otx.alienvault.com
Open in
urlscan Pro
108.138.36.104
Public Scan
Submitted URL: https://otx.alienvault.com/indicator/domain/iceyapp.com#:~:text=%C3%97
Effective URL: https://otx.alienvault.com/indicator/domain/iceyapp.com
Submission: On May 15 via api from US — Scanned from DE
Effective URL: https://otx.alienvault.com/indicator/domain/iceyapp.com
Submission: On May 15 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
× Loading... * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Domain iceyapp.com Add to Pulse Pulses 17 Passive DNS 16 URLs 0 Files 0 Analysis Overview IP Address Domain Not Currently Resolving to an IP WHOIS Registrar: Amazon Registrar, Inc., Creation Date:Sep 18, 2023 Related Pulses OTX User-Created Pulses (17) Related Tags 792 Related Tags pgp public , key block , nazwa , polityka , rdami tego More Indicator Facts Domain not resolving Running webserver 1 subdomains External Resources Whois, UrlVoid, VirusTotal WHOIS Show 10 25 50 100 entries Search: Record Value Emails abuse@amazonaws.com Name On behalf of iceyapp.com owner Name Servers NS-1229.AWSDNS-25.ORG Org Identity Protection Service Address PO Box 786 City Hayes Country GB Creation Date 2023-09-18T05:38:37 Dnssec unsigned Domain Name ICEYAPP.COM SHOWING 1 TO 10 OF 22 ENTRIES 1 2 3 Next RELATED DOMAINS Show 10 25 50 100 entries Search: Domain Related Via collares-perros.com abuse@amazonaws.com rently-neutions.com abuse@amazonaws.com atendimento-estilo.com abuse@amazonaws.com cloudtekguru.com abuse@amazonaws.com feelgoodyourday.com abuse@amazonaws.com codepunkjams.com abuse@amazonaws.com cleanstartconsulting.com abuse@amazonaws.com drsaifalmarri.com abuse@amazonaws.com checkemaillist.com abuse@amazonaws.com entitid.com abuse@amazonaws.com SHOWING 1 TO 10 OF 496 ENTRIES 1 2 3 4 5 ... 50 Next Analysis Related Pulses Comments (0) WHOIS Show 10 25 50 100 entries Search: Record Value Emails abuse@amazonaws.com Name On behalf of iceyapp.com owner Name Servers NS-1229.AWSDNS-25.ORG Org Identity Protection Service Address PO Box 786 City Hayes Country GB Creation Date 2023-09-18T05:38:37 Dnssec unsigned Domain Name ICEYAPP.COM SHOWING 1 TO 10 OF 22 ENTRIES 1 2 3 Next PASSIVE DNS Show 10 25 50 100 entries Search: Status Hostname Query Type Address First Seen Last Seen ASN Country Unknown cdn-3.iceyapp.com AAAA 2600:1409:d000::6860:cb08 2023-12-18 11:282023-12-18 11:28AS20940 akamai international b.v. United States Unknown cdn-3.iceyapp.com AAAA 2600:1409:d000::6860:cb20 2023-12-18 11:282023-12-18 11:28AS20940 akamai international b.v. United States Unknown cdn-3.iceyapp.com AAAA 2600:1409:3c00:4::17db:4eaa 2023-12-08 10:442023-12-08 10:44AS20940 akamai international b.v. United States Unknown cdn-3.iceyapp.com AAAA 2600:1409:3c00:4::17db:4eaf 2023-12-08 10:442023-12-08 10:44AS20940 akamai international b.v. United States Unknown cdn-3.iceyapp.com AAAA 2600:1409:12::6850:5960 2023-12-08 10:422023-12-18 11:35AS20940 akamai international b.v. United States Unknown cdn-3.iceyapp.com AAAA 2600:1409:12::1736:1248 2023-12-08 10:422023-12-18 11:35AS20940 akamai international b.v. United States Unknown cdn-3.iceyapp.com AAAA 2600:1409:8800::172c:cda9 2023-12-08 10:422023-12-08 10:43AS20940 akamai international b.v. United States Unknown cdn-3.iceyapp.com A 104.86.182.8 2023-12-08 10:422023-12-18 11:35AS20940 akamai international b.v. United States Unknown cdn-3.iceyapp.com A 104.86.182.67 2023-12-08 10:422023-12-18 11:35AS20940 akamai international b.v. United States Unknown cdn-3.iceyapp.com AAAA 2600:1409:8800::172c:cdb2 2023-12-08 10:422023-12-08 10:43AS20940 akamai international b.v. United States SHOWING 1 TO 10 OF 16 ENTRIES 1 2 Next ASSOCIATED FILES Show 10 25 50 100 entries Date Hash Avast AVG Clamav MSDefender No Entries Found RELATED DOMAINS Show 10 25 50 100 entries Search: Domain Related Via collares-perros.com abuse@amazonaws.com rently-neutions.com abuse@amazonaws.com atendimento-estilo.com abuse@amazonaws.com cloudtekguru.com abuse@amazonaws.com feelgoodyourday.com abuse@amazonaws.com codepunkjams.com abuse@amazonaws.com cleanstartconsulting.com abuse@amazonaws.com drsaifalmarri.com abuse@amazonaws.com checkemaillist.com abuse@amazonaws.com entitid.com abuse@amazonaws.com SHOWING 1 TO 10 OF 496 ENTRIES 1 2 3 4 5 ... 