{ "type": "Domain", "indicator": "apiujquery.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/apiujquery.com", "alexa": "http://www.alexa.com/siteinfo/apiujquery.com", "indicator": "apiujquery.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3169042555, "indicator": "apiujquery.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "674ea53a3509f6554438cfb6", "name": "extrapolation from some ips in 2023 report", "description": "", "modified": "2025-06-02T19:58:17.107000", "created": "2024-12-03T06:29:14.674000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1131, "hostname": 2551, "domain": 1669, "URL": 6806, "CVE": 1 }, "indicator_count": 12158, "is_author": false, "is_subscribing": null, "subscriber_count": 189, "modified_text": "362 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655875976e053dcf96260bde", "name": "Seychelles, Seychelles, on the C(2) Shore", "description": "A bulletproof hosting provider registered in the Republic of Seychelles is associated with multiple malicious campaigns, including ransomware and crypto miners, according to research carried out by the S2 Research Team.", "modified": "2023-12-18T08:03:59.446000", "created": "2023-11-18T08:28:07.134000", "tags": [ "eliteteam", "seychelles", "c2 server", "as51381", "redline stealer", "amadey c2", "august", "mrssoprano666", "fidelity", "limited", "february", "amadey", "june", "virustotal", "smokeloader", "alex", "april", "recordbreaker", "telecom", "djvu", "v2", "threatfox", "et", "stage download", "traffic inbound" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Seychelles", "Brazil", "India", "South Africa" ], "malware_families": [ { "id": "Smokeloader", "display_name": "Smokeloader", "target": null }, { "id": "Djvu", "display_name": "Djvu", "target": null }, { "id": "V2", "display_name": "V2", "target": null }, { "id": "ThreatFox", "display_name": "ThreatFox", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Stage Download", "display_name": "Stage Download", "target": null }, { "id": "Traffic Inbound", "display_name": "Traffic Inbound", "target": null }, { "id": "Amadey", "display_name": "Amadey", "target": null } ], "attack_ids": [ { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ghitansilviu@gmail.com", "id": "177478", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 1, "CVE": 1, "FileHash-MD5": 7, "FileHash-SHA1": 6, "FileHash-SHA256": 19, "URL": 4, "domain": 15, "hostname": 1 }, "indicator_count": 54, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "895 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657099644208c92832a9ae92", "name": "those ip's JL v2 all suggested ioc's - Data you got \ud83d\ude1c\ud83e\udd37\u200d\u2640\ufe0f", "description": "", "modified": "2023-12-06T15:55:15.497000", "created": "2023-12-06T15:55:15.497000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4582, "FileHash-SHA256": 2374, "CVE": 5, "domain": 3456, "URL": 14212, "FileHash-MD5": 13, "FileHash-SHA1": 13 }, "indicator_count": 24655, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "643746d7f4010b92e37ace06", "name": "those ip's JL v2 all suggested ioc's - Data you got \ud83d\ude1c\ud83e\udd37\u200d\u2640\ufe0f", "description": "", "modified": "2023-04-13T00:03:35.384000", "created": "2023-04-13T00:03:35.384000", "tags": [], "references": [ "g4991d86fdf3941e589ac92d5848b9f8d260d7afe5e9f47839d69fe03b34b062e.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 89, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14212, "FileHash-SHA256": 2374, "hostname": 4582, "domain": 3456, "CVE": 5, "IPv4": 311, "FileHash-MD5": 13, "FileHash-SHA1": 13 }, "indicator_count": 24966, "is_author": false, "is_subscribing": null, "subscriber_count": 94, "modified_text": "1144 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63993b596868838805a8f244", "name": "widevinecdm.dll - Supply chain", "description": "", "modified": "2023-01-13T02:00:12.152000", "created": "2022-12-14T02:56:25.758000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1880, "email": 28, "domain": 1202, "URL": 3432, "CIDR": 1, "FileHash-MD5": 90, "FileHash-SHA1": 56, "FileHash-SHA256": 4101 }, "indicator_count": 10790, "is_author": false, "is_subscribing": null, "subscriber_count": 93, "modified_text": "1234 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "633ee7153a2c5ad74ce94138", "name": "EliteTeam Bulletproof Hosting - malicious sites and CIDR block", "description": "IOCs from https://www.team-cymru.com/post/seychelles-seychelles-on-the-c-2-shore\nELITETEAM\n\u201c1337TEAM LIMITED\u201d: AS39770, AS60424, AS56873, and AS51381, but mainly operates from AS51381, which is associated with netblock 185.215.113.0/24.", "modified": "2022-11-05T14:03:58.709000", "created": "2022-10-06T14:32:53.663000", "tags": [ "BulletProof Hosting", "ELITETEAM", "Redline", "Smokeloader", "Amadey", "Phishing", "Raccoon Stealer" ], "references": [ "EliteTeam bulletproof hosting.