{
"type": "Domain",
"indicator": "this.menu",
"general": {
"sections": [
"general",
"geo",
"url_list",
"passive_dns",
"malware",
"whois",
"http_scans"
],
"whois": "http://whois.domaintools.com/this.menu",
"alexa": "http://www.alexa.com/siteinfo/this.menu",
"indicator": "this.menu",
"type": "domain",
"type_title": "Domain",
"validation": [],
"base_indicator": {
"id": 3155196057,
"indicator": "this.menu",
"type": "domain",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 23,
"pulses": [
{
"id": "65eea19a23474b8c7dca351f",
"name": "All Items - find from the UA archive disk",
"description": "Again have zero idea 'what these are' - just uploading from the 'archives' as I sort through things",
"modified": "2025-12-24T08:28:47.628000",
"created": "2024-03-11T06:15:54.351000",
"tags": [],
"references": [
"https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs",
"https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs",
"https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark",
"https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark",
"",
"https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 19,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 1,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1165,
"hostname": 866,
"URL": 657,
"FileHash-SHA256": 26,
"email": 337,
"FileHash-MD5": 12,
"FileHash-SHA1": 8,
"CIDR": 1
},
"indicator_count": 3072,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "158 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "68038f7eb6f6810aa6d6439f",
"name": "\"+g+\"",
"description": "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False",
"modified": "2025-09-01T08:05:25.121000",
"created": "2025-04-19T11:56:46.933000",
"tags": [
"copyright",
"customevent",
"typeof e",
"boomerang",
"typeof t",
"macintosh",
"os x",
"post",
"typeof",
"iframe",
"date",
"poka menu",
"nie znaleziono",
"poka start",
"poka",
"max dostpnych",
"pierwsza",
"ostatnia",
"nastpna",
"poprzednia",
"brak danych",
"first",
"ceidg",
"wystpi bd",
"error",
"true",
"null",
"linkdownload",
"show",
"ctrlmappings",
"version",
"versionchange",
"body",
"false",
"span",
"input",
"paginate",
"next",
"last",
"selectstart",
"loop",
"function",
"bootstrap",
"datatables",
"responsive",
"2016 sprymedia",
"amd define",
"object",
"commonjs",
"window",
"browser",
"button",
"datatable",
"sprymedia ltd",
"columns",
"colidx",
"column",
"parent",
"child",
"param",
"display",
"click",
"middle",
"class",
"target",
"never",
"find",
"footer",
"close",
"regexp",
"matches",
"cookie",
"inputmask",
"input mask",
"robin herbots",
"mit license",
"xmlhttprequest",
"left",
"month",
"boolean",
"maxdate",
"right",
"daterangepicker",
"yyyymmdd",
"calendar",
"jquery",
"webpackrequire",
"typeof symbol",
"type",
"setprototypeof",
"maskpos",
"wrapnativesuper",
"backspace",
"insert",
"internal",
"mask",
"void",
"this",
"nie mona",
"array",
"nonmsdombrowser",
"horizontal",
"leftarrow",
"uparrow",
"rightarrow",
"downarrow",
"explorer",
"form",
"legend",
"hmmss",
"mmmm d",
"yyyy h",
"typeof define",
"number",
"locale",
"character",
"seeknext",
"masked",
"input plugin",
"josh bush",
"azaz",
"azaz09",
"black",
"kontrast",
"arrcookies",
"getcookielang",
"and information",
"on business",
"sign",
"twoja",
"opinia",
"informacja o",
"notify ui",
"widget",
"eric hynds",
"dual",
"name",
"dtopt",
"example",
"using",
"open",
"adata",
"hungarian",
"aria",
"legacy",
"trident",
"format",
"nuke",
