{ "type": "Domain", "indicator": "an4g2zob1.top", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/an4g2zob1.top", "alexa": "http://www.alexa.com/siteinfo/an4g2zob1.top", "indicator": "an4g2zob1.top", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4005280079, "indicator": "an4g2zob1.top", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "6735e9db10270db09bc7a028", "name": "Mass Telegram account hijacking via supply-chain phishing campaign", "description": "China-linked hackers behind a malicious cyberespionage campaign targeting Telegram user across the world. The campaign involves the use of phishing links disguised as Telegram login pages, aimed at harvesting user credentials such as mobile numbers, OTPs, and 2FA passwords to hijack the user's Telegram account and further use the hacked victim TG account in the supply chain attack.", "modified": "2024-12-14T12:04:27.627000", "created": "2024-11-14T12:15:23.379000", "tags": [ "Telegram", "Phishing", "China-linked", "TG Account Hijacking" ], "references": [ "https://izoologic.com/threat-advisory/mass-telegram-account-hijacking-via-supply-chain-phishing-campaign/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "soc.pankajsuthar", "id": "241955", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "domain": 980, "hostname": 44 }, "indicator_count": 1025, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "533 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://izoologic.com/threat-advisory/mass-telegram-account-hijacking-via-supply-chain-phishing-campaign/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "6735e9db10270db09bc7a028", "name": "Mass Telegram account hijacking via supply-chain phishing campaign", "description": "China-linked hackers behind a malicious cyberespionage campaign targeting Telegram user across the world. The campaign involves the use of phishing links disguised as Telegram login pages, aimed at harvesting user credentials such as mobile numbers, OTPs, and 2FA passwords to hijack the user's Telegram account and further use the hacked victim TG account in the supply chain attack.", "modified": "2024-12-14T12:04:27.627000", "created": "2024-11-14T12:15:23.379000", "tags": [ "Telegram", "Phishing", "China-linked", "TG Account Hijacking" ], "references": [ "https://izoologic.com/threat-advisory/mass-telegram-account-hijacking-via-supply-chain-phishing-campaign/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "soc.pankajsuthar", "id": "241955", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "domain": 980, "hostname": 44 }, "indicator_count": 1025, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "533 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "an4g2zob1.top", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "an4g2zob1.top", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780306931.2207065 }