{ "type": "Domain", "indicator": "this.sc", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/this.sc", "alexa": "http://www.alexa.com/siteinfo/this.sc", "indicator": "this.sc", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2131578324, "indicator": "this.sc", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 12, "pulses": [ { "id": "684c65464466dd19b089f325", "name": "Zesp\u00f3\u0142 Profilaktyki i Rehabilitacji w Janowicach Wielkich - YouTube", "description": "If d=void 0===c,w(\"trustedResourceUrl\",d: \"Trusted resourceUrl,\" thend=c.src,d, c.js, then d:", "modified": "2025-06-13T17:56:28.689000", "created": "2025-06-13T17:52:06.399000", "tags": [ "rehabilitacji w", "youtube tv", "dami jelenia", "tv dami", "jelenia gra", "zakupy wycz", "jeli", "nie korzystasz", "filmy", "aby tego", "copyright", "closure library", "argument", "ifunction", "error", "null", "type", "cast", "webchannel", "su2028u2029", "chrome", "xmlhttp", "kkvoid", "remotecontrol", "android", "unknown", "screen", "desktop", "function", "string", "array", "number", "vfunction", "f8192", "n432", "true", "j2048", "this", "window", "void", "date", "pokau017c", "pytfunction", "fe8function", "qgzfunction", "afunction", "hb28", "r150", "promise", "bigint", "post", "edge", "swhealthlog", "symbol", "trident", "infinity", "embed", "webkitkeyframes", "zoomin", "zoominx", "zoomoutx", "zoominy", "zoomouty", "2000px", "90deg", "20px", "30deg", "30px", "10px", "10deg", "3deg", "5deg", "djmegamenu", "use license", "tabindex", "menu", "close", "msie", "beforechange", "imagehassize", "buildcontrols", "magnific popup", "dmitry semenov", "http", "beforeclose", "afterclose", "open", "next", "open source", "bsd license", "george mcginley", "smith", "djimageslider", "subpackage", "webkit", "khtml", "icab", "countto", "callback", "handler", "object", "typeof", "method", "gnugplv2", "website", "set module", "height script", "regexp", "screenheight", "highcontrast2", "highcontrast3", "highcontrast", "wide", "night", "body", "normalbutton", "cookie plugin", "https", "klaus hartl", "mit license", "register", "nodecommonjs", "factory", "jquery", "write", "sticky bar", "stickybar", "count", "offcanvas", "html", "noscroll", "offcanvas var", "toggle nav", "click jquery", "ajax", "autocomplete", "tomas kirda", "typeof define", "esc27", "tab9", "return13", "left37", "up38", "twitter", "custom version", "joomla", "rolemenu", "boolean", "get adobe", "flash player", "title", "text", "typeof data", "typeof s", "accept", "width", "foundation", "backspace8", "comma188", "delete46", "down40", "end35", "enter13", "escape27", "value", "migrate", "backcompat", "quirks mode", "typeof f", "xtablet768", "document", "ui sortable", "leftright", "gnu general", "public license", "dddddd", "ffffcc", "eeeeee", "verdana", "geneva", "arial", "helvetica", "f0f0f0", "sans", "charset", "utf8", "fontawesome", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr", "general slider", "slide", "rgba", "navigation", "15deg", "300px", "20deg", "transition", "scale", "baskerville", "main image", "bdbdbd", "f3f3f3", "remove", "fontface", "woff2", "u0131", "u01520153", "u02bb02bc", "u02c6", "u02da", "u02dc", "u0304", "dirrtl", "msviewport", "href", "span", "legend", "halflings", "fieldset", "typeimage", "f2f2f2", "d9edf7", "dff0d8", "f2dede", "thead", "tbody", "tahoma", "00a0", "video", "script", "2500", "xnew ita", "dnew jta", "dataset", "orfunction", "prfunction", "nsafunction", "xsafunction", "vrfunction", "cakes", "ovbfunction", "pvbfunction", "rvbfunction", "qvbfunction", "tvbfunction", "uvbfunction", "vvbclass", "xvbclass", "yvbclass", "svbclass", "lvafunction", "ggfunction", "mvafunction", "ovafunction", "pvafunction", "uvafunction", "tvafunction", "qvafunction", "vvafunction", "nvaclass", "dark", "vector", "yy49", "raster", "roboto", "new tk", "qael", "przechyl", "mars", "mercury", "venus", "pluto", "titan", "weakset", "wfclass", "googlelayer", "uint8array", "weakmap", "5001", "mouseevent", "webassembly", "180180", "9090", "google maps", "javascript api", "internal", "small", "lightrail", "false", "february", "light", "hybrid", "bounce", "drop", "inside", "outside", "marker", "gc" ], "references": [ "embed.html", "ad_status.js.pobrane", "f5Y41t9wqY4.html", "cast_sender.js.pobrane", "remote.js.pobrane", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "embed.js.pobrane", "www-embed-player.js.pobrane", "animate.ext.css", "animate.min.css", "jquery.djmegamenu.js.pobrane", "jquery.djmobilemenu.js.pobrane", "magnific.js.pobrane", "jquery.easing.min.js.pobrane", "slider.js.pobrane", "jquery.countTo.js.pobrane", "scripts.js.pobrane", "magnific-init.js.pobrane", "pagesettings.js.pobrane", "jquery.cookie.js.pobrane", "stickybar.js.pobrane", "fontswitcher.js.pobrane", "offcanvas.js.pobrane", "jquery.autocomplete.min.js.pobrane", "bootstrap.min.js.pobrane", "jcemediabox.js.pobrane", "jquery.ui.core.min.js.pobrane", "jquery-migrate.min.js.pobrane", "layout.min.js.pobrane", "jquery.ui.sortable.min.js.pobrane", "caption.js.pobrane", "finder.css", "jquery-noconflict.js.pobrane", "djmegamenu.26.css", "animations.css", "djmobilemenu.css", "jquery.min.js.pobrane", "djimageslider.css", "offcanvas.css", "magnific.css", "font_switcher.26.css", "css", "template_responsive.26.css", "offcanvas.26.css", "bootstrap_responsive.26.css", "extended_layouts.26.css", "style.css", "content.css", "template.26.css", "bootstrap.26.css", "jcemediabox.css", "js", "onion.js.pobrane", "search_impl.js.pobrane", "overlay.js.pobrane", "map.js.pobrane", "util.js.pobrane", "search.js.pobrane", "common.js.pobrane", "geometry.js.pobrane", "main.js.pobrane" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2779, "hostname": 661, "domain": 684, "email": 4, "FileHash-MD5": 1, "FileHash-SHA256": 689 }, "indicator_count": 4818, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "353 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "675127405277d037355e5db6", "name": "Beehive.Systems", "description": "#if PRAGMA_ONCE, which includes the word \"pagma\" and the term \"penet\", should not be used as part of any attempt to set a new code.", "modified": "2024-12-05T04:08:32.154000", "created": "2024-12-05T04:08:32.154000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "ilyailya", "id": "298851", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 16, "domain": 30, "hostname": 69 }, "indicator_count": 115, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "543 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64da05cdba55fc9cf872cb11", "name": "IOC's off of my personal devices Aug 14th - June 28th | Come one come all, something for everyone", "description": "Now that I've been able to get a pulse published I'm going to be recursively and actively updating this pulse with IOC's pulled off of files marked malicious, suspicious, ambigious, or clean with a threat score from my personal devices. I will also add files that have a high amount of indicators and no threat score as well and let AlienVault sort it out. Hopefully I'll be able i'll be able to fill the gap to my last Pulse the better part of a year ago. \n\nNearly all of these files are debug and VM aware, with a majority having a legitimate certificate chain. The ones that do run have been initialized in a live environment (aka my desktop, laptop, phone, etc).", "modified": "2024-02-14T21:44:01.779000", "created": "2023-08-14T10:45:33.014000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "falcon sandbox", "hybrid analysis", "sandbox files", "urls quick", "scans files", "urls file", "releases", "updates faq", "public api", "knowledge base" ], "references": [ "https://otx.alienvault.com/indicator/file/b197cf4cee44d52be11275f49f3143b4f7f8e735", "https://hybrid-analysis.com/sample/4dbe669e9b8b9cfe1bfa98019ccf2e56230ed136adce966649ee38e61e934303/64da0aedbe662a714b0480b1", "https://www.virustotal.com/gui/file/207bfec939e7c017c4704ba76172ee2c954f485ba593bc1bc8c7666e78251861/behavior", "https://www.virustotal.com/gui/file/3db36d262eb15c349b4b945e0b1d9772c262cd2b7d57c40ede429958daeab97e?nocache=1", "https://otx.alienvault.com/indicator/file/08515dcc6df957c9c5d4f00db4f568b3ee29c337", "https://www.joesandbox.com/analysis/1041402", "http://hybrid-analysis.com/sample/e9fc2ca7297a65937de9887be565eb5bbd149ba2c1a1ea4d3ca88302ede7ecac", "https://www.virustotal.com/gui/file/a7b4797c4a29864aacb7b40dd854adaf3936791d7c326d02d4aad37982d801a9/community", "http://hybrid-analysis.com/sample/e4db1656c4cfff0a4ced5a943b8433388c7b4935711d522014c819328f19001d/64da070d00534407c40c1034", "http://hybrid-analysis.com/sample/4dbe669e9b8b9cfe1bfa98019ccf2e56230ed136adce966649ee38e61e934303", "http://hybrid-analysis.com/sample/4cf079d4d7a154cd93f65934b5d115f07af8f25ee24930e6cc606dfb0aea2a4e", "https://otx.alienvault.com/indicator/file/1831d8972bfae639576d10903c2d586e", "https://hybrid-analysis.com/sample/beff391ce640cc8fdfcec22b77c5d2bc4776304e3a404e8168ce315226c4fc41/5eae8f731389173b4c432b17", "https://otx.alienvault.com/indicator/file/c85cc6f8ff7d69d7a7af9498d7d75bc05e35fb69f34d7b50d9057608f7b73f51", "", "https://tria.ge/230806-j3tdasgd72", "https://tria.ge/230806-j8mspsgd84", "https://tria.ge/230806-j8tk9ahg7t", "https://tria.ge/230809-vsggjadf59", "https://tria.ge/230809-vtdr2afd2t" ], "public": 1, "adversary": "Unknown - Most likely multiple spanning Cyrillic and Chinese in terms of artifacts", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "neshta", "display_name": "neshta", "target": null }, { "id": "Expiro", "display_name": "Expiro", "target": null }, { "id": "Win.Dropper.Gh0stRAT", "display_name": "Win.Dropper.Gh0stRAT", "target": null }, { "id": "Win.Malware.Eclz-9953021-0", "display_name": "Win.Malware.Eclz-9953021-0", "target": null }, { "id": "Win32:Farfli-BH", "display_name": "Win32:Farfli-BH", "target": null }, { "id": "TrojanDownloader:Win32/Nemucod", "display_name": "TrojanDownloader:Win32/Nemucod", "target": "/malware/TrojanDownloader:Win32/Nemucod" }, { "id": "Win.Malware.Snojan-6775202-0", "display_name": "Win.Malware.Snojan-6775202-0", "target": null }, { "id": "Win.Malware.Qshell-9875653-0", "display_name": "Win.Malware.Qshell-9875653-0", "target": null }, { "id": "TrojanDownloader:Win32/Zegost.E!bit", "display_name": "TrojanDownloader:Win32/Zegost.E!bit", "target": "/malware/TrojanDownloader:Win32/Zegost.E!bit" }, { "id": "Backdoor:Win32/Zegost.CQ!bit", "display_name": "Backdoor:Win32/Zegost.CQ!bit", "target": "/malware/Backdoor:Win32/Zegost.CQ!bit" }, { "id": "#Lowfi:SuspiciousSectionName", "display_name": "#Lowfi:SuspiciousSectionName", "target": null }, { "id": "Backdoor:Win32/Zegost.gen!B", "display_name": "Backdoor:Win32/Zegost.gen!B", "target": "/malware/Backdoor:Win32/Zegost.gen!B" }, { "id": "Win.Dropper.Gh0stRAT-7696262-0", "display_name": "Win.Dropper.Gh0stRAT-7696262-0", "target": null }, { "id": "Backdoor:Win32/Zegost.BU", "display_name": "Backdoor:Win32/Zegost.BU", "target": "/malware/Backdoor:Win32/Zegost.BU" }, { "id": "Trojan:Win32/Farfli.DSK!MTB", "display_name": "Trojan:Win32/Farfli.DSK!MTB", "target": "/malware/Trojan:Win32/Farfli.DSK!MTB" }, { "id": "Backdoor:Win32/Zegost.BK", "display_name": "Backdoor:Win32/Zegost.BK", "target": "/malware/Backdoor:Win32/Zegost.BK" }, { "id": "HackTool:Win32/Mimikatz.F", "display_name": "HackTool:Win32/Mimikatz.F", "target": "/malware/HackTool:Win32/Mimikatz.F" }, { "id": "Trojan:Win32/GhostRatCrypt.GA!MTB", "display_name": "Trojan:Win32/GhostRatCrypt.GA!MTB", "target": "/malware/Trojan:Win32/GhostRatCrypt.GA!MTB" }, { "id": "Backdoor:Win32/Zegost.CG", "display_name": "Backdoor:Win32/Zegost.CG", "target": "/malware/Backdoor:Win32/Zegost.CG" }, { "id": "Backdoor:Win32/Zegost.AD", "display_name": "Backdoor:Win32/Zegost.AD", "target": "/malware/Backdoor:Win32/Zegost.AD" }, { "id": "Worm:Win32/Sfone.A", "display_name": "Worm:Win32/Sfone.A", "target": "/malware/Worm:Win32/Sfone.A" }, { "id": "Backdoor:Win32/Zegost!atmn", "display_name": "Backdoor:Win32/Zegost!atmn", "target": "/malware/Backdoor:Win32/Zegost!atmn" }, { "id": "Backdoor:Win32/Zegost.H!dll", "display_name": "Backdoor:Win32/Zegost.H!dll", "target": "/malware/Backdoor:Win32/Zegost.H!dll" }, { "id": "Zeppelin_10", "display_name": "Zeppelin_10", "target": null }, { "id": "ALF:Trojan:Win32/Cipduk.D!dha", "display_name": "ALF:Trojan:Win32/Cipduk.D!dha", "target": null }, { "id": "Backdoor:Win32/Zegost.BR", "display_name": "Backdoor:Win32/Zegost.BR", "target": "/malware/Backdoor:Win32/Zegost.BR" }, { "id": "Backdoor:Win32/Farfli.AX", "display_name": "Backdoor:Win32/Farfli.AX", "target": "/malware/Backdoor:Win32/Farfli.AX" }, { "id": "ALF:HeraklezEval:Worm:Win32/Sfone", "display_name": "ALF:HeraklezEval:Worm:Win32/Sfone", "target": null }, { "id": "Backdoor:Win32/Zegost.L", "display_name": "Backdoor:Win32/Zegost.L", "target": "/malware/Backdoor:Win32/Zegost.L" }, { "id": "Backdoor:MSIL/Zegost.GG!MTB", "display_name": "Backdoor:MSIL/Zegost.GG!MTB", "target": "/malware/Backdoor:MSIL/Zegost.GG!MTB" }, { "id": "SLF:Win32/Dozlodz.A!MTB", "display_name": "SLF:Win32/Dozlodz.A!MTB", "target": "/malware/SLF:Win32/Dozlodz.A!MTB" }, { "id": "Win64:Xpirat\\ [Inf]", "display_name": "Win64:Xpirat\\ [Inf]", "target": null }, { "id": "Backdoor:Win32/Zegost.KM!MTB", "display_name": "Backdoor:Win32/Zegost.KM!MTB", "target": "/malware/Backdoor:Win32/Zegost.KM!MTB" }, { "id": "AdvancedInstaller", "display_name": "AdvancedInstaller", "target": null }, { "id": "TrojanDropper:Win32/Venik", "display_name": "TrojanDropper:Win32/Venik", "target": "/malware/TrojanDropper:Win32/Venik" }, { "id": "hacker87", "display_name": "hacker87", "target": null }, { "id": "PurpleFox", "display_name": "PurpleFox", "target": null }, { "id": "PCRat", "display_name": "PCRat", "target": null }, { "id": "Gh0stCringe", "display_name": "Gh0stCringe", "target": null } ], "attack_ids": [], "industries": [ "individuals" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2387, "FileHash-SHA1": 2126, "FileHash-SHA256": 9395, "SSLCertFingerprint": 27, "domain": 88, "URL": 185, "hostname": 165, "email": 11 }, "indicator_count": 14384, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "838 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65336ac2b48ca82aeb55aeed", "name": "Woodynet.net,Id3.net and me.", "description": "The saga continues - But without invoking the jinx I'll focus on the data: Woodynet.net and Id3.net have been my (notso)friendly unoptoutable-dns-resolvers i'm assuming since all of this kicked off now nearing over 1.5+ years ago. I was finally able to dump my iPhone12 in which I had had since this all started and with that really gain some leg and breathing room. But, I'm still being pumped malicious software in the form of ISO's, linux packages, Windows Updates, and so on. And these are the nexus right here. I was able to net a solid bounty from Hybrid-Analysis including 15+ trojans, about 10 different backdoors, and a slew of other collateral that honestly surprised me as Criminalip and OTX weren't wanting to speak the same language in terms of IOC translations from them to the pulse. I'm trying in vain to find the beacon(s) or whatever they're using to keep persistence.", "modified": "2024-02-14T21:43:43.324000", "created": "2023-10-21T06:08:02.798000", "tags": [ "ip lookup", "port check", "vulnerability scanner", "attack surface", "cyber threat intelligence", "cti", "asm", "domain", "exploit", "phishing", "ip address", "united", "criminal", "historical", "information", "ai spera", "search engine", "ip