", "builtin", "npmrc", "notsup", "notarget", "nospc", "rofs", "author", "npmclifs", "minimatch", "pathtofoo", "relative", "synopsis", "description", "field", "person", "configuration", "whether", "premajor", "prepatch", "prevents", "run git", "upgrade", "examples", "will", "shareman", "cidr whitelist", "please refer", "tokenid", "eslint", "c eslint", "compatibility", "older", "versions", "nodeoptions", "details", "output", "example", "posix", "unstarring", "lcall", "starring", "lock", "materials", "spdx", "lodash", "nodeenv", "initcwd", "boolean set", "boolean tells", "windows", "unix", "selector", "use cases", "queries", "equivalent", "boolean show", "nocolor environ", "cli look", "boolean force", "dependency", "json object", "production", "files", "cicd system", "property", "change", "url opener", "basic auth", "allow", "description a", "removes", "semvermajor", "ping https", "ping http", "found", "get http", "example add", "json format", "handy", "display prefix", "g usrlocal", "mycorp", "associate", "deprecated", "libnodemodules", "caveat note", "workspace usage", "string override", "tarball", "githubrepo", "initializer", "usrfoo", "forwarding", "suppose", "commandsnpm", "hooks", "url endpoint", "browse", "consider", "ci environment", "string optional", "promzard", "top level", "expect", "javascript", "it staff", "https", "cli team", "ecmascript", "readme", "package current", "latest location", "depended", "git repos", "git dependency", "newest version", "modify package", "description add", "show", "purpose tags", "tags", "keyvalue", "16 16", "boolean ignore", "boolean do", "string source", "treat", "example make", "grep", "travis ci", "details npm", "localappdata", "tab completion", "bulk advisory", "sha256publickey", "endpoint", "quick audit", "set access", "that user", "scoped", "python", "description npm", "node javascript", "important npm", "introduction", "c code", "unix system", "integrity", "provide", "facilitate", "cli tool", "handling old", "lockfiles", "file format", "legacy", "urls", "spdx license", "most", "barney rubble", "specify", "github", "dependencies", "github urls", "node installer", "linux", "overview", "windows node", "prefixetcnpmrc", "variablename", "home", "comments", "peruser config", "global config", "builtin config", "auth", "cycles", "local install", "global install", "appdata", "below", "please note", "stage", "after", "life cycle", "runs after", "post scripts", "scripts", "slate", "synopsis so", "rf usrlocal", "modules", "with", "laf usrlocal", "l npm", "description all", "installing", "myorgmypackage", "requiring", "publishing", "private modules", "scopes", "apis", "auth related", "does", "package name", "aliases", "folders", "os equivalent", "tarballs", "teams", "orgs", "super admin", "team admins", "developer guide", "description so", "be explicit", "blank", "standard glob", "link packages", "syntax", "selectors", "querying", "log file", "location all", "log levels", "information", "headers", "logs", "alias", "certificate", "format", "docext", "content", "descriptions", "shorthands", "keyb", "print", "dir1", "manual", "input", "line", "process", "display help", "dirs", "get contents", "maxdepth", "contents", "u2665 bxe5r", "ud834udf06 baz", "single", "cssesc", "usage arborist", "commands", "options most", "npm install", "npm rm", "time", "silent", "fetch", "conf", "handler", "extract", "additional", "jackspeak", "jack", "glob v", "expand", "drive letter", "never", "true", "rob browning", "gnu library", "general", "public license", "license file", "future import", "adderror", "cdfq", "charles levert", "egrep", "egrepegrep", "fgrepfgrep", "grepgrep", "svr4 grepegrep", "times", "attributeerror", "fixcygwinid", "enhanced", "false try", "false assert", "tsns", "inetaddress", "none", "return value", "unixaddress", "localrepo", "httpserver", "valueerror", "resourcepath", "exception", "eoferror", "c version", "bytesio", "offset", "binary", "ascii", "baseversion", "commit", "throw", "in n", "send", "data end", "if 10", "copy", "send logoutn", "exitatoi", "tmplink", "lcallc binls", "varlogsetup rm", "sf tmp", "slackware", "system console", "entry", "ansi mode", "b007e", "slackware ftp", "cdrom", "miquel van", "smoorenburg", "okay", "minix", "fixme", "overwrite", "connect", "ssh connection", "subcmd", "bbupttywidth", "bupforcetty", "hashsplitter", "b options", "false def", "hack", "kbytesr", "srcpath", "tmptagfiles", "device", "tmpreply", "reply", "including", "but not", "quotesplit", "quoteerror", "not word", "split line", "mainselect", "tpxetcfstab", "select", "slackware linux", "varlogmount", "anything", "tmpswapmsg", "swappart", "ndir", "swaplist", "tmpsetswap", "linux swap", "swap space", "redir", "linux fdisk", "tmptmpscript", "eof fi", "instsets", "gnome", "tmpsetds", "tmpsetseries", "gnu emacs", "gnome desktop", "linux kernel", "k desktop", "uucp", "tmp fi", "tmpsettpx", "tpxetcshadow", "root