{ "type": "Domain", "indicator": "zipansion.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/zipansion.com", "alexa": "http://www.alexa.com/siteinfo/zipansion.com", "indicator": "zipansion.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 1342996399, "indicator": "zipansion.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 50, "pulses": [ { "id": "69fd7c8b6a50e874aa6014c6", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:51.295000", "created": "2026-05-08T06:02:51.295000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c8a581c71ee4bcd7a00", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:50.534000", "created": "2026-05-08T06:02:50.534000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c8901f357b10d9f605a", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:49.354000", "created": "2026-05-08T06:02:49.354000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c878493ff5e9aaacf51", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:47.687000", "created": "2026-05-08T06:02:47.687000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c846a50e874aa6014c5", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:44.672000", "created": "2026-05-08T06:02:44.672000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c8330ebba9c3a9756b5", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:43.493000", "created": "2026-05-08T06:02:43.493000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c5a3c1d0e3dfa82dcc0", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:02.276000", "created": "2026-05-08T06:02:02.276000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c596fb7b0c2c3e7c26f", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:01.820000", "created": "2026-05-08T06:02:01.820000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c59c81d461876bc3313", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:01.178000", "created": "2026-05-08T06:02:01.178000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c541ec030a1fe8e53e3", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:01:56.225000", "created": "2026-05-08T06:01:56.225000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c52830a76e0bb57ebd2", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:01:54.747000", "created": "2026-05-08T06:01:54.747000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c3428a4db6bab37d25c", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:01:24.679000", "created": "2026-05-08T06:01:24.679000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c2c7ee28ed714b5b453", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:01:16.471000", "created": "2026-05-08T06:01:16.471000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c2bd284d3abf1eae70d", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:01:15.607000", "created": "2026-05-08T06:01:15.607000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c2a3e8ddab59f7f11a9", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:01:14.359000", "created": "2026-05-08T06:01:14.359000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c29c5e889148983b39f", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:01:13.500000", "created": "2026-05-08T06:01:13.500000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c28b991a3b45690a32c", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:01:12.439000", "created": "2026-05-08T06:01:12.439000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "61e306bc207e609c32905110", "name": "W32.Injector - Malware Domain Feed V2", "description": "Command and Control domains for W32.Injector. These domains are extracted from a number of sources, and are suspicious.", "modified": "2025-11-07T13:33:26.035000", "created": "2022-01-15T17:39:08.391000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo", "id": "78495", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "hostname": 2 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 1082, "modified_text": "205 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "61e30f2b3c8b92cd88975a88", "name": "W32.Injector - Malware Domain Feed V2", "description": "Command and Control domains for W32.Injector. These domains are