{
"type": "Domain",
"indicator": "trinitypediatricsplano.com",
"general": {
"sections": [
"general",
"geo",
"url_list",
"passive_dns",
"malware",
"whois",
"http_scans"
],
"whois": "http://whois.domaintools.com/trinitypediatricsplano.com",
"alexa": "http://www.alexa.com/siteinfo/trinitypediatricsplano.com",
"indicator": "trinitypediatricsplano.com",
"type": "domain",
"type_title": "Domain",
"validation": [],
"base_indicator": {
"id": 3927836256,
"indicator": "trinitypediatricsplano.com",
"type": "domain",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 5,
"pulses": [
{
"id": "68b78d521f024d3a98fc79c8",
"name": "VT Graph miniuser - Databreach IOCs & Links",
"description": "Related to Pulse: Food for Thought (Updated 09.02.25)\n\n*Note most links are malicious",
"modified": "2025-10-03T00:01:12.616000",
"created": "2025-09-03T00:35:30.936000",
"tags": [
"kgs0",
"kls0",
"entity",
"UAlberta",
"University of Alberta",
"Hacked",
"DataBreach"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 132,
"FileHash-SHA1": 121,
"FileHash-SHA256": 711,
"URL": 83,
"domain": 50,
"hostname": 125
},
"indicator_count": 1222,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "243 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "67b109cbfbcc6f92c399b327",
"name": "UAlberta Breach Data - Food for thought - thoughts & input on how to 'bring some attention to this' (not enriched)",
"description": "Just thought I'd throw thisntogether and 'see what ya'll make of it' (documents a VT graph produced and slightly modified) that pulls a lot of things together. Highlights both 'some problems' - U of A / Gov. of AB (who are also some 'solutions'). \nIdeas on how to grab their attention and maybe bring some 'urgency' to this issue? I have a few solutions and ideas for everyone - problem: I require some folks to 'do their jobs' (there is not 10 of me). Thoughts on how to encourage them to act on these problems. Present status: Connected directly to them on other devices. Within literal 5 min walking range.",
"modified": "2025-05-27T07:01:17.646000",
"created": "2025-02-15T21:40:27.895000",
"tags": [
"kgs0",
"kls0"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Healthcare",
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 5,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 215,
"FileHash-SHA1": 193,
"FileHash-SHA256": 1302,
"URL": 166,
"domain": 100,
"hostname": 234
},
"indicator_count": 2210,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 131,
"modified_text": "371 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "678ccc91c5648de42af0d6ee",
"name": "horselakefn[.]ca - Tc Energy, Duncan, Sturgeon Lake [& WCTC] & Treaty 6, 7, 8 & sac-isc[.]gc[.]ca -02.02.25 - quick look incomplete",
"description": "Taking a quick look at HLFNA of WCTC & T8FNA, it apppears they along as Treaty 6 & 7 Territory (and the Alberta Regional Office for the Alberta Branch of the Government of Canada) has been hacked/breached",
"modified": "2025-05-23T19:00:25.262000",
"created": "2025-01-19T09:57:37.497000",
"tags": [
"entity"
],
"references": [
"https://www.virustotal.com/graph/embed/gd7c52fa412654cc5b239a064a9891ffeba51cfdfcfa84bf291f2745751c6a686?theme=dark",
"https://www.virustotal.com/gui/collection/86de79c78794e2b83f5410218f1d7231b0e5acd7bd4f124186ed72d0817d6405",
"https://www.virustotal.com/gui/collection/d176151d51c4e95353544d4c6540cdfdc49d324b47fd3eb532cbe30bcaa46792",
"https://www.hybrid-analysis.com/sample/05af1781c1b97b7fff85d8eab5072f1fe4e6a7f6bc754c35d1d527f7ef3005c6/68093fa41e226b739d0d401b",
"https://www.hybrid-analysis.com/sample/05af1781c1b97b7fff85d8eab5072f1fe4e6a7f6bc754c35d1d527f7ef3005c6",
"https://www.filescan.io/uploads/68093f78218c4a98adde3f92/reports/7e5be6b9-0d5e-4a3b-bb19-4f72974b4207/overview"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Education",
"Healthcare",
"Agriculture",
"Chemical",
"Finance",
"Transportation"
],
"TLP": "white",
"cloned_from": null,
"export_count": 14,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 4977,
"FileHash-MD5": 197,
"FileHash-SHA1": 197,
"FileHash-SHA256": 2846,
"domain": 2655,
"hostname": 4019,
"CVE": 1,
"SSLCertFingerprint": 3,
"email": 4
},
"indicator_count": 14899,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 132,
"modified_text": "375 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "66ad3b7e51c055d13305ad52",
"name": "treaty8[.]ca",
"description": "Just another piece of the puzzle taking a look into",