search", "english english", "franais", "contact", "china", "ip location", "ip owner", "internet", "ip locator", "remember", "dp ip", "ip checker", "lookup", "strong", "summary", "ip information", "pricing login", "score", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "data", "decrypted ssl", "windows nt", "threat level", "runtime data", "okserver", "date", "ffffff", "plugin", "path", "stop", "mask", "accept", "click", "prop", "error", "template", "class", "core", "span", "body", "suspicious", "back", "cluster", "null", "form", "zbot", "bounce", "this", "linear", "window", "ticker", "tick", "import", "orbit", "config", "main", "android", "cookie", "trident", "vidc", "hybrid", "close", "hosts", "general", "local", "mozilla", "strings", "podcast", "team", "june", "criminal ip", "engine", "resource", "dropped file", "pattern match", "script", "noscript", "connectivity", "bare metal", "iframe", "enterprise", "discord", "twitter", "facebook", "meta", "media", "story", "tools", "tokyo", "rocket", "fullscreen", "next", "small", "bare", "font", "helvetica", "arial", "tbody", "dnssec", "woodynet", "paris", "hong", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://www.criminalip.io/asset/report/69.166.14.38", "https://www.criminalip.io/asset/report/114.215.222.125", "https://dnschecker.org/ip-location.php?ip=31.204.146.148", "https://www.criminalip.io/domain/report?scan_id=8544746", "https://hybrid-analysis.com/sample/ab4672795b872e01bc7411fec294eab22d54e97b133769a3de306d9633fa24d6/5efec3f6b03bcb74f200310b", "https://www.criminalip.io/images/search/domain/category/icon_page_redirections.svg", "https://www.criminalip.io/domain/report?scan_id=8544687", "https://hybrid-analysis.com/sample/ab4672795b872e01bc7411fec294eab22d54e97b133769a3de306d9633fa24d6/653366aac5f632cbbf0f0000", "https://hybrid-analysis.com/sample/020fe56e2d49ead60b67a1e20b43ee0846c493c7edb3118b34c5c964fc131794/6533667318fa4c29320ec174", "https://hybrid-analysis.com/sample/2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Unknown", "display_name": "Unknown", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" } ], "industries": [ "individuals" ], "TLP": "white", "cloned_from": null, "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 268, "hostname": 50, "domain": 61, "FileHash-MD5": 112, "FileHash-SHA1": 110, "FileHash-SHA256": 110, "email": 9 }, "indicator_count": 720, "is_author": false, "is_subscribing": null, "subscriber_count": 74, "modified_text": "838 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657080735501c11ddbb7a988", "name": "Dominionvoting.com 03.03.22", "description": "", "modified": "2023-12-06T14:08:51.329000", "created": "2023-12-06T14:08:51.329000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 663, "hostname": 588, "domain": 413, "URL": 2183, "FileHash-MD5": 7 }, "indicator_count": 3854, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570805953274b32ec1f981b", "name": "Votebuilder.com", "description": "", "modified": "2023-12-06T14:08:25.588000", "created": "2023-12-06T14:08:25.588000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 869, "domain": 834, "URL": 4755, "hostname": 1559, "CIDR": 2, "FileHash-MD5": 10 }, "indicator_count": 8029, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62e80d56fba248bac0744780", "name": "\ud83e\udd14\ud83d\udea8 Could this be the source of all Evil? \ud83d\udea8\ud83e\udd14 Nubotnet - Team:KU Leuven/test2 - 2021.igem.org", "description": "", "modified": "2022-08-31T00:01:05.509000", "created": "2022-08-01T17:28:54.991000", "tags": [ "apt", "runtime data", "decrypted ssl", "pcap", "windows nt", "tops", "cookie", "typeof t", "element", "error", "matrix", "typeerror", "bmfloor", "frameelement", "null", "skew", "parade" ], "references": [ "https://2021.igem.org/Team:KU_Leuven/test2", "https://hybrid-analysis.com/sample/e126ff94aac3340dc05a27f062c4267cbfeaa998248bef0e72f000bba711aa76/62e6fb475edc950b894aa7b0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1696, "domain": 586, "hostname": 613, "FileHash-SHA256": 533, "FileHash-MD5": 34, "FileHash-SHA1": 33, "email": 1 }, "indicator_count": 3496, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1370 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62e69610305a20de80232e50", "name": ";http://tdarr.io/ - yet more net.sh", "description": "", "modified": "2022-08-30T00:01:48.297000", "created": "2022-07-31T14:47:44.291000", "tags": [ "trojan", "apt", "runtime data", "decrypted ssl", "typeerror", "typeof symbol", "null", "accept", "unknown", "roboto", "generator", "matrix", "internal", "blank", "trident", "discord", "facebook", "twitch", "backend", "twitter", "suser", "android", "meta", "skew", "parade", "click", "malicious", "mozilla", "suspicious", "network traffic", "net.sh" ], "references": [ "https://hybrid-analysis.com/sample/3782c093f4a54060ab6a269e2cc5a0334352f4c210500d370f185b6799f0007a/62e280899822900706678798", "tdarr.io", "net.sh neural netw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 786, "hostname": 498, "FileHash-SHA256": 122, "domain": 139, "FileHash-MD5": 43, "FileHash-SHA1": 36 }, "indicator_count": 1624, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1371 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6266c416c4598fa139868c64", "name": "\u05de\u05e9\u05e8\u05d3 \u05e4\u05e8\u05e1\u05d5\u05dd \u05d5\u05d1\u05e0\u05d9\u05d9\u05ea \u05d0\u05ea\u05e8\u05d9\u05dd | TOPWEB - \u05d8\u05d5\u05e4 \u05d5\u05d5\u05d1- \u05d4\u05d5\u05e4\u05db\u05d9\u05dd \u05e2\u05e1\u05e7\u05d9\u05dd \u05dc\u05de\u05d5\u05ea\u05d2\u05d9\u05dd \u05d1\u05d3\u05d9\u05d2\u05d9\u05d8\u05dc", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T15:53:58.206000", "tags": [ "init", "803911410135716", "pageview", "date", "datalayer", "gtmnqnvc6k", "copyright", "closure library", "facebook", "google", "linkedin", "reddit", "tumblr", "digg", "stumbleupon", "telegram", "whatsapp", "email", "kfunction", "u05deu05dcu05d0", "aw363516812", "error", "promise", "inull", "webfontconfig", "webfont", "gc", "number", "string", "uint8array", "regexp", "xhfunction", "yhfunction", "host", "path", "code", "topweb", "top web", "beyond", "forex", "hackeru", "one stop", "shop", "bgroup", "typesubmit", "datasecret", "shape", "html", "span", "false", "scrl", "haschildren", "zoomindown", "show hide", "dark", "checkbox", "back", "light", "typeof e", "formdata", "typeof symbol", "customevent", "post", "refill", "wpcf7", "wpcf7locale", "wpcf7unittag", "reflect", "math", "array", "object", "typeerror", "symbol", "function", "null", "title", "body", "click", "lecount", "count", "typeof define", "typeof t", "this", "close", "twitter", "open", "next", "blank", "xpercent0", "failure", "xpercent50", "essential grid", "blackberry", "author", "themepunch", "android", "typeof module", "tweenlite", "version", "onull", "updates and", "tools", "linear", "ticker", "bounce", "alpha", "fancybox", "plugin", "janis skarnelis", "100n", "right", "bottom", "left", "html tags", "ox20trnf", "dom element", "class", "attr", "pseudo", "child", "js foundation", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "image", "ud83dudc6cud83c" ], "references": [ "xfe-URL-anyweb.co.il-stix2-2.1-export.json", "https://anyweb.co.il/wp-includes/js/wp-emoji-release.min.js?ver=5.7.3", "https://anyweb.co.il/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "https://anyweb.co.il/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/lightbox.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.tools.min.