50 Next * User Created (17) www.cve.org domain Indicator Active * Created 4 weeks ago * Modified 9 hours ago by Arek-BTC * Public * TLP: White CIDR: 106 | CVE: 15707 | FileHash-MD5: 15648 | FileHash-SHA1: 16595 | FileHash-SHA256: 93976 | FilePath: 2 | IPv4: 137182 | IPv6: 11433 | JA3: 1 | Mutex: 1 | SSLCertFingerprint: 40 | URL: 232261 | YARA: 3931 | Domain: 113071 | Email: 243 | Hostname: 96964 The full list of names and names of people affected by the cyber-attack has been published.. and it is not expected to be published until the end of the year, but may be possible to follow. pgp public, key block, nazwa, polityka, rdami tego, typ zawartoci, zwyky tekst, dugo treci, poczenie, yciu, dania, niedziela, gmt ostatnio, huawei, service, november, cve201717215, huawei hg532, check point, cpai20171016, huawei tac, huawei ngfws, ips signature, cve20090689 dua, cwe122, cwe1339, cve20090269, warto 1, z wywoania, zwizane z, cve20171000121 * 35 Subscribers The Org : FormBook CnC | Pykspa domain Indicator Active * Created 2 months ago * Modified 4 weeks ago by scoreblue * Public * TLP: Green CVE: 5 | FileHash-MD5: 744 | FileHash-SHA1: 724 | FileHash-SHA256: 3836 | SSLCertFingerprint: 1 | URL: 4565 | Domain: 2576 | Email: 9 | Hostname: 1212 Front Facing Description: 'TheOrg' (https://theorg.com) The Org The Org is an online professional community platform. It helps organizations get more exposure externally and operate more efficiently internally. | efficiently internally | Nefarious scheme? Unclear. Possible visa, immigration scheme. | Pykspa is a piece of malware that can be used to remotely control infected systems. It also enables attackers to. download other malware or extract personal data. || Dark. | Score 100% Falcon Sandbox | Evasive. Moved permanently 03/21/2024 | FormBook is an infostealer of browser cached credentials , screenshots, keystrokes. | Tags auto populated q https, https, enablement, org log, sign, contact, right person, explore, start, grafana labs, ogilvy, figma, find, apollo, http, span, learn, html, expiry, form, label, youtube video, linkedin, input, pixel, legend, cookie, march, de indicators, domains, hashes, gmbh version, status page, service privacy, legal, impressum, reverse dns, general full, url https, protocol h2, security tls, united, resource, asn16509, amazon02, name value, main, ssl certificate, whois record, whois whois, resolutions, threat roundup, communicating, referrer, subdomains, historical ssl, collections, june, february, blister, cobalt strike, phishing, formbook, contacted, ip check, adult content, divergent, hacktool, copy, http response, final url, ip address, status code, body length, kb body, sha256, headers age, cachecontrol, connection, tsara brashears, malicious, life, core, dns replication, date, win32 exe, files, detections type, name, wininit, office open, xml document, qiwi hack, android, mgeinteg, html info, title, org meta, tags viewport, org twitter, org og, the org, utc google, tag manager, g5nxq655fgp, domain, search, status, scan endpoints, all scoreblue, hostname, pulse pulses, passive dns, urls, bhagam bhag, home screen, entries, createdate, title bhagam, select xmp, filehash, malware, format, unknown, meta, as44273 host, creation date, moved, encrypt, district, body, window, hall law, a domains, script urls, datalayer, registrar, next, accept encoding, showing, yara rule, http host, worm, high, possible, win32, bits, cname, as396982 google, redacted for, expiration date, div div, as26710 icann, script domains, citadel, indonesia, get updates, write c, create c, read c, show, default, common upatre, upatre, downloader, zeus, write, execution, regsetvalueexa, regdword, module load, dock, persistence, as54113, github pages, formbook cnc, checkin, lowfi, class, trojan, accept, visa scheme, mtb feb, mtb jan, romeo scheme, exploitation, pattern match, command decode, mitre att, suricata ipv4, ck id, show technique, ck matrix, suricata udpv4, facebook, hybrid, general, model, comspec, click, strings, footer, michelle, nora, hallrender, name servers, record value, emails, servers, found, gmt content, error, code, men, man, woman, hit, sreredrum, honey client, hiv, threat, paste, iocs, urls https, malicious site, phishing site, blockchain, unsafe, malware site, malicious url, phishtank, cyber threat, artemis, asyncrat, team, cisco umbrella, site, safe site, heur, million, xrat, downldr, union, bank, gvt google video transcoding, malvertizing, targeting, target, yandex dropper extend, remote procedure call, identity_helper.exe, cookie bot * 88 Subscribers Win32:BotX-gen\ [Trj] •Jays Youtube Bot.exe attack expected domain Indicator Active * Created 2 months ago * Modified 1 month ago by OctoSeek * Public * TLP: Green CVE: 1 | FileHash-MD5: 309 | FileHash-SHA1: 307 | FileHash-SHA256: 3084 | URL: 3066 | Domain: 1085 | Email: 7 | Hostname: 1709 Network compromised updated Apple device was directed (303) to a server. This is one of several botnets found. onthewifi ∆ {Win32:BotX-gen\ [Trj]} • Injection process | Password bypass. Studies targets behavior | Checks