"apos",
"bitcoin",
"outer",
"mark",
"info",
"reload",
"behaviour",
"write",
"buttons",
"anything",
"prop",
"thecookie",
"create",
"thevalue",
"string name",
"pluginscookie",
"author",
"eventkey",
"datakey",
"default",
"dataapikey",
"defaulttype",
"config",
"shown",
"trigger",
"delta",
"guard",
"arrow",
"leave",
"scroll",
"dataspy",
"sessiontimeout",
"return",
"settimeout",
"mytimerid",
"requestcounter",
"starttimer",
"stop",
"typeof n",
"adminlte",
"typeof o",
"main",
"js application",
"adminlte v2",
"colorlib",
"ui date",
"written",
"jacek wysocki",
"poprzedni",
"marzec",
"kwiecie",
"czerwiec",
"lipiec",
"sierpie",
"wrzesie",
"openpopup",
"href",
"toggle",
"msviewport",
"popover",
"json",
"json text",
"string",
"otherwise",
"holder",
"mind",
"copy",
"meta",
"third",
"text",
"choice",
"confirm",
"nie pytaj",
"site",
"title",
"value",
"alert",
"warn",
"migrate",
"foundation",
"see http",
"forget",
"newvalue",
"nones5",
"fall",
"wrongvalid",
"onerror",
"year",
"fast",
"argument",
"popper",
"method",
"data",
"html",
"flip",
"factory",
"onload",
"tbody",
"courier",
"elem",
"handle",
"expando",
"match",
"selector",
"sizzle",
"android",
"capture",
"seed",
"pass",
"enough",
"code",
"bind",
"core",
"local",
"verify",
"accept",
"done",
"override",
"inject",
"possible",
"hold",
"45deg",
"larger",
"screen styling",
"90deg",
"support",
"sidebar mini",
"e1f0ff",
"font awesome",
"free",
"autocomplete",
"folder",
"expanded folder",
"tabela",
"sorting",
"xform",
"nadpisane style",
"menlo",
"monaco",
"consolas",
"mono",
"courier new",
"browse",
"twitter",
"pt serif",
"georgia",
"times new",
"roman",
"times",
"typetime",
"import",
"roboto",
"http",
"label",
"demos",
"effect",
"inst",
"super",
"speed",
"bounce",
"hack",
"logic",
"shift",
"double",
"february",
"april",
"june",
"august",
"friday",
"erase",
"atom",
"caja",
"spinner",
"refresh",
"alpha",
"sentinel",
"back",
"blind",
"drop",
"ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g",
"prosz czeka",
"pobierz plik"
],
"references": [
"https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False",
"UE_pl_top.svg",
"UE_pl_top_sm.svg",
"XZ4AH-ABKPW-SQPBC-CYWES-BCG6V",
"dataTables.lang.js.pobrane",
"EntryChangeHistory.aspx.js.pobrane",
"dataTables.input.js.pobrane",
"responsive.bootstrap4.js.pobrane",
"dataTables.bootstrap4.js.pobrane",
"dataTables.responsive.js.pobrane",
"jquery.session.js.pobrane",
"inputmask.binding.js.pobrane",
"daterangepicker.js.pobrane",
"jquery.inputmask.min.js.pobrane",
"ScriptResource.axd",
"moment-with-locales.min.js.pobrane",
"jquery.maskedinput-1.2.2.js.pobrane",
"feedback.js.pobrane",
"jquery.notify.min.js.pobrane",
"jquery.dataTables.js.pobrane",
"jquery.cookie.js.pobrane",
"bootstrap.js.pobrane",
"SessionTimeout.js.pobrane",
"adminlte.min.js.pobrane",
"jquery.easing.1.3.js.pobrane",
"jquery.feedbackBadge.min.js.pobrane",
"ui.datepicker-pl.js.pobrane",
"ceidg-master.js.pobrane",
"CommonResponsive.js.pobrane",
"json2.js.pobrane",
"jquery.alerts.js.pobrane",
"jquery-migrate-1.2.1.js.pobrane",
"dataTables.bootstrap4.css",
"CommonScripts.js.pobrane",
"popper.js.pobrane",
"responsive.bootstrap4.css",
"jquery-3.0.0.js.pobrane",
"daterangepicker.css",
"AdminLTE.css",
"ui.notify.css",
"ceidg.css",
"bootstrap-gov-pl.css",
"biznes.css",
"jquery-ui.js.pobrane",
"saved_resource.html"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Arek-BTC",
"id": "212764",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 3,