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/assets.js?ver=5.7.3", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/post-like.min.js?ver=1.0", "https://anyweb.co.il/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "https://anyweb.co.il/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.1", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/script.js", "https://anyweb.co.il/wp-includes/js/wp-embed.min.js?ver=5.7.3", "https://anyweb.co.il/wp-includes/css/dist/block-library/style.min.css?ver=5.7.3", "https://topweb.co.il/", "https://www.googletagmanager.com/gtm.js?id=GTM-NQNVC6K", "https://topweb.co.il/wp-content/plugins/litespeed-cache/assets/js/webfontloader.min.js", "https://topweb.co.il/wp-content/litespeed/js/c3a18f91ebd798da3e120a12aec7c615.js?ver=7c615", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/363516812/?random=1650901467024&cv=9&fst=1650901467024&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftopweb.co.il%2F&tiba=%D7%9E%D7%A9%D7%A8%D7%93%20%D7%A4%D7%A8%D7%A1%D7%95%D7%9D%20%D7%95%D7%91%D7%A0%D7%99%D7%99%D7%AA%20%D7%90%D7%AA%D7%A8%D7%99%D7%9D%20%7C%20TOPWEB%20-%20%D7%98%D" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1158, "FileHash-SHA256": 671, "hostname": 304, "domain": 329, "email": 2 }, "indicator_count": 2464, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1468 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6261f2763fabd1214a79f0e5", "name": "Masterhost.ru - malware hosting", "description": "Here is the code-decode for the punycode-overflow test, which is based on the results of the following test-run by the UK's Office of National Statistics (ONS).", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-22T00:10:30.250000", "tags": [ "fffe37", "b76810", "helvetica", "arial", "pf din", "text comp", "circe", "span", "button", "90deg", "object", "typeof t", "date", "promise", "function", "array", "regexp", "error", "typeof symbol", "typeof n", "null", "backspace", "void", "window", "vd", "gc", "typeof e", "sufeffxa0", "class", "attr", "pseudo", "child", "typeof module", "string", "weakmap", "proxy", "number", "boolean", "trnf", "keepalive", "transitiongroup", "hello", "comment", "infinity", "this", "copyright", "closure library", "xdfunction", "cdfunction", "ddfunction", "bded", "kefunction", "65535", "counter", "typeof c", "segoe ui", "typeerror", "lucida", "vwtabguid", "form", "impact", "light", "cureit", "bu durumda", "ip address", "devam", "yandex", "help section", "captcha code", "support service", "search", "edge", "swhealthlog", "logsdatabasev2", "trident", "android", "rangeerror", "webpackexports", "illegal input", "webpackrequire" ], "references": [ "https://admin.verbox.ru/support/support.js?h=afe80d31a1cabd6ae5c00580688f27d2", "https://www.youtube.com/s/player/534c466c/www-widgetapi.vflset/www-widgetapi.js", "https://site.yandex.net/v2.0/js/all.js", "https://mc.yandex.ru/metrika/tag.js", "https://www.googletagmanager.com/gtag/js?id=UA-36935570-1", "https://masterhost.ru/s/masterhost_v2/build/js/app.js?v=WivgGVzt/Ynv", "https://masterhost.ru/s/masterhost_v2/build/js/compiled.min.js?v=Q/hhNATxy3sx", "https://static.me-talk.ru/cabinet/build/chat/modern.support.js", "https://masterhost.ru/s/masterhost_v2/build/css/global.css?v=MUmvaY06hvKf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1991, "hostname": 678, "FileHash-SHA256": 247, "domain": 404, "email": 1, "FileHash-MD5": 51 }, "indicator_count": 3372, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6221c71f88d90939c45bbddb", "name": "Votebuilder.com", "description": "", "modified": "2022-04-08T00:05:40.239000", "created": "2022-03-04T08:00:31.017000", "tags": [], "references": [ "votebuilder3df.pdf", "votebuilder2df.pdf", "votebuilder5df.pdf", "votebuilder7df.pdf", "votebuilder.com apidf.pdf", "Votebuilder.com.pdf", "votebuilder4df.pdf", "votebuilder6df.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 869, "hostname": 1559, "URL": 4755, "CIDR": 2, "FileHash-MD5": 10, "domain": 834 }, "indicator_count": 8029, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62223e385f1cfc8916db66fb", "name": "Dominionvoting.com 03.03.22", "description": "", "modified": "2022-04-03T00:00:55.161000", "created": "2022-03-04T16:28:40.422000", "tags": [], "references": [ "dominion voting1f", "dominion2", "dominion3", "dominion4", "dominion5" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 413, "URL": 2183, "FileHash-SHA256": 663, "hostname": 588, "FileHash-MD5": 7 }, "indicator_count": 3854, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1520 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "jquery.ui.sortable.min.js.pobrane", "", "overlay.js.pobrane", "remote.js.pobrane", "net.sh neural netw", "animations.css", "http://hybrid-analysis.com/sample/e9fc2ca7297a65937de9887be565eb5bbd149ba2c1a1ea4d3ca88302ede7ecac", "https://www.youtube.com/s/player/534c466c/www-widgetapi.vflset/www-widgetapi.js", "https://2021.igem.org/Team:KU_Leuven/test2", "https://hybrid-analysis.com/sample/e126ff94aac3340dc05a27f062c4267cbfeaa998248bef0e72f000bba711aa76/62e6fb475edc950b894aa7b0", "fontswitcher.js.pobrane", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/assets.js?ver=5.7.3", "embed.js.pobrane", "votebuilder5df.pdf", "stickybar.js.pobrane", "animate.min.css", "www-embed-player.js.pobrane", "scripts.js.pobrane", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/script.js", "https://tria.ge/230809-vsggjadf59", "embed.html", "caption.js.pobrane", "xfe-URL-anyweb.co.il-stix2-2.1-export.json", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "css", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.tools.min.js?ver=2.0.9.1", "http://hybrid-analysis.com/sample/e4db1656c4cfff0a4ced5a943b8433388c7b4935711d522014c819328f19001d/64da070d00534407c40c1034", "slider.js.pobrane", "https://tria.ge/230806-j8mspsgd84", "https://www.criminalip.io/domain/report?scan_id=8544746", "https://masterhost.ru/s/masterhost_v2/build/js/compiled.min.js?v=Q/hhNATxy3sx", "magnific.css", "jquery.djmobilemenu.js.pobrane", "https://hybrid-analysis.com/sample/4dbe669e9b8b9cfe1bfa98019ccf2e56230ed136adce966649ee38e61e934303/64da0aedbe662a714b0480b1", "https://www.googletagmanager.com/gtag/js?id=UA-36935570-1", "jquery.countTo.js.pobrane", "extended_layouts.26.css", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/post-like.min.js?ver=1.0", "bootstrap.min.js.pobrane", "https://www.criminalip.io/domain/report?scan_id=8544687", "https://tria.ge/230806-j3tdasgd72", "votebuilder2df.pdf", "tdarr.io", "jcemediabox.js.pobrane", "jcemediabox.css", "https://www.virustotal.com/gui/file/a7b4797c4a29864aacb7b40dd854adaf3936791d7c326d02d4aad37982d801a9/community", "https://anyweb.co.il/wp-includes/css/dist/block-library/style.min.css?ver=5.7.3", "search_impl.js.pobrane", "dominion4", "bootstrap.26.css", "https://dnschecker.org/ip-location.php?ip=31.204.146.148", "votebuilder3df.pdf", "jquery.djmegamenu.js.pobrane", "search.js.pobrane", "jquery.min.js.pobrane", "jquery-migrate.min.js.pobrane", "jquery-noconflict.js.pobrane", "offcanvas.26.css", "https://www.virustotal.com/gui/file/207bfec939e7c017c4704ba76172ee2c954f485ba593bc1bc8c7666e78251861/behavior", "https://www.joesandbox.com/analysis/1041402", "https://topweb.co.il/wp-content/plugins/litespeed-cache/assets/js/webfontloader.min.js", "https://otx.alienvault.com/indicator/file/c85cc6f8ff7d69d7a7af9498d7d75bc05e35fb69f34d7b50d9057608f7b73f51", "https://topweb.co.il/wp-content/litespeed/js/c3a18f91ebd798da3e120a12aec7c615.js?ver=7c615", "http://hybrid-analysis.com/sample/4cf079d4d7a154cd93f65934b5d115f07af8f25ee24930e6cc606dfb0aea2a4e", "template.26.css", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/lightbox.js?ver=2.0.9.1", "jquery.ui.core.min.js.pobrane", "https://anyweb.co.il/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "common.js.pobrane", "pagesettings.js.pobrane", "https://hybrid-analysis.com/sample/beff391ce640cc8fdfcec22b77c5d2bc4776304e3a404e8168ce315226c4fc41/5eae8f731389173b4c432b17", "https://hybrid-analysis.com/sample/ab4672795b872e01bc7411fec294eab22d54e97b133769a3de306d9633fa24d6/5efec3f6b03bcb74f200310b", "https://site.yandex.net/v2.0/js/all.js", "https://admin.verbox.ru/support/support.js?h=afe80d31a1cabd6ae5c00580688f27d2", "votebuilder.com