{ "type": "Domain", "indicator": "tpucdn.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/tpucdn.com", "alexa": "http://www.alexa.com/siteinfo/tpucdn.com", "indicator": "tpucdn.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3675955872, "indicator": "tpucdn.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "659c73db79d680af1c1c8f69", "name": "Data Center [Pulse curated by StreamMiningEx]", "description": "", "modified": "2024-01-08T22:14:51.330000", "created": "2024-01-08T22:14:51.330000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "6570a01137b1bcae30a77dfa", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 255, "FileHash-SHA256": 1129, "hostname": 1306, "domain": 14829, "FileHash-SHA1": 45, "URL": 9697, "email": 5, "CIDR": 3 }, "indicator_count": 27271, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "873 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a746daf9bcde6a5a80e9", "name": "SSDEEP", "description": "", "modified": "2023-12-06T16:54:27.604000", "created": "2023-12-06T16:54:27.604000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 255, "FileHash-SHA256": 1129, "hostname": 1306, "domain": 14829, "FileHash-SHA1": 45, "URL": 9697, "email": 5, "CIDR": 3 }, "indicator_count": 27271, "is_author": false, "is_subscribing": null, "subscriber_count": 112, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a01137b1bcae30a77dfa", "name": "Data Center", "description": "", "modified": "2023-12-06T16:23:45.285000", "created": "2023-12-06T16:23:45.285000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 255, "FileHash-SHA256": 1129, "hostname": 1306, "domain": 14829, "FileHash-SHA1": 45, "URL": 9697, "email": 5, "CIDR": 3 }, "indicator_count": 27271, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709c1a3462dae3a7d8714b", "name": "IOC202306052234", "description": "", "modified": "2023-12-06T16:06:50.890000", "created": "2023-12-06T16:06:50.890000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1096, "FileHash-MD5": 307, "FileHash-SHA1": 268, "domain": 265, "CVE": 6, "hostname": 246, "URL": 29 }, "indicator_count": 2217, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f1fa4726c7449f379d172", "name": "SSDEEP", "description": "", "modified": "2023-10-30T03:14:44.205000", "created": "2023-10-30T03:14:44.205000", "tags": [ "united", "as13335", "unknown", "search", "aaaa", "link", "accept encoding", "entries", "creation date", "record value", "date", "body", "cookie", "domain related", "showing", "maxage0", "colocation data", "maxage2592000", "acceptencoding", "centers", "powered shells", "sabey", "submission", "buildtosuit", "details links", "community", "join", "vt community", "api key", "virtual address", "virtual size", "raw size", "entropy", "sections", "functionality", "file type", "chi2", "contained", "us entropy", "ascii text", "rtmanifest", "rticon", "neutral", "sha256", "type rticon", "vhash", "imphash", "ssdeep", "win32 exe", "magic pe32", "ms windows", "intel", "trid generic", "cil executable", "mono" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65136e65a6a0e9d07117995a", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "URL": 37584, "domain": 58771, "email": 23, "hostname": 4995, "FileHash-SHA256": 3633, "FileHash-SHA1": 57, "CIDR": 14, "CVE": 4 }, "indicator_count": 105365, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "943 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65136e65a6a0e9d07117995a", "name": "SSDEEP", "description": "", "modified": "2023-09-26T23:51:01.817000", "created": "2023-09-26T23:51:01.817000", "tags": [ "united", "as13335", "unknown", "search", "aaaa", "link", "accept encoding", "entries", "creation date", "record value", "date", "body", "cookie", "domain related", "showing", "maxage0", "colocation data", "maxage2592000", "acceptencoding", "centers", "powered shells", "sabey", "submission", "buildtosuit", "details links", "community", "join", "vt community", "api key", "virtual address", "virtual size", "raw size", "entropy", "sections", "functionality", "file type", "chi2", "contained", "us entropy", "ascii text", "rtmanifest", "rticon", "neutral", "sha256", "type rticon", "vhash", "imphash", "ssdeep", "win32 exe", "magic pe32", "ms windows", "intel", "trid generic", "cil executable", "mono" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "64de492643ea275c2b0e2eb9", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "URL": 37584, "domain": 