{ "type": "Domain", "indicator": "apiframeworknode.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/apiframeworknode.com", "alexa": "http://www.alexa.com/siteinfo/apiframeworknode.com", "indicator": "apiframeworknode.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3861389060, "indicator": "apiframeworknode.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "6783308fc0b6e2bd8dfb209c", "name": "TTC-CERT_blocklist_recommended", "description": "", "modified": "2026-02-14T00:03:07.406000", "created": "2025-01-12T03:01:35.075000", "tags": [], "references": [ "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 606, "URL": 4, "domain": 25122, "hostname": 25306 }, "indicator_count": 51038, "is_author": false, "is_subscribing": null, "subscriber_count": 187, "modified_text": "108 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679ab327b4f3de496118df4d", "name": "http://185.81.68.156/bin/bot64.bin", "description": "https://www.virustotal.com/gui/url/05ab194727e8a1832ec7ff494462427a2f16525f79960996cebdb56d743adef6/details", "modified": "2025-01-29T23:00:55.497000", "created": "2025-01-29T23:00:55.497000", "tags": [ "detects", "roth", "program", "files", "xored keyword", "xor key", "sentinel labs", "filter", "norton", "security", "win32", "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "rozmiar", "opis plik", "pe32", "ms windows", "sha256", "sha1", "proces", "ssdeep", "r1 zrzut", "zapytanie", "zasilane przez" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 59, "URL": 1769, "FileHash-SHA256": 218, "YARA": 1, "hostname": 820, "FileHash-MD5": 70, "FileHash-SHA1": 69, "domain": 706, "email": 2 }, "indicator_count": 3714, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "488 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66a2b971cad0f744c2793342", "name": "ACTIVIDAD MALICIOSA | Relacionada con SocGholish 25-07-2024", "description": "SocGholish, tambi\u00e9n conocido como FakeUpdates, es un tipo de malware empleado por grupos de ciberdelincuentes desde 2017, atacando principalmente sitios web basados en WordPress. Este malware se propaga mediante descargas autom\u00e1ticas disfrazadas como actualizaciones de navegador falsas, resultando en la instalaci\u00f3n de software malicioso en los dispositivos de los usuarios sin su conocimiento. Esto permite la ejecuci\u00f3n de c\u00f3digo malicioso, el robo de datos y la implementaci\u00f3n de ransomware. SocGholish utiliza t\u00e9cnicas avanzadas para evadir la detecci\u00f3n, como la inyecci\u00f3n de c\u00f3digo JavaScript y la obfuscaci\u00f3n, lo que dificulta su identificaci\u00f3n y eliminaci\u00f3n.", "modified": "2024-08-24T20:03:49.146000", "created": "2024-07-25T20:45:37.329000", "tags": [ "ta0001", "ta0002", "ta0005", "ta0011", "command", "control", "ta0042", "development", "t1189", "t1027" ], "references": [ "https://www.virustotal.com/graph/embed/gbe69d08cc77f41ba8ece59fff453ab7cb42cfb4819ce477c957caa6901893c17?theme=light", "https://www.gdatasoftware.com/blog/2024/07/37976-socgholish-fake-update", "https://www.alertasyseguridad.net/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SocGholish - S1124", "display_name": "SocGholish - S1124", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 10, "URL": 1, "domain": 11, "hostname": 7 }, "indicator_count": 33, "is_author": false, "is_subscribing": null, "subscriber_count": 267, "modified_text": "646 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "662b4e754881354d136d1a46", "name": "Malicious URL - spyware and malware", "description": "Malicious URL reported by other vendors and spyware and malware", "modified": "2024-04-26T06:50:20.890000", "created": "2024-04-26T06:49:25.565000", "tags": [ "Spyware", "Malicious", "Malware" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 30, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Wolfy0111", "id": "263396", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1 }, "indicator_count": 1, "is_author": false, "is_subscribing": null, "subscriber_count": 24, "modified_text": "766 