"FileHash-SHA1": 4,
"FileHash-SHA256": 25,
"URL": 165,
"domain": 353,
"hostname": 215,
"email": 2
},
"indicator_count": 767,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 123,
"modified_text": "272 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "67a7f06a5d0f22ad92684646",
"name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd",
"description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.",
"modified": "2025-05-14T21:27:17.040000",
"created": "2025-02-09T00:01:46.054000",
"tags": [
"null",
"nie mona",
"array",
"input",
"nonmsdombrowser",
"object",
"html",
"component",
"body",
"horizontal",
"date",
"calendar",
"february",
"april",
"june",
"august",
"iframe",
"form",
"friday",
"explorer",
"target",
"error",
"legend",
"this",
"type",
"regexp",
"elem",
"index",
"function",
"handle",
"check",
"safari",
"expando",
"android",
"false",
"hooks",
"copy",
"prop",
"class",
"mark",
"window",
"code",
"capture",
"accept",
"seed",
"override",
"hook",
"look",
"loop",
"install",
"pass",
"enough",
"bind",
"core",
"local",
"verify",
"done",
"find",
"internal",
"inject",
"possible",
"hold",
"middle",
"guard",
"fall",
"stop",
"panic",
"back",
"restrict",
"speed",
"turn",
"grab",
"getclass",
"jquery",
"bubble",
"anchor",
"shift"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1134",
"name": "Access Token Manipulation",
"display_name": "T1134 - Access Token Manipulation"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 13,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Arek-BTC",
"id": "212764",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1143,
"domain": 155,
"hostname": 523,
"FileHash-SHA256": 151
},
"indicator_count": 1972,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 123,
"modified_text": "381 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "663d2869e0f3a42bbddc42ff",
"name": "UPX executable packer.",
"description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"",
"modified": "2024-10-14T00:01:17.069000",
"created": "2024-05-09T19:47:53.786000",
"tags": [
"cioch adrian",
"centrum usug",
"sieciowych",
"elf binary",
"upx compression",
"roth",
"nextron",
"info",
"javascript",
"html",
"office open",
"xml document",
"network capture",
"win32 exe",
"xml pakietu",
"pdf zestawy",
"przechwytywanie",
"office",
"filehashsha1",
"url https",
"cve cve20201070",
"cve cve20203153",
"cve cve20201048",
"cve cve20211732",
"cve20201048 apr",
"filehashmd5",
"cve cve20010901",
"cve cve20021841",
"cve20153202 apr",
"cve cve20160728",
"cve cve20161807",
"cve cve20175123",
"cve20185407 apr",
"cve cve20054605",
"cve cve20060745",
"cve cve20070452",
"cve cve20070453",
"cve cve20070454",
"cve cve20071355",
"cve cve20071358",
"cve cve20071871",
"cve20149614 apr",
"cve cve20151503",
"cve cve20152080",
"cve cve20157377",
"cve cve20170131",
"cve20200796 may",
"cve cve20113403"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 6861,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Arek-BTC",
"id": "212764",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 5771,
"domain": 3139,
"URL": 14525,
"FileHash-SHA1": 2610,
"IPv4": 108,
"CIDR": 40,
"FileHash-SHA256": 10705,
"FileHash-MD5": 3373,
"YARA": 2,
"CVE": 148,
"Mutex": 7,
"FilePath": 3,
"SSLCertFingerprint": 3,
"email": 23,
"JA3": 1,
"IPv6": 2
},
"indicator_count": 40460,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 138,
"modified_text": "594 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "664bd9b732ecaf1b3c3beddf",