"modified": "2025-05-01T18:07:16.953000",
"created": "2024-08-02T20:03:10.879000",
"tags": [
"UAlberta"
],
"references": [
"https://www.virustotal.com/graph/embed/g09343c2567844f43815e5e7198b28eb74ca71bfaba5244dc893156114c5943aa?theme=dark",
"https://www.virustotal.com/gui/collection/b7ddbd785698a00d83ce3711c842493267d0b3b2ddb261d56fa5f759303c6ba8",
"https://www.virustotal.com/gui/collection/b7ddbd785698a00d83ce3711c842493267d0b3b2ddb261d56fa5f759303c6ba8/iocs",
"https://www.virustotal.com/gui/collection/b7ddbd785698a00d83ce3711c842493267d0b3b2ddb261d56fa5f759303c6ba8/graph",
"",
"08.04.24: https://www.virustotal.com/graph/embed/gedfb3ae24ffe4a7e84ec983d5d39604f042c7d4571fe4ba98f8db7a1cb564f77?theme=dark"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Government",
"Healthcare",
"Telecommunications"
],
"TLP": "white",
"cloned_from": null,
"export_count": 14,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 211,
"FileHash-MD5": 17,
"FileHash-SHA1": 17,
"FileHash-SHA256": 50,
"hostname": 114,
"URL": 177,
"CVE": 8,
"email": 76
},
"indicator_count": 670,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "397 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6647908c09468f42bc1249f1",
"name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution",
"description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com",
"modified": "2025-03-01T04:59:57.222000",
"created": "2024-05-17T17:14:52.317000",
"tags": [
"false",
"true",
"visible",
"application",
"microsoft teams",
"microsoft azure",
"office",
"service",
"dynamics",
"hidden",
"android",
"explorer",
"write",
"connector",
"test",
"sharepoint",
"live",
"meister",
"tools",
"desktop",
"spark",
"front",
"enterprise",
"designer",
"atlas",
"premium",
"assistant",
"allow",
"azureadmyorg",
"game",
"verify",
"microsoft power",
"channelsurfcli",
"mtd1",
"file transfer",
"magnus",
"microsoft crm",
"youth"
],
"references": [
"All - EnterpriseAppsList.csv",
"AppRegistrationList.csv",
"https://tria.ge/240517-vc7c1shc62/behavioral1",
"https://tria.ge/240517-vdwb5shc71/behavioral1",
"https://tria.ge/240517-vqxezaaa33/behavioral1",
"https://tria.ge/240517-t9pc2ahb2t",
"https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark",
"https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs",
"https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph",
"https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary",
"https://www.filescan.io/uploads/66479b483313f70f0afe3dbb",
"https://www.filescan.io/uploads/664799c9d5c40bffee6106d7",
"Thor Scan: S-I9VvMTB6cZU",
"https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview",
"https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview",
"https://imp0rtp3.wordpress.com/2021/08/12/tetris/",
"https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview",
"https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview",
"https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview",
"https://tria.ge/240521-q4s79agb25/static1",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093",
"https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview",
"https://www.filescan.io/uploads/666d69ff6b8dba248b414767",
"https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3",
"https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b",
"Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2",
"https://www.hudsonrock.com/search?domain=ualberta.ca",
"https://www.criminalip.io/domain/report?scan_id=13798622",
"https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24",
"https://urlscan.io/search/#ualberta.ca",
"https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs",
"https://sitereport.netcraft.com/?url=http://ualberta.ca",
"https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/",
"https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll",
"https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark",
"https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22",
"https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22",
"https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22",
"https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Technology",
"Healthcare",
"Telecommunications",
"Government"
],
"TLP": "white",
"cloned_from": null,
"export_count": 25,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 7,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 1703,
"FileHash-SHA256": 90472,
"URL": 99185,
"domain": 82954,
"hostname": 39041,
