{ "type": "Domain", "indicator": "vebrf.digital", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/vebrf.digital", "alexa": "http://www.alexa.com/siteinfo/vebrf.digital", "indicator": "vebrf.digital", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3436210906, "indicator": "vebrf.digital", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "6a0f8f3596d6a5268e168a10", "name": "One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign", "description": "A solo Russian-speaking threat actor tracked as 'bandcampro' operated a five-year MAGA-themed Telegram channel with approximately 17,000 subscribers, initially forwarding cryptocurrency scam content before pivoting to AI-automated operations in September 2025. The actor utilized jailbroken Google Gemini to generate QAnon-styled posts, deploy infrastructure, manage stolen API keys, and run credential theft operations targeting politically engaged American audiences. The campaign weaponized cultural alignment with QAnon and MAGA communities to facilitate cryptocurrency fraud rather than political influence. Through AI assistance, the actor cracked 29 WordPress admin credentials, infiltrated at least one company, deployed remote access trojans disguised as cryptocurrency wallets, and operated a gamified chatbot called 'QFS 2.0 Terminal'. The operation demonstrates how frontier AI systems enable scalable, low-cost cybercriminal activities by allowing a single actor to perform tasks traditionally requiring enti...", "modified": "2026-05-22T06:44:17.412000", "created": "2026-05-21T23:03:17.592000", "tags": [ "cryptocurrency fraud", "maga community", "credential theft", "wordpress compromise", "gotoresolve", "telegram channel", "qanon targeting", "information operation", "jailbroken gemini", "ai-assisted" ], "references": [ "https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html" ], "public": 1, "adversary": "bandcampro", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "GoToResolve", "display_name": "GoToResolve", "target": null } ], "attack_ids": [], "industries": [ "Finance", "Healthcare", "Defense", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "IPv4": 1, "domain": 7, "hostname": 8 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 386446, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a150c1d6047a8ea6a6d3b9a", "name": "IOC - One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign", "description": "", "modified": "2026-05-26T02:57:33.815000", "created": "2026-05-26T02:57:33.815000", "tags": [ "cryptocurrency fraud", "maga community", "credential theft", "wordpress compromise", "gotoresolve", "telegram channel", "qanon targeting", "information operation", "jailbroken gemini", "ai-assisted" ], "references": [ "https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html" ], "public": 1, "adversary": "bandcampro", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "GoToResolve", "display_name": "GoToResolve", "target": null } ], "attack_ids": [], "industries": [ "Finance", "Healthcare", "Defense", "Technology" ], "TLP": "white", "cloned_from": "6a0f8f3596d6a5268e168a10", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "IPv4": 1, "domain": 7, "hostname": 8 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "4 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a13ece08b7fbc4118f1fd2b", "name": "One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign", "description": "", "modified": "2026-05-25T06:32:00.807000", "created": "2026-05-25T06:32:00.807000", "tags": [ "cryptocurrency fraud", "maga community", "credential theft", "wordpress compromise", "gotoresolve", "telegram channel", "qanon targeting", "information operation", "jailbroken gemini", "ai-assisted" ], "references": [ "https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html" ], "public": 1, "adversary": "bandcampro", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "GoToResolve", "display_name": "GoToResolve", "target": null } ], "attack_ids": [], "industries": [ "Finance", "Healthcare", "Defense", "Technology" ], "TLP": "white", "cloned_from": "6a12846d21f34b9ba3f761b0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "IPv4": 1, "domain": 7, "hostname": 8 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "5 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a12fc685c724f6f873953e6", "name": "EbeeMay2026 Pt4", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-24T13:26:00.146000", "created": "2026-05-24T13:26:00.146000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "cve20232868 cve", "cve20231389 cve", "cve20214034 cve", "cve20213493 cve" ], "references": [ "IOCs-MAY2.csv" ], "public": 1, "adversary": "Deploy Shai-Hulud Clones, Banana RAT, P2Pinfect Kubernetes Compromise, TamperedChef", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 71, "URL": 59, "FileHash-MD5": 169, "FileHash-SHA1": 153, "FileHash-SHA256": 225, "CIDR": 1, "CVE": 29, "domain": 128, "hostname": 111 }, "indicator_count": 946, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a12944b909ab32efab2fa88", "name": "credit: Tr1sa111 [One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign CREATED 1 HOUR AGO by Tr1sa111 Public TLP: White] clone", "description": "", "modified": "2026-05-24T06:09:17.424000", "created": "2026-05-24T06:01:47.938000", "tags": [ "cryptocurrency fraud", "maga community", "credential theft", "wordpress compromise", "gotoresolve", "telegram channel", "qanon targeting", "information operation", "jailbroken gemini", "ai-assisted" ], "references": [ "https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html" ], "public": 1, "adversary": "bandcampro", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "GoToResolve", "display_name": "GoToResolve", "target": null } ], "attack_ids": [], "industries": [ "Finance", "Healthcare", "Defense", "Technology" ], "TLP": "white", "cloned_from": "6a12846d21f34b9ba3f761b0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "IPv4": 1, "domain": 7, "hostname": 9 }, "indicator_count": 20, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a12846d21f34b9ba3f761b0", "name": "One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign", "description": "", "modified": "2026-05-24T04:54:05.929000", "created": "2026-05-24T04:54:05.929000", "tags": [ "cryptocurrency fraud", "maga community", "credential theft", "wordpress compromise", "gotoresolve", "telegram channel", "qanon targeting", "information operation", "jailbroken gemini", "ai-assisted" ], "references": [ "https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html" ], "public": 1, "adversary": "bandcampro", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "GoToResolve", "display_name": "GoToResolve", "target": null } ], "attack_ids": [], "industries": [ "Finance", "Healthcare", "Defense", "Technology" ], "TLP": "white", "cloned_from": "6a0f8f3596d6a5268e168a10", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "IPv4": 1, "domain": 7, "hostname": 8 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626ccf1c7610be9c8ea76b42", "name": "NewDom-5-20220430", "description": "ICANN-Dom", "modified": "2022-06-14T00:00:05.659000", "created": "2022-04-30T05:54:36.320000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 202, "modified_text": "1446 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "references": [ "https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html", "IOCs-MAY2.csv" ], "related": { "alienvault": { "adversary": [ "bandcampro" ], "malware_families": [ "Gotoresolve" ], "industries": [ "Finance", "Defense", "Technology", "Healthcare" ] }, "other": { "adversary": [ "Deploy Shai-Hulud Clones, Banana RAT, P2Pinfect Kubernetes Compromise, TamperedChef", "bandcampro" ], "malware_families": [ "Gotoresolve" ], "industries": [ "Finance", "Defense", "Technology", "Healthcare" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "6a0f8f3596d6a5268e168a10", "name": "One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign", "description": "A solo Russian-speaking threat actor tracked as 'bandcampro' operated a five-year MAGA-themed Telegram channel with approximately 17,000 subscribers, initially forwarding cryptocurrency scam content before pivoting to AI-automated operations in September 2025. The actor utilized jailbroken Google Gemini to generate QAnon-styled posts, deploy infrastructure, manage stolen API keys, and run credential theft operations targeting politically engaged American audiences. The campaign weaponized cultural alignment with QAnon and MAGA communities to facilitate cryptocurrency fraud rather than political influence. Through AI assistance, the actor cracked 29 WordPress admin credentials, infiltrated at least one company, deployed remote access trojans disguised as cryptocurrency wallets, and operated a gamified chatbot called 'QFS 2.0 Terminal'. The operation demonstrates how frontier AI systems enable scalable, low-cost cybercriminal activities by allowing a single actor to perform tasks traditionally requiring enti...", "modified": "2026-05-22T06:44:17.412000", "created": "2026-05-21T23:03:17.592000", "tags": [ "cryptocurrency fraud", "maga community", "credential theft", "wordpress compromise", "gotoresolve", "telegram channel", "qanon targeting", "information operation", "jailbroken gemini", "ai-assisted" ], "references": [ "https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html" ], "public": 1, "adversary": "bandcampro", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "GoToResolve", "display_name": "GoToResolve", "target": null } ], "attack_ids": [], "industries": [ "Finance", "Healthcare", "Defense", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "IPv4": 1, "domain": 7, "hostname": 8 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 386446, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a150c1d6047a8ea6a6d3b9a", "name": "IOC - One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign", "description": "", "modified": "2026-05-26T02:57:33.815000", "created": "2026-05-26T02:57:33.815000", "tags": [ "cryptocurrency fraud", "maga community", "credential theft", "wordpress compromise", "gotoresolve", "telegram channel", "qanon targeting", "information operation", "jailbroken gemini", "ai-assisted" ], "references": [ "https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html" ], "public": 1, "adversary": "bandcampro", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "GoToResolve", "display_name": "GoToResolve", "target": null } ], "attack_ids": [], "industries": [ "Finance", "Healthcare", "Defense", "Technology" ], "TLP": "white", "cloned_from": "6a0f8f3596d6a5268e168a10", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "IPv4": 1, "domain": 7, "hostname": 8 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "4 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a13ece08b7fbc4118f1fd2b", "name": "One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign", "description": "", "modified": "2026-05-25T06:32:00.807000", "created": "2026-05-25T06:32:00.807000", "tags": [ "cryptocurrency fraud", "maga community", "credential theft", "wordpress compromise", "gotoresolve", "telegram channel", "qanon targeting", "information operation", "jailbroken gemini", "ai-assisted" ], "references": [ "https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html" ], "public": 1, "adversary": "bandcampro", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "GoToResolve", "display_name": "GoToResolve", "target": null } ], "attack_ids": [], "industries": [ "Finance", "Healthcare", "Defense", "Technology" ], "TLP": "white", "cloned_from": "6a12846d21f34b9ba3f761b0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "IPv4": 1, "domain": 7, "hostname": 8 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "5 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a12fc685c724f6f873953e6", "name": "EbeeMay2026 Pt4", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-24T13:26:00.146000", "created": "2026-05-24T13:26:00.146000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "cve20232868 cve", "cve20231389 cve", "cve20214034 cve", "cve20213493 cve" ], "references": [ "IOCs-MAY2.csv" ], "public": 1, "adversary": "Deploy Shai-Hulud Clones, Banana RAT, P2Pinfect Kubernetes Compromise, TamperedChef", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 71, "URL": 59, "FileHash-MD5": 169, "FileHash-SHA1": 153, "FileHash-SHA256": 225, "CIDR": 1, "CVE": 29, "domain": 128, "hostname": 111 }, "indicator_count": 946, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a12944b909ab32efab2fa88", "name": "credit: Tr1sa111 [One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign CREATED 1 HOUR AGO by Tr1sa111 Public TLP: White] clone", "description": "", "modified": "2026-05-24T06:09:17.424000", "created": "2026-05-24T06:01:47.938000", "tags": [ "cryptocurrency fraud", "maga community", "credential theft", "wordpress compromise", "gotoresolve", "telegram channel", "qanon targeting", "information operation", "jailbroken gemini", "ai-assisted" ], "references": [ "https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html" ], "public": 1, "adversary": "bandcampro", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "GoToResolve", "display_name": "GoToResolve", "target": null } ], "attack_ids": [], "industries": [ "Finance", "Healthcare", "Defense", "Technology" ], "TLP": "white", "cloned_from": "6a12846d21f34b9ba3f761b0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "IPv4": 1, "domain": 7, "hostname": 9 }, "indicator_count": 20, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a12846d21f34b9ba3f761b0", "name": "One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign", "description": "", "modified": "2026-05-24T04:54:05.929000", "created": "2026-05-24T04:54:05.929000", "tags": [ "cryptocurrency fraud", "maga community", "credential theft", "wordpress compromise", "gotoresolve", "telegram channel", "qanon targeting", "information operation", "jailbroken gemini", "ai-assisted" ], "references": [ "https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html" ], "public": 1, "adversary": "bandcampro", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "GoToResolve", "display_name": "GoToResolve", "target": null } ], "attack_ids": [], "industries": [ "Finance", "Healthcare", "Defense", "Technology" ], "TLP": "white", "cloned_from": "6a0f8f3596d6a5268e168a10", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "IPv4": 1, "domain": 7, "hostname": 8 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626ccf1c7610be9c8ea76b42", "name": "NewDom-5-20220430", "description": "ICANN-Dom", "modified": "2022-06-14T00:00:05.659000", "created": "2022-04-30T05:54:36.320000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 202, "modified_text": "1446 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "vebrf.digital", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "vebrf.digital", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780173589.9043174 }