"name": "Found some problems - Files from the UAlberta Google Drive Archive",
"description": "Been looking for these...Gifts from the University of Alberta to the World apparently\n*Please note: I emptied out the Drive, however, there was a significant amount of abuse re: Google and Microsoft Accounts at the University of Alberta (reported).\n*On the Google side I utilized: Drive (a little), Docs/Slides/Sheets (when groupwork was required)\n*On the Microsoft side I utilized: OneDrive, Office 365 (Word, PPT, Excel, and OneNote). I used to also have a personal microsoft account (OneNote, OneDrive, Skype).\nThese were the applications I lived on for my studies. I could access the Gmail/Microsoft accounts for the University (however - 'bad things' usually happen because of this). I have no access to my personal Microsoft Account (i.e. myself and other affected student(s) do not have access to our personal stuff.",
"modified": "2024-09-03T00:02:13.980000",
"created": "2024-05-20T23:16:07.255000",
"tags": [
"contact",
"quick",
"destination",
"entry",
"safety",
"local",
"health",
"travel",
"notification",
"considerations",
"service",
"criminal",
"showit",
"click",
"outcome",
"step",
"please",
"class",
"questions set",
"question set",
"unlock",
"continue",
"jointfilingyes",
"jointfilingno",
"minimum req",
"domicileresusno",
"joint sponsor",
"sponsorjoint",
"path",
"href",
"span",
"activetab",
"starton",
"newpage",
"searchq",
"datasia",
"datacon",
"segfilter",
"subsite",
"issuance agency",
"visas",
"null",
"state",
"dialog field",
"tabpanel",
"recaptcha",
"nameinputvisa",
"fullnameinput1",
"license headers",
"tools",
"templates",
"sia contact",
"visa",
"website",
"phoneregexp",
"emailregexp",
"azaz",
"urlpattern",
"example starter",
"javascript",
"fetch",
"comptwo",
"compone",
"dateofbirth",
"function",
"date",
"passport",
"nameinput",
"fullnameinput",
"adult passport",
"child passport",
"new child",
"new adult",
"new passport",
"datepicker",
"ds5504",
"hideit",
"infinity",
"false",
"jquery",
"error",
"body",
"trident",
"simple",
"turn",
"back",
"calendar",
"format",
"february",
"april",
"june",
"august",
"show",
"page has",
"bcdate",
"col1child",
"col2child",
"coldatechild",
"rowdisplay",
"val1",
"val2",
"repaginate",
"grab",
"jandec",
"86400000",
"current",
"namerbcontactme",
"agency",
"compliment",
"complaint",
"passportfees",
"customerservice",
"bymail",
"namerbcategory",
"brokenlink",
"search",
"departuredate",
"calendar date",
"picker",
"change",
"month",
"vital",
"records form",
"component js",
"select",
"please enter",
"azaz09",
"dddddd",
"woff2",
"woff",
"truetype",
"css document",
"efefef",
"ffffff",
"gradienttype0",
"galaxy",
"nexus",
"iphone5",
"abtn",
"bbtn",
"cbtn",
"dbtn",
"ebtn",
"fbtn",
"gbtn",
"hbtn",
"ibtn",
"media query",
"from",
"fce68e",
"font family",
"bold",
"document",
"cc3333",
"b7b7b7",
"e2edff",
"ced9ea",
"pm author",
"ipca csi",
"helvetica",
"arial",
"cq aem",
"feed classes",
"f2cd54",
"f4d97e",
"portrait",
"landscape",
"ipad",
"declare",
"immigrant",
"visa navigation",
"navigation css",
"georgia",
"times new",
"roman",
"times",
"verdana",
"photomodal",
"styles media",
"ff0000",
"queries",
"form component",
"typetext",
"queries media",
"phone media",
"tablet styles",
"media queries",
"jumbo sized",
"copyright",
"gpl version",
"http",
"alpha",
"button",
"out width",
"ui css",
"framework",
"icons",