apidf.pdf", "https://anyweb.co.il/wp-includes/js/wp-embed.min.js?ver=5.7.3", "dominion2", "ad_status.js.pobrane", "cast_sender.js.pobrane", "geometry.js.pobrane", "votebuilder7df.pdf", "map.js.pobrane", "dominion5", "main.js.pobrane", "jquery.easing.min.js.pobrane", "https://masterhost.ru/s/masterhost_v2/build/css/global.css?v=MUmvaY06hvKf", "jquery.cookie.js.pobrane", "onion.js.pobrane", "Votebuilder.com.pdf", "finder.css", "f5Y41t9wqY4.html", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/363516812/?random=1650901467024&cv=9&fst=1650901467024&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftopweb.co.il%2F&tiba=%D7%9E%D7%A9%D7%A8%D7%93%20%D7%A4%D7%A8%D7%A1%D7%95%D7%9D%20%D7%95%D7%91%D7%A0%D7%99%D7%99%D7%AA%20%D7%90%D7%AA%D7%A8%D7%99%D7%9D%20%7C%20TOPWEB%20-%20%D7%98%D", "magnific.js.pobrane", "magnific-init.js.pobrane", "bootstrap_responsive.26.css", "template_responsive.26.css", "dominion voting1f", "djmegamenu.26.css", "djmobilemenu.css", "https://otx.alienvault.com/indicator/file/08515dcc6df957c9c5d4f00db4f568b3ee29c337", "https://otx.alienvault.com/indicator/file/b197cf4cee44d52be11275f49f3143b4f7f8e735", "votebuilder6df.pdf", "https://masterhost.ru/s/masterhost_v2/build/js/app.js?v=WivgGVzt/Ynv", "https://anyweb.co.il/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "https://hybrid-analysis.com/sample/ab4672795b872e01bc7411fec294eab22d54e97b133769a3de306d9633fa24d6/653366aac5f632cbbf0f0000", "animate.ext.css", "offcanvas.js.pobrane", "https://static.me-talk.ru/cabinet/build/chat/modern.support.js", "https://hybrid-analysis.com/sample/2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e", "https://tria.ge/230806-j8tk9ahg7t", "js", "https://www.googletagmanager.com/gtm.js?id=GTM-NQNVC6K", "http://hybrid-analysis.com/sample/4dbe669e9b8b9cfe1bfa98019ccf2e56230ed136adce966649ee38e61e934303", "offcanvas.css", "layout.min.js.pobrane", "https://hybrid-analysis.com/sample/020fe56e2d49ead60b67a1e20b43ee0846c493c7edb3118b34c5c964fc131794/6533667318fa4c29320ec174", "dominion3", "jquery.autocomplete.min.js.pobrane", "https://www.virustotal.com/gui/file/3db36d262eb15c349b4b945e0b1d9772c262cd2b7d57c40ede429958daeab97e?nocache=1", "style.css", "https://anyweb.co.il/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.1", "https://www.criminalip.io/asset/report/69.166.14.38", "https://tria.ge/230809-vtdr2afd2t", "util.js.pobrane", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=2.0.9.1", "https://hybrid-analysis.com/sample/3782c093f4a54060ab6a269e2cc5a0334352f4c210500d370f185b6799f0007a/62e280899822900706678798", "https://otx.alienvault.com/indicator/file/1831d8972bfae639576d10903c2d586e", "djimageslider.css", "https://anyweb.co.il/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://mc.yandex.ru/metrika/tag.js", "content.css", "https://topweb.co.il/", "font_switcher.26.css", "https://www.criminalip.io/asset/report/114.215.222.125", "https://anyweb.co.il/wp-includes/js/wp-emoji-release.min.js?ver=5.7.3", "https://www.criminalip.io/images/search/domain/category/icon_page_redirections.svg", "votebuilder4df.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Unknown - Most likely multiple spanning Cyrillic and Chinese in terms of artifacts" ], "malware_families": [ "Hacktool:win32/mimikatz.f", "Worm:win32/sfone.a", "Slf:win32/dozlodz.a!mtb", "Backdoor:win32/zegost.km!mtb", "Win.malware.qshell-9875653-0", "Backdoor:win32/zegost.bk", "#lowfi:suspicioussectionname", "Trojandropper:win32/venik", "Backdoor:win32/zegost.cg", "Win.malware.eclz-9953021-0", "Unknown", "Backdoor:win32/farfli.ax", "Advancedinstaller", "Backdoor:win32/zegost.cq!bit", "Neshta", "Backdoor:win32/zegost.ad", "Backdoor:win32/zegost.l", "Gc", "Expiro", "Win.dropper.gh0strat-7696262-0", "Backdoor:win32/zegost!atmn", "Backdoor:win32/zegost.h!dll", "Hacker87", "Gh0stcringe", "Backdoor:win32/zegost.gen!b", "Alf:trojan:win32/cipduk.d!dha", "Purplefox", "Backdoor:win32/zegost.br", "Trojan:win32/ghostratcrypt.ga!mtb", "Backdoor:win32/zegost.bu", "Alf:heraklezeval:worm:win32/sfone", "Backdoor:msil/zegost.gg!mtb", "Win64:xpirat\\ [inf]", "Pcrat", "Win.malware.snojan-6775202-0", "Trojandownloader:win32/zegost.e!bit", "Trojan:win32/farfli.dsk!mtb", "Zeppelin_10", "Vd", "Win.dropper.gh0strat", "Win32:farfli-bh", "Trojandownloader:win32/nemucod" ], "industries": [ "Individuals" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 12, "pulses": [ { "id": "684c65464466dd19b089f325", "name": "Zesp\u00f3\u0142 Profilaktyki i Rehabilitacji w Janowicach Wielkich - YouTube", "description": "If d=void 0===c,w(\"trustedResourceUrl\",d: \"Trusted resourceUrl,\" thend=c.src,d, c.js, then d:", "modified": "2025-06-13T17:56:28.689000", "created": "2025-06-13T17:52:06.399000", "tags": [ "rehabilitacji w", "youtube tv", "dami jelenia", "tv dami", "jelenia gra", "zakupy wycz", "jeli", "nie korzystasz", "filmy", "aby tego", "copyright", "closure library", "argument", "ifunction", "error", "null", "type", "cast", "webchannel", "su2028u2029", "chrome", "xmlhttp", "kkvoid", "remotecontrol", "android", "unknown", "screen", "desktop", "function", "string", "array", "number", "vfunction", "f8192", "n432", "true", "j2048", "this", "window", "void", "date", "pokau017c", "pytfunction", "fe8function", "qgzfunction", "afunction", "hb28", "r150", "promise", "bigint", "post", "edge", "swhealthlog", "symbol", "trident", "infinity", "embed", "webkitkeyframes", "zoomin", "zoominx", "zoomoutx", "zoominy", "zoomouty", "2000px", "90deg", "20px", "30deg", "30px", "10px", "10deg", "3deg", "5deg", "djmegamenu", "use license", "tabindex", "menu", "close", "msie", "beforechange", "imagehassize", "buildcontrols", "magnific popup", "dmitry semenov", "http", "beforeclose", "afterclose", "open", "next", "open source", "bsd license", "george mcginley", "smith", "djimageslider", "subpackage", "webkit", "khtml", "icab", "countto", "callback", "handler", "object", "typeof", "method", "gnugplv2", "website", "set module", "height script", "regexp", "screenheight", "highcontrast2", "highcontrast3", "highcontrast", "wide", "night", "body", "normalbutton", "cookie plugin", "https", "klaus hartl", "mit license", "register", "nodecommonjs", "factory", "jquery", "write", "sticky bar", "stickybar", "count", "offcanvas", "html", "noscroll", "offcanvas var", "toggle nav", "click jquery", "ajax", "autocomplete", "tomas kirda", "typeof define", "esc27", "tab9", "return13", "left37", "up38", "twitter", "custom version", "joomla", "rolemenu", "boolean", "get adobe", "flash player", "title", "text", "typeof data", "typeof s", "accept", "width", "foundation", "backspace8", "comma188", "delete46", "down40", "end35", "enter13", "escape27", "value", "migrate", "backcompat", "quirks mode", "typeof f", "xtablet768", "document", "ui sortable", "leftright", "gnu general", "public license", "dddddd", "ffffcc", "eeeeee", "verdana", "geneva", "arial", "helvetica", "f0f0f0", "sans", "charset", "utf8", "fontawesome", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr", "general slider", "slide", "rgba", "navigation", "15deg", "300px", "20deg", "transition", "scale", "baskerville", "main image", "bdbdbd", "f3f3f3", "remove", "fontface", "woff2", "u0131", "u01520153", "u02bb02bc", "u02c6", "u02da", "u02dc", "u0304", "dirrtl", "msviewport", "href", "span", "legend", "halflings", "fieldset", "typeimage", "f2f2f2", "d9edf7", "dff0d8", "f2dede", "thead", "tbody", "tahoma", "00a0", "video", "script", "2500", "xnew ita", "dnew