for other devices | Glupteba: Glupteba is a trojan-type program, malicious software that installs other programs of this type. Cyber criminals can perform a number of actions of a malicious hacker's choice on your device. referrer, tsara brashears, password bypass, apple phone, unlocker, shell code, script, pe resource, execution, sneaky server, emotet, android, download, malware, relic, monitoring, installer, formbook, urls, contacted, win32 exe, parents, type name, msrsaapp, files, file type, kb file, b file, graph, pe32 executable, ms windows, intel, generic cil, executable, mono, win32 dynamic, link library, win16 ne, samplename, samplepath, jays youtube, rticon neutral, details, header intel, name md5, type, language, contained, ico rtgroupicon, neutral, net technology, corporation, domains, markmonitor inc, malicious, cnc, network, bypass password, network probe, dns query, as20940, united, aaaa, search, showing, date, passive dns, registrar, unknown, encrypt, next, domain, emails, name servers, as199524, record value, rst seen, last seen, asn country, cname, as15169 google, scan endpoints, all octoseek, pulse pulses, files ip, as4788, address, pulses, win32, entries, dadjoke, ms defender, united kingdom, germany unknown, as46606, as14061, servers, as12576 ee, russia unknown, as3320 deutsche, gamaredon, armageddon, as8068, script urls, for privacy, script domains, certificate, meta, creation date, as14627, ipv4, onthewifi, as54113, trojan, flywheel, sea x, accept, ransom, post http, langserbian, sublangdefault, rticon, process32nextw, medium, t1055, high, ip address, generic, body, markus, june, copy, bitcoin * 127 Subscribers Win32:BotX-gen\ [Trj] •Jays Youtube Bot.exe attack executed (Copy) domain Indicator Active * Created 2 months ago * Modified 1 month ago by scoreblue * Public * TLP: Green CVE: 1 | FileHash-MD5: 309 | FileHash-SHA1: 307 | FileHash-SHA256: 3084 | URL: 3066 | Domain: 1085 | Email: 7 | Hostname: 1709 referrer, tsara brashears, password bypass, apple phone, unlocker, shell code, script, pe resource, execution, sneaky server, emotet, android, download, malware, relic, monitoring, installer, formbook, urls, contacted, win32 exe, parents, type name, msrsaapp, files, file type, kb file, b file, graph, pe32 executable, ms windows, intel, generic cil, executable, mono, win32 dynamic, link library, win16 ne, samplename, samplepath, jays youtube, rticon neutral, details, header intel, name md5, type, language, contained, ico rtgroupicon, neutral, net technology, corporation, domains, markmonitor inc, malicious, cnc, network, bypass password, network probe, dns query, as20940, united, aaaa, search, showing, date, passive dns, registrar, unknown, encrypt, next, domain, emails, name servers, as199524, record value, rst seen, last seen, asn country, cname, as15169 google, scan endpoints, all octoseek, pulse pulses, files ip, as4788, address, pulses, win32, entries, dadjoke, ms defender, united kingdom, germany unknown, as46606, as14061, servers, as12576 ee, russia unknown, as3320 deutsche, gamaredon, armageddon, as8068, script urls, for privacy, script domains, certificate, meta, creation date, as14627, ipv4, onthewifi, as54113, trojan, flywheel, sea x, accept, ransom, post http, langserbian, sublangdefault, rticon, process32nextw, medium, t1055, high, ip address, generic, body, markus, june, copy, bitcoin * 84 Subscribers Ryuk Ransomware - workers.dev | https://house.mo.gov domain Indicator Active * Created 3 months ago * Modified 2 months ago by OctoSeek * Public * TLP: White CVE: 3 | FileHash-MD5: 127 | FileHash-SHA1: 125 | FileHash-SHA256: 4862 | URL: 10597 | Domain: 3169 | Email: 7 | Hostname: 3571 Ryuk is ransomware version attributed to the hacker group WIZARD SPIDER that has compromised governments, academia, healthcare, manufacturing, and technology organizations. Interestingly, this ransomware family carries a Japanese name from the anime movie Death Note. The name means “gift of god.” It seems an odd choice for ransomware since the targets lose data or money. From the hacker's perspective, however, it could be considered a gift of god. contacted, ssl certificate, contacted urls, whois record, whois whois, relacionada, execution, p2404, kgs0, kls0, lockbit, lolkek, emotet, phishing, ursnif, malware, core, ryuk ransomware, qakbot, makop, hacktool, chaos, ransomexx, temp, localappdata, pattern match, ascii text, json data, united, indicator, prefetch8, observed email, unicode text, date, hybrid, win64, general, click, strings, tsara brashears, suspicious, falcon, name verdict, reinsurance, scan endpoints, all octoseek, domain, pulse pulses, passive dns, urls, files, ip address, location