{ "type": "Domain", "indicator": "asifaap.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/asifaap.com", "alexa": "http://www.alexa.com/siteinfo/asifaap.com", "indicator": "asifaap.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3538416566, "indicator": "asifaap.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "62ff8073d5ec6f25915eee77", "name": "confirmation spam email", "description": "Small sample of an email message that has passed through Gmail's phishing and spam filter. A confirmation email from both cashapp,costco, AceHardware,Walmart, Dicks Sporting Goods, with links hosted on Amazonaws. A common theme between all messages is that the contain a link to an amazon AWS. Redirecting to the launchstore[.]quest before reaching its final destination. Clearly marked phishing by VT, but not specific malware threat based on scans on Hybrid Analysis. (UPDATE) The latest entry is now classifed as malicious.\n\nUpdate Milwaukee power drill via Acehardware.\n\n\nSame MO. Amazon AWS link > Thelaunchstore[.]quest>jongberreta[.]com > positionspot.info\n\n\nUpdate 21/13:20 Added Walmart, Acehardware, Dicks sporting goods into the description above.", "modified": "2022-09-20T00:01:18.490000", "created": "2022-08-19T12:22:11.793000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "wow64", "windows nt", "get rd", "details", "request url", "format details", "request get", "raw hex", "ed bf", "c0 a8", "date", "accept", "hybrid", "close", "click", "hosts", "august", "general", "local", "strings", "suspicious", "hybrid analysis", "api key", "vetting process", "please note", "please", "urls", "javascript" ], "references": [ "https://www.virustotal.com/gui/url/914be00fdad8f3107346a98befe3f9479c22279fdde96f791335979535cb925a/details", "https://www.virustotal.com/gui/url/229900b7e2a264dac811b9600ab1c4b8bab8db66d36c991b04ff13989a9a762f/details", "https://hybrid-analysis.com/sample/9e96b4c177ce71ec5e8abe0f7bdd6c8ed3c30c2f8cc4d2b2f8cbd563baa4e21d", "https://hybrid-analysis.com/sample/0c4d6854d2c6e4fc7f5b27d00200b4f9e1dee0d83a253b8ed3f6628369ec53b2/62feba5605ed9d19656a2cc4", "https://www.virustotal.com/gui/url/85027244b8c9b054a86f6ff56c51d7de18b7575fada1a2132f6f766b95df022d/detection", "https://tria.ge/220820-cg7v8sddcm/behavioral1", "https://www.virustotal.com/gui/url/fb0d412d69fc02afac1be2a966500bc93e2fa01347e92bd5528f630bad921b5f?nocache=1", "https://www.virustotal.com/gui/url/c2053470f4ca4ae31a379e12f6cbc90cb0a60d2f038e57fdf20fe0344b8a30dd?nocache=1" ], "public": 1, "adversary": "Mazikeen", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "BraveHeart", "id": "123797", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "FileHash-MD5": 274, "FileHash-SHA1": 256, "FileHash-SHA256": 267, "URL": 51, "domain": 96, "email": 18, "hostname": 59 }, "indicator_count": 1027, "is_author": false, "is_subscribing": null, "subscriber_count": 61, "modified_text": "1350 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/9e96b4c177ce71ec5e8abe0f7bdd6c8ed3c30c2f8cc4d2b2f8cbd563baa4e21d", "https://www.virustotal.com/gui/url/914be00fdad8f3107346a98befe3f9479c22279fdde96f791335979535cb925a/details", "https://tria.ge/220820-cg7v8sddcm/behavioral1", "https://hybrid-analysis.com/sample/0c4d6854d2c6e4fc7f5b27d00200b4f9e1dee0d83a253b8ed3f6628369ec53b2/62feba5605ed9d19656a2cc4", "https://www.virustotal.com/gui/url/fb0d412d69fc02afac1be2a966500bc93e2fa01347e92bd5528f630bad921b5f?nocache=1", "https://www.virustotal.com/gui/url/85027244b8c9b054a86f6ff56c51d7de18b7575fada1a2132f6f766b95df022d/detection", "https://www.virustotal.com/gui/url/229900b7e2a264dac811b9600ab1c4b8bab8db66d36c991b04ff13989a9a762f/details", "https://www.virustotal.com/gui/url/c2053470f4ca4ae31a379e12f6cbc90cb0a60d2f038e57fdf20fe0344b8a30dd?nocache=1" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Mazikeen" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "62ff8073d5ec6f25915eee77", "name": "confirmation spam email", "description": "Small sample of an email message that has passed through Gmail's phishing and spam filter. A confirmation email from both cashapp,costco, AceHardware,Walmart, Dicks Sporting Goods, with links hosted on Amazonaws. A common theme between all messages is that the contain a link to an amazon AWS. Redirecting to the launchstore[.]quest before reaching its final destination. Clearly marked phishing by VT, but not specific malware threat based on scans on Hybrid Analysis. (UPDATE) The latest entry is now classifed as malicious.\n\nUpdate Milwaukee power drill via Acehardware.\n\n\nSame MO. Amazon AWS link > Thelaunchstore[.]quest>jongberreta[.]com > positionspot.info\n\n\nUpdate 21/13:20 Added Walmart, Acehardware, Dicks sporting goods into the description above.", "modified": "2022-09-20T00:01:18.490000", "created": "2022-08-19T12:22:11.793000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "wow64", "windows nt", "get rd", "details", "request url", "format details", "request get", "raw hex", "ed bf", "c0 a8", "date", "accept", "hybrid", "close", "click", "hosts", "august", "general", "local", "strings", "suspicious", "hybrid analysis", "api key", "vetting process", "please note", "please", "urls", "javascript" ], "references": [ "https://www.virustotal.com/gui/url/914be00fdad8f3107346a98befe3f9479c22279fdde96f791335979535cb925a/details", "https://www.virustotal.com/gui/url/229900b7e2a264dac811b9600ab1c4b8bab8db66d36c991b04ff13989a9a762f/details", "https://hybrid-analysis.com/sample/9e96b4c177ce71ec5e8abe0f7bdd6c8ed3c30c2f8cc4d2b2f8cbd563baa4e21d", "https://hybrid-analysis.com/sample/0c4d6854d2c6e4fc7f5b27d00200b4f9e1dee0d83a253b8ed3f6628369ec53b2/62feba5605ed9d19656a2cc4", "https://www.virustotal.com/gui/url/85027244b8c9b054a86f6ff56c51d7de18b7575fada1a2132f6f766b95df022d/detection", "https://tria.ge/220820-cg7v8sddcm/behavioral1", "https://www.virustotal.com/gui/url/fb0d412d69fc02afac1be2a966500bc93e2fa01347e92bd5528f630bad921b5f?nocache=1", "https://www.virustotal.com/gui/url/c2053470f4ca4ae31a379e12f6cbc90cb0a60d2f038e57fdf20fe0344b8a30dd?nocache=1" ], "public": 1, "adversary": "Mazikeen", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "BraveHeart", "id": "123797", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "FileHash-MD5": 274, "FileHash-SHA1": 256, "FileHash-SHA256": 267, "URL": 51, "domain": 96, "email": 18, "hostname": 59 }, "indicator_count": 1027, "is_author": false, "is_subscribing": null, "subscriber_count": 61, "modified_text": "1350 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "asifaap.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "asifaap.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780327431.531285 }