password", "detected", "internet", "press", "linux native", "partitions", "tmpreturn", "nodes", "nextpartition", "rootdevice", "mtpt", "size", "formatting", "doformat", "main", "done", "sourcemedia", "tmpmedia", "source media", "selection", "slackware cd", "network file", "tmpsetreturn", "maketag", "choice", "mount", "tagext", "tmpsetnewtag", "tmpsettagmake", "sorry", "tmpsetkeymap", "mapname", "moorhead", "keyboard map", "us keyboard", "updown", "copying", "kernel chmod", "kernel rdev", "lilo", "fullerr", "tmpsettestfull", "partition full", "setup", "altf2", "slackware setup", "dospart", "newdir", "tmptempscript", "tmpsetdos", "partition", "ntfs", "doslist", "installscripts", "tpxproc", "atapi cd", "kerberos", "file transfer", "iana", "appletalk", "network", "control", "secure shell", "chat", "contact", "prospero", "outtag", "outshift", "if 30", "conn", "setmode", "dumb", "smart", "clienterror", "rather", "stopiteration", "firstexclusion", "appendcommit", "firstbranchitem", "filterbranch", "origtip", "oldnew", "remoterepo", "group", "prevpath", "sisdir import", "dangerous", "count", "subcount", "ioerror", "oserror", "gitmodetree", "gitmodefile", "gitmodesymlink", "stack", "nonlocal", "revision", "presdir", "admdirpackages", "warn", "tmprequiredlist", "trigger", "arch", "procscsiscsi", "luns", "scsi", "ax1b", "skript", "scsi bus", "kurt garloff", "gnu gpl", "ieee1394", "l found0", "nextrepoid", "repoid", "realpath", "usb keyboard", "d libmodules", "nousb", "procbususb a", "procbususb fi", "load input", "q input", "inet system", "hostname", "attach", "etcmotd", "newdisk", "scan", "slackkernel", "ram disk", "r sbp2", "r ieee1394", "firewire", "noieee1394", "q ieee1394", "attempt", "use f", "none def", "return password", "return none", "passwd", "nametopwdcache", "gidtogrpcache", "nametogrpcache", "tagfile", "prompt mode", "help software", "less", "removepkg", "gnu cc", "linux source", "pkgtool", "proccmdline", "termvt100", "termlinux", "homeroot lessmm", "ps1u", "home path", "display less", "term ps1", "kind", "branch", "period", "tmpsetfdisk", "minor elif", "smashedline", "l dev", "tmpsetfdisk fi", "probe", "mylex", "raid", "disksets", "packagedir", "blurb", "sourcedir", "tmptmpmsg", "tmptagfile", "media", "pcmcia", "umountcdrom", "o ro", "floppy", "pcmcia andor", "cardbus", "usedflopfalse", "libdir", "libdir exedir", "bcmd", "exedir", "openssl set", "packageversion", "versiongreater", "invert", "optdict", "intify", "limited to", "sockets layer", "argv", "normally", "shutwr", "sigexception", "demuxconn", "pipe import", "demultiplex", "openssl", "debug", "opensslversion", "static imported", "target openssl", "cmake", "shared imported", "fatalerror", "obex", "import", "stringio import", "obex service", "bdaddr channeln", "ascii character", "alength", "notfoundreturn", "use nis", "nis version", "name service", "switch config", "legal", "use dns", "domain name", "os2 boot", "os2 fdisk", "partition magic", "boot manager", "tcpip subsystem", "nfs install", "network support", "make", "sample file", "zip disk", "zip drive", "first scsi", "first ide", "atari", "solaris", "drive x", "zip100", "linkdir", "linkdir fi", "tmp directory", "asap", "linkdir tmp", "indexerror", "want", "midxversion", "wrapper", "multiple index", "filename", "desiredhwm", "domidx", "exitstack", "total", "option", "c option", "vmsize", "vmrss", "vmdata", "vmstk", "majflt", "september", "guess object", "longmatch", "raid device", "devrd", "devname", "concord", "applyerror", "metadata", "einval", "macos", "frozen", "fifo", "common code", "faildelay", "faillogenab", "logunkfailenab", "logoklogins", "lastlogenab", "mailcheckenab", "quotasenab", "syslogsuenab", "syslogsgenab", "console console", "ttywidth", "baseexception", "pythonpath", "pipe", "sigismember", "xdropaqueauth", "libcpvalloc", "rtld", "gnu c", "library", "free software", "foundation", "gnu lesser", "general public", "merchantability", "refs", "keyerror", "important", "carefully", "kwargs", "super", "true result", "priority", "pmsg", "crunch", "tmptempmsg", "localnetmask", "localipaddr", "upnrun", "ip address", "localgateway", "kversion", "eof dialog", "tmpmask", "localnetwork", "slackdevice", "fgrep", "ftp site", "tmpsetmount", "reboot machine", "tmpwhichdrv", "tmpsetmount cat", "select floppy", "drive", "tmptempmsg exit", "tmptempmsg mv", "tmpsourcedir", "drivefound", "cddvd", "rdir", "cddvd drive", "tmpsetcddev", "ide bus", "tmperrordo exit", "third", "login binsh", "l ttys0", "l ttys1", "x0 s", "reboot", "stuff", "bupdir", "iterhelper", "next", "none d", "indexhdr", "ixexists", "ixhashvalid", "ixshamissing", "indexsig", "entlen", "footersig", "tmpdir", "experimental", "bdupcache", "brestore", "bindex", "agulbra", "tcpip", "linux box", "hlinkdb", "verify", "maxpertree", "bupblobbits", "buptreeblobbits", "giterror", "mpicount", "bupnormal", "bupchunked", "refresh", "close", "dump", "dest", "commonargs", "ref