jta", "dataset", "orfunction", "prfunction", "nsafunction", "xsafunction", "vrfunction", "cakes", "ovbfunction", "pvbfunction", "rvbfunction", "qvbfunction", "tvbfunction", "uvbfunction", "vvbclass", "xvbclass", "yvbclass", "svbclass", "lvafunction", "ggfunction", "mvafunction", "ovafunction", "pvafunction", "uvafunction", "tvafunction", "qvafunction", "vvafunction", "nvaclass", "dark", "vector", "yy49", "raster", "roboto", "new tk", "qael", "przechyl", "mars", "mercury", "venus", "pluto", "titan", "weakset", "wfclass", "googlelayer", "uint8array", "weakmap", "5001", "mouseevent", "webassembly", "180180", "9090", "google maps", "javascript api", "internal", "small", "lightrail", "false", "february", "light", "hybrid", "bounce", "drop", "inside", "outside", "marker", "gc" ], "references": [ "embed.html", "ad_status.js.pobrane", "f5Y41t9wqY4.html", "cast_sender.js.pobrane", "remote.js.pobrane", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "embed.js.pobrane", "www-embed-player.js.pobrane", "animate.ext.css", "animate.min.css", "jquery.djmegamenu.js.pobrane", "jquery.djmobilemenu.js.pobrane", "magnific.js.pobrane", "jquery.easing.min.js.pobrane", "slider.js.pobrane", "jquery.countTo.js.pobrane", "scripts.js.pobrane", "magnific-init.js.pobrane", "pagesettings.js.pobrane", "jquery.cookie.js.pobrane", "stickybar.js.pobrane", "fontswitcher.js.pobrane", "offcanvas.js.pobrane", "jquery.autocomplete.min.js.pobrane", "bootstrap.min.js.pobrane", "jcemediabox.js.pobrane", "jquery.ui.core.min.js.pobrane", "jquery-migrate.min.js.pobrane", "layout.min.js.pobrane", "jquery.ui.sortable.min.js.pobrane", "caption.js.pobrane", "finder.css", "jquery-noconflict.js.pobrane", "djmegamenu.26.css", "animations.css", "djmobilemenu.css", "jquery.min.js.pobrane", "djimageslider.css", "offcanvas.css", "magnific.css", "font_switcher.26.css", "css", "template_responsive.26.css", "offcanvas.26.css", "bootstrap_responsive.26.css", "extended_layouts.26.css", "style.css", "content.css", "template.26.css", "bootstrap.26.css", "jcemediabox.css", "js", "onion.js.pobrane", "search_impl.js.pobrane", "overlay.js.pobrane", "map.js.pobrane", "util.js.pobrane", "search.js.pobrane", "common.js.pobrane", "geometry.js.pobrane", "main.js.pobrane" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2779, "hostname": 661, "domain": 684, "email": 4, "FileHash-MD5": 1, "FileHash-SHA256": 689 }, "indicator_count": 4818, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "353 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "675127405277d037355e5db6", "name": "Beehive.Systems", "description": "#if PRAGMA_ONCE, which includes the word \"pagma\" and the term \"penet\", should not be used as part of any attempt to set a new code.", "modified": "2024-12-05T04:08:32.154000", "created": "2024-12-05T04:08:32.154000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "ilyailya", "id": "298851", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 16, "domain": 30, "hostname": 69 }, "indicator_count": 115, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "543 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64da05cdba55fc9cf872cb11", "name": "IOC's off of my personal devices Aug 14th - June 28th | Come one come all, something for everyone", "description": "Now that I've been able to get a pulse published I'm going to be recursively and actively updating this pulse with IOC's pulled off of files marked malicious, suspicious, ambigious, or clean with a threat score from my personal devices. I will also add files that have a high amount of indicators and no threat score as well and let AlienVault sort it out. Hopefully I'll be able i'll be able to fill the gap to my last Pulse the better part of a year ago. \n\nNearly all of these files are debug and VM aware, with a majority having a legitimate certificate chain. The ones that do run have been initialized in a live environment (aka my desktop, laptop, phone, etc).", "modified": "2024-02-14T21:44:01.779000", "created": "2023-08-14T10:45:33.014000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "falcon sandbox", "hybrid analysis", "sandbox files", "urls quick", "scans files", "urls file", "releases", "updates faq", "public api", "knowledge base" ], "references": [ "https://otx.alienvault.com/indicator/file/b197cf4cee44d52be11275f49f3143b4f7f8e735", "https://hybrid-analysis.com/sample/4dbe669e9b8b9cfe1bfa98019ccf2e56230ed136adce966649ee38e61e934303/64da0aedbe662a714b0480b1", "https://www.virustotal.com/gui/file/207bfec939e7c017c4704ba76172ee2c954f485ba593bc1bc8c7666e78251861/behavior", "https://www.virustotal.com/gui/file/3db36d262eb15c349b4b945e0b1d9772c262cd2b7d57c40ede429958daeab97e?nocache=1", "https://otx.alienvault.com/indicator/file/08515dcc6df957c9c5d4f00db4f568b3ee29c337", "https://www.joesandbox.com/analysis/1041402", "http://hybrid-analysis.com/sample/e9fc2ca7297a65937de9887be565eb5bbd149ba2c1a1ea4d3ca88302ede7ecac", "https://www.virustotal.com/gui/file/a7b4797c4a29864aacb7b40dd854adaf3936791d7c326d02d4aad37982d801a9/community", "http://hybrid-analysis.com/sample/e4db1656c4cfff0a4ced5a943b8433388c7b4935711d522014c819328f19001d/64da070d00534407c40c1034", "http://hybrid-analysis.com/sample/4dbe669e9b8b9cfe1bfa98019ccf2e56230ed136adce966649ee38e61e934303", "http://hybrid-analysis.com/sample/4cf079d4d7a154cd93f65934b5d115f07af8f25ee24930e6cc606dfb0aea2a4e", "https://otx.alienvault.com/indicator/file/1831d8972bfae639576d10903c2d586e", "https://hybrid-analysis.com/sample/beff391ce640cc8fdfcec22b77c5d2bc4776304e3a404e8168ce315226c4fc41/5eae8f731389173b4c432b17", "https://otx.alienvault.com/indicator/file/c85cc6f8ff7d69d7a7af9498d7d75bc05e35fb69f34d7b50d9057608f7b73f51", "", "https://tria.ge/230806-j3tdasgd72", "https://tria.ge/230806-j8mspsgd84", "https://tria.ge/230806-j8tk9ahg7t", "https://tria.ge/230809-vsggjadf59", "https://tria.ge/230809-vtdr2afd2t" ], "public": 1, "adversary": "Unknown - Most likely multiple spanning Cyrillic and Chinese in terms of artifacts", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "neshta", "display_name": "neshta", "target": null }, { "id": "Expiro", "display_name": "Expiro", "target": null }, { "id": "Win.Dropper.Gh0stRAT", "display_name": "Win.Dropper.Gh0stRAT", "target": null }, { "id": "Win.Malware.Eclz-9953021-0", "display_name": "Win.Malware.Eclz-9953021-0", "target": null }, { "id": "Win32:Farfli-BH", "display_name": "Win32:Farfli-BH", "target": null }, { "id": "TrojanDownloader:Win32/Nemucod", "display_name": "TrojanDownloader:Win32/Nemucod", "target": "/malware/TrojanDownloader:Win32/Nemucod" }, { "id": "Win.Malware.Snojan-6775202-0", "display_name": "Win.Malware.Snojan-6775202-0", "target": null }, { "id": "Win.Malware.Qshell-9875653-0", "display_name": "Win.Malware.Qshell-9875653-0", "target": null }, { "id": "TrojanDownloader:Win32/Zegost.E!bit", "display_name": "TrojanDownloader:Win32/Zegost.E!bit", "target": "/malware/TrojanDownloader:Win32/Zegost.E!bit" }, { "id": "Backdoor:Win32/Zegost.CQ!bit", "display_name": "Backdoor:Win32/Zegost.CQ!bit", "target": "/malware/Backdoor:Win32/Zegost.CQ!bit" }, { "id": "#Lowfi:SuspiciousSectionName", "display_name": "#Lowfi:SuspiciousSectionName", "target": null }, { "id": "Backdoor:Win32/Zegost.gen!B", "display_name": "Backdoor:Win32/Zegost.gen!B", "target": "/malware/Backdoor:Win32/Zegost.gen!B" }, { "id": "Win.Dropper.Gh0stRAT-7696262-0", "display_name": "Win.Dropper.Gh0stRAT-7696262-0", "target": null }, { "id": "Backdoor:Win32/Zegost.BU", "display_name": "Backdoor:Win32/Zegost.BU", "target": "/malware/Backdoor:Win32/Zegost.BU" }, { "id": "Trojan:Win32/Farfli.DSK!MTB", "display_name": "Trojan:Win32/Farfli.DSK!MTB", "target": "/malware/Trojan:Win32/Farfli.DSK!MTB" }, { "id": "Backdoor:Win32/Zegost.BK", "display_name": "Backdoor:Win32/Zegost.BK", "target": "/malware/Backdoor:Win32/Zegost.BK" }, { "id": "HackTool:Win32/Mimikatz.F", "display_name": "HackTool:Win32/Mimikatz.F", "target": "/malware/HackTool:Win32/Mimikatz.F" }, { "id": "Trojan:Win32/GhostRatCrypt.GA!MTB", "display_name": "Trojan:Win32/GhostRatCrypt.GA!MTB", "target": "/malware/Trojan:Win32/GhostRatCrypt.GA!MTB" }, { "id": "Backdoor:Win32/Zegost.CG", "display_name": "Backdoor:Win32/Zegost.CG", "target": "/malware/Backdoor:Win32/Zegost.CG" }, { "id": "Backdoor:Win32/Zegost.AD", "display_name": "Backdoor:Win32/Zegost.AD", "target": "/malware/Backdoor:Win32/Zegost.AD" }, { "id": "Worm:Win32/Sfone.A", "display_name": "Worm:Win32/Sfone.A", "target": "/malware/Worm:Win32/Sfone.A" }, { "id": "Backdoor:Win32/Zegost!atmn", "display_name": "Backdoor:Win32/Zegost!atmn", "target": "/malware/Backdoor:Win32/Zegost!atmn" }, { "id": "Backdoor:Win32/Zegost.H!dll", "display_name": "Backdoor:Win32/Zegost.H!dll", "target": "/malware/Backdoor:Win32/Zegost.H!dll" }, { "id": "Zeppelin_10", "display_name": "Zeppelin_10", "target": null }, { "id": "ALF:Trojan:Win32/Cipduk.D!dha", "display_name": "ALF:Trojan:Win32/Cipduk.D!dha", "target": null }, { "id": "Backdoor:Win32/Zegost.BR", "display_name": "Backdoor:Win32/Zegost.BR", "target": "/malware/Backdoor:Win32/Zegost.BR" }, { "id": "Backdoor:Win32/Farfli.AX", "display_name": "Backdoor:Win32/Farfli.AX", "target": "/malware/Backdoor:Win32/Farfli.AX" }, { "id": "ALF:HeraklezEval:Worm:Win32/Sfone", "display_name": "ALF:HeraklezEval:Worm:Win32/Sfone", "target": null }, { "id": "Backdoor:Win32/Zegost.L", "display_name": "Backdoor:Win32/Zegost.L", "target": "/malware/Backdoor:Win32/Zegost.L" }, { "id": "Backdoor:MSIL/Zegost.GG!MTB", "display_name": "Backdoor:MSIL/Zegost.GG!MTB", "target": "/malware/Backdoor:MSIL/Zegost.GG!MTB" }, { "id": "SLF:Win32/Dozlodz.A!MTB", "display_name": "SLF:Win32/Dozlodz.A!MTB", "target": "/malware/SLF:Win32/Dozlodz.A!MTB" }, { "id": "Win64:Xpirat\\ [Inf]", "display_name": "Win64:Xpirat\\ [Inf]", "target": null }, { "id": "Backdoor:Win32/Zegost.KM!MTB", "display_name": "Backdoor:Win32/Zegost.KM!MTB", "target": "/malware/Backdoor:Win32/Zegost.KM!MTB" }, { "id": "AdvancedInstaller", "display_name": "AdvancedInstaller", "target": null }, { "id": "TrojanDropper:Win32/Venik", "display_name": "TrojanDropper:Win32/Venik", "target": "/malware/TrojanDropper:Win32/Venik" }, { "id": "hacker87", "display_name": "hacker87", "target": null }, { "id": "PurpleFox", "display_name": "PurpleFox", "target": null }, { "id": "PCRat", "display_name": "PCRat", "target": null }, { "id": "Gh0stCringe", "display_name": "Gh0stCringe", "target": null } ], "attack_ids": [], "industries": [ "individuals" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2387, "FileHash-SHA1": 2126, "FileHash-SHA256": 9395, "SSLCertFingerprint": 27, "domain": 88, "URL": 185, "hostname": 165, "email": 11 }, "indicator_count": 14384, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "838 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65336ac2b48ca82aeb55aeed", "name": "Woodynet.net,Id3.net and me.", "description": "The saga continues - But without invoking the jinx I'll focus on the data: Woodynet.net and Id3.net have been my (notso)friendly unoptoutable-dns-resolvers i'm assuming since all of this kicked off now nearing over 1.5+ years ago. I was finally able to dump my iPhone12 in which I had had since this all started and with that really gain some leg and breathing room. But, I'm still being pumped malicious software in the form of ISO's, linux packages, Windows Updates, and so on. And these are the nexus right here. I was able to net a solid bounty from Hybrid-Analysis including 15+ trojans, about 10 different backdoors, and a slew of other collateral that honestly surprised me as Criminalip and OTX weren't wanting to speak the same language in terms of IOC translations from them to the pulse. I'm trying in vain to find the beacon(s) or whatever they're using to keep persistence.", "modified": "2024-02-14T21:43:43.324000", "created": "2023-10-21T06:08:02.798000", "tags": [ "ip lookup", "port check", "vulnerability scanner", "attack surface", "cyber threat intelligence", "cti", "asm", "domain", "exploit", "phishing", "ip address", "united", "criminal", "historical", "information", "ai spera", "search engine", "ip search", "english english", "franais", "contact", "china", "ip location", "ip owner", "internet", "ip locator", "remember", "dp ip", "ip checker", "lookup", "strong", "summary", "ip information", "pricing login", "score", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "data", "decrypted ssl", "windows nt", "threat level", "runtime data", "okserver", "date", "ffffff", "plugin", "path", "stop", "mask", "accept", "click", "prop", "error", "template", "class", "core", "span", "body", "suspicious", "back", "cluster", "null", "form", "zbot", "bounce", "this", "linear", "window", "ticker", "tick", "import", "orbit", "config", "main", "android", "cookie", "trident", "vidc", "hybrid", "close", "hosts", "general", "local", "mozilla", "strings", "podcast", "team", "june", "criminal ip", "engine", "resource", "dropped file", "pattern match", "script", "noscript", "connectivity", "bare metal", "iframe", "enterprise", "discord", "twitter", "facebook", "meta", "media", "story", "tools", "tokyo", "rocket", "fullscreen", "next", "small", "bare", "font", "helvetica", "arial", "tbody", "dnssec", "woodynet", "paris", "hong", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://www.criminalip.io/asset/report/69.166.14.38", "https://www.criminalip.io/asset/report/114.215.222.125", "https://dnschecker.org/ip-location.php?ip=31.204.146.148", "https://www.criminalip.io/domain/report?scan_id=8544746", "https://hybrid-analysis.com/sample/ab4672795b872e01bc7411fec294eab22d54e97b133769a3de306d9633fa24d6/5efec3f6b03bcb74f200310b", "https://www.criminalip.io/images/search/domain/category/icon_page_redirections.svg", "https://www.criminalip.io/domain/report?scan_id=8544687", "https://hybrid-analysis.com/sample/ab4672795b872e01bc7411fec294eab22d54e97b133769a3de306d9633fa24d6/653366aac5f632cbbf0f0000", "https://hybrid-analysis.com/sample/020fe56e2d49ead60b67a1e20b43ee0846c493c7edb3118b34c5c964fc131794/6533667318fa4c29320ec174", "https://hybrid-analysis.com/sample/2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Unknown", "display_name": "Unknown", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" } ], "industries": [ "individuals" ], "TLP": "white", "cloned_from": null, "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Merkd1904", "id": "196517", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 268, "hostname": 50, "domain": 61, "FileHash-MD5": 112, "FileHash-SHA1": 110, "FileHash-SHA256": 110, "email": 9 }, "indicator_count": 720, "is_author": false, "is_subscribing": null, "subscriber_count": 74, "modified_text": "838 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657080735501c11ddbb7a988", "name": "Dominionvoting.com 03.03.22", "description": "", "modified": "2023-12-06T14:08:51.329000", "created": "2023-12-06T14:08:51.329000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 663, "hostname": 588, "domain": 413, "URL": 2183, "FileHash-MD5": 7 }, "indicator_count": 3854, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570805953274b32ec1f981b", "name": "Votebuilder.com", "description": "", "modified": "2023-12-06T14:08:25.588000", "created": "2023-12-06T14:08:25.588000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 869, "domain": 834, "URL": 4755, "hostname": 1559, "CIDR": 2, "FileHash-MD5": 10 }, "indicator_count": 8029, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62e80d56fba248bac0744780", "name": "\ud83e\udd14\ud83d\udea8 Could this be the source of all Evil? \ud83d\udea8\ud83e\udd14 