"misc",
"mini",
"input",
"label",
"textarea",
"overlays",
"csi page",
"embassy info",
"embassy data",
"embassy names",
"end adjust",
"embassy nameso",
"pages",
"e1a04d",
"c0c0c0",
"ffffff url",
"us survey",
"component css",
"country list",
"e7eceb",
"important",
"additional css",
"wizard",
"corner radius",
"f97800",
"c61700",
"largestbox",
"thisbox",
"csi navigation",
"ui autocomplete",
"ui menu",
"noticeid",
"countnote",
"largestnote",
"thisnote",
"desktops",
"43px",
"42px",
"large",
"aem interface",
"styles",
"web email",
"ytconfig",
"typeerror",
"facebook pixel",
"pixel code",
"symbol",
"fblog",
"typeof",
"iterator",
"pageview",
"pixel",
"facebook",
"config",
"meta",
"propname",
"dpjquerydpuuid",
"this",
"next",
"atom",
"cookie",
"iframe",
"close",
"string",
"number",
"edge",
"regexp",
"silk",
"sxa0",
"object",
"opera",
"android",
"void",
"form",
"UAlberta",
"Android",
"Mac",
"iPhone",
"Gov Alberta",
"AWS",
"AZURE",
"ENTRA",
"iCloud",
"Telus",
"Bitdefender",
"Norton"
],
"references": [
"Copy of clientlib.js(1).download",
"Copy of clientlib.js(2).download",
"Copy of clientlib.js(5).download",
"Copy of clientlib.js(7).download",
"Copy of clientlib.js(4).download",
"Copy of clientlib.js(10).download",
"Copy of clientlib.js(8).download",
"Copy of clientlib.js(11).download",
"Copy of clientlib.js(12).download",
"Copy of clientlib.js(13).download",
"Copy of clientlib.js(14).download",
"Copy of clientlib.js(9).download",
"Copy of clientlib.js(16).download",
"Copy of clientlib.js(17).download",
"Copy of clientlib.js(18).download",
"Copy of clientlib.js(3).download",
"Copy of clientlib.js(19).download",
"Copy of clientlib.js(15).download",
"Copy of clientlib.js(22).download",
"Copy of clientlib.js(23).download",
"Copy of clientlib.js(21).download",
"Copy of clientlib.js(26).download",
"Copy of clientlib.js(25).download",
"Copy of clientlib.js(24).download",
"Copy of clientlib.js(31).download",
"Copy of clientlib.js(28).download",
"Copy of clientlib.js(30).download",
"Copy of clientlib.js(32).download",
"Copy of clientlib.js(29).download",
"Copy of clientlib.js(34).download",
"Copy of clientlib.js(35).download",
"Copy of clientlib.js(37).download",
"Copy of clientlib.js(36).download",
"Copy of clientlib.js(38).download",
"Copy of clientlib.js(39).download",
"Copy of clientlib.js(33).download",
"Copy of clientlib.js(44).download",
"Copy of clientlib.js(43).download",
"Copy of clientlib.js(41).download",
"Copy of clientlib.js(42).download",
"Copy of clientlib.js(45).download",
"Copy of clientlib.js(51).download",
"Copy of clientlib.js(56).download",
"Copy of clientlib.js(55).download",
"Copy of clientlib.js(54).download",
"Copy of clientlib.js(57).download",
"Copy of clientlib.js(52).download",
"Copy of clientlib.js(53).download",
"Copy of clientlib.js(60).download",
"Copy of clientlib(1).css",
"Copy of clientlib.js(59).download",
"Copy of clientlib(3).css",
"Copy of clientlib(2).css",
"Copy of clientlib(5).css",
"Copy of clientlib.js(58).download",
"Copy of clientlib(8).css",
"Copy of clientlib(10).css",
"Copy of clientlib(7).css",
"Copy of clientlib(6).css",
"Copy of clientlib(12).css",
"Copy of clientlib(13).css",
"Copy of clientlib(9).css",
"Copy of clientlib(4).css",
"Copy of clientlib(14).css",
"Copy of clientlib(17).css",
"Copy of clientlib(15).css",
"Copy of clientlib(19).css",
"Copy of clientlib(18).css",
"Copy of clientlib(11).css",
"Copy of clientlib(20).css",