extracted from a number of sources, and are suspicious.", "modified": "2025-11-07T08:44:32.995000", "created": "2022-01-15T18:15:07.717000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 291, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo_testing", "id": "83138", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "hostname": 3 }, "indicator_count": 4, "is_author": false, "is_subscribing": null, "subscriber_count": 570, "modified_text": "205 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5e96b9f95a61016dc8f12b1a", "name": "Win32.Rustock - Malware Domain Feed V2", "description": "Command and Control domains for Win32.Rustock. These domains are extracted from a number of sources, and are suspicious.", "modified": "2025-05-17T18:21:06.894000", "created": "2020-04-15T07:38:33.211000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo", "id": "78495", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 36, "domain": 7 }, "indicator_count": 43, "is_author": false, "is_subscribing": null, "subscriber_count": 1085, "modified_text": "379 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5efcfe23e6ce5dae63ad728f", "name": "Win32.Rustock - Malware Domain Feed V2", "description": "Command and Control domains for Win32.Rustock. These domains are extracted from a number of sources, and are suspicious.", "modified": "2025-05-17T14:27:29.319000", "created": "2020-07-01T21:20:35.604000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo_testing", "id": "83138", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 41, "domain": 6 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 571, "modified_text": "379 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6746eae02e409b017dfc3446", "name": "test", "description": "", "modified": "2024-11-27T09:49:56.893000", "created": "2024-11-27T09:48:16.350000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e72e166ce385bcf6a190", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7079 }, "indicator_count": 12733, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746eada877212ce963923c4", "name": "test", "description": "", "modified": "2024-11-27T09:48:10.379000", "created": "2024-11-27T09:48:10.379000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e72e166ce385bcf6a190", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e72e166ce385bcf6a190", "name": "test", "description": "", "modified": "2024-11-27T09:32:30.359000", "created": "2024-11-27T09:32:30.359000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e72528402d5f2b560f94", "name": "test", "description": "", "modified": "2024-11-27T09:32:21.842000", "created": "2024-11-27T09:32:21.842000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6f7e75b22b226428b54", "name": "test", "description": "", "modified": "2024-11-27T09:31:35.510000", "created": "2024-11-27T09:31:35.510000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 29, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6f777858514fd47721b", "name": "test", "description": "", "modified": "2024-11-27T09:31:35.336000", "created": "2024-11-27T09:31:35.336000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 29, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6f6008916b47ddecc1b", "name": "test", "description": "", "modified": "2024-11-27T09:31:34.682000", "created": "2024-11-27T09:31:34.682000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 29, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6f69c42d60283e9aa0f", "name": "test", "description": "", "modified": "2024-11-27T09:31:34.344000", "created": "2024-11-27T09:31:34.344000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 29, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6f4be000f79eef564e0", "name": "test", "description": "", "modified": "2024-11-27T09:31:32.861000", "created": "2024-11-27T09:31:32.861000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 29, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6f4e35efa94cb40610d", "name": "test", "description": "", "modified": "2024-11-27T09:31:32.732000", "created": "2024-11-27T09:31:32.732000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 29, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6f4050558d7149be4f8", "name": "test", "description": "", "modified": "2024-11-27T09:31:32.526000", "created": "2024-11-27T09:31:32.526000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6f4dfcc3c6e3abf71e3", "name": "test", "description": "", "modified": "2024-11-27T09:31:32.026000", "created": "2024-11-27T09:31:32.026000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6f1b272922f8975813f", "name": "test", "description": "", "modified": "2024-11-27T09:31:29.591000", "created": "2024-11-27T09:31:29.591000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6e2bc0c6a3bca869f4e", "name": "test", "description": "", "modified": "2024-11-27T09:31:14.131000", "created": "2024-11-27T09:31:14.131000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6d7cdf7772c62155cc7", "name": "test", "description": "", "modified": "2024-11-27T09:31:03.357000", "created": "2024-11-27T09:31:03.357000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6d634e8a45dcfcc52a1", "name": "test", "description": "", "modified": "2024-11-27T09:31:02.497000", "created": "2024-11-27T09:31:02.497000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6d5d0add372df82b9ce", "name": "test", "description": "", "modified": "2024-11-27T09:31:01.001000", "created": "2024-11-27T09:31:01.001000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6d4b38ef8a4f5dbd3fb", "name": "test", "description": "", "modified": "2024-11-27T09:31:00.510000", "created": "2024-11-27T09:31:00.510000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6d311db88d04259103f", "name": "test", "description": "", "modified": "2024-11-27T09:30:59.961000", "created": "2024-11-27T09:30:59.961000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6d386c7f4be942bd878", "name": "test", "description": "", "modified": "2024-11-27T09:30:59.831000", "created": "2024-11-27T09:30:59.831000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6d16bc55ef32a6d3ad1", "name": "test", "description": "", "modified": "2024-11-27T09:30:57.742000", "created": "2024-11-27T09:30:57.742000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6746e6cffe9312f50b94ab69", "name": "test", "description": "", "modified": "2024-11-27T09:30:55.961000", "created": "2024-11-27T09:30:55.961000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6503e2757924cd9f6f7a9611", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "testivk1", "id": "218690", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "66d912c0ef3c0720da1d72a0", "name": "Babax Stealer Ransomware - maxfehlinger.de- autodesk,com", "description": "Babax Stealer Ransomware and Samas Ransom Malware CnC Beacon. Remote system access, remote desktop, injection, ransomware, CnC Beacon found in both highly trusted and unsafe enterprises. Interesting strings. Initially found several months ago in 'high profile' breaches and systems. Another user discovered a single malicious 'AnyDesk Backdoor' link. Further research showed significant pattern matches. \nI posted my own Any.Desk Pulse after exploring from users single hash. I was surprised to find now whitelisted link [boot.net.anydesk.com] was removed from my and other pulses after an unknown modification.", "modified": "2024-10-05T00:03:06.235000", "created": "2024-09-05T02:09:04.339000", "tags": [ "all scoreblue", "pdf report", "injection", "malware", "ransomware", "maxfehlinger.de", "privacy badger", "swipper", "pegasystems", "crowdstrike", "autodesk.com", "autocad", "endgame", "crowdstrike.com", "write c", "delete c", "ascii text", "json", "as15169", "lredmond", "stwa", "write", "samas", "dynamicloader", "attempts", "contacted", "high security", "dynamic", "high", "t1063", "samas ransom", "cnc beacon", "stack pivoting", "discovery", "cloud provider", "reverse dns", "dublin", "ireland asn", "as16509", "dns resolutions", "pulses none", "related tags", "none indicator", "create c", "read c", "delete", "dock", "execution", "xport", "msie", "windows nt", "wow64", "slcc2", "media center", "memcommit", "code", "pecompact", "packer", "delphi", "persistence", "settingswpad", "moved", "gmt content", "0 report", "sea