{ "type": "Domain", "indicator": "basepack.org", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/basepack.org", "alexa": "http://www.alexa.com/siteinfo/basepack.org", "indicator": "basepack.org", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 1597061899, "indicator": "basepack.org", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "5c1d5328e8b75815dbcdeeab", "name": "OVERRULED: Containing a Potentially Destructive Adversary", "description": "FireEye assesses APT33 may be behind a series of intrusions and attempted intrusions within the engineering industry. Public reporting indicates this activity may be related to recent destructive attacks. FireEye's Managed Defense has responded to and contained numerous intrusions that we assess are related. The actor is leveraging publicly available tools in early phases of the intrusion; however, we have observed them transition to custom implants in later stage activity in an attempt to circumvent our detection.", "modified": "2019-01-17T17:56:16.352000", "created": "2018-12-21T20:55:04.147000", "tags": [ "poshc2", "outlook", "apt33", "powerton", "powershell", "office", "office365", "energy", "mimikatz", "aerospace", "fireeye" ], "references": [ "https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html" ], "public": 1, "adversary": "APT33", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "energy" ], "TLP": "white", "cloned_from": null, "export_count": 62, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "YARA": 1, "domain": 2, "URL": 10, "FileHash-MD5": 32, "CVE": 2 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 387228, "modified_text": "2693 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6285f40e8e44a7d794362614", "name": "C2_Malicious", "description": "A look at some of the most eye-catching snippets of this year's tech news:-a-day-round:.-..com. (1:00 GMT)..", "modified": "2022-05-19T07:38:54.065000", "created": "2022-05-19T07:38:54.065000", "tags": [], "references": [ "C2_Malicious" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "maletaibi", "id": "168404", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_168404/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 269, "hostname": 131 }, "indicator_count": 400, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "1476 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "C2_Malicious", "https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html" ], "related": { "alienvault": { "adversary": [ "APT33" ], "malware_families": [], "industries": [ "Energy" ] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "5c1d5328e8b75815dbcdeeab", "name": "OVERRULED: Containing a Potentially Destructive Adversary", "description": "FireEye assesses APT33 may be behind a series of intrusions and attempted intrusions within the engineering industry. Public reporting indicates this activity may be related to recent destructive attacks. FireEye's Managed Defense has responded to and contained numerous intrusions that we assess are related. The actor is leveraging publicly available tools in early phases of the intrusion; however, we have observed them transition to custom implants in later stage activity in an attempt to circumvent our detection.", "modified": "2019-01-17T17:56:16.352000", "created": "2018-12-21T20:55:04.147000", "tags": [ "poshc2", "outlook", "apt33", "powerton", "powershell", "office", "office365", "energy", "mimikatz", "aerospace", "fireeye" ], "references": [ "https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html" ], "public": 1, "adversary": "APT33", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "energy" ], "TLP": "white", "cloned_from": null, "export_count": 62, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "YARA": 1, "domain": 2, "URL": 10, "FileHash-MD5": 32, "CVE": 2 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 387228, "modified_text": "2693 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6285f40e8e44a7d794362614", "name": "C2_Malicious", "description": "A look at some of the most eye-catching snippets of this year's tech news:-a-day-round:.-..com. (1:00 GMT)..", "modified": "2022-05-19T07:38:54.065000", "created": "2022-05-19T07:38:54.065000", "tags": [], "references": [ "C2_Malicious" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "maletaibi", "id": "168404", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_168404/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 269, "hostname": 131 }, "indicator_count": 400, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "1476 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "basepack.org", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "basepack.org", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780503211.1071923 }