{ "type": "Domain", "indicator": "approximationsimulation.cn", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/approximationsimulation.cn", "alexa": "http://www.alexa.com/siteinfo/approximationsimulation.cn", "indicator": "approximationsimulation.cn", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3588495812, "indicator": "approximationsimulation.cn", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 14, "pulses": [ { "id": "6373ddb1f06b9fcb2fc20b96", "name": "CYJAX | Fangxiao a Chinese threat actor", "description": "A large-scale phishing campaign that exploits the reputation of well-known brands is being targeted by a group based in China, according to a report published in the International Security Review (ISR).", "modified": "2022-12-15T18:01:04.713000", "created": "2022-11-15T18:42:57.008000", "tags": [ "android", "fangxiao", "phishing", "triada" ], "references": [ "https://www.cyjax.com/app/uploads/2022/11/Fangxiao-a-Chinese-threat-actor.pdf", "https://www.cyjax.com/app/uploads/2022/11/fangxiao-a-chinese-threat-actor.txt" ], "public": 1, "adversary": "", "targeted_countries": [ "Indonesia", "Singapore" ], "malware_families": [ { "id": "Triada", "display_name": "Triada", "target": null }, { "id": "Phishing", "display_name": "Phishing", "target": null }, { "id": "Fangxiao", "display_name": "Fangxiao", "target": null }, { "id": "Android", "display_name": "Android", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [ "Cryptocurrency", "Financial Services", "Transport", "Food", "Pharmaceuticals", "Travel", "Banking", "Retail", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cyber74Team", "id": "202637", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_202637/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "URL": 9, "domain": 39440, "email": 22, "hostname": 6 }, "indicator_count": 39486, "is_author": false, "is_subscribing": null, "subscriber_count": 168, "modified_text": "1266 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63769e4a807939f54ee041b3", "name": "Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign", "description": "", "modified": "2022-11-17T20:49:14.078000", "created": "2022-11-17T20:49:14.078000", "tags": [], "references": [ "https://www.cyjax.com/app/uploads/2022/11/fangxiao-a-chinese-threat-actor.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohammedkaif_98", "id": "214759", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 39397 }, "indicator_count": 39397, "is_author": false, "is_subscribing": null, "subscriber_count": 46, "modified_text": "1294 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63769e4582f7fca5a3b40878", "name": "Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign", "description": "", "modified": "2022-11-17T20:49:09.134000", "created": "2022-11-17T20:49:09.134000", "tags": [], "references": [ "https://www.cyjax.com/app/uploads/2022/11/fangxiao-a-chinese-threat-actor.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohammedkaif_98", "id": "214759", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 39397 }, "indicator_count": 39397, "is_author": false, "is_subscribing": null, "subscriber_count": 46, "modified_text": "1294 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63769e427360fe9e614f6a48", "name": "Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign", "description": "", "modified": "2022-11-17T20:49:06.723000", "created": "2022-11-17T20:49:06.723000", "tags": [], "references": [ "https://www.cyjax.com/app/uploads/2022/11/fangxiao-a-chinese-threat-actor.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohammedkaif_98", "id": "214759", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 39397 }, "indicator_count": 39397, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "1294 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63736ec1ae24ca332dc4c349", "name": "Fangxiao: a Chinese threat actor - Cyjax", "description": "", "modified": "2022-11-15T10:49:37.223000", "created": "2022-11-15T10:49:37.223000", "tags": [ "fangxiao", "phishing", "triada", "china", "cloudflare", "cyjax", "fanxgiao", "october", "emirates", "singapore", "shopee", "unilever", "indonesia" ], "references": [ "https://www.cyjax.com/2022/11/14/fangxiao-a-chinese-threat-actor/" ], "public": 1, "adversary": "Fangxiao", "targeted_countries": [ "Indonesia", "Singapore", "China" ], "malware_families": [ { "id": "Triada", "display_name": "Triada", "target": null }, { "id": "Phishing", "display_name": "Phishing", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Pharmaceuticals", "Banking", "Retail", "Travel" ], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 39397 }, "indicator_count": 39397, "is_author": false, "is_subscribing": null, "subscriber_count": 866, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fcfc0d04cac7385808d5", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:44:12.495000", "created": "2022-11-15T02:44:12.495000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 509, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fcf6f2aade2e6b5c2bfd", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:44:06.962000", "created": "2022-11-15T02:44:06.962000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 504, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fcf56fa2562abf8839be", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:44:05.706000", "created": "2022-11-15T02:44:05.706000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fce823a0cf2542969ee5", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:43:52.392000", "created": "2022-11-15T02:43:52.392000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fce770e0dd03672b95b9", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:43:51.666000", "created": "2022-11-15T02:43:51.666000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fce4e53e5f579920e5e3", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:43:48.441000", "created": "2022-11-15T02:43:48.441000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fcdc13b6be612c3ac2a7", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:43:40.905000", "created": "2022-11-15T02:43:40.905000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 502, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fcd8445c8fd680a58fbb", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:43:36.542000", "created": "2022-11-15T02:43:36.542000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fcbbdf0f94984ca6b1ee", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:43:07.882000", "created": "2022-11-15T02:43:07.882000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 503, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.cyjax.com/2022/11/14/fangxiao-a-chinese-threat-actor/", "https://www.cyjax.com/app/uploads/2022/11/Fangxiao-a-Chinese-threat-actor.pdf", "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf", "https://www.cyjax.com/app/uploads/2022/11/fangxiao-a-chinese-threat-actor.txt" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Fangxiao" ], "malware_families": [ "Phishing", "Triada", "Fangxiao", "Android" ], "industries": [ "Cryptocurrency", "Transport", "Banking", "Food", "Retail", "Energy", "Travel", "Pharmaceuticals", "Financial services" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 14, "pulses": [ { "id": "6373ddb1f06b9fcb2fc20b96", "name": "CYJAX | Fangxiao a Chinese threat actor", "description": "A large-scale phishing campaign that exploits the reputation of well-known brands is being targeted by a group based in China, according to a report published in the International Security Review (ISR).", "modified": "2022-12-15T18:01:04.713000", "created": "2022-11-15T18:42:57.008000", "tags": [ "android", "fangxiao", "phishing", "triada" ], "references": [ "https://www.cyjax.com/app/uploads/2022/11/Fangxiao-a-Chinese-threat-actor.pdf", "https://www.cyjax.com/app/uploads/2022/11/fangxiao-a-chinese-threat-actor.txt" ], "public": 1, "adversary": "", "targeted_countries": [ "Indonesia", "Singapore" ], "malware_families": [ { "id": "Triada", "display_name": "Triada", "target": null }, { "id": "Phishing", "display_name": "Phishing", "target": null }, { "id": "Fangxiao", "display_name": "Fangxiao", "target": null }, { "id": "Android", "display_name": "Android", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [ "Cryptocurrency", "Financial Services", "Transport", "Food", "Pharmaceuticals", "Travel", "Banking", "Retail", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cyber74Team", "id": "202637", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_202637/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "URL": 9, "domain": 39440, "email": 22, "hostname": 6 }, "indicator_count": 39486, "is_author": false, "is_subscribing": null, "subscriber_count": 168, "modified_text": "1266 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63769e4a807939f54ee041b3", "name": "Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign", "description": "", "modified": "2022-11-17T20:49:14.078000", "created": "2022-11-17T20:49:14.078000", "tags": [], "references": [ "https://www.cyjax.com/app/uploads/2022/11/fangxiao-a-chinese-threat-actor.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohammedkaif_98", "id": "214759", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 39397 }, "indicator_count": 39397, "is_author": false, "is_subscribing": null, "subscriber_count": 46, "modified_text": "1294 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63769e4582f7fca5a3b40878", "name": "Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign", "description": "", "modified": "2022-11-17T20:49:09.134000", "created": "2022-11-17T20:49:09.134000", "tags": [], "references": [ "https://www.cyjax.com/app/uploads/2022/11/fangxiao-a-chinese-threat-actor.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohammedkaif_98", "id": "214759", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 39397 }, "indicator_count": 39397, "is_author": false, "is_subscribing": null, "subscriber_count": 46, "modified_text": "1294 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63769e427360fe9e614f6a48", "name": "Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign", "description": "", "modified": "2022-11-17T20:49:06.723000", "created": "2022-11-17T20:49:06.723000", "tags": [], "references": [ "https://www.cyjax.com/app/uploads/2022/11/fangxiao-a-chinese-threat-actor.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohammedkaif_98", "id": "214759", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 39397 }, "indicator_count": 39397, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "1294 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63736ec1ae24ca332dc4c349", "name": "Fangxiao: a Chinese threat actor - Cyjax", "description": "", "modified": "2022-11-15T10:49:37.223000", "created": "2022-11-15T10:49:37.223000", "tags": [ "fangxiao", "phishing", "triada", "china", "cloudflare", "cyjax", "fanxgiao", "october", "emirates", "singapore", "shopee", "unilever", "indonesia" ], "references": [ "https://www.cyjax.com/2022/11/14/fangxiao-a-chinese-threat-actor/" ], "public": 1, "adversary": "Fangxiao", "targeted_countries": [ "Indonesia", "Singapore", "China" ], "malware_families": [ { "id": "Triada", "display_name": "Triada", "target": null }, { "id": "Phishing", "display_name": "Phishing", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Pharmaceuticals", "Banking", "Retail", "Travel" ], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 39397 }, "indicator_count": 39397, "is_author": false, "is_subscribing": null, "subscriber_count": 866, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fcfc0d04cac7385808d5", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:44:12.495000", "created": "2022-11-15T02:44:12.495000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 509, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fcf6f2aade2e6b5c2bfd", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:44:06.962000", "created": "2022-11-15T02:44:06.962000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 504, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fcf56fa2562abf8839be", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:44:05.706000", "created": "2022-11-15T02:44:05.706000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fce823a0cf2542969ee5", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:43:52.392000", "created": "2022-11-15T02:43:52.392000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372fce770e0dd03672b95b9", "name": "42,000 malicious web domains impersonating well-known brands", "description": "", "modified": "2022-11-15T02:43:51.666000", "created": "2022-11-15T02:43:51.666000", "tags": [], "references": [ "November 15th, 2022 - CryptoGen Cyber Threat Intelligence - 42,000 malicious web domains impersonating well-known brands.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "hostname": 1, "domain": 39397 }, "indicator_count": 39400, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "1296 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "approximationsimulation.cn", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "approximationsimulation.cn", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780520527.6695793 }