58771, "email": 23, "hostname": 4995, "FileHash-SHA256": 3633, "FileHash-SHA1": 57, "CIDR": 14, "CVE": 4 }, "indicator_count": 105365, "is_author": false, "is_subscribing": null, "subscriber_count": 233, "modified_text": "976 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64de492643ea275c2b0e2eb9", "name": "Data Center", "description": "Tags:\ncve-2014-3931\nwise\ncve-2007-0943\ncve-2017-11882\nbobsoft\nbase64-embedded\ncve-2004-0566\ncve-2005-0233\ncontains-embedded-js\ncontains-elf\ncve-1999-0016\ncve-2017-1188\nattachment\ncve-2018-0802\nthemida\ncontains-pe\ncve-2018-0798\nupx\ncve-2016-0101", "modified": "2023-09-16T17:02:31.206000", "created": "2023-08-17T16:21:58.779000", "tags": [ "united", "as13335", "unknown", "search", "aaaa", "link", "accept encoding", "entries", "creation date", "record value", "date", "body", "cookie", "domain related", "showing", "maxage0", "colocation data", "maxage2592000", "acceptencoding", "centers", "powered shells", "sabey", "submission", "buildtosuit", "details links", "community", "join", "vt community", "api key", "virtual address", "virtual size", "raw size", "entropy", "sections", "functionality", "file type", "chi2", "contained", "us entropy", "ascii text", "rtmanifest", "rticon", "neutral", "sha256", "type rticon", "vhash", "imphash", "ssdeep", "win32 exe", "magic pe32", "ms windows", "intel", "trid generic", "cil executable", "mono" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "URL": 37584, "domain": 58771, "email": 23, "hostname": 4995, "FileHash-SHA256": 3633, "FileHash-SHA1": 57, "CIDR": 14, "CVE": 4 }, "indicator_count": 105365, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "987 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "647e46cde36f3b047c03f8db", "name": "IOC202306052234", "description": "", "modified": "2023-07-05T20:01:39.023000", "created": "2023-06-05T20:34:21.028000", "tags": [ "june", "seen", "track them", "all at", "chatgpt", "april", "march", "recent blog", "february", "lockbit", "smoke loader", "qbot", "predator", "emotet", "danabot", "gandcrab", "orcus rat", "icedid", "sodinokibi", "agent tesla", "ave maria", "gootkit", "cobalt strike", "dharma", "hawkeye", "trojan", "zloader", "formbook", "crimson rat", "trickbot", "nemty", "netwalker", "pony", "glupteba", "azorult", "dridex", "hancitor", "raccoon", "maze", "vidar", "ryuk ransomware", "guloader", "amadey", "adwind", "quasar rat", "troldesh", "rats", "remcos", "revenge", "ursnif", "cryptbot", "flawedammyy", "phobos", "august", "snake", "ryuk", "quasar", "netwire", "darkside", "redline", "asyncrat", "ransomware", "darkcomet", "wannacry", "nanocore", "lokibot", "orcus", "thief", "malware", "systembc", "powershell", "adwind rat", "squirrelwaffle", "redline stealer", "bitcoin", "open", "copy", "ukraine", "nanocore rat", "houdini", "revenge rat", "dyre", "first", "eternalblue", "fallout", "smokeloader", "dofoil", "macos", "predator pain", "revil", "wcry ransomware", "bladabindi", "teamviewer", "agenttesla", "belarus", "cobaltstrike", "hermes", "execution", "crimson", "crysis", "shadow", "njrat", "next", "loader", "malspam", "ransom", "mimikatz", "cloudeye", "hworm", "friendly", "napoleon", "qakbot", "click", "ammyy admin", "flawedammy", "andromut", "vawtrak", "windigo", "mailto", "kill", "desktop", "discord", "loki bot", "mars", "apart", "smokeldr", "racealer", "hunter", "psexec", "mega", "cve201711882", "maldoc", "dunihi", "jenxcus", "xtremerat", "poisonivy", "fareit", "siplog", "gozi", "egregor", "browserpassview", "mailpassview", "aggah", "virustotal", "pinkslipbot", "path", "chacha", "spelevo", "killswitch", "sockrat", "mexico", "alienspy", "chthonic", "aurora", "winrar", "bokbot", "ammyy", "servhelper", "neutrino", "angler", "chanitor", "teamspy", "axpergle", "nuclear", "cridex", "service", "scarimson", "sticky", "terdot", "zbot", "panda banker", "screen", "polish" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1220", "name": "XSL Script Processing", "display_name": "T1220 - XSL Script Processing" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 40, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlessandroFiori", "id": "91912", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 29, "FileHash-MD5": 307, "FileHash-SHA1": 268, "FileHash-SHA256": 1096, "CVE": 6, "domain": 265, "hostname": 246 }, "indicator_count": 2217, "is_author": false, "is_subscribing": null, "subscriber_count": 