"FileHash-SHA1": 1624,
"email": 4658,
"CVE": 12
},
"indicator_count": 319649,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 140,
"modified_text": "458 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
}
],
"references": [
"",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be",
"https://tria.ge/240517-t9pc2ahb2t",
"https://tria.ge/240517-vqxezaaa33/behavioral1",
"https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview",
"https://www.filescan.io/uploads/666d69ff6b8dba248b414767",
"https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll",
"https://www.virustotal.com/gui/collection/86de79c78794e2b83f5410218f1d7231b0e5acd7bd4f124186ed72d0817d6405",
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe",
"https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview",
"https://www.hybrid-analysis.com/sample/05af1781c1b97b7fff85d8eab5072f1fe4e6a7f6bc754c35d1d527f7ef3005c6/68093fa41e226b739d0d401b",
"",
"https://tria.ge/240517-vdwb5shc71/behavioral1",
"AppRegistrationList.csv",
"https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2",
"https://www.virustotal.com/gui/collection/b7ddbd785698a00d83ce3711c842493267d0b3b2ddb261d56fa5f759303c6ba8",
"https://www.hudsonrock.com/search?domain=ualberta.ca",
"https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"https://www.criminalip.io/domain/report?scan_id=13798622",
"https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs",
"https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark",
"https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview",
"Thor Scan: S-I9VvMTB6cZU",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List",
"https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/",
"https://www.filescan.io/uploads/664799c9d5c40bffee6106d7",
"https://urlscan.io/search/#ualberta.ca",
"All - EnterpriseAppsList.csv",
"https://www.filescan.io/uploads/68093f78218c4a98adde3f92/reports/7e5be6b9-0d5e-4a3b-bb19-4f72974b4207/overview",
"https://www.hybrid-analysis.com/sample/05af1781c1b97b7fff85d8eab5072f1fe4e6a7f6bc754c35d1d527f7ef3005c6",
"https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview",
"https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs",
"https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview",
"https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph",
"https://tria.ge/240521-q4s79agb25/static1",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6",
"https://www.filescan.io/uploads/66479b483313f70f0afe3dbb",
"https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22",
"https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22",
"https://www.virustotal.com/graph/embed/g09343c2567844f43815e5e7198b28eb74ca71bfaba5244dc893156114c5943aa?theme=dark",
"https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark",
"https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22",
"08.04.24: https://www.virustotal.com/graph/embed/gedfb3ae24ffe4a7e84ec983d5d39604f042c7d4571fe4ba98f8db7a1cb564f77?theme=dark",
"https://www.virustotal.com/gui/collection/d176151d51c4e95353544d4c6540cdfdc49d324b47fd3eb532cbe30bcaa46792",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b",
"https://tria.ge/240517-vc7c1shc62/behavioral1",
"https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24",
"https://www.virustotal.com/graph/embed/gd7c52fa412654cc5b239a064a9891ffeba51cfdfcfa84bf291f2745751c6a686?theme=dark",
"https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22",
"https://imp0rtp3.wordpress.com/2021/08/12/tetris/",
"https://www.virustotal.com/gui/collection/b7ddbd785698a00d83ce3711c842493267d0b3b2ddb261d56fa5f759303c6ba8/iocs",
"https://www.virustotal.com/gui/collection/b7ddbd785698a00d83ce3711c842493267d0b3b2ddb261d56fa5f759303c6ba8/graph",
"https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3",
"https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview",
"https://sitereport.netcraft.com/?url=http://ualberta.ca",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093",
"Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****"
],
"related": {
"alienvault": {
"adversary": [],
"malware_families": [],
"industries": []
},
"other": {
"adversary": [],
"malware_families": [],
"industries": [
"Telecommunications",
"Finance",
"Technology",
"Transportation",
"Healthcare",
"Education",
"Government",
"Agriculture",
"Chemical"
]
}
}
},
"false_positive": []
},
"geo": {},
"geo_ipapicom": {},
"pulse_count": 5,
"pulses": [
{
"id": "68b78d521f024d3a98fc79c8",