"Copy of clientlib(16).css",
"Copy of clientlib(23).css",
"Copy of clientlib(24).css",
"Copy of clientlib(26).css",
"Copy of clientlib(25).css",
"Copy of clientlib(28).css",
"Copy of clientlib(22).css",
"Copy of clientlib(27).css",
"Copy of clientlib(31).css",
"Copy of clientlib(29).css",
"Copy of clientlib(30).css",
"Copy of clientlib(32).css",
"Copy of clientlib(34).css",
"Copy of clientlib(35).css",
"Copy of clientlib(33).css",
"Copy of clientlib(38).css",
"Copy of clientlib(37).css",
"Copy of clientlib(36).css",
"Copy of clientlib(40).css",
"Copy of clientlib(39).css",
"Copy of clientlib(43).css",
"Copy of clientlib(21).css",
"Copy of clientlib(41).css",
"Copy of clientlib(44).css",
"Copy of clientlib(42).css",
"Copy of clientlib(46).css",
"Copy of clientlib(45).css",
"Copy of clientlib(47).css",
"Copy of clientlib(48).css",
"Copy of clientlib(49).css",
"Copy of clientlib(50).css",
"Copy of clientlib(52).css",
"Copy of clientlib(54).css",
"Copy of clientlibs.js(3).download",
"Copy of clientlib(53).css",
"Copy of clientlibs.js(2).download",
"Copy of clientlibs(3).css",
"Copy of clientlib(51).css",
"Copy of clientlibs(1).css",
"Copy of clientlibs(2).css",
"Copy of clientlibs.js.download",
"Copy of clientlibs.js(4).download",
"Copy of clientlibs(5).css",
"Copy of clientlibs.css",
"Copy of clientlibs(4).css",
"Copy of dir (1).c9r",
"Copy of clientlib(55).css",
"Copy of iframe_api",
"Copy of fbevents.js.download",
"Copy of clientlibs.js(1).download",
"Copy of js",
"https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/iocs",
"https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/graph",
"hxxps://go[.]microsoft[.]com/fwlink/?LinkId=2033498",
"hxxps://portal[.]office[.]com/Account",
"hxxps://myapplications[.]microsoft[.]com/",
"https://tria.ge/240521-rvybaahb79",
"https://tria.ge/240521-rxpf6ahd6w",
"https://tria.ge/240521-r1yh8shd44",
"https://tria.ge/240521-ry949ahe2z/behavioral1",
"https://tria.ge/240521-r3mvhshd83"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada",
"Mexico",
"Anguilla",
"Aruba",
"Panama",
"Ukraine",
"Trinidad and Tobago",
"Saint Vincent and the Grenadines",
"Saint Martin (French part)",
"Sint Maarten (Dutch part)",
"Philippines",
"Netherlands",
"Cura\u00e7ao",
"Georgia",
"Tanzania, United Republic of",
"Costa Rica",
"Guatemala",
"Japan",
"Barbados"
],
"malware_families": [],
"attack_ids": [
{
"id": "T1012",
"name": "Query Registry",
"display_name": "T1012 - Query Registry"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1059.007",
"name": "JavaScript",
"display_name": "T1059.007 - JavaScript"
}
],
"industries": [
"Education",
"Technology",
"Government",
"Healthcare",
"Biotechnology",
"Telecommunications",
"Energy",
"Construction",
"Chemical",
"Agriculture",
"Finance",
"Media",
"Defense",
"Transportation"
],
"TLP": "white",
"cloned_from": null,
"export_count": 24,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 1,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 251,
"hostname": 188,
"FileHash-SHA256": 142,
"URL": 69,
"FileHash-MD5": 77,
"FileHash-SHA1": 77
},
"indicator_count": 804,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 134,
"modified_text": "635 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6639853fc403f7be5bd6f27d",
"name": "Facebook+",
"description": "",
"modified": "2024-05-07T01:34:55.365000",
"created": "2024-05-07T01:34:55.365000",
"tags": [],
"references": [
"https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs",