dest", "pick", "btree", "missingobject", "bloom filter", "existingcount", "idxlivecount", "ram budget", "bupfs", "importerror", "fuse", "verbose", "fakemetadata", "fsdecode", "ptraceerror", "ptracesetregs", "cpu64bits", "ptraceattach", "ptracedetach", "ptracesyscall", "cpuwordsize", "runningbsd", "ext2", "proc proc", "commanderror", "optionerror", "lcctype", "iso88591", "localrepo repo", "sbine2fsck", "bfailed", "elif", "bcanary", "posix acls", "linux partition", "move", "pgdnspace", "olargefile", "onofollow", "xdev", "xdevxdev", "dirlist", "prepend", "cyan", "white", "blue", "dialog box", "yellow", "active button", "inactive button", "search box", "input box", "green", "excluderxs", "doit", "s seed", "this command", "is extremely", "dangerous n", "chunksize", "socket", "return hex", "supports python", "rethrow", "hostrs", "bnone", "bload", "branchpath", "snapshotroot", "snapshot", "tmpidx", "bashsource", "bashlineno", "int dryrun", "importing", "ux f", "sbinbrc", "eof binsync", "unmounting file", "devnull echo", "rest", "first assert", "existing", "restcount", "none path", "maxbloombits", "bloomversion", "maxbitseach", "discussion", "k4 k5", "k6 k7", "k8 k9", "rvatoi", "exitrv", "exit 1", "noblock", "sisdir", "sislnk", "writetree", "rawtreeitem", "splittreeitem", "metadataro", "meta", "builtmodulename", "dkms", "packagename", "autoinstall", "kernelrelease", "kbuild", "kerneluname", "implementation", "murmurhash3", "jens taylor", "gary court", "austin appleby", "typeof h", "later", "tls1", "fbtfr", "fbfr", "apache http", "fbefr", "fbhfr", "fbabfr", "http", "keepalive", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "getprocaddress", "access type", "ck id", "observed ja3", "mitre att", "show technique", "suspicious", "hybrid", "click", "delphi", "strings", "malicious", "february", "middle", "exploit", "gameover", "hybrid analysis", "api key", "vetting process", "ck matrix", "accept", "memoryfile scan", "invalid octet", "falcon sandbox", "tmpp59thrck", "informative", "name tactics" ], "references": [ "itl-logo.txt", "empty.exe", "libnm.la", "libyara.la", "sunjava_map.xml", "lorem.txt", "stage2", "q\u00e9\u00d5?e\u00ac\u00d2\u00b6.\u000f\u001c\u00cc", "syslinux.cfg", "x.jnlp", "desktop.ini", "a.txt", "a.txt:ads.txt", "dir:ads.txt", "b.txt:ads.txt", "no_ads.txt", ".:ads.txt", "b.txt", "nm-shared.xml", ".zcompdump-m1904-5.9", ".zcompdump", "90-nm-thunderbolt.rules", "84-nm-drivers.rules", "85-nm-unmanaged.rules", "???? ????????.txt", "notes.txt", "notes.txt:ads", "nm-cloud-setup.timer", "NetworkManager-wait-online.service", "nm-cloud-setup.service", "nm-priv-helper.service", "NetworkManager-dispatcher.service", "NetworkManager.service", "NetworkManager-ovs.conf", "nm-pppd-plugin.la", "yara.pc", "libnm.pc", "preload.js", "LICENSE", "index.js", "range.bnf", "package.json", "README.md", "semver.js", "comparator.js", "range.js", "valid.js", "sort.js", "satisfies.js", "rsort.js", "rcompare.js", "prerelease.js", "patch.js", "neq.js", "minor.js", "major.js", "lt.js", "inc.js", "parse.js", "gt.js", "eq.js", "gte.js", "compare-loose.js", "compare.js", "clean.js", "cmp.js", "coerce.js", "compare-build.js", "diff.js", "lte.js", "parse-options.js", "identifiers.js", "debug.js", "constants.js", "re.js", "yallist.js", "iterator.js", "subset.js", "to-comparators.js", "outside.js", "min-version.js", "min-satisfying.js", "max-satisfying.js", "ltr.js", "simplify.js", "intersects.js", "gtr.js", "npmrc", "cli.js", "lifecycle-cmd.js", "cli-entry.js", "package-url-cmd.js", "base-command.js", "npm.js", "arborist-cmd.js", "whoami.js", "view.js", "version.js", "unstar.js", "update.js", "unpublish.js", "uninstall.js", "test.js", "team.js", "stop.js", "start.js", "token.js", "stars.js", "shrinkwrap.js", "set.js", "star.js", "sbom.js", "run-script.js", "root.js", "search.js", "repo.js", "restart.js", "rebuild.js", "publish.js", "prune.js", "prefix.js", "pkg.js", "ping.js", "pack.js", "query.js", "outdated.js", "org.js", "owner.js", "logout.js", "ls.js", "ll.js", "login.js", "link.js", "install-ci-test.js", "profile.js", "hook.js", "init.js", "install-test.js", "install.js", "help.js", "explore.js", "fund.js", "explain.js", "help-search.js", "get.js", "edit.js", "docs.js", "doctor.js", "dist-tag.js", "dedupe.js", "deprecate.js", "ci.js", "config.js", "completion.js", "bugs.js", "adduser.js", "exec.js", "audit.js", "access.js", "cache.js", "find-dupes.js", "validate-engines.js", "web-auth.js", "tar.js", "update-notifier.js", "sbom-cyclonedx.js", "replace-info.js", "read-user-info.js", "reify-output.js", "queryable.js", "timers.js", "validate-lockfile.js", "sbom-spdx.js", "otplease.js", "pulse-till-done.js", "log-shim.js", "log-file.js", "npm-usage.js", "get-identity.js", "format-bytes.js", "open-url-prompt.js", "explain-eresolve.js", "explain-dep.js", "exit-handler.js", "open-url.js", "did-you-mean.js", "completion.sh", "completion.fish", "cmd-list