424, "modified_text": "1060 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "659c73db79d680af1c1c8f69", "name": "Data Center [Pulse curated by StreamMiningEx]", "description": "", "modified": "2024-01-08T22:14:51.330000", "created": "2024-01-08T22:14:51.330000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "6570a01137b1bcae30a77dfa", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 255, "FileHash-SHA256": 1129, "hostname": 1306, "domain": 14829, "FileHash-SHA1": 45, "URL": 9697, "email": 5, "CIDR": 3 }, "indicator_count": 27271, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "873 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a746daf9bcde6a5a80e9", "name": "SSDEEP", "description": "", "modified": "2023-12-06T16:54:27.604000", "created": "2023-12-06T16:54:27.604000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 255, "FileHash-SHA256": 1129, "hostname": 1306, "domain": 14829, "FileHash-SHA1": 45, "URL": 9697, "email": 5, "CIDR": 3 }, "indicator_count": 27271, "is_author": false, "is_subscribing": null, "subscriber_count": 112, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a01137b1bcae30a77dfa", "name": "Data Center", "description": "", "modified": "2023-12-06T16:23:45.285000", "created": "2023-12-06T16:23:45.285000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 255, "FileHash-SHA256": 1129, "hostname": 1306, "domain": 14829, "FileHash-SHA1": 45, "URL": 9697, "email": 5, "CIDR": 3 }, "indicator_count": 27271, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709c1a3462dae3a7d8714b", "name": "IOC202306052234", "description": "", "modified": "2023-12-06T16:06:50.890000", "created": "2023-12-06T16:06:50.890000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1096, "FileHash-MD5": 307, "FileHash-SHA1": 268, "domain": 265, "CVE": 6, "hostname": 246, "URL": 29 }, "indicator_count": 2217, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f1fa4726c7449f379d172", "name": "SSDEEP", "description": "", "modified": "2023-10-30T03:14:44.205000", "created": "2023-10-30T03:14:44.205000", "tags": [ "united", "as13335", "unknown", "search", "aaaa", "link", "accept encoding", "entries", "creation date", "record value", "date", "body", "cookie", "domain related", "showing", "maxage0", "colocation data", "maxage2592000", "acceptencoding", "centers", "powered shells", "sabey", "submission", "buildtosuit", "details links", "community", "join", "vt community", "api key", "virtual address", "virtual size", "raw size", "entropy", "sections", "functionality", "file type", "chi2", "contained", "us entropy", "ascii text", "rtmanifest", "rticon", "neutral", "sha256", "type rticon", "vhash", "imphash", "ssdeep", "win32 exe", "magic pe32", "ms windows", "intel", "trid generic", "cil executable", "mono" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65136e65a6a0e9d07117995a", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "URL": 37584, "domain": 58771, "email": 23, "hostname": 4995, "FileHash-SHA256": 3633, "FileHash-SHA1": 57, "CIDR": 14, "CVE": 4 }, "indicator_count": 105365, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "943 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65136e65a6a0e9d07117995a", "name": "SSDEEP", "description": "", "modified": "2023-09-26T23:51:01.817000", "created": "2023-09-26T23:51:01.817000", "tags": [ "united", "as13335", "unknown", "search", "aaaa", "link", "accept encoding", "entries", "creation date", "record value", "date", "body", "cookie", "domain related", "showing", "maxage0", "colocation data", "maxage2592000", "acceptencoding", "centers", "powered shells", "sabey", "submission", "buildtosuit", "details links", "community", "join", "vt community", "api key", "virtual address", "virtual size", "raw size", "entropy", "sections", "functionality", "file type", "chi2", "contained", "us entropy", "ascii text", "rtmanifest", "rticon", "neutral", "sha256", "type rticon", "vhash", "imphash", "ssdeep", "win32 exe", "magic pe32", "ms windows", "intel", "trid generic", "cil executable", "mono" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "64de492643ea275c2b0e2eb9", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "URL": 37584, "domain": 58771, "email": 23, "hostname": 4995, "FileHash-SHA256": 3633, "FileHash-SHA1": 57, "CIDR": 14, "CVE": 4 }, "indicator_count": 105365, "is_author": false, "is_subscribing": null, "subscriber_count": 233, "modified_text": "976 