"https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs",
"https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark",
"https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark",
"",
"https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
}
],
"industries": [],
"TLP": "green",
"cloned_from": "65eea19a23474b8c7dca351f",
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Phone2209",
"id": "281168",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1165,
"hostname": 866,
"URL": 657,
"FileHash-SHA256": 26,
"email": 337,
"FileHash-MD5": 12,
"FileHash-SHA1": 8,
"CIDR": 1
},
"indicator_count": 3072,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 1,
"modified_text": "754 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "655e5c72277117d3b0e00fbd",
"name": "Command and Scripting Interpreter",
"description": "https:/www.usaopps.com/government_contractors/contractor-5388777-SIERRA-PIPELINE-INC-.htm",
"modified": "2023-12-22T19:00:52.050000",
"created": "2023-11-22T19:54:26.925000",
"tags": [
"whois record",
"contacted",
"execution",
"ssl certificate",
"historical ssl",
"resolutions",
"problems",
"red team",
"whois whois",
"referrer",
"startpage",
"generic malware",
"cobaltstrike",
"malware generic",
"tag count",
"threat report",
"ip summary",
"url summary",
"summary",
"sample",
"samples",
"blacklist https",
"cisco umbrella",
"site",
"safe site",
"alexa top",
"million",
"malware",
"malicious site",
"malware site",
"malicious url",
"phishing site",
"alexa",
"phishing",
"redline stealer",
"bank",
"team",
"iframe",
"downldr",
"presenoker",
"artemis",
"live",
"zbot",
"united",
"cyber threat",
"covid19",
"mail spammer",
"malicious host",
"anonymizer",
"engineering",
"purplewave",
"malicious",
"keybase",
"union",
"asyncrat",
"cobalt strike",
"dnspionage",
"ransomware",
"maltiverse",
"malicious link",
"detection list",
"blacklist",
"pattern match",
"file",
"ascii text",
"windows nt",
"appdata",
"mitre att",
"null",
"date",
"ck id",
"show technique",
"unknown",
"accept",
"hybrid",
"local",
"click",
"strings",
"class",
"generator",
"critical",
"error",
"fast",
"blacklist http",
"heur",
"adware",
"unsafe",
"riskware",
"agent",
"swrort",
"exploit",
"crack",
"opencandy",
"tiggre",
"cleaner",
"conduit",
"wacatac",
"nircmd",
"filetour",
"outbreak",
"downer",
"shell",
"mediamagnet",
"sality",
"adaptivebee",
"unruy",
"iobit",
"dropper",
"trojanx",
"installcore",
"webshell",
"acint",
"systweak",
"behav",
"genkryptik",
"xtrat",
"softcnapp",
"fusioncore",
"installpack",
"xrat",
"jquery",
"content scraper",
"malware hosting",
"bid site",
"https:/www.usaopps.com/government_contractors/contractor-5388777",
"CVE-2017-11882",
"CVE-2017-0147",
"CVE-2017-8570",
"CVE-2005-1790",
"CVE-2009-3672",
"CVE-2010-3962",
"CVE-2012-3993",
"CVE-2014-3153",
"CVE-2014-6332",
"CVE-2016-0189",
"CVE-2017-0199",
"CVE-2018-4893",
"CVE-2020-0601",
"CVE-2020-0674",
"CVE-2021-27065",
"CVE-2021-40444"
],
"references": [
"https://www.hybrid-analysis.com/sample/bc437a855075805df699bd915cd27814a799969bb38db45f09f5f16a54ccc5b6/655e548bc2555fc8280ba976",
"https:/www.usaopps.com/government_contractors/contractor-5388777-SIERRA-PIPELINE-INC-.htm"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [],
"attack_ids": [
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1176",
"name": "Browser Extensions",
"display_name": "T1176 - Browser Extensions"
},