united, asn as13335, title, gmt server, user agent, 443 ma2592000, hostname, encrypt, script urls, t matrix, dch v, meta, trang ch, body, status, search, creation date, record value, domain name, litespeed, certificate, speed, next, unknown, ipv4, reverse dns, name servers, expiration date, showing, pulse submit, gandi sas, moved, emails, servers, error, russia unknown, as31483, as12768, as30943, united kingdom, as208722 yandex, cname, spyware, tracking, login * 128 Subscribers Ryuk Ransomware - workers.dev | https://house.mo.gov domain Indicator Active * Created 3 months ago * Modified 2 months ago by OctoSeek * Public * TLP: White CVE: 3 | FileHash-MD5: 127 | FileHash-SHA1: 125 | FileHash-SHA256: 4862 | URL: 10597 | Domain: 3169 | Email: 7 | Hostname: 3571 Ryuk is ransomware version attributed to the hacker group WIZARD SPIDER that has compromised governments, academia, healthcare, manufacturing, and technology organizations. Interestingly, this ransomware family carries a Japanese name from the anime movie Death Note. The name means “gift of god.” It seems an odd choice for ransomware since the targets lose data or money. From the hacker's perspective, however, it could be considered a gift of god. contacted, ssl certificate, contacted urls, whois record, whois whois, relacionada, execution, p2404, kgs0, kls0, lockbit, lolkek, emotet, phishing, ursnif, malware, core, ryuk ransomware, qakbot, makop, hacktool, chaos, ransomexx, temp, localappdata, pattern match, ascii text, json data, united, indicator, prefetch8, observed email, unicode text, date, hybrid, win64, general, click, strings, tsara brashears, suspicious, falcon, name verdict, reinsurance, scan endpoints, all octoseek, domain, pulse pulses, passive dns, urls, files, ip address, location united, asn as13335, title, gmt server, user agent, 443 ma2592000, hostname, encrypt, script urls, t matrix, dch v, meta, trang ch, body, status, search, creation date, record value, domain name, litespeed, certificate, speed, next, unknown, ipv4, reverse dns, name servers, expiration date, showing, pulse submit, gandi sas, moved, emails, servers, error, russia unknown, as31483, as12768, as30943, united kingdom, as208722 yandex, cname, spyware, tracking, login * 127 Subscribers Ryuk Ransomware - workers.dev | https://house.mo.gov domain Indicator Active * Created 3 months ago * Modified 2 months ago by OctoSeek * Public * TLP: White CVE: 3 | FileHash-MD5: 127 | FileHash-SHA1: 125 | FileHash-SHA256: 4862 | URL: 10597 | Domain: 3169 | Email: 7 | Hostname: 3571 Ryuk is ransomware version attributed to the hacker group WIZARD SPIDER that has compromised governments, academia, healthcare, manufacturing, and technology organizations. Interestingly, this ransomware family carries a Japanese name from the anime movie Death Note. The name means “gift of god.” It seems an odd choice for ransomware since the targets lose data or money. From the hacker's perspective, however, it could be considered a gift of god. contacted, ssl certificate, contacted urls, whois record, whois whois, relacionada, execution, p2404, kgs0, kls0, lockbit, lolkek, emotet, phishing, ursnif, malware, core, ryuk ransomware, qakbot, makop, hacktool, chaos, ransomexx, temp, localappdata, pattern match, ascii text, json data, united, indicator, prefetch8, observed email, unicode text, date, hybrid, win64, general, click, strings, tsara brashears, suspicious, falcon, name verdict, reinsurance, scan endpoints, all octoseek, domain, pulse pulses, passive dns, urls, files, ip address, location united, asn as13335, title, gmt server, user agent, 443 ma2592000, hostname, encrypt, script urls, t matrix, dch v, meta, trang ch, body, status, search, creation date, record value, domain name, litespeed, certificate, speed, next, unknown, ipv4, reverse dns, name servers, expiration date, showing, pulse submit, gandi sas, moved, emails, servers, error, russia unknown, as31483, as12768, as30943, united kingdom, as208722 yandex, cname, spyware, tracking, login * 127 Subscribers Ryuk Ransomware - workers.dev | https://house.mo.gov domain Indicator Active * Created 3 months ago * Modified 2 months ago by OctoSeek * Public * TLP: White CVE: 3 | FileHash-MD5: 127 | FileHash-SHA1: 125 | FileHash-SHA256: 4862 | URL: 10597 | Domain: 3169 | Email: 7 | Hostname: 3571 Ryuk is ransomware version attributed to the hacker group WIZARD SPIDER that has compromised governments, academia, healthcare, manufacturing, and technology organizations. Interestingly, this ransomware family carries a Japanese name from the anime movie Death Note. The name means “gift of god.” It seems an odd choice for ransomware since the targets