"name": "VT Graph miniuser - Databreach IOCs & Links",
"description": "Related to Pulse: Food for Thought (Updated 09.02.25)\n\n*Note most links are malicious",
"modified": "2025-10-03T00:01:12.616000",
"created": "2025-09-03T00:35:30.936000",
"tags": [
"kgs0",
"kls0",
"entity",
"UAlberta",
"University of Alberta",
"Hacked",
"DataBreach"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 132,
"FileHash-SHA1": 121,
"FileHash-SHA256": 711,
"URL": 83,
"domain": 50,
"hostname": 125
},
"indicator_count": 1222,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "243 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "67b109cbfbcc6f92c399b327",
"name": "UAlberta Breach Data - Food for thought - thoughts & input on how to 'bring some attention to this' (not enriched)",
"description": "Just thought I'd throw thisntogether and 'see what ya'll make of it' (documents a VT graph produced and slightly modified) that pulls a lot of things together. Highlights both 'some problems' - U of A / Gov. of AB (who are also some 'solutions'). \nIdeas on how to grab their attention and maybe bring some 'urgency' to this issue? I have a few solutions and ideas for everyone - problem: I require some folks to 'do their jobs' (there is not 10 of me). Thoughts on how to encourage them to act on these problems. Present status: Connected directly to them on other devices. Within literal 5 min walking range.",
"modified": "2025-05-27T07:01:17.646000",
"created": "2025-02-15T21:40:27.895000",
"tags": [
"kgs0",
"kls0"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Healthcare",
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 5,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 215,
"FileHash-SHA1": 193,
"FileHash-SHA256": 1302,
"URL": 166,
"domain": 100,
"hostname": 234
},
"indicator_count": 2210,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 131,
"modified_text": "371 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "678ccc91c5648de42af0d6ee",
"name": "horselakefn[.]ca - Tc Energy, Duncan, Sturgeon Lake [& WCTC] & Treaty 6, 7, 8 & sac-isc[.]gc[.]ca -02.02.25 - quick look incomplete",
"description": "Taking a quick look at HLFNA of WCTC & T8FNA, it apppears they along as Treaty 6 & 7 Territory (and the Alberta Regional Office for the Alberta Branch of the Government of Canada) has been hacked/breached",
"modified": "2025-05-23T19:00:25.262000",
"created": "2025-01-19T09:57:37.497000",
"tags": [
"entity"
],
"references": [
"https://www.virustotal.com/graph/embed/gd7c52fa412654cc5b239a064a9891ffeba51cfdfcfa84bf291f2745751c6a686?theme=dark",
"https://www.virustotal.com/gui/collection/86de79c78794e2b83f5410218f1d7231b0e5acd7bd4f124186ed72d0817d6405",
"https://www.virustotal.com/gui/collection/d176151d51c4e95353544d4c6540cdfdc49d324b47fd3eb532cbe30bcaa46792",
"https://www.hybrid-analysis.com/sample/05af1781c1b97b7fff85d8eab5072f1fe4e6a7f6bc754c35d1d527f7ef3005c6/68093fa41e226b739d0d401b",
"https://www.hybrid-analysis.com/sample/05af1781c1b97b7fff85d8eab5072f1fe4e6a7f6bc754c35d1d527f7ef3005c6",
"https://www.filescan.io/uploads/68093f78218c4a98adde3f92/reports/7e5be6b9-0d5e-4a3b-bb19-4f72974b4207/overview"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Education",
"Healthcare",
"Agriculture",
"Chemical",
"Finance",
"Transportation"
],
"TLP": "white",
"cloned_from": null,
"export_count": 14,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 4977,
"FileHash-MD5": 197,
"FileHash-SHA1": 197,
"FileHash-SHA256": 2846,
"domain": 2655,
"hostname": 4019,
"CVE": 1,
"SSLCertFingerprint": 3,
"email": 4
},
"indicator_count": 14899,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 132,
"modified_text": "375 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "66ad3b7e51c055d13305ad52",
"name": "treaty8[.]ca",
"description": "Just another piece of the puzzle taking a look into",
"modified": "2025-05-01T18:07:16.953000",
"created": "2024-08-02T20:03:10.879000",
"tags": [
"UAlberta"
],
"references": [
"https://www.virustotal.com/graph/embed/g09343c2567844f43815e5e7198b28eb74ca71bfaba5244dc893156114c5943aa?theme=dark",
"https://www.virustotal.com/gui/collection/b7ddbd785698a00d83ce3711c842493267d0b3b2ddb261d56fa5f759303c6ba8",
"https://www.virustotal.com/gui/collection/b7ddbd785698a00d83ce3711c842493267d0b3b2ddb261d56fa5f759303c6ba8/iocs",
"https://www.virustotal.com/gui/collection/b7ddbd785698a00d83ce3711c842493267d0b3b2ddb261d56fa5f759303c6ba8/graph",
"",
