{ "type": "Domain", "indicator": "adminsysteminfo.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/adminsysteminfo.com", "alexa": "http://www.alexa.com/siteinfo/adminsysteminfo.com", "indicator": "adminsysteminfo.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 1574207528, "indicator": "adminsysteminfo.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "5c7586b76fb6ab0ee2ee0779", "name": "Farseer: Previously Unknown Malware Family bolsters the Chinese armoury", "description": "Last year, Unit 42 wrote about a newly discovered espionage Android malware family, HenBox, which had countless features for spying on their victims \u2013 primarily the Uyghur population \u2013 including interaction with Xiaomi IoT devices, and the Chinese consumer electronics manufacturer\u2019s smart phones. \n\nThrough investigations into infrastructure used by HenBox malware, Unit 42 has discovered another malware family built for the more frequently-targeted Microsoft Windows operating system they named \u2018Farseer\u2019. As with HenBox, Farseer also has infrastructure ties to other malware, such as Poison Ivy, Zupdax, and PKPLUG. \n\nUnit 42 named this malware Farseer malware due to a string found in the PDB path embedded within the executable files.", "modified": "2019-02-26T21:32:00.700000", "created": "2019-02-26T18:34:31.760000", "tags": [ "Farseer", "HenBox", "Poison Ivy", "Zupdax", "PKPLUG" ], "references": [ "https://unit42.paloaltonetworks.com/farseer-previously-unknown-malware-family-bolsters-the-chinese-armoury/" ], "public": 1, "adversary": "Farseer", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [], "industries": [ "NGO" ], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 6, "FileHash-SHA256": 34, "hostname": 10 }, "indicator_count": 50, "is_author": false, "is_subscribing": null, "subscriber_count": 386905, "modified_text": "2652 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://unit42.paloaltonetworks.com/farseer-previously-unknown-malware-family-bolsters-the-chinese-armoury/" ], "related": { "alienvault": { "adversary": [ "Farseer" ], "malware_families": [], "industries": [ "Ngo" ] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "5c7586b76fb6ab0ee2ee0779", "name": "Farseer: Previously Unknown Malware Family bolsters the Chinese armoury", "description": "Last year, Unit 42 wrote about a newly discovered espionage Android malware family, HenBox, which had countless features for spying on their victims \u2013 primarily the Uyghur population \u2013 including interaction with Xiaomi IoT devices, and the Chinese consumer electronics manufacturer\u2019s smart phones. \n\nThrough investigations into infrastructure used by HenBox malware, Unit 42 has discovered another malware family built for the more frequently-targeted Microsoft Windows operating system they named \u2018Farseer\u2019. As with HenBox, Farseer also has infrastructure ties to other malware, such as Poison Ivy, Zupdax, and PKPLUG. \n\nUnit 42 named this malware Farseer malware due to a string found in the PDB path embedded within the executable files.", "modified": "2019-02-26T21:32:00.700000", "created": "2019-02-26T18:34:31.760000", "tags": [ "Farseer", "HenBox", "Poison Ivy", "Zupdax", "PKPLUG" ], "references": [ "https://unit42.paloaltonetworks.com/farseer-previously-unknown-malware-family-bolsters-the-chinese-armoury/" ], "public": 1, "adversary": "Farseer", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [], "industries": [ "NGO" ], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 6, "FileHash-SHA256": 34, "hostname": 10 }, "indicator_count": 50, "is_author": false, "is_subscribing": null, "subscriber_count": 386905, "modified_text": "2652 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "adminsysteminfo.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "adminsysteminfo.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780398598.5395277 }