lose data or money. From the hacker's perspective, however, it could be considered a gift of god. contacted, ssl certificate, contacted urls, whois record, whois whois, relacionada, execution, p2404, kgs0, kls0, lockbit, lolkek, emotet, phishing, ursnif, malware, core, ryuk ransomware, qakbot, makop, hacktool, chaos, ransomexx, temp, localappdata, pattern match, ascii text, json data, united, indicator, prefetch8, observed email, unicode text, date, hybrid, win64, general, click, strings, tsara brashears, suspicious, falcon, name verdict, reinsurance, scan endpoints, all octoseek, domain, pulse pulses, passive dns, urls, files, ip address, location united, asn as13335, title, gmt server, user agent, 443 ma2592000, hostname, encrypt, script urls, t matrix, dch v, meta, trang ch, body, status, search, creation date, record value, domain name, litespeed, certificate, speed, next, unknown, ipv4, reverse dns, name servers, expiration date, showing, pulse submit, gandi sas, moved, emails, servers, error, russia unknown, as31483, as12768, as30943, united kingdom, as208722 yandex, cname, spyware, tracking, login * 131 Subscribers Astaroth Trojan found in: https://house.mo.gov link domain Indicator Active * Created 3 months ago * Modified 2 months ago by OctoSeek * Public * TLP: Green CVE: 1 | FileHash-MD5: 161 | FileHash-SHA1: 161 | FileHash-SHA256: 2548 | URL: 4748 | Domain: 1261 | Email: 7 | Hostname: 1230 Impact of the Astaroth Trojan Once the campaign has successfully infiltrated, it will log the users keystrokes, intercept their operating system calls, and gather any information saved to the clipboard continuously. With these methods, it uncovers significant amounts of personal information from the user bank accounts and business accounts. Additionally, in conjunction with NetPass, it gathers user login passwords across the board undetected, including any of their remote computers on LAN, mail account passwords, Messenger accounts, Internet Explorer passwords, and others. ssl certificate, whois record, contacted, bundled, january, communicating, execution, phishing page, cyberstalking, apple ios, february, phishing, crat, metro, life, core, hacktool, bitrat, malicious, mallox, lolkek, emotet, pe resource, threat roundup, roundup, astaroth, august, tsara brashears, workers, aaaa, record type, ttl value, algorithm, data, v3 serial, number, cus cngts, ogoogle trust, llc validity, subject public, key info, key algorithm, data redacted, redacted for, domain status, code, privacy billing, privacy tech, privacy admin, postal code, city, date, dns replication, siblings, server, pty ltd, registrar abuse, wholesale pty, tpp wholesale, registry domain, registrar url, malvertizing, pega related attack, mo, gov, msie, chrome, status, search, passive dns, urls, record value, name servers, unknown, body, next, trojan, scanning host, exploit source, cnc, command and control, united, domain, scan endpoints, all octoseek, ipv4, pulse submit, url analysis, files, hallgrand, brian sabey, hello, reinsurance, remote, rat, cyber threat, targeting * 127 Subscribers access.blackbagtech.com domain Indicator Active * Created 3 months ago * Modified 2 months ago by OctoSeek * Public * TLP: White CVE: 1 | FileHash-MD5: 87 | FileHash-SHA1: 78 | FileHash-SHA256: 2075 | URL: 2696 | Domain: 710 | Hostname: 827 innovative forensic acquisition, triage, and analysis software for Windows, Android, iPhone/iPad, and Mac OS X devices. In this instance Pegasus was deployed against the survivor of hungry, injurious SA against Brashears; allegedly assaulted by PT Jeffrey Reimer in AMS Concentra/Select Physical Therapy in Denver, Co. Rather than investigate DPT Reimer, law enforcement launched attack against victim ( SCI/TBI). Brashears was threatened by Mark Montana MD, lawyer and Workers Compensation doctor. Denied care, equally aggressive Montano wage effort to ensure silence and wides bid for Douglas County, Colorado Coroner election. Fraud, framing, death threats ensued. Montano threatened Brashears with his alleged best friend Tony Spurlock, promising a battle against her Court documented. Brashears is in danger. ssl certificate, whois record, pegasus, cellbrite, targets sa, survivor, blackbag, relations apple, mdm hacking, communicating, execution, contacted, quasar, kgs0, malware, core, hacktool, ransomexx, azorult, emotet, remcos, agent tesla, grandoreiro, targeting tsara brashears, delphi programming, access, local law enforcement, quasi case, framing, jeffrey reimer dpt 'reported' assaulter, state and governments cover white offender jeffrey reimer, indian mix brashears physically attacked often followed, death threats, alienvault