{ "type": "Domain", "indicator": "back.engineering", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/back.engineering", "alexa": "http://www.alexa.com/siteinfo/back.engineering", "indicator": "back.engineering", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2239002317, "indicator": "back.engineering", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "61ed22a7b6f547be5fcdf1a7", "name": "BHUNT Stealer", "description": "A whitepaper on BHUNT Stealer, an attack on cryptocurrency wallets, has been published by the security firm Bitdefender, which provides security and security software for the Bitcoin and other crypto currencies.", "modified": "2022-01-23T09:40:55.950000", "created": "2022-01-23T09:40:55.950000", "tags": [ "bhunt", "redline" ], "references": [ "https://samples.vx-underground.org/samples/Families/BHUNTStealer/Paper/Bitdefender-PR-Whitepaper-CyberWallet-creat5874-en-EN.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BHUNT", "display_name": "BHUNT", "target": null }, { "id": "Redline", "display_name": "Redline", "target": null } ], "attack_ids": [ { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "demoextraa", "id": "176114", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "domain": 3, "hostname": 1 }, "indicator_count": 13, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "1592 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://samples.vx-underground.org/samples/Families/BHUNTStealer/Paper/Bitdefender-PR-Whitepaper-CyberWallet-creat5874-en-EN.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Bhunt", "Redline" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "61ed22a7b6f547be5fcdf1a7", "name": "BHUNT Stealer", "description": "A whitepaper on BHUNT Stealer, an attack on cryptocurrency wallets, has been published by the security firm Bitdefender, which provides security and security software for the Bitcoin and other crypto currencies.", "modified": "2022-01-23T09:40:55.950000", "created": "2022-01-23T09:40:55.950000", "tags": [ "bhunt", "redline" ], "references": [ "https://samples.vx-underground.org/samples/Families/BHUNTStealer/Paper/Bitdefender-PR-Whitepaper-CyberWallet-creat5874-en-EN.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BHUNT", "display_name": "BHUNT", "target": null }, { "id": "Redline", "display_name": "Redline", "target": null } ], "attack_ids": [ { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "demoextraa", "id": "176114", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "domain": 3, "hostname": 1 }, "indicator_count": 13, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "1592 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "back.engineering", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "back.engineering", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780489862.8329973 }