Nubotnet - Team:KU Leuven/test2 - 2021.igem.org", "description": "", "modified": "2022-08-31T00:01:05.509000", "created": "2022-08-01T17:28:54.991000", "tags": [ "apt", "runtime data", "decrypted ssl", "pcap", "windows nt", "tops", "cookie", "typeof t", "element", "error", "matrix", "typeerror", "bmfloor", "frameelement", "null", "skew", "parade" ], "references": [ "https://2021.igem.org/Team:KU_Leuven/test2", "https://hybrid-analysis.com/sample/e126ff94aac3340dc05a27f062c4267cbfeaa998248bef0e72f000bba711aa76/62e6fb475edc950b894aa7b0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1696, "domain": 586, "hostname": 613, "FileHash-SHA256": 533, "FileHash-MD5": 34, "FileHash-SHA1": 33, "email": 1 }, "indicator_count": 3496, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1370 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62e69610305a20de80232e50", "name": ";http://tdarr.io/ - yet more net.sh", "description": "", "modified": "2022-08-30T00:01:48.297000", "created": "2022-07-31T14:47:44.291000", "tags": [ "trojan", "apt", "runtime data", "decrypted ssl", "typeerror", "typeof symbol", "null", "accept", "unknown", "roboto", "generator", "matrix", "internal", "blank", "trident", "discord", "facebook", "twitch", "backend", "twitter", "suser", "android", "meta", "skew", "parade", "click", "malicious", "mozilla", "suspicious", "network traffic", "net.sh" ], "references": [ "https://hybrid-analysis.com/sample/3782c093f4a54060ab6a269e2cc5a0334352f4c210500d370f185b6799f0007a/62e280899822900706678798", "tdarr.io", "net.sh neural netw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 786, "hostname": 498, "FileHash-SHA256": 122, "domain": 139, "FileHash-MD5": 43, "FileHash-SHA1": 36 }, "indicator_count": 1624, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1371 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6266c416c4598fa139868c64", "name": "\u05de\u05e9\u05e8\u05d3 \u05e4\u05e8\u05e1\u05d5\u05dd \u05d5\u05d1\u05e0\u05d9\u05d9\u05ea \u05d0\u05ea\u05e8\u05d9\u05dd | TOPWEB - \u05d8\u05d5\u05e4 \u05d5\u05d5\u05d1- \u05d4\u05d5\u05e4\u05db\u05d9\u05dd \u05e2\u05e1\u05e7\u05d9\u05dd \u05dc\u05de\u05d5\u05ea\u05d2\u05d9\u05dd \u05d1\u05d3\u05d9\u05d2\u05d9\u05d8\u05dc", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T15:53:58.206000", "tags": [ "init", "803911410135716", "pageview", "date", "datalayer", "gtmnqnvc6k", "copyright", "closure library", "facebook", "google", "linkedin", "reddit", "tumblr", "digg", "stumbleupon", "telegram", "whatsapp", "email", "kfunction", "u05deu05dcu05d0", "aw363516812", "error", "promise", "inull", "webfontconfig", "webfont", "gc", "number", "string", "uint8array", "regexp", "xhfunction", "yhfunction", "host", "path", "code", "topweb", "top web", "beyond", "forex", "hackeru", "one stop", "shop", "bgroup", "typesubmit", "datasecret", "shape", "html", "span", "false", "scrl", "haschildren", "zoomindown", "show hide", "dark", "checkbox", "back", "light", "typeof e", "formdata", "typeof symbol", "customevent", "post", "refill", "wpcf7", "wpcf7locale", "wpcf7unittag", "reflect", "math", "array", "object", "typeerror", "symbol", "function", "null", "title", "body", "click", "lecount", "count", "typeof define", "typeof t", "this", "close", "twitter", "open", "next", "blank", "xpercent0", "failure", "xpercent50", "essential grid", "blackberry", "author", "themepunch", "android", "typeof module", "tweenlite", "version", "onull", "updates and", "tools", "linear", "ticker", "bounce", "alpha", "fancybox", "plugin", "janis skarnelis", "100n", "right", "bottom", "left", "html tags", "ox20trnf", "dom element", "class", "attr", "pseudo", "child", "js foundation", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "image", "ud83dudc6cud83c" ], "references": [ "xfe-URL-anyweb.co.il-stix2-2.1-export.json", "https://anyweb.co.il/wp-includes/js/wp-emoji-release.min.js?ver=5.7.3", "https://anyweb.co.il/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "https://anyweb.co.il/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/lightbox.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.tools.min.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/assets.js?ver=5.7.3", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/post-like.min.js?ver=1.0", "https://anyweb.co.il/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "https://anyweb.co.il/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.1", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/script.js", "https://anyweb.co.il/wp-includes/js/wp-embed.min.js?ver=5.7.3", "https://anyweb.co.il/wp-includes/css/dist/block-library/style.min.css?ver=5.7.3", "https://topweb.co.il/", "https://www.googletagmanager.com/gtm.js?id=GTM-NQNVC6K", "https://topweb.co.il/wp-content/plugins/litespeed-cache/assets/js/webfontloader.min.js", "https://topweb.co.il/wp-content/litespeed/js/c3a18f91ebd798da3e120a12aec7c615.js?ver=7c615", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/363516812/?random=1650901467024&cv=9&fst=1650901467024&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftopweb.co.il%2F&tiba=%D7%9E%D7%A9%D7%A8%D7%93%20%D7%A4%D7%A8%D7%A1%D7%95%D7%9D%20%D7%95%D7%91%D7%A0%D7%99%D7%99%D7%AA%20%D7%90%D7%AA%D7%A8%D7%99%D7%9D%20%7C%20TOPWEB%20-%20%D7%98%D" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1158, "FileHash-SHA256": 671, "hostname": 304, "domain": 329, "email": 2 }, "indicator_count": 2464, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1468 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6261f2763fabd1214a79f0e5", "name": "Masterhost.ru - malware hosting", "description": "Here is the code-decode for the punycode-overflow test, which is based on the results of the following test-run by the UK's Office of National Statistics (ONS).", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-22T00:10:30.250000", "tags": [ "fffe37", "b76810", "helvetica", "arial", "pf din", "text comp", "circe", "span", "button", "90deg", "object", "typeof t", "date", "promise", "function", "array", "regexp", "error", "typeof symbol", "typeof n", "null", "backspace", "void", "window", "vd", "gc", "typeof e", "sufeffxa0", "class", "attr", "pseudo", "child", "typeof module", "string", "weakmap", "proxy", "number", "boolean", "trnf", "keepalive", "transitiongroup", "hello", "comment", "infinity", "this", "copyright", "closure library", "xdfunction", "cdfunction", "ddfunction", "bded", "kefunction", "65535", "counter", "typeof c", "segoe ui", "typeerror", "lucida", "vwtabguid", "form", "impact", "light", "cureit", "bu durumda", "ip address", "devam", "yandex", "help section", "captcha code", "support service", "search", "edge", "swhealthlog", "logsdatabasev2", "trident", "android", "rangeerror", "webpackexports", "illegal input", "webpackrequire" ], "references": [ "https://admin.verbox.ru/support/support.js?h=afe80d31a1cabd6ae5c00580688f27d2", "https://www.youtube.com/s/player/534c466c/www-widgetapi.vflset/www-widgetapi.js", "https://site.yandex.net/v2.0/js/all.js", "https://mc.yandex.ru/metrika/tag.js", "https://www.googletagmanager.com/gtag/js?id=UA-36935570-1", "https://masterhost.ru/s/masterhost_v2/build/js/app.js?v=WivgGVzt/Ynv", "https://masterhost.ru/s/masterhost_v2/build/js/compiled.min.js?v=Q/hhNATxy3sx", "https://static.me-talk.ru/cabinet/build/chat/modern.support.js", "https://masterhost.ru/s/masterhost_v2/build/css/global.css?v=MUmvaY06hvKf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1991, "hostname": 678, "FileHash-SHA256": 247, "domain": 404, "email": 1, "FileHash-MD5": 51 }, "indicator_count": 3372, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "this.sc", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "this.sc", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780351336.8697894 }