results removed from search results, brashears tagged in adult content - not removed, brashears blacklisted, reimer promoted, false criminal records created about brashears, brashears family identity theft, judge sided with brashears, brashears given less than $10000 by Brian sabey, brian sabey constant contact ) threats, brashears stalked, reimer protected and hidden, pegasus technology disallows victim to report to regulatory boar, aig, industry and commerce, danger, rob neill drives brashears off road, brashears further injured, neill positively identified - no charges, malvertizing, botnet, fraud apple support chats, falsified medical records, denied healthcare, hydrocephalus not disclosed, permanent damage, corruption, burg simpson corruption, Denver trial attorneys tell brashears statute is 6 years in colo, da informs brashears no statute, brashears denied disability benefits for years, remember george floyd? brashears survived that injury, brashears cannot digest food, brashears can't toilet, jeffrey reimer was reported early, brashears bullied to return to PT due to workers compensation ru, montano threatened brashears with breaking the law if not return, reimer recorded, recordings stored online, recordings retrieved by bgp, bryan counts made aware of recordings, recordings demanded, america?, advocates ensure the rights of others, make others aware, who else is unheard., non stop harassment, constant car bomb threats, brashears unable to properly articulate, nothing new, assaulted by man demanding phone, no charges, Brian sabey brings case to silence brashears, sabey motions dismissed, pegasus involves malicious actions by humans, pegasus attackers do kill, pegasus attackers make in person contact, overly large campaign, private investigators tailed stalkers. became afraid when learni, discrimination, hacking, tracking, car hacking, apple, android overlay, network rats, brashears denied vocational rehab twice, brashears unhirable due to online profile, employer rightfully consider brashears attack a risk to others, group hacked intermountain healthcare, group hacked uchealth colorado, group hacked esurance * 127 Subscribers Qkbot | Reddit domain Indicator Active * Created 5 months ago * Modified 4 months ago by OctoSeek * Public * TLP: White CVE: 6 | FileHash-MD5: 953 | FileHash-SHA1: 489 | FileHash-SHA256: 3565 | URL: 8343 | Domain: 1494 | Hostname: 2218 Qbot URL: https://seedbeej.pk/tin/index.php?QBOT.zip found in Reddit Honeypot link: https://www.reddit.com/user backdoor second stage developed for distribution as a password stealer. Qbot, seemingly common; is a large botnetwork with many capabilities, attack methods and demands. An unsuspecting victim always be in botnetwork. Qbot encompasses many other bot networks, trojans, network rats, spyware, malvertizing, fraud services, full control of badly compromised digital profiles which have been discovered. ssl certificate, iocs, ioc search, new ioc, teams api, contact, search, threat, paste, blacklist https, qakbot, site, cisco umbrella, alexa top, million, ascii text, pattern match, file, windows nt, appdata, indicator, crlf line, unicode text, jpeg image, mitre att, hybrid, general, local, error, click, strings, microsoft, threat analyzer, urls https, no data, tag count, threat report, ip summary, url summary, summary, heur, malware site, malicious site, safe site, malware, html, phishing site, site top, riskware, unsafe, artemis, quasar rat, downldr, agent, presenoker, applicunwnt, crack, cve201711882, win64, iframe, quasar, trojanspy, exit, node tcp, tor known, tor relayrouter, traffic, anonymizer, brasil, phishing three, united, phishing bank, virustotal, tech, bank, maltiverse, hidelink, samples, spyware, injector, mon jan, tld count, wed dec, download, first, team, simda, bambernek, simda simda, infy, alexa, gregory, cyber threat, phishing, engineering, covid19, telefonica co, malicious, zbot, zeus, betabot, suppobox, citadel, pony, kraken, redline stealer, ransomware, vawtrak, athena, neutrino, alina, andromeda, dexter, unknown, keylogger, hawkeye, phase, jackpos, plasma, spyeye, spitmo, slingshot, ramnit, emotet, pykspa, virut, installcore, dorkbot, bondat, union, vskimmer, xtrat, solar, grandcrab, nymaim, matsnu, cutwail, cobalt strike, hydra, tinba, nsis, memscan, deepscan, runescape, backdoor, reddit, tulach * 129 Subscribers Qkbot | Reddit domain Indicator Active * Created 5 months ago * Modified 4 months ago by OctoSeek * Public * TLP: White CVE: 6 | FileHash-MD5: 953 | FileHash-SHA1: 489 | FileHash-SHA256: 3565 | URL: 8343 | Domain: 1494 | Hostname: 2218 Qbot URL: https://seedbeej.pk/tin/index.php?QBOT.zip found in Reddit