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1100",
"name": "Web Shell",
"display_name": "T1100 - Web Shell"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
}
],
"industries": [
"Business",
"Economy",
"Government",
"Legal"
],
"TLP": "white",
"cloned_from": null,
"export_count": 28,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 608,
"FileHash-SHA1": 312,
"FileHash-SHA256": 1086,
"URL": 2843,
"domain": 341,
"hostname": 1091,
"CVE": 16
},
"indicator_count": 6297,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 220,
"modified_text": "890 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708c27074200c710e3b35c",
"name": "Malware hosting - metronetinc.com",
"description": "",
"modified": "2023-12-06T14:58:47.235000",
"created": "2023-12-06T14:58:47.235000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 447,
"hostname": 1241,
"domain": 536,
"URL": 3731
},
"indicator_count": 5955,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708c13ee010f81d3f9b3af",
"name": "Malware hosting - hostrocket.com",
"description": "",
"modified": "2023-12-06T14:58:27.115000",
"created": "2023-12-06T14:58:27.115000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 232,
"hostname": 963,
"domain": 412,
"URL": 2337,
"email": 3,
"FileHash-MD5": 1,
"FileHash-SHA1": 1
},
"indicator_count": 3949,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708b77797823dea739cc25",
"name": "ReduceRight malware-",
"description": "",
"modified": "2023-12-06T14:55:51.023000",
"created": "2023-12-06T14:55:51.023000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 110,
"domain": 541,
"URL": 2043,
"hostname": 1106
},
"indicator_count": 3800,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65707fe17dfdfe16066d16de",
"name": "Bexar.org",
"description": "",
"modified": "2023-12-06T14:06:25.800000",
"created": "2023-12-06T14:06:25.800000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1735,
"hostname": 1833,
"domain": 1025,
"URL": 4668,
"email": 4,
"FileHash-MD5": 133,
"FileHash-SHA1": 6,
"CIDR": 5
},
"indicator_count": 9409,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "62e1ca167a1591e7b4ca1129",
"name": "VirusTotal view-source on https://www.virustotal.com/en/file/undefined/analysis/",
"description": "someone really needs to figure out wtf this is all doing it has to be part of the net.sh",
"modified": "2022-07-28T02:05:04.183000",
"created": "2022-07-27T23:28:22.504000",
"tags": [
"array",
"object",
"typeof t",
"layer1",
"error",
"path",
"function",
"typeerror",
"date",
"svg export",
"span",
"null",
"unknown",
"click",
"february",
"april",
"june",
"august",
"this",
"void",
"bounce",
"string",
"regexp",
"number",
"sxa0",
"amptoken",
"optout",
"notfound",
"contenttype",
"form",
"copyright",
"element",
"polymer project",
"authors",
"bsd style",
"code",
"google",
"software",
"window",
"generator",
"comment",
"trident",
"typeof e",
"typeof symbol",
"typeof btoa",
"btoa",
"typeof reflect",
"boolean",
"customevent",
"plugin",
"build",
"home",
"intelligence",
"graph",
"report",
"urls",
"please",
"javascript",
"https://www.virustotal.com/en/file/undefined/analysis/",
"net.sh"
],
"references": [
"entity%3Aip%20whois%3Ainfo%40anodicnetwork.com.html",
"14.main.bundle.91f9f7ff635e0b797de3.js",
"5.main.bundle.e92e5e24e074f9c2a52b.js",
"0.main.bundle.a9d68f5204cd3ac257b6.js",
"webcomponent-polyfill.js",
"analytics.js",
"12.main.bundle.50be73a11d1d3745a5ee.js",
"\" Page not found Page not found