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.gdatasoftware.com/blog/2024/07/37976-socgholish-fake-update", "https://www.virustotal.com/graph/embed/gbe69d08cc77f41ba8ece59fff453ab7cb42cfb4819ce477c957caa6901893c17?theme=light", "https://www.alertasyseguridad.net/repositorio-ioc/", "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Socgholish - s1124" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "6783308fc0b6e2bd8dfb209c", "name": "TTC-CERT_blocklist_recommended", "description": "", "modified": "2026-02-14T00:03:07.406000", "created": "2025-01-12T03:01:35.075000", "tags": [], "references": [ "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 606, "URL": 4, "domain": 25122, "hostname": 25306 }, "indicator_count": 51038, "is_author": false, "is_subscribing": null, "subscriber_count": 187, "modified_text": "108 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679ab327b4f3de496118df4d", "name": "http://185.81.68.156/bin/bot64.bin", "description": "https://www.virustotal.com/gui/url/05ab194727e8a1832ec7ff494462427a2f16525f79960996cebdb56d743adef6/details", "modified": "2025-01-29T23:00:55.497000", "created": "2025-01-29T23:00:55.497000", "tags": [ "detects", "roth", "program", "files", "xored keyword", "xor key", "sentinel labs", "filter", "norton", "security", "win32", "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "rozmiar", "opis plik", "pe32", "ms windows", "sha256", "sha1", "proces", "ssdeep", "r1 zrzut", "zapytanie", "zasilane przez" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 59, "URL": 1769, "FileHash-SHA256": 218, "YARA": 1, "hostname": 820, "FileHash-MD5": 70, "FileHash-SHA1": 69, "domain": 706, "email": 2 }, "indicator_count": 3714, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "488 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66a2b971cad0f744c2793342", "name": "ACTIVIDAD MALICIOSA | Relacionada con SocGholish 25-07-2024", "description": "SocGholish, tambi\u00e9n conocido como FakeUpdates, es un tipo de malware empleado por grupos de ciberdelincuentes desde 2017, atacando principalmente sitios web basados en WordPress. Este malware se propaga mediante descargas autom\u00e1ticas disfrazadas como actualizaciones de navegador falsas, resultando en la instalaci\u00f3n de software malicioso en los dispositivos de los usuarios sin su conocimiento. Esto permite la ejecuci\u00f3n de c\u00f3digo malicioso, el robo de datos y la implementaci\u00f3n de ransomware. SocGholish utiliza t\u00e9cnicas avanzadas para evadir la detecci\u00f3n, como la inyecci\u00f3n de c\u00f3digo JavaScript y la obfuscaci\u00f3n, lo que dificulta su identificaci\u00f3n y eliminaci\u00f3n.", "modified": "2024-08-24T20:03:49.146000", "created": "2024-07-25T20:45:37.329000", "tags": [ "ta0001", "ta0002", "ta0005", "ta0011", "command", "control", "ta0042", "development", "t1189", "t1027" ], "references": [ "https://www.virustotal.com/graph/embed/gbe69d08cc77f41ba8ece59fff453ab7cb42cfb4819ce477c957caa6901893c17?theme=light", "https://www.gdatasoftware.com/blog/2024/07/37976-socgholish-fake-update", "https://www.alertasyseguridad.net/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SocGholish - S1124", "display_name": "SocGholish - S1124", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 10, "URL": 1, "domain": 11, "hostname": 7 }, "indicator_count": 33, "is_author": false, "is_subscribing": null, "subscriber_count": 267, "modified_text": "646 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "662b4e754881354d136d1a46", "name": "Malicious URL - spyware and malware", "description": "Malicious URL reported by other vendors and spyware and malware", "modified": "2024-04-26T06:50:20.890000", "created": "2024-04-26T06:49:25.565000", "tags": [ "Spyware", "Malicious", "Malware" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 30, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Wolfy0111", "id": "263396", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1 }, "indicator_count": 1, "is_author": false, "is_subscribing": null, "subscriber_count": 24, "modified_text": "766 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "apiframeworknode.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "apiframeworknode.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780380524.6270962 }