.js", "auth.js", "audit-error.js", "is-windows.js", "display.js", "reify-finish.js", "error-message.js", "format-search-stream.js", "installed-shallow.js", "installed-deep.js", "update-workspaces.js", "get-workspaces.js", "npm-view.md", "npm-version.md", "npm-uninstall.md", "npm-token.md", "npx.md", "npm-team.md", "npm-stop.md", "npm-unstar.md", "npm-start.md", "npm-star.md", "npm-test.md", "npm-shrinkwrap.md", "npm-stars.md", "npm-sbom.md", "npm-root.md", "npm-run-script.md", "npm-restart.md", "npm-rebuild.md", "npm-query.md", "npm-search.md", "npm-prune.md", "npm-publish.md", "npm-profile.md", "npm-repo.md", "npm-whoami.md", "npm-pkg.md", "npm-pack.md", "npm-ping.md", "npm-org.md", "npm-owner.md", "npm-prefix.md", "npm-login.md", "npm-logout.md", "npm-link.md", "npm-install-ci-test.md", "npm-install.md", "npm-init.md", "npm-update.md", "npm-help-search.md", "npm-hook.md", "npm-help.md", "npm-find-dupes.md", "npm-explore.md", "npm-unpublish.md", "npm-exec.md", "npm-ls.md", "npm-edit.md", "npm-doctor.md", "npm-fund.md", "npm-outdated.md", "npm-docs.md", "npm-dist-tag.md", "npm-config.md", "npm-diff.md", "npm-ci.md", "npm-cache.md", "npm-bugs.md", "npm-completion.md", "npm-audit.md", "npm-access.md", "npm.md", "npm-install-test.md", "npm-adduser.md", "npm-dedupe.md", "package-lock-json.md", "package-json.md", "npm-shrinkwrap-json.md", "install.md", "npmrc.md", "folders.md", "workspaces.md", "scripts.md", "removal.md", "scope.md", "registry.md", "package-spec.md", "orgs.md", "developers.md", "dependency-selectors.md", "logging.md", "config.md", "node-which", "mkdirp", "qrcode-terminal", "installed-package-contents", "cssesc", "color-support", "arborist", "pacote", "glob", "empty", "xstat (2).py", "zgrep", "xstat.py", "wtmp", "web.py", "vt300", "vt300 (2)", "vt100 (3)", "vt100", "vint.py", "version (2).py", "version.py", "vdecmd", "unmigrate (2).sh", "unmigrate.sh", "tick.py", "termcap (2)", "termcap", "tag.py", "syslinux (2).cfg", "syslog.conf", "syslog (2).conf", "styles.css", "stdcrt (2)", "std (2)", "stage2 (3)", "stage2 (2)", "std", "ssh.py", "source_info.py", "split.py", "slackinstall", "stdcrt", "shells", "shells (2)", "shquote.py", "shadow (2)", "shadow", "setup (2)", "SeTswap (2)", "SeTPKG (2)", "setup", "SeTswap", "SeTpasswd (2)", "SeTpasswd", "SeTnopart (2)", "SeTpartitions (2)", "SeTnopart", "SeTPKG", "SeTmedia (2)", "SeTpartitions", "SeTmedia", "SeTmaketag", "slackinstall (2)", "SeTkeymap (2)", "SeTmaketag (2)", "SeTkernel", "SeTfull (2)", "SeTkernel (2)", "SeTfull", "SeTfdHELP", "SeTfdHELP (2)", "SeTkeymap", "SeTDOS (2)", "SeTconfig (2)", "services (2)", "SeTDOS", "SeTconfig", "services", "sendcmd.rc", "securetty (2)", "securetty", "server.py", "rm.py", "restore.py", "rm (2).py", "save.py", "removepkg", "rescan-scsi-bus", "removepkg (2)", "README (2)", "README", "repo.py", "rc.usb", "rc.inet1", "rc.S", "rc.ieee1394", "random.py", "pwdgrp.py", "PROMPThelp (2)", "profile (2)", "prune_older.py", "profile", "probe (2)", "probe", "pkgtool", "pkgtool (2)", "pcmcia", "path.py", "passwd (2)", "passwd", "OpenSSLConfigVersion.cmake", "options.py", "PROMPThelp", "openssl.pc", "openmachine.rc", "on__server.py", "on.py", "OpenSSLConfig.cmake", "obexstress", "nsswitch (2).conf", "nsswitch.conf", "nopartHELP (2)", "nopartHELP", "networks (2)", "networks", "network", "mux.py", "mtools (2).conf", "mtools.conf", "mtab (2)", "mtab", "motd (2)", "motd", "modules.pcimap", "modules.pnpbiosmap", "modules.parportmap", "modules.usbmap", "modules.isapnpmap", "modules.ieee1394map", "modules.generic_string", "modules.dep", "migrate (2).sh", "migrate.sh", "midx.py", "midx (2).py", "meta.py", "memtest.py", "margin.py", "makedevs (2).sh", "makedevs.sh", "metadata.py", "ls (2).py", "ls.py", "login (2).defs", "main.py", "login.defs", "list_idx.py", "libssl.pc", "libnm-wwan.la", "libnm-ppp-plugin.la", "libnm-device-plugin-wwan.la", "libnm-device-plugin-wifi.la", "libnm-device-plugin-team.la", "libnm-device-plugin-bluetooth.la", "libnm-device-plugin-ovs.la", "libnm-device-plugin-adsl.la", "libcrypto.pc", "libc6-i386_2.31-0ubuntu6_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.info", "libc6-i386_2.30-4_amd64.url", "libc6-i386_2.31-0ubuntu6_amd64.symbols", "libc6-i386_2.30-4_amd64.info", "libc6-i386_2.30-4_amd64.symbols", "libc6-i386_2.30-0ubuntu2_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.info", "libc6-i386_2.30-0ubuntu2.1_amd64.url", "libc6-i386_2.30-0ubuntu2_amd64.symbols", "libc6-i386_2.30-0ubuntu2.1_amd64.info", "libc6-i386_2.29-0ubuntu2_amd64.url", "libc6-i386_2.29-0ubuntu2_amd64.symbols", "libc6-i386_2.29-0ubuntu2_amd64.info", "libc6-i386_2.28-10_amd64.url", "libc6-i386_2.28-10_amd64.info", "libc6-i386_2.28-10_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.info", "libc6-i386_2.27-3ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.symbols", "libc6-i386_2.28-0ubuntu1_amd64.url", "libc6-i386_2.27-3ubuntu1_