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64de492643ea275c2b0e2eb9", "name": "Data Center", "description": "Tags:\ncve-2014-3931\nwise\ncve-2007-0943\ncve-2017-11882\nbobsoft\nbase64-embedded\ncve-2004-0566\ncve-2005-0233\ncontains-embedded-js\ncontains-elf\ncve-1999-0016\ncve-2017-1188\nattachment\ncve-2018-0802\nthemida\ncontains-pe\ncve-2018-0798\nupx\ncve-2016-0101", "modified": "2023-09-16T17:02:31.206000", "created": "2023-08-17T16:21:58.779000", "tags": [ "united", "as13335", "unknown", "search", "aaaa", "link", "accept encoding", "entries", "creation date", "record value", "date", "body", "cookie", "domain related", "showing", "maxage0", "colocation data", "maxage2592000", "acceptencoding", "centers", "powered shells", "sabey", "submission", "buildtosuit", "details links", "community", "join", "vt community", "api key", "virtual address", "virtual size", "raw size", "entropy", "sections", "functionality", "file type", "chi2", "contained", "us entropy", "ascii text", "rtmanifest", "rticon", "neutral", "sha256", "type rticon", "vhash", "imphash", "ssdeep", "win32 exe", "magic pe32", "ms windows", "intel", "trid generic", "cil executable", "mono" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 284, "URL": 37584, "domain": 58771, "email": 23, "hostname": 4995, "FileHash-SHA256": 3633, "FileHash-SHA1": 57, "CIDR": 14, "CVE": 4 }, "indicator_count": 105365, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "987 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "647e46cde36f3b047c03f8db", "name": "IOC202306052234", "description": "", "modified": "2023-07-05T20:01:39.023000", "created": "2023-06-05T20:34:21.028000", "tags": [ "june", "seen", "track them", "all at", "chatgpt", "april", "march", "recent blog", "february", "lockbit", "smoke loader", "qbot", "predator", "emotet", "danabot", "gandcrab", "orcus rat", "icedid", "sodinokibi", "agent tesla", "ave maria", "gootkit", "cobalt strike", "dharma", "hawkeye", "trojan", "zloader", "formbook", "crimson rat", "trickbot", "nemty", "netwalker", "pony", "glupteba", "azorult", "dridex", "hancitor", "raccoon", "maze", "vidar", "ryuk ransomware", "guloader", "amadey", "adwind", "quasar rat", "troldesh", "rats", "remcos", "revenge", "ursnif", "cryptbot", "flawedammyy", "phobos", "august", "snake", "ryuk", "quasar", "netwire", "darkside", "redline", "asyncrat", "ransomware", "darkcomet", "wannacry", "nanocore", "lokibot", "orcus", "thief", "malware", "systembc", "powershell", "adwind rat", "squirrelwaffle", "redline stealer", "bitcoin", "open", "copy", "ukraine", "nanocore rat", "houdini", "revenge rat", "dyre", "first", "eternalblue", "fallout", "smokeloader", "dofoil", "macos", "predator pain", "revil", "wcry ransomware", "bladabindi", "teamviewer", "agenttesla", "belarus", "cobaltstrike", "hermes", "execution", "crimson", "crysis", "shadow", "njrat", "next", "loader", "malspam", "ransom", "mimikatz", "cloudeye", "hworm", "friendly", "napoleon", "qakbot", "click", "ammyy admin", "flawedammy", "andromut", "vawtrak", "windigo", "mailto", "kill", "desktop", "discord", "loki bot", "mars", "apart", "smokeldr", "racealer", "hunter", "psexec", "mega", "cve201711882", "maldoc", "dunihi", "jenxcus", "xtremerat", "poisonivy", "fareit", "siplog", "gozi", "egregor", "browserpassview", "mailpassview", "aggah", "virustotal", "pinkslipbot", "path", "chacha", "spelevo", "killswitch", "sockrat", "mexico", "alienspy", "chthonic", "aurora", "winrar", "bokbot", "ammyy", "servhelper", "neutrino", "angler", "chanitor", "teamspy", "axpergle", "nuclear", "cridex", "service", "scarimson", "sticky", "terdot", "zbot", "panda banker", "screen", "polish" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1220", "name": "XSL Script Processing", "display_name": "T1220 - XSL Script Processing" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 40, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlessandroFiori", "id": "91912", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 29, "FileHash-MD5": 307, "FileHash-SHA1": 268, "FileHash-SHA256": 1096, "CVE": 6, "domain": 265, "hostname": 246 }, "indicator_count": 2217, "is_author": false, "is_subscribing": null, "subscriber_count": 424, "modified_text": "1060 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "tpucdn.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "tpucdn.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780184984.2530289 }