Honeypot link: https://www.reddit.com/user backdoor second stage developed for distribution as a password stealer. Qbot, seemingly common; is a large botnetwork with many capabilities, attack methods and demands. An unsuspecting victim always be in botnetwork. Qbot encompasses many other bot networks, trojans, network rats, spyware, malvertizing, fraud services, full control of badly compromised digital profiles which have been discovered. ssl certificate, iocs, ioc search, new ioc, teams api, contact, search, threat, paste, blacklist https, qakbot, site, cisco umbrella, alexa top, million, ascii text, pattern match, file, windows nt, appdata, indicator, crlf line, unicode text, jpeg image, mitre att, hybrid, general, local, error, click, strings, microsoft, threat analyzer, urls https, no data, tag count, threat report, ip summary, url summary, summary, heur, malware site, malicious site, safe site, malware, html, phishing site, site top, riskware, unsafe, artemis, quasar rat, downldr, agent, presenoker, applicunwnt, crack, cve201711882, win64, iframe, quasar, trojanspy, exit, node tcp, tor known, tor relayrouter, traffic, anonymizer, brasil, phishing three, united, phishing bank, virustotal, tech, bank, maltiverse, hidelink, samples, spyware, injector, mon jan, tld count, wed dec, download, first, team, simda, bambernek, simda simda, infy, alexa, gregory, cyber threat, phishing, engineering, covid19, telefonica co, malicious, zbot, zeus, betabot, suppobox, citadel, pony, kraken, redline stealer, ransomware, vawtrak, athena, neutrino, alina, andromeda, dexter, unknown, keylogger, hawkeye, phase, jackpos, plasma, spyeye, spitmo, slingshot, ramnit, emotet, pykspa, virut, installcore, dorkbot, bondat, union, vskimmer, xtrat, solar, grandcrab, nymaim, matsnu, cutwail, cobalt strike, hydra, tinba, nsis, memscan, deepscan, runescape, backdoor, reddit, tulach * 128 Subscribers Qakbot | Reddit domain Indicator Active * Created 5 months ago * Modified 4 months ago by OctoSeek * Public * TLP: Green CVE: 6 | FileHash-MD5: 953 | FileHash-SHA1: 489 | FileHash-SHA256: 3566 | URL: 8736 | Domain: 1516 | Hostname: 2221 Qbot URL: https://seedbeej.pk/tin/index.php?QBOT.zip Qbot zip found in Reddit Honeypot link: https://www.reddit.com/user backdoor second stage developed for distribution as a password stealer. Qbot, seemingly common; is a large botnetwork with many capabilities, attack methods and demands. An unsuspecting victim always be in botnetwork. Qbot encompasses many other bot networks, trojans, network rats, spyware malvertizing, fraud services, leads to full control of badly compromised digital profile. ssl certificate, iocs, ioc search, new ioc, teams api, contact, search, threat, paste, blacklist https, qakbot, site, cisco umbrella, alexa top, million, ascii text, pattern match, file, windows nt, appdata, indicator, crlf line, unicode text, jpeg image, mitre att, hybrid, general, local, error, click, strings, microsoft, threat analyzer, urls https, no data, tag count, threat report, ip summary, url summary, summary, heur, malware site, malicious site, safe site, malware, html, phishing site, site top, riskware, unsafe, artemis, quasar rat, downldr, agent, presenoker, applicunwnt, crack, cve201711882, win64, iframe, quasar, trojanspy, exit, node tcp, tor known, tor relayrouter, traffic, anonymizer, brasil, phishing three, united, phishing bank, virustotal, tech, bank, maltiverse, hidelink, samples, spyware, injector, mon jan, tld count, wed dec, download, first, team, simda, bambernek, simda simda, infy, alexa, gregory, cyber threat, phishing, engineering, covid19, telefonica co, malicious, zbot, zeus, betabot, suppobox, citadel, pony, kraken, redline stealer, ransomware, vawtrak, athena, neutrino, alina, andromeda, dexter, unknown, keylogger, hawkeye, phase, jackpos, plasma, spyeye, spitmo, slingshot, ramnit, emotet, pykspa, virut, installcore, dorkbot, bondat, union, vskimmer, xtrat, solar, grandcrab, nymaim, matsnu, cutwail, cobalt strike, hydra, tinba, nsis, memscan, deepscan, runescape, backdoor, reddit, tulach, password stealer, active threat, apple, pinkslipbot, icloud, free, apple * 129 Subscribers Reddit Honeypot | Cyber Defense Firm Attack domain Indicator Active * Created 5 months ago * Modified 4 months ago by OctoSeek * Public * TLP: White CVE: 3 | FileHash-MD5: 392 | FileHash-SHA1: 374 | FileHash-SHA256: 5560 | URL: 7433 | Domain: 1461 | Email: 1 | Hostname: 2463 pattern match, et tor, known tor, relayrouter, exit, node traffic, misc attack, sha1, sha256, runtime process, date, unknown, error, path, class, generator, critical, meta, hybrid, general, local, click, strings, accept, url http, filehashmd5, url