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.url", "libc6-i386_2.26-0ubuntu2_amd64.info", "libc6-i386_2.26-0ubuntu2_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.url", "libc6-i386_2.26-0ubuntu2.1_amd64.info", "libc6-i386_2.24-11+deb9u4_amd64.url", "libc6-i386_2.30-0ubuntu2.1_amd64.symbols", "libc6-i386_2.26-0ubuntu2.1_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.symbols", "libc6-i386_2.24-9ubuntu2_amd64.url", "libc6-i386_2.24-9ubuntu2_amd64.info", "libc6-i386_2.24-9ubuntu2.2_amd64.url", "libc6-i386_2.24-9ubuntu2.2_amd64.symbols", "libc6-i386_2.24-9ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.url", "libc6-i386_2.24-3ubuntu2.2_amd64.info", "libc6-i386_2.24-3ubuntu2.2_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.url", "libc6-i386_2.23-0ubuntu11_amd64.url", "libc6-i386_2.24-3ubuntu1_amd64.symbols", "libc6-i386_2.24-3ubuntu1_amd64.info", "libc6-i386_2.23-0ubuntu11_amd64.symbols", "libc6-i386_2.23-0ubuntu11_amd64.info", "libc6-i386_2.23-0ubuntu10_amd64.url", "libc6-i386_2.23-0ubuntu10_amd64.symbols", "libc6-i386_2.23-0ubuntu10_amd64.info", "libc6-i386_2.23-0ubuntu3_amd64.symbols", "libc6-i386_2.23-0ubuntu3_amd64.info", "libc6-i386_2.21-0ubuntu4_amd64.url", "libc6-i386_2.23-0ubuntu3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.info", "libc6-i386_2.21-0ubuntu4.3_amd64.url", "libc6-i386_2.21-0ubuntu4_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.info", "libc6-i386_2.19-18+deb8u10_amd64.url", "libc6-i386_2.19-18+deb8u10_amd64.symbols", "libc6-i386_2.19-18+deb8u10_amd64.info", "libc6-i386_2.19-10ubuntu2_amd64.url", "libc6-i386_2.19-10ubuntu2_amd64.symbols", "libc6-i386_2.21-0ubuntu4.3_amd64.symbols", "libc6-i386_2.19-10ubuntu2_amd64.info", "libc6-i386_2.19-10ubuntu2.3_amd64.symbols", "libc6-i386_2.24-11+deb9u4_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.url", "libc6-i386_2.19-10ubuntu2.3_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.info", "libc6-i386_2.19-0ubuntu6_amd64.symbols", "libc6-i386_2.19-0ubuntu6.15_amd64.info", "libc6-i386_2.19-0ubuntu6.15_amd64.url", "libc6-i386_2.19-0ubuntu6.15_amd64.symbols", "libc6-i386_2.17-93ubuntu4_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.info", "libc6-i386_2.17-0ubuntu5_amd64.url", "libc6-i386_2.17-93ubuntu4_amd64.symbols", "libc6-i386_2.17-0ubuntu5_amd64.info", "libc6-i386_2.17-0ubuntu5.1_amd64.url", "libc6-i386_2.17-0ubuntu5_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.symbols", "libc6-i386_2.17-0ubuntu5.1_amd64.info", "libc6-i386_2.15-0ubuntu20_amd64.url", "libc6-i386_2.15-0ubuntu20.2_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.symbols", "libc6-i386_2.15-0ubuntu20.2_amd64.info", "libc6-i386_2.15-0ubuntu20.2_amd64.symbols", "libc6-i386_2.15-0ubuntu10_amd64.info", "libc6-i386_2.15-0ubuntu10_amd64.url", "libc6-i386_2.15-0ubuntu20_amd64.info", "libc6-i386_2.15-0ubuntu10.18_amd64.url", "libc6-i386_2.15-0ubuntu10_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.url", "libc6-i386_2.13-20ubuntu5_amd64.info", "libc6-i386_2.13-20ubuntu5_amd64.symbols", "libc6-i386_2.13-20ubuntu5.3_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.url", "libc6-i386_2.13-20ubuntu5.3_amd64.symbols", "libc6-i386_2.15-0ubuntu10.18_amd64.symbols", "libc6-i386_2.13-20ubuntu5.2_amd64.info", "libc6-i386_2.13-0ubuntu13_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.info", "libc6-i386_2.13-20ubuntu5.2_amd64.symbols", "libc6-i386_2.13-0ubuntu13.2_amd64.url", "libc6-i386_2.13-0ubuntu13_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.url", "libc6-i386_2.13-0ubuntu13.2_amd64.info", "libc6-i386_2.12.1-0ubuntu10.4_amd64.info", "libc6-i386_2.13-0ubuntu13.2_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.info", "libc6-i386_2.11.1-0ubuntu7_amd64.url", "libc6-i386_2.12.1-0ubuntu6_amd64.symbols", "libc6-i386_2.12.1-0ubuntu10.4_amd64.symbols", "libc6-i386_2.12.1-0ubuntu6_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.info", "libc6-i386_2.11.1-0ubuntu7.21_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.url", "libc6-i386_2.11.1-0ubuntu7_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.url", "libc6-i386_2.11.1-0ubuntu7.21_amd64.url", "libc6-i386_2.11.1-0ubuntu7.12_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.11_amd64.info", "libc6-i386_2.11.1-0ubuntu7.11_amd64.symbols", "libc6-i386_2.10.1-0ubuntu19_amd64.url", "libc6-i386_2.10.1-0ubuntu19_amd64.info", "libc6-i386_2.10.1-0ubuntu19_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.info", "libc6-i386_2.10.1-0ubuntu15_amd64.symbols", "libc6-i386_2.11.1-0ubuntu7.12_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.url", "libc6-i386_2.9-4ubuntu6_amd64.info", "libc6-i386_2.9-4ubuntu6_amd64.symbols", "libc6-i386_2.10.1-0ubuntu15_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.url", "libc6-i386_2.9-4ubuntu6.3_amd64.symbols", "libc6-i386_2.9-4ubuntu6.