alt", "certificate", "passive dns", "server response", "google safe", "results aug", "avast avg", "ids", "showing", "click", "phishing", "remote access", "social engineering", "software", "tunneling", "yara", "united states", "service", "bot", "remote desktop", "relay", "loading captcha", "secure all" ], "references": [ "Samas Ransom - maxfehlinger.de, autodesk, #file #hash , 104.21.14.163 (CDN) 172.67.160.10 (CDN)", "Any.Desk Pulse . Cites ATOAlienVault for hash: https://otx.alienvault.com/pulse/66d4c125ad61ee5577639a2d", ".NET Framework Error: https://otx.alienvault.com/otxapi/indicators/file/screenshot/089aa13becf38d8bc289b24f6844f6ab2ebfe8d7ea0836bb8d5a616ebca9a3cc", "Win.Packed.Msilperseus-9956591-0: FileHash-SHA256 2a2607260abf7f5bf4dd121b4dc758e7106668bb974c9f5977bf665d46063b1f", "Alerts: procmem_yara injection_inter_process ransomware_file_modifications stack_pivot stealth_file cape_detected_threat", "Alerts: antiav_detectfile antiav_detectreg modify_proxy cape_extracted_content infostealer_cookies recon_fingerprint suricata_alert", "Yara Detections DotNET_Reactor : \"DynamicLoader\" : \"ADVAPI32.dll/CreateRestrictedToken\"", "Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI)\u00bb 192.168.122.24 \u00abto\u00bb 172.64.41.3 Suspicious Activity DNS Query", "Samas Ransom CnC Beacon \u00bb Source: 192.168.122.24 Destination\u00bb 104.117.233.215 = \tMalware Beacon Samas", "Domains Contacted and Whitelisted: accounts.google.com | 142.250.147.84 | js.monitor.azure.com | 13.107.213.44 | clients2.googleusercontent.com\t142.251.9.132 Whitelisted\tchrome.cloudflare-dns.com", "PE Anomalies: checksum_header_zero ep_weird_location | Interesting Strings: https://api.ipify.org", "Win.Malware.Trojanx-9862538-0: FileHash-SHA256 f6b1e4c7c5d3e08828599fb7b268cac6444b3b750c0af81059d906b692a20ddd", "IDS Detections Samas Ransom CnC Beacon Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SN)", "Generickdz - Yara Detections: aPLib , PECompact_2xx , pecompact2 , PECompactv2xx , Delphi", "Generickdz - Yara Detections: PECompact2xxBitSumTechnologies , PECompactV2XBitsumTechnologies ,", "TrojanX Alerts: terminates_remote_process injection_rwx: modify_proxy infostealer_cookies recon_fingerprint", "TrojanX Alerts: procmem_yara injection_inter_process stack_pivot stealth_file antiav_detectfile antiav_detectreg createtool", "TrojanX Alerts: cape_extracted_content recon_fingerprint suricata_alert help32snapshot_module_enumeration", "TrojanX Alerts: anomalous_deletefile antisandbox_sleep dead_connect dynamic_function_loading ipc_namedpipe powershell_download", "Generickdz: https://otx.alienvault.com/otxapi/indicators/file/screenshot/233e5b27962a141061eff04ae07699d1a2faa8d47077a2da31770a5f59327ee3", "ALF:Ransom:Win32/Babax.SG!MTB - Yara Detections: MAL_Unknown_PWDumper_Apr18_3 , EnigmaProtector , Delphi", "ALF:Ransom:Win32/Babax.SG!MTB - Alerts: procmem_yara injection_inter_process stack_pivot stealth_file antiav_detectfile", "ALF:Ransom:Win32/Babax.SG!MTB - Alerts: cape_extracted_content infostealer_cookies recon_fingerprint suricata_alert", "ALF:Ransom:Win32/Babax.SG!MTB: 34.241.182.209 Reverse DNS ec2-34-241-182-209.eu-west-1.compute.amazonaws.com | edge-irl1.demdex.net", "Razy-Yara Detections: SUSP_Imphash_Mar23_3 , UPX", "Yara Detections: ConventionEngine_Keyword_Bot ConventionEngine_Keyword_Bot bot BoT Bot bOt RSDS_T~!F,ah\u0001C:\\Buildbot\\ad-windows-32\\build\\release\\app-32\\win_loader\\AnyDesk.pdb", "CDN 104.21.14.163-Associated: URL's: http://resources.mini-box.com/online/MBD-mini2440 NEC3.5 kit/mini2440-ARM9-Board-with-NEC3.5-kit-android.pdf", "CDN 104.21.14.163:-Associated: URL's: http://light.80371024.workers.dev/", "Microsoft Ignite: https://otx.alienvault.com/otxapi/indicators/file/screenshot/2a2607260abf7f5bf4dd121b4dc758e7106668bb974c9f5977bf665d46063b1f", "Merits further research: boot.net.anydesk.