"08.04.24: https://www.virustotal.com/graph/embed/gedfb3ae24ffe4a7e84ec983d5d39604f042c7d4571fe4ba98f8db7a1cb564f77?theme=dark"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Government",
"Healthcare",
"Telecommunications"
],
"TLP": "white",
"cloned_from": null,
"export_count": 14,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 211,
"FileHash-MD5": 17,
"FileHash-SHA1": 17,
"FileHash-SHA256": 50,
"hostname": 114,
"URL": 177,
"CVE": 8,
"email": 76
},
"indicator_count": 670,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "397 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6647908c09468f42bc1249f1",
"name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution",
"description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com",
"modified": "2025-03-01T04:59:57.222000",
"created": "2024-05-17T17:14:52.317000",
"tags": [
"false",
"true",
"visible",
"application",
"microsoft teams",
"microsoft azure",
"office",
"service",
"dynamics",
"hidden",
"android",
"explorer",
"write",
"connector",
"test",
"sharepoint",
"live",
"meister",
"tools",
"desktop",
"spark",
"front",
"enterprise",
"designer",
"atlas",
"premium",
"assistant",
"allow",
"azureadmyorg",
"game",
"verify",
"microsoft power",
"channelsurfcli",
"mtd1",
"file transfer",
"magnus",
"microsoft crm",
"youth"
],
"references": [
"All - EnterpriseAppsList.csv",
"AppRegistrationList.csv",
"https://tria.ge/240517-vc7c1shc62/behavioral1",
"https://tria.ge/240517-vdwb5shc71/behavioral1",
"https://tria.ge/240517-vqxezaaa33/behavioral1",
"https://tria.ge/240517-t9pc2ahb2t",
"https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark",
"https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs",
"https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph",
"https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary",
"https://www.filescan.io/uploads/66479b483313f70f0afe3dbb",
"https://www.filescan.io/uploads/664799c9d5c40bffee6106d7",
"Thor Scan: S-I9VvMTB6cZU",
"https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview",
"https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview",
"https://imp0rtp3.wordpress.com/2021/08/12/tetris/",
"https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview",
"https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview",
"https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview",
"https://tria.ge/240521-q4s79agb25/static1",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093",
"https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview",
"https://www.filescan.io/uploads/666d69ff6b8dba248b414767",
"https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3",
"https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b",
"Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2",
"https://www.hudsonrock.com/search?domain=ualberta.ca",
"https://www.criminalip.io/domain/report?scan_id=13798622",
"https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24",
"https://urlscan.io/search/#ualberta.ca",
"https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs",
"https://sitereport.netcraft.com/?url=http://ualberta.ca",
"https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/",
"https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll",
"https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark",
"https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22",
"https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22",
"https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22",
"https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22",
"https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Technology",
"Healthcare",
"Telecommunications",
"Government"
],
"TLP": "white",
"cloned_from": null,
"export_count": 25,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 7,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 1703,
"FileHash-SHA256": 90472,
"URL": 99185,
"domain": 82954,
"hostname": 39041,
"FileHash-SHA1": 1624,
"email": 4658,
"CVE": 12
},
"indicator_count": 319649,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 140,
"modified_text": "458 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
}
],
"error": null,
"vt": {
"error": "VirusTotal rate limit reached. Try again shortly.",
"indicator": "trinitypediatricsplano.com",
"type": "Domain"
},
"abuseipdb": null,
"urlhaus": {
"indicator": "trinitypediatricsplano.com",
"found": false,
"verdict": "clean",
"urls": [],
"error": null
},
"from_cache": true,
"_cached_at": 1780454534.4316213
}