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu9_amd64.info", "libc6-i386_2.8~20080505-0ubuntu7_amd64.url", "libc6-i386_2.7-10ubuntu8.3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.info", "libc6-i386_2.7-10ubuntu3_amd64.url", "libc6-i386_2.8~20080505-0ubuntu7_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.symbols", "libc6-i386_2.7-10ubuntu3_amd64.info", "libc6-i386_2.6.1-1ubuntu10_amd64.url", "libc6-i386_2.6.1-1ubuntu10_amd64.symbols", "libc6-i386_2.6.1-1ubuntu10_amd64.info", "libc6-i386_2.7-10ubuntu8.3_amd64.symbols", "libc6-i386_2.6.1-1ubuntu9_amd64.url", "libc6-i386_2.6.1-1ubuntu9_amd64.info", "libc6-i386_2.6.1-1ubuntu9_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.symbols", "libc6-i386_2.5-0ubuntu14_amd64.info", "libc6-i386_2.4-1ubuntu12_amd64.url", "libc6-i386_2.4-1ubuntu12_amd64.symbols", "libc6-i386_2.4-1ubuntu12_amd64.info", "libc6-i386_2.8~20080505-0ubuntu9_amd64.symbols", "libc6-i386_2.4-1ubuntu12.3_amd64.url", "libc6-i386_2.4-1ubuntu12.3_amd64.info", "libc6-i386_2.5-0ubuntu14_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.url", "libc6-i386_2.3.6-0ubuntu20_amd64.symbols", "libc6-i386_2.3.6-0ubuntu20_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.url", "libc6-i386_2.3.6-0ubuntu20.6_amd64.info", "libc6-i386_2.3.6-0ubuntu20.6_amd64.symbols", "ldd", "libc6-i386_2.4-1ubuntu12.3_amd64.symbols", "ld.so (2).conf", "ld.so.conf", "join.py", "itl-logo (3).txt", "itl-logo (2).txt", "issue", "issue (2)", "io.py", "installpkg", "INSNFS (2)", "installpkg (2)", "INSNFS", "INShd", "INShd (2)", "INSfd (2)", "INSfd", "INSdir (2)", "INSdir", "INSCD", "INSCD (2)", "inittab (2)", "inittab", "init.py", "__init__ (2).py", "__init__.py", "index (2).py", "index.py", "import_duplicity.py", "hosts (2)", "hosts", "host (2).conf", "host.conf", "HOSTNAME", "hlinkdb.py", "help.py", "helpers.py", "HOSTNAME (2)", "hashsplit.py", "group (2)", "group", "gc (2).py", "git.py", "get.py", "gc.py", "fuse.py", "func.py", "fstab (2)", "fstab", "ftp.py", "fsck (2).ext2", "fsck (2).ext3", "fsck.ext3", "fsck.ext2", "fsck.py", "filesize", "features.py", "fdisk (2)", "fdisk", "FDhelp (2)", "FDhelp", "empty (3)", "empty (2)", "drecurse.py", "dialogrc", "dialogrc (2)", "disk2 (2)", "drecurse (2).py", "disk2", "damage.py", "daemon.py", "compat.py", "closemachine.rc", "checkout_info.py", "cfdisk (2)", "client.py", "cfdisk", "cat_file.py", "bup-import-rsnapshot", "bup-import-rdiff-backup", "brc (2)", "brc", "bloom (2).py", "bloom.py", "asyncrecv.rc", "90-nm-cloud-setup.sh", "vfs.py", "tree.py", "template-WaR2X6", "a1676298638", "a4033901479", ".X1-lock", ".X0-lock", ".X1024-lock", "b3336837578", "MozillaUpdateLock-7A4D7A8EFFB43502", "imurmurhash.min.js", ".X1025-lock", "murmur2", "b529967783", "empty.lock~", "ab.1", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/65fcd2b1519a5f86d60eed63", "https://hybrid-analysis.com/file-collection/6604df33503d4a306e01c776", "https://hybrid-analysis.com/sample/babc94597eadb83b520d6a46a57ef2ad963683aef1ff2fc6fa9ba5e98e78e008/6604e16b6b94878cbb062194", "https://hybrid-analysis.com/file-collection/6604df4bb797f028b4065601", "https://hybrid-analysis.com/sample/2eaba531c48445e241c116f61653649e403d4b1ef07bfc96390e986e1eeb5b83/6604e230edf88ab15b0d83fc", "https://hybrid-analysis.com/file-collection/66057525d9b81759df06c4b5", "https://hybrid-analysis.com/sample/d714e2a850645f9a0f8f3785dd0eedd47a417417bed470b968e0f6a1a2e746e6/652cf1f4243d9d03b90f74a1", "https://www.virustotal.com/gui/file/ea8490563a229b89f2b779217938f9eb2bcf93dd89de9f7fc5c035632f0934b5/relations" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 297, "email": 8, "hostname": 204, "URL": 382, "FileHash-SHA1": 7, "CVE": 2, "FileHash-MD5": 45, "FileHash-SHA256": 5 }, "indicator_count": 950, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "766 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "661afd962ed1f89b54a92de9", "name": "Injection #1", "description": "Injection #1", "modified": "2024-04-13T21:48:06.480000", "created": "2024-04-13T21:48:06.480000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "phoenix-choi1", "id": "278628", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 11, "domain": 63, "hostname": 109 }, "indicator_count": 183, "is_author": false, "is_subscribing": null, "subscriber_count": 24, "modified_text": "779 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ef0cdb40fa0e7d239ca", "name": "either emotet or a part of it", "description": "", "modified": "2023-12-06T15:10:40.867000", "created": "2023-12-06T15:10:40.867000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 342, "hostname": 456, "domain": 349, "URL": 1730, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "630aa58da975d104891c6565", "name": "Live Sexcams: XXX Adult Shows - Free Porn Chat - BongaCams", "description": "", "modified": "2022-08-27T23:15:25.718000", "created": "2022-08-27T23:15:25.718000", "tags": [ "hammer", "gc", "vob", "tvb", "service", "date", "check