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Techronik", "id": "114546", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 15, "CIDR": 1, "hostname": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "1302 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628cc5721bcca5adf7000a62", "name": "Beneath the surface: Uncovering the shift in web skimming - Microsoft Security Blog", "description": "Web skimming is a growing threat that attackers are targeting e-commerce platforms and content management systems, making them highly evasive to traditional security solutions, according to Microsoft security researchers. the company.", "modified": "2022-06-23T00:03:28.624000", "created": "2022-05-24T11:45:54.862000", "tags": [ "trojanspy", "magecart", "javascript", "meta pixel", "microsoft", "php script", "base64", "figure", "cmss", "defender", "magento", "virustotal", "april", "rats", "august" ], "references": [ "https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/" ], "public": 1, "adversary": "Magecart", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "E-Commerce" ], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluewatcher", "id": "174522", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 1, "FileHash-SHA256": 2, "URL": 19, "domain": 16 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 112, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf", "https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/", "g4991d86fdf3941e589ac92d5848b9f8d260d7afe5e9f47839d69fe03b34b062e.json", "EliteTeam bulletproof hosting.csv" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Magecart" ], "malware_families": [ "V2", "Threatfox", "Traffic inbound", "Stage download", "Djvu", "Trojanspy", "Et", "Smokeloader", "Amadey" ], "industries": [ "E-commerce" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "674ea53a3509f6554438cfb6", "name": "extrapolation from some ips in 2023 report", "description": "", "modified": "2025-06-02T19:58:17.107000", "created": "2024-12-03T06:29:14.674000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1131, "hostname": 2551, "domain": 1669, "URL": 6806, "CVE": 1 }, "indicator_count": 12158, "is_author": false, "is_subscribing": null, "subscriber_count": 189, "modified_text": "362 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655875976e053dcf96260bde", "name": "Seychelles, Seychelles, on the C(2) Shore", "description": "A bulletproof hosting provider registered in the Republic of Seychelles is associated with multiple malicious campaigns, including ransomware and crypto miners, according to research carried out by the S2 Research Team.", "modified": "2023-12-18T08:03:59.446000", "created": "2023-11-18T08:28:07.134000", "tags": [ "eliteteam", "seychelles", "c2 server", "as51381", "redline stealer", "amadey c2", "august", "mrssoprano666", "fidelity", "limited", "february", "amadey", "june", "virustotal", "smokeloader", "alex", "april", "recordbreaker", "telecom", "djvu", "v2", "threatfox", "et", "stage download", "traffic inbound" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Seychelles", "Brazil", "India", "South Africa" ], "malware_families": [ { "id": "Smokeloader", "display_name": "Smokeloader", "target": null }, { "id": "Djvu", "display_name": "Djvu", "target": null }, { "id": "V2", "display_name": "V2", "target": null }, { "id": "ThreatFox", "display_name": "ThreatFox", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Stage Download", "display_name": "Stage Download", "target": null }, { "id": "Traffic Inbound", "display_name": "Traffic Inbound", "target": null }, { "id": "Amadey", "display_name": "Amadey", "target": null } ], "attack_ids": [ { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ghitansilviu@gmail.com", "id": "177478", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 1, "CVE": 1, "FileHash-MD5": 7, "FileHash-SHA1": 6, "FileHash-SHA256": 19, "URL": 4, "domain": 15, "hostname": 1 }, "indicator_count": 54, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "895 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657099644208c92832a9ae92", "name": "those ip's JL v2 all suggested ioc's - Data you got \ud83d\ude1c\ud83e\udd37\u200d\u2640\ufe0f", "description": "", "modified": "2023-12-06T15:55:15.497000", "created": "2023-12-06T15:55:15.497000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4582, "FileHash-SHA256": 2374, "CVE": 5, "domain": 3456, "URL": 14212, "FileHash-MD5": 13, "FileHash-SHA1": 13 }, "indicator_count": 24655, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "643746d7f4010b92e37ace06", "name": "those ip's JL v2 all suggested ioc's - Data you got \ud83d\ude1c\ud83e\udd37\u200d\u2640\ufe0f", "description": "", "modified": "2023-04-13T00:03:35.384000", "created": "2023-04-13T00:03:35.384000", "tags": [], "references": [ "g4991d86fdf3941e589ac92d5848b9f8d260d7afe5e9f47839d69fe03b34b062e.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 89, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14212, "FileHash-SHA256": 2374, "hostname": 4582, "domain": 3456, "CVE": 5, "IPv4": 311, "FileHash-MD5": 13, "FileHash-SHA1": 13 }, "indicator_count": 24966, "is_author": false, "is_subscribing": null, "subscriber_count": 94, "modified_text": "1144 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63993b596868838805a8f244", "name": "widevinecdm.dll - Supply chain", "description": "", "modified": "2023-01-13T02:00:12.152000", "created": "2022-12-14T02:56:25.758000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1880, "email": 28, "domain": 1202, "URL": 3432, "CIDR": 1, "FileHash-MD5": 90, "FileHash-SHA1": 56, "FileHash-SHA256": 4101 }, "indicator_count": 10790, "is_author": false, "is_subscribing": null, "subscriber_count": 93, "modified_text": "1234 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "633ee7153a2c5ad74ce94138", "name": "EliteTeam Bulletproof Hosting - malicious sites and CIDR block", "description": "IOCs from https://www.team-cymru.com/post/seychelles-seychelles-on-the-c-2-shore\nELITETEAM\n\u201c1337TEAM LIMITED\u201d: AS39770, AS60424, AS56873, and AS51381, but mainly operates from AS51381, which is associated with netblock 185.215.113.0/24.", "modified": "2022-11-05T14:03:58.709000", "created": "2022-10-06T14:32:53.663000", "tags": [ "BulletProof Hosting", "ELITETEAM", "Redline", "Smokeloader", "Amadey", "Phishing", "Raccoon Stealer" ], "references": [ "EliteTeam bulletproof hosting.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Techronik", "id": "114546", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 15, "CIDR": 1, "hostname": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "1302 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628cc5721bcca5adf7000a62", "name": "Beneath the surface: Uncovering the shift in web skimming - Microsoft Security Blog", "description": "Web skimming is a growing threat that attackers are targeting e-commerce platforms and content management systems, making them highly evasive to traditional security solutions, according to Microsoft security researchers. the company.", "modified": "2022-06-23T00:03:28.624000", "created": "2022-05-24T11:45:54.862000", "tags": [ "trojanspy", "magecart", "javascript", "meta pixel", "microsoft", "php script", "base64", "figure", "cmss", "defender", "magento", "virustotal", "april", "rats", "august" ], "references": [ "https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/" ], "public": 1, "adversary": "Magecart", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "E-Commerce" ], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluewatcher", "id": "174522", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 1, "FileHash-SHA256": 2, "URL": 19, "domain": 16 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 112, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "apiujquery.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "apiujquery.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780235844.3730795 }