{ "type": "Domain", "indicator": "cloudpackages.net", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/cloudpackages.net", "alexa": "http://www.alexa.com/siteinfo/cloudpackages.net", "indicator": "cloudpackages.net", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 1593732592, "indicator": "cloudpackages.net", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "5c10d62e97d4215c088dfa2e", "name": "Recent Shamoon Wipers", "description": "We came across external reports that the notorious, disk-wiping worm Shamoon, also known as Disttrack, has reemerged with an updated version. We were also able to source several samples of this version of Shamoon that Trend Micro detects as Trojan.Win32.DISTTRACK.AA and Trojan.Win64.DISTTRACK.AA. While there are no obvious indications that this new version is currently in the wild, we are further analyzing the malware to verify its functions and capabilities given its destructive impact.", "modified": "2018-12-24T22:16:57.171000", "created": "2018-12-12T09:34:38.758000", "tags": [], "references": [ "https://twitter.com/ThreatHunting/status/1072771496479735809", "https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/new-version-of-disk-wiping-shamoon-disttrack-spotted-what-you-need-to-know", "https://www.axios.com/infamous-shamoon-malware-re-emerges-14911c5b-11e0-4bea-8549-1dc8a6f93848.html", "https://researchcenter.paloaltonetworks.com/2018/12/shamoon-3-targets-oil-gas-organization/", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middle-east-europe/", "https://www.symantec.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges-new-sting-its-tail", "https://unit42.paloaltonetworks.com/shamoon-3-modified-open-source-wiper-contains-verse-from-the-quran/", "https://www.anomali.com/blog/destructive-shamoon-malware-continues-its-return-with-a-new-anti-american-message" ], "public": 1, "adversary": "Shamoon", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 74, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 5, "FileHash-SHA256": 24, "URL": 5, "hostname": 1, "FileHash-SHA1": 5 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 386970, "modified_text": "2716 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/ThreatHunting/status/1072771496479735809", "https://www.symantec.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges-new-sting-its-tail", "https://www.anomali.com/blog/destructive-shamoon-malware-continues-its-return-with-a-new-anti-american-message", "https://www.axios.com/infamous-shamoon-malware-re-emerges-14911c5b-11e0-4bea-8549-1dc8a6f93848.html", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middle-east-europe/", "https://unit42.paloaltonetworks.com/shamoon-3-modified-open-source-wiper-contains-verse-from-the-quran/", "https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/new-version-of-disk-wiping-shamoon-disttrack-spotted-what-you-need-to-know", "https://researchcenter.paloaltonetworks.com/2018/12/shamoon-3-targets-oil-gas-organization/" ], "related": { "alienvault": { "adversary": [ "Shamoon" ], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "5c10d62e97d4215c088dfa2e", "name": "Recent Shamoon Wipers", "description": "We came across external reports that the notorious, disk-wiping worm Shamoon, also known as Disttrack, has reemerged with an updated version. We were also able to source several samples of this version of Shamoon that Trend Micro detects as Trojan.Win32.DISTTRACK.AA and Trojan.Win64.DISTTRACK.AA. While there are no obvious indications that this new version is currently in the wild, we are further analyzing the malware to verify its functions and capabilities given its destructive impact.", "modified": "2018-12-24T22:16:57.171000", "created": "2018-12-12T09:34:38.758000", "tags": [], "references": [ "https://twitter.com/ThreatHunting/status/1072771496479735809", "https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/new-version-of-disk-wiping-shamoon-disttrack-spotted-what-you-need-to-know", "https://www.axios.com/infamous-shamoon-malware-re-emerges-14911c5b-11e0-4bea-8549-1dc8a6f93848.html", "https://researchcenter.paloaltonetworks.com/2018/12/shamoon-3-targets-oil-gas-organization/", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middle-east-europe/", "https://www.symantec.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges-new-sting-its-tail", "https://unit42.paloaltonetworks.com/shamoon-3-modified-open-source-wiper-contains-verse-from-the-quran/", "https://www.anomali.com/blog/destructive-shamoon-malware-continues-its-return-with-a-new-anti-american-message" ], "public": 1, "adversary": "Shamoon", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 74, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 5, "FileHash-SHA256": 24, "URL": 5, "hostname": 1, "FileHash-SHA1": 5 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 386970, "modified_text": "2716 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "cloudpackages.net", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "cloudpackages.net", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780414844.6298914 }