favorite", "dare", "continuecta", "vote", "goprivate", "buycredits", "ff8d00", "favorite", "error", "null", "nonce", "enterprise", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "eenterprise", "object", "customevent", "ethis", "layouttest", "faceliftlayout", "stubbutton", "similarmodels", "purchasepagev3", "langtag", "newbannerchat", "image", "typeof atrkopts", "dailagill", "strong", "streams", "your", "source of", "pleasure", "live sex", "normal", "cosplay", "fingering", "chat", "deepthroat", "close", "live", "free cams", "sex chat", "live porn", "sex cam", "livesex", "webcamsex", "adult cams", "free live sex chat", "webcam sex", "chat online", "free adults hd", "mins", "xxx cams", "xxx porn", "free live cam", "adult sex", "material", "majority", "here looking", "for child", "pornography", "move on", "on this", "website", "we will", "turn over", "free porn webcams", "live webcam", "online sex cam", "xxx girls", "live sex chat", "teen sexchat", "amateur video", "web cam", "sexcams", "shows", "porn chat", "bongacams", "function", "i2c1", "xeir", "cef4", "m4sr", "e4c4", "math", "ttmt", "y4giwe", "h5gg", "window", "css1062", "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "twitter", "web design", "iran", "author url", "github", "regexp", "pseudo", "child", "typeof n", "typeof t", "class", "attr", "typeof module", "this" ], "references": [ "xfe-URL-payvtylhwjxnr.xyz-stix2-2.1-export.json", "https://payvtylhwjxnr.xyz/Content/script?v=2", "https://payvtylhwjxnr.xyz/Content/css/banks.css", "https://payvtylhwjxnr.xyz/Content/style?v=1", "xfe-IP-104.21.72.150-stix2-2.1-export.json", "xfe-IP-172.67.151.101-stix2-2.1-export.json", "https://static.selfpuc.com/mnpw3.js", "https://bcprm.com/promo.php?c=716918&type=embed_chat&page=popular_chat&top_model=1&stream_only_size=full", "https://en.bongacams.com/popular-chat-popup?livetab=female&top_model=1&c=716918&hit_url=https%3A%2F%2Fbongacams.com%2Ftrack%3Fc%3D716918%26ps%3Dembed_chat&stream_only=1&amute=1&classic=on", "https://bongacams.com/GianaWatson", "https://m.bimbim.com/en/DailaGill?psid=crakmedia2&psprogram=revs&pstool=450_1&utm_campaign=main&utm_content=redirect&utm_medium=webmaster&utm_source=promotools", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://i.bcicdn.com/js-min/1NCJjq/27984029c73362dbf9ec0727.js", "https://www.google.com/recaptcha/enterprise.js?&render=6LeY5wkeAAAAAHNlJZXiHgJrpCTsD-Qu0O2GlYgB", "https://staticx1.dditscdn.com/mbl/frontend_backbone/static/_common/modular-member-client/script/maincontext_9af26.min.js" ], "public": 1, "adversary": "", "targeted_countries": [ "New Caledonia", "New Zealand" ], "malware_families": [ { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "Tvb", "display_name": "Tvb", "target": null }, { "id": "Vob", "display_name": "Vob", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": "62509a05316b00bcca30c693", "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Hardtogiveafuck", "id": "205637", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 425, "domain": 459, "URL": 1412, "FileHash-SHA256": 125 }, "indicator_count": 2421, "is_author": false, "is_subscribing": null, "subscriber_count": 7, "modified_text": "1374 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628e790d414886e18b33c262", "name": "either emotet or a part of it", "description": "var a.tldDomains, AWIN.Tracking.com, has a new name for its basket, but how do you find it in your browser?.. and what does this mean?", "modified": "2022-06-24T00:01:00.706000", "created": "2022-05-25T18:44:29.280000", "tags": [ "tfunction", "cnullvvoid", "wnullgvoid", "bnullhvoid", "gnullcvoid", "guidewrapper", "blog", "lfunction", "hotjar", "iab2", "code", "number", "party", "n strictly", "life spann", "azuren n", "cookie tracking", "tablen n", "n cookies", "cookie", "null", "date", "error", "ffffff", "typeof t", "uint16array", "regexp", "uint8array", "array", "uint32array", "helvetica", "void", "execution", "body", "roboto", "prop", "object", "param", "cookies", "getcookie", "name", "typeof", "uri component", "obj2", "typeof e", "webkit", "component", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "function", "typeof n", "typeof window", "uuidv4", "ajsanonymousid", "suffix", "bill", "viewed", "pavel krayzel", "psd2", "bt prorata", "amex", "squad", "march", "new visitors", "promise", "nthis", "eventprocessor", "typeof define", "info", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "window", "value", "customevent", "image", "samesitelax", "invalid pixel", "snap", "afaf09", "sfunction", "cfunction", "post", "appcuesdeps", "typeerror", "hki3", "ogr1", "typeof self", "full selector", "heatmaps", "sans", "version", "releaseid", "appcues", "dashboard2", "dashboard3", "technology", "selector", "click", "next", "import", "generic", "started", "dismissed", "completed", "contextual help", "symbol", "appcuesfunction", "widget", "iframe", "pnull", "html", "style", "ctnull", "fanull", "license", "ynull", "config", "meta", "accept", "contabo