https, search otx, octoseek report, spam author, reddit, tulach c2, created, minutes ago, added active, related pulses, am, no expiration, indicator role, pulses url, showing, entries, dded active, copyright, reserved, cve cve20170199, win32 exe, android, http response, final url, ip address, status code, body length, kb body, headers, manager, files, detections type, name, lord krishna, right, tjprojmain, windows, secure, headers nel, ssl certificate, whois whois, historical ssl, referrer, logistics, cyber defense, firm collection, ioc honeypot, list for, malware, open, attack, contacted, dropped, bundled, problems, whois record, domains, execution, agent tesla, azorult, project, startpage, vhash, authentihash, imphash, rich pe, ssdeep, file type, magic pe32, installer, compiler, nsis, serial number, g4 code, signing rsa4096, sha384, root g4, valid from, algorithm, thumbprint, fast corporate, from, pe resource, collection, vt graph, paulsmith, apple tv, apple music, $RTD4NQU.exe, no data, tag count, ioc search, new ioc, teams api, contact, search, iocs, summary, nisis, executable, ms windows, trid win64, generic, sections, sha256 file, type type, chi2, dkey english, xml rtmanifest, english us, overlay, learn, botnet, honeypot, ejkaej saBey k7-^Oa * 128 Subscribers Witchetty Cyber Espionage| BlueShell | Capture Wi-Fi password domain Indicator Active * Created 5 months ago * Modified 4 months ago by OctoSeek * Public * TLP: White CVE: 3 | FileHash-MD5: 110 | FileHash-SHA1: 110 | FileHash-SHA256: 1541 | URL: 3782 | Domain: 1067 | Hostname: 1297 Deeply hidden inRallypoint.com. Witchetty cyber espionage: Witchetty's activity was characterized by the use of two pieces of malware, a first-stage backdoor known as X4 and a second-stage payload. BlueShell is a backdoor malware developed in Go language, published on Github, and it supports Windows, Linux, and Dalbit APT Group targets vulnerable servers to breach information including internal data from companies or encrypts files may demand money. contacted, ssl certificate, group, toolset, attacks, governments, middle east, dalbit, march, witchetty, blueshell, execution, lockbit, malware, backdoor, tsara brashears, octoseek, steganographic technique, proxylogon, lookback, lookingfrog, anonfiles, publishing, music, torrent, critical, hallrender, ttp, uae, protection, macmalware, linux malware, apple, proxyshell, x4, zero trust, youtube, safebae, rallypoint, poemhunter, eazy client, africa, united states, ta410, second stage, Capture Wi-Fi password, password stealer, whois whois, agent tesla, love, mirai, satacom, miner, dtrack, nebula, cobalt strike, nanocore, core, hacktool * 127 Subscribers Witchetty Cyber Espionage| BlueShell | Capture Wi-Fi password [Octoseek] domain Indicator Active * Created 5 months ago * Modified 4 months ago by scoreblue * Public * TLP: White CVE: 3 | FileHash-MD5: 110 | FileHash-SHA1: 110 | FileHash-SHA256: 1541 | URL: 3782 | Domain: 1067 | Hostname: 1297 contacted, ssl certificate, group, toolset, attacks, governments, middle east, dalbit, march, witchetty, blueshell, execution, lockbit, malware, backdoor, tsara brashears, octoseek, steganographic technique, proxylogon, lookback, lookingfrog, anonfiles, publishing, music, torrent, critical, hallrender, ttp, uae, protection, macmalware, linux malware, apple, proxyshell, x4, zero trust, youtube, safebae, rallypoint, poemhunter, eazy client, africa, united states, ta410, second stage, Capture Wi-Fi password, password stealer, whois whois, agent tesla, love, mirai, satacom, miner, dtrack, nebula, cobalt strike, nanocore, core, hacktool * 83 Subscribers Witchetty Cyber Espionage| BlueShell | Capture Wi-Fi password [Octoseek] domain Indicator Active * Created 5 months ago * Modified 4 months ago by scoreblue * Public * TLP: White CVE: 3 | FileHash-MD5: 110 | FileHash-SHA1: 110 | FileHash-SHA256: 1541 | URL: 3782 | Domain: 1067 | Hostname: 1297 contacted, ssl certificate, group, toolset, attacks, governments, middle east, dalbit, march, witchetty, blueshell, execution, lockbit, malware, backdoor, tsara brashears, octoseek, steganographic technique, proxylogon, lookback, lookingfrog, anonfiles, publishing, music, torrent, critical, hallrender, ttp, uae, protection, macmalware, linux malware, apple, proxyshell, x4, zero trust, youtube, safebae, rallypoint, poemhunter, eazy client, africa, united states, ta410, second stage, Capture Wi-Fi password, password stealer, whois whois, agent tesla, love, mirai, satacom, miner, dtrack, nebula, cobalt strike, nanocore, core, hacktool * 83 Subscribers COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2024 LevelBlue, Inc. * Legal * Status