{ "type": "Domain", "indicator": "askamoshopsi.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/askamoshopsi.com", "alexa": "http://www.alexa.com/siteinfo/askamoshopsi.com", "indicator": "askamoshopsi.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3679632664, "indicator": "askamoshopsi.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "651103399406529096cf8e38", "name": "IcedID (by ThreatFox)", "description": "https://www.virustotal.com/gui/collection/threatfox_win_icedid", "modified": "2023-10-25T03:00:51.071000", "created": "2023-09-25T03:49:13.708000", "tags": [ "icedid", "threatfox" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "IcedID", "display_name": "IcedID", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 814, "FileHash-MD5": 55, "FileHash-SHA1": 55, "FileHash-SHA256": 89, "domain": 1036, "hostname": 1 }, "indicator_count": 2050, "is_author": false, "is_subscribing": null, "subscriber_count": 183, "modified_text": "950 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64c5cf320a92c0bdc8ab9068", "name": "IcedID Malware with Updated BackConnect Module", "description": "", "modified": "2023-08-29T02:05:17.125000", "created": "2023-07-30T02:47:14.813000", "tags": [], "references": [ "July 29th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #2928 - IcedID Malware with Updated BackConnect Module.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 2, "URL": 4, "domain": 3, "hostname": 2 }, "indicator_count": 13, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "1007 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64c3a1297bbfb4b85cbde920", "name": "Threatview.io Domain Blocklist", "description": "Malicious Domains identified for phishing/ serving malware/ command and control", "modified": "2023-07-28T11:06:17.802000", "created": "2023-07-28T11:06:17.802000", "tags": [], "references": [ "https://threatview.io/Downloads/DOMAIN-High-Confidence-Feed.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "hitman", "id": "195", "avatar_url": "/otxapi/users/avatar_image/media/avatars/hitman/resized/80/MtDewBot.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 245, "hostname": 21 }, "indicator_count": 266, "is_author": false, "is_subscribing": null, "subscriber_count": 183, "modified_text": "1039 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "647d9094bd79cd8ef7b2f555", "name": "Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID", "description": "This blog is part of the Unit 42 series of posts by Palo Alto Networks about malware, IcedID, which can lead to ransomware and other malware. and is based on the Windows operating system.", "modified": "2023-07-05T07:00:27.006000", "created": "2023-06-05T07:36:52.390000", "tags": [ "icedid", "cobalt strike", "figure", "unit", "ip address", "tcp stream", "palo alto", "https traffic", "wireshark", "http get", "wireshark quiz", "april", "wildfire", "alliance", "february", "gozi", "cold", "bokbot", "virustotal", "scroll", "cookie", "bumblebee", "emotet", "qbot", "qakbot", "anubis" ], "references": [ "https://unit42.paloaltonetworks.com/wireshark-quiz-icedid-answers/#post-128267-_v8176g40kstn" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "IcedID", "display_name": "IcedID", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 1, "FileHash-SHA256": 2, "URL": 7, "domain": 4 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "1062 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://unit42.paloaltonetworks.com/wireshark-quiz-icedid-answers/#post-128267-_v8176g40kstn", "July 29th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #2928 - IcedID Malware with Updated BackConnect Module.pdf", "https://threatview.io/Downloads/DOMAIN-High-Confidence-Feed.txt" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Cobalt strike", "Icedid" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "651103399406529096cf8e38", "name": "IcedID (by ThreatFox)", "description": "https://www.virustotal.com/gui/collection/threatfox_win_icedid", "modified": "2023-10-25T03:00:51.071000", "created": "2023-09-25T03:49:13.708000", "tags": [ "icedid", "threatfox" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "IcedID", "display_name": "IcedID", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 814, "FileHash-MD5": 55, "FileHash-SHA1": 55, "FileHash-SHA256": 89, "domain": 1036, "hostname": 1 }, "indicator_count": 2050, "is_author": false, "is_subscribing": null, "subscriber_count": 183, "modified_text": "950 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64c5cf320a92c0bdc8ab9068", "name": "IcedID Malware with Updated BackConnect Module", "description": "", "modified": "2023-08-29T02:05:17.125000", "created": "2023-07-30T02:47:14.813000", "tags": [], "references": [ "July 29th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #2928 - IcedID Malware with Updated BackConnect Module.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 2, "URL": 4, "domain": 3, "hostname": 2 }, "indicator_count": 13, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "1007 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64c3a1297bbfb4b85cbde920", "name": "Threatview.io Domain Blocklist", "description": "Malicious Domains identified for phishing/ serving malware/ command and control", "modified": "2023-07-28T11:06:17.802000", "created": "2023-07-28T11:06:17.802000", "tags": [], "references": [ "https://threatview.io/Downloads/DOMAIN-High-Confidence-Feed.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "hitman", "id": "195", "avatar_url": "/otxapi/users/avatar_image/media/avatars/hitman/resized/80/MtDewBot.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 245, "hostname": 21 }, "indicator_count": 266, "is_author": false, "is_subscribing": null, "subscriber_count": 183, "modified_text": "1039 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "647d9094bd79cd8ef7b2f555", "name": "Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID", "description": "This blog is part of the Unit 42 series of posts by Palo Alto Networks about malware, IcedID, which can lead to ransomware and other malware. and is based on the Windows operating system.", "modified": "2023-07-05T07:00:27.006000", "created": "2023-06-05T07:36:52.390000", "tags": [ "icedid", "cobalt strike", "figure", "unit", "ip address", "tcp stream", "palo alto", "https traffic", "wireshark", "http get", "wireshark quiz", "april", "wildfire", "alliance", "february", "gozi", "cold", "bokbot", "virustotal", "scroll", "cookie", "bumblebee", "emotet", "qbot", "qakbot", "anubis" ], "references": [ "https://unit42.paloaltonetworks.com/wireshark-quiz-icedid-answers/#post-128267-_v8176g40kstn" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "IcedID", "display_name": "IcedID", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 1, "FileHash-SHA256": 2, "URL": 7, "domain": 4 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "1062 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "askamoshopsi.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "askamoshopsi.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780319329.0459478 }