gmbh", "typeof hj", "https", "learn", "surveyv2", "surveyisolated", "safari", "firefox", "chrome", "remove", "edge", "correct", "section", "segoe ui", "emoji", "opera", "path", "span", "this", "typeof document", "small", "blank", "pass", "core", "footer", "close", "form", "main", "direct", "reduceright", "string", "f420", "gyfpnzbgtf3", "copyright", "json", "sesprops", "href", "input", "class", "logger", "target", "push", "awalt", "awinawin", "explorer", "awatp", "ccampid", "impid", "tag1" ], "references": [ "https://www.dwin1.com/13976.js", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://contabo.com/client/client.a529db28.js", "https://contabo.com/client/client-30e55c50.css", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://www.clarity.ms/tag/uet/5739677", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "https://fast.appcues.com/79878.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://sc-static.net/scevent.min.js", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.hotjar.com/ensureSegmentId.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://www.hotjar.com/persistUtmParams.js", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 349, "hostname": 456, "URL": 1730, "FileHash-SHA256": 342, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1439 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62509a05316b00bcca30c693", "name": "Live Sexcams: XXX Adult Shows - Free Porn Chat - BongaCams", "description": "Here is the full text of the code for the new animation, which will take place at 20:00 GMT on Friday, 1:30 BST.. (19:45 GMT)..", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T20:24:37.141000", "tags": [ "hammer", "gc", "vob", "tvb", "service", "date", "check favorite", "dare", "continuecta", "vote", "goprivate", "buycredits", "ff8d00", "favorite", "error", "null", "nonce", "enterprise", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "eenterprise", "object", "customevent", "ethis", "layouttest", "faceliftlayout", "stubbutton", "similarmodels", "purchasepagev3", "langtag", "newbannerchat", "image", "typeof atrkopts", "dailagill", "strong", "streams", "your", "source of", "pleasure", "live sex", "normal", "cosplay", "fingering", "chat", "deepthroat", "close", "live", "free cams", "sex chat", "live porn", "sex cam", "livesex", "webcamsex", "adult cams", "free live sex chat", "webcam sex", "chat online", "free adults hd", "mins", "xxx cams", "xxx porn", "free live cam", "adult sex", "material", "majority", "here looking", "for child", "pornography", "move on", "on this", "website", "we will", "turn over", "free porn webcams", "live webcam", "online sex cam", "xxx girls", "live sex chat", "teen sexchat", "amateur video", "web cam", "sexcams", "shows", "porn chat", "bongacams", "function", "i2c1", "xeir", "cef4", "m4sr", "e4c4", "math", "ttmt", "y4giwe", "h5gg", "window", "css1062", "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "twitter", "web design", "iran", "author url", "github", "regexp", "pseudo", "child", "typeof n", "typeof t", "class", "attr", "typeof module", "this" ], "references": [ "xfe-URL-payvtylhwjxnr.xyz-stix2-2.1-export.json", "https://payvtylhwjxnr.xyz/Content/script?v=2", "https://payvtylhwjxnr.xyz/Content/css/banks.css", "https://payvtylhwjxnr.xyz/Content/style?v=1", "xfe-IP-104.21.72.150-stix2-2.1-export.json", "xfe-IP-172.67.151.101-stix2-2.1-export.json", "https://static.selfpuc.com/mnpw3.js", "https://bcprm.com/promo.php?c=716918&type=embed_chat&page=popular_chat&top_model=1&stream_only_size=full", "https://en.bongacams.com/popular-chat-popup?livetab=female&top_model=1&c=716918&hit_url=https%3A%2F%2Fbongacams.com%2Ftrack%3Fc%3D716918%26ps%3Dembed_chat&stream_only=1&amute=1&classic=on", "https://bongacams.com/GianaWatson", "https://m.bimbim.com/en/DailaGill?psid=crakmedia2&psprogram=revs&pstool=450_1&utm_campaign=main&utm_content=redirect&utm_medium=webmaster&utm_source=promotools", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://i.bcicdn.com/js-min/1NCJjq/27984029c73362dbf9ec0727.js", "https://www.google.com/recaptcha/enterprise.js?&render=6LeY5wkeAAAAAHNlJZXiHgJrpCTsD-Qu0O2GlYgB", "https://staticx1.dditscdn.com/mbl/frontend_backbone/static/_common/modular-member-client/script/maincontext_9af26.min.js" ], "public": 1, "adversary": "", "targeted_countries": [ "New Caledonia", "New Zealand" ], "malware_families": [ { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "Tvb", "display_name": "Tvb", "target": null }, { "id": "Vob", "display_name": "Vob", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 425, "domain": 459, "URL": 1412, "FileHash-SHA256": 125 }, "indicator_count": 2421, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1486 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "this.ls", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "this.ls", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780423765.7980301 }