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Razy-9859339-0", "display_name": "Win.Malware.Razy-9859339-0", "target": null }, { "id": "Win.Malware.Trojanx-9862538-0", "display_name": "Win.Malware.Trojanx-9862538-0", "target": null }, { "id": "Win.Malware.Generickdz-9982080-0", "display_name": "Win.Malware.Generickdz-9982080-0", "target": null }, { "id": "Win.Packed.Msilperseus-9956591-0", "display_name": "Win.Packed.Msilperseus-9956591-0", "target": null }, { "id": "ALF:HeraklezEval:HackTool:Win32/DefenderControl", "display_name": "ALF:HeraklezEval:HackTool:Win32/DefenderControl", "target": null }, { "id": "ALF:Ransom:Win32/Babax.SG!MTB", "display_name": "ALF:Ransom:Win32/Babax.SG!MTB", "target": null }, { "id": "Samas-Samsam", "display_name": "Samas-Samsam", "target": null } ], "attack_ids": [ { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1428", "name": "Exploit Enterprise Resources", "display_name": "T1428 - Exploit Enterprise Resources" }, { "id": "T1086", "name": "PowerShell", "display_name": "T1086 - PowerShell" } ], "industries": [ "Finance", "Technology", "Telecommunications", "Cyber Security", "Civilian Society" ], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 757, "FileHash-SHA1": 664, "FileHash-SHA256": 665, "SSLCertFingerprint": 6, "domain": 120, "URL": 114, "hostname": 95, "email": 3 }, "indicator_count": 2424, "is_author": false, "is_subscribing": null, "subscriber_count": 232, "modified_text": "603 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "660b176a98b0c92ba5a962bc", "name": "\"No Problems\" - UAlberta TLD (Confirmed TLD - 08.04.24) & Subdomain compromise", "description": "Basically the above\n\n\"No Problems\", \"We are Unhackable\", etc. etc. causing problems.", "modified": "2024-09-04T05:01:56.993000", "created": "2024-04-01T20:22:02.851000", "tags": [ "BEC" ], "references": [ "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/summary", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/iocs", "https://www.virustotal.com/graph/embed/gead337f35cdd4241b225b68ff0528a3834be5d60876745fa99254ff7f8a0df22?theme=dark", "https://www.virustotal.com/graph/embed/g1e31eca6803a433a9a33437d593a2bbdf979ff77c91340d1ab624d10dc8732b3?theme=dark", "https://dnstwist.it/#ea665d15-6507-4057-b2c9-18a2e546ee95", "https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore", "https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/", "https://malpedia.caad.fkie.fraunhofer.de/details/win.mydoom", "https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 233, "FileHash-SHA1": 230, "FileHash-SHA256": 6703, "URL": 4450, "CIDR": 3, "domain": 6223, "hostname": 2863, "email": 7, "CVE": 53 }, "indicator_count": 20765, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6507e71385d966429fb82783", "name": "NEW Phishing Links Discovered 2023-09-18", "description": "", "modified": "2023-10-18T05:00:18.068000", "created": "2023-09-18T05:58:43.467000", "tags": [ "sign", "search", "github", "strong", "code issues", "pull", "browse", "sast", "skip", "product actions", "star", "footer" ], "references": [ "https://raw.githubusercontent.com/mitchellkrogza/Phishing.Database/8862c986106a380915d200280a11f93030152568/phishing-domains-ACTIVE.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "akhanafeer", "id": "195327", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 33, "FileHash-SHA1": 1, "URL": 1, "domain": 50140, "hostname": 7669 }, "indicator_count": 57844, "is_author": false, "is_subscribing": null, "subscriber_count": 81, "modified_text": "956 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6503e2757924cd9f6f7a9611", "name": "Network IOCs (Pulse Created by cnoscsoc@att.com)", "description": "", "modified": "2023-09-15T04:49:57.815000", "created": "2023-09-15T04:49:57.815000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "614e0dc583aa90bf2dd4ec91", "export_count": 7213, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "989 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6503e275ad0281f4ff3b1ebc", "name": "Network IOCs (Pulse Created by cnoscsoc@att.com)", "description": "", "modified": "2023-09-15T04:49:57.375000", "created": "2023-09-15T04:49:57.375000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "614e0dc583aa90bf2dd4ec91", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "989 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6503e27105d6c04fb6cc9004", "name": "Network IOCs (Pulse Created by cnoscsoc@att.com)", "description": "", "modified": "2023-09-15T04:49:53.888000", "created": "2023-09-15T04:49:53.888000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "614e0dc583aa90bf2dd4ec91", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "989 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "6503e2566de3b106d6888d77", "name": "Network IOCs (Pulse Created by cnoscsoc@att.com)", "description": "", "modified": "2023-09-15T04:49:26.231000", "created": "2023-09-15T04:49:26.231000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "614e0dc583aa90bf2dd4ec91", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "989 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "references": [ "Razy-Yara Detections: SUSP_Imphash_Mar23_3 , UPX", "Win.Malware.Trojanx-9862538-0: FileHash-SHA256 f6b1e4c7c5d3e08828599fb7b268cac6444b3b750c0af81059d906b692a20ddd", "Alerts: procmem_yara injection_inter_process ransomware_file_modifications stack_pivot stealth_file cape_detected_threat", "Yara Detections: ConventionEngine_Keyword_Bot ConventionEngine_Keyword_Bot bot BoT Bot bOt RSDS_T~!F,ah\u0001C:\\Buildbot\\ad-windows-32\\build\\release\\app-32\\win_loader\\AnyDesk.pdb", "https://malpedia.caad.fkie.fraunhofer.de/details/win.mydoom", "Alerts: antiav_detectfile antiav_detectreg modify_proxy cape_extracted_content infostealer_cookies recon_fingerprint suricata_alert", "Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI)\u00bb 192.168.122.24 \u00abto\u00bb 172.64.41.3 Suspicious Activity DNS Query", "Win.Packed.Msilperseus-9956591-0: FileHash-SHA256 2a2607260abf7f5bf4dd121b4dc758e7106668bb974c9f5977bf665d46063b1f", "ALF:Ransom:Win32/Babax.SG!MTB: 34.241.182.209 Reverse DNS ec2-34-241-182-209.eu-west-1.compute.amazonaws.com | edge-irl1.demdex.net", "ALF:Ransom:Win32/Babax.SG!MTB - Alerts: procmem_yara injection_inter_process stack_pivot stealth_file antiav_detectfile", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/summary", "Merits further research: boot.net.anydesk.com", "ALF:Ransom:Win32/Babax.SG!MTB - Yara Detections: MAL_Unknown_PWDumper_Apr18_3 , EnigmaProtector , Delphi", "https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/", "https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore", ".NET Framework Error: https://otx.alienvault.com/otxapi/indicators/file/screenshot/089aa13becf38d8bc289b24f6844f6ab2ebfe8d7ea0836bb8d5a616ebca9a3cc", "2021-09-21-Curriculo-IOCs.txt", "ALF:Ransom:Win32/Babax.SG!MTB - Alerts: cape_extracted_content infostealer_cookies recon_fingerprint suricata_alert", "Domains Contacted and Whitelisted: accounts.google.com | 142.250.147.84 | js.monitor.azure.com | 13.107.213.44 | clients2.googleusercontent.com\t142.251.9.132 Whitelisted\tchrome.cloudflare-dns.com", "Generickdz - Yara Detections: aPLib , PECompact_2xx , pecompact2 , PECompactv2xx , Delphi", "https://www.virustotal.com/graph/embed/gead337f35cdd4241b225b68ff0528a3834be5d60876745fa99254ff7f8a0df22?theme=dark", "Samas Ransom CnC Beacon \u00bb Source: 192.168.122.24 Destination\u00bb 104.117.233.215 = \tMalware Beacon Samas", "https://dnstwist.it/#ea665d15-6507-4057-b2c9-18a2e546ee95", "https://www.virustotal.com/graph/embed/g1e31eca6803a433a9a33437d593a2bbdf979ff77c91340d1ab624d10dc8732b3?theme=dark", "Microsoft Ignite: https://otx.alienvault.com/otxapi/indicators/file/screenshot/2a2607260abf7f5bf4dd121b4dc758e7106668bb974c9f5977bf665d46063b1f", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/iocs", "CDN 104.21.14.163:-Associated: URL's: http://light.80371024.workers.dev/", "Generickdz: https://otx.alienvault.com/otxapi/indicators/file/screenshot/233e5b27962a141061eff04ae07699d1a2faa8d47077a2da31770a5f59327ee3", "https://raw.githubusercontent.com/mitchellkrogza/Phishing.Database/8862c986106a380915d200280a11f93030152568/phishing-domains-ACTIVE.txt", "https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate", "CDN 104.21.14.163-Associated: URL's: http://resources.mini-box.com/online/MBD-mini2440 NEC3.5 kit/mini2440-ARM9-Board-with-NEC3.5-kit-android.pdf", "Any.Desk Pulse . Cites ATOAlienVault for hash: https://otx.alienvault.com/pulse/66d4c125ad61ee5577639a2d", "Generickdz - Yara Detections: PECompact2xxBitSumTechnologies , PECompactV2XBitsumTechnologies ,", "Yara Detections DotNET_Reactor : \"DynamicLoader\" : \"ADVAPI32.dll/CreateRestrictedToken\"", "PE Anomalies: checksum_header_zero ep_weird_location | Interesting Strings: https://api.ipify.org", "IDS Detections Samas Ransom CnC Beacon Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SN)", "TrojanX Alerts: terminates_remote_process injection_rwx: modify_proxy infostealer_cookies recon_fingerprint", "TrojanX Alerts: cape_extracted_content recon_fingerprint suricata_alert help32snapshot_module_enumeration", "Samas Ransom - maxfehlinger.de, autodesk, #file #hash , 104.21.14.163 (CDN) 172.67.160.10 (CDN)", "TrojanX Alerts: anomalous_deletefile antisandbox_sleep dead_connect dynamic_function_loading ipc_namedpipe powershell_download", "TrojanX Alerts: procmem_yara injection_inter_process stack_pivot stealth_file antiav_detectfile antiav_detectreg createtool" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Alf:ransom:win32/babax.sg!mtb", "Win.malware.generickdz-9982080-0", "Samas-samsam", "Alf:heraklezeval:hacktool:win32/defendercontrol", "Win.malware.razy-9859339-0", "Win.malware.trojanx-9862538-0", "Win.packed.msilperseus-9956591-0" ], "industries": [ "Technology", "Telecommunications", "Finance", "Education", "Government", "Civilian society", "Cyber security" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 50, "pulses": [ { "id": "69fd7c8b6a50e874aa6014c6", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:51.295000", "created": "2026-05-08T06:02:51.295000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c8a581c71ee4bcd7a00", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:50.534000", "created": "2026-05-08T06:02:50.534000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c8901f357b10d9f605a", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:49.354000", "created": "2026-05-08T06:02:49.354000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c878493ff5e9aaacf51", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:47.687000", "created": "2026-05-08T06:02:47.687000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c846a50e874aa6014c5", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:44.672000", "created": "2026-05-08T06:02:44.672000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c8330ebba9c3a9756b5", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:43.493000", "created": "2026-05-08T06:02:43.493000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c5a3c1d0e3dfa82dcc0", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:02.276000", "created": "2026-05-08T06:02:02.276000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c596fb7b0c2c3e7c26f", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:01.820000", "created": "2026-05-08T06:02:01.820000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c59c81d461876bc3313", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:02:01.178000", "created": "2026-05-08T06:02:01.178000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 }, { "id": "69fd7c541ec030a1fe8e53e3", "name": "test CREATED 1 YEAR AGO by testivk1 clone", "description": "", "modified": "2026-05-08T06:01:56.225000", "created": "2026-05-08T06:01:56.225000", "tags": [ "msi file", "tuesday", "malspam email", "headers", "anna paula", "utf8", "currc3adculo", "from email", "associated", "zip archive" ], "references": [ "2021-09-21-Curriculo-IOCs.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6746e6f4dfcc3c6e3abf71e3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5654, "domain": 7078 }, "indicator_count": 12732, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "zipansion.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "zipansion.com", "found": true, "verdict": "malicious", "url_count": 1, "online_count": 0, "blacklists": { "spamhaus_dbl": "not listed", "surbl": "not listed" }, "urls": [ { "url": "http://zipansion.com/2hJsq", "status": "offline", "threat": "malware_download", "date_added": "2018-08-07", "tags": [ "trojan" ] } ], "error": null }, "from_cache": true, "_cached_at": 1780258842.5235162 }