{ "type": "Domain", "indicator": "decumify.net", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/decumify.net", "alexa": "http://www.alexa.com/siteinfo/decumify.net", "indicator": "decumify.net", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3750748111, "indicator": "decumify.net", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 10, "pulses": [ { "id": "66c5add7ed904b891e4b73b6", "name": "Ngioweb Proxy", "description": "This pulse contains IOCs related to Ngioweb Infrastructure. Additions are automatically added based on OTX sandboxed samples.", "modified": "2024-11-04T09:05:45.588000", "created": "2024-08-21T09:05:27.850000", "tags": [ "Ngioweb", "NSOCKS" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Ngioweb (ELF)", "display_name": "Ngioweb (ELF)", "target": null }, { "id": "Ngioweb (Windows)", "display_name": "Ngioweb (Windows)", "target": null } ], "attack_ids": [ { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": "66c5aceea74b8dd28a7d16ff", "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 103, "hostname": 36, "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 3 }, "indicator_count": 146, "is_author": false, "is_subscribing": null, "subscriber_count": 386896, "modified_text": "575 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66b39de921cdfe8b6ebcc220", "name": "Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks", "description": "TrendMicro highlights the dangers of internet-facing routers and elaborates on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024. Cybercriminals and nation-state actors share an interest in compromised routers used as an anonymization layer, with cybercriminals renting out compromised routers and nation-state threat actors like Pawn Storm and Sandworm using dedicated proxy botnets. The analysis focuses on a criminal botnet of Ubiquiti EdgeRouters, disrupted by the FBI in January 2024, which Pawn Storm accessed in April 2022 for persistent espionage campaigns.", "modified": "2024-09-06T16:05:06.391000", "created": "2024-08-07T16:16:41.356000", "tags": [ "botnet", "routers", "espionage", "cybercrime", "ngioweb", "sshdoor", "proxy" ], "references": [], "public": 1, "adversary": "APT28", "targeted_countries": [], "malware_families": [ { "id": "SSHDoor", "display_name": "SSHDoor", "target": null }, { "id": "Ngioweb", "display_name": "Ngioweb", "target": null } ], "attack_ids": [ { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1567", "name": "Exfiltration Over Web Service", "display_name": "T1567 - Exfiltration Over Web Service" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1609", "name": "Container Administration Command", "display_name": "T1609 - Container Administration Command" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1556", "name": "Modify Authentication Process", "display_name": "T1556 - Modify Authentication Process" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 229, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 27, "domain": 11, "hostname": 17 }, "indicator_count": 73, "is_author": false, "is_subscribing": null, "subscriber_count": 386902, "modified_text": "633 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6783308fc0b6e2bd8dfb209c", "name": "TTC-CERT_blocklist_recommended", "description": "", "modified": "2026-02-14T00:03:07.406000", "created": "2025-01-12T03:01:35.075000", "tags": [], "references": [ "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 606, "URL": 4, "domain": 25122, "hostname": 25306 }, "indicator_count": 51038, "is_author": false, "is_subscribing": null, "subscriber_count": 187, "modified_text": "108 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "555 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "555 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "564 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66323404dfcfb588281ff377", "name": "Cybercriminals and Nation-States Sharing Compromised Networks", "description": "", "modified": "2024-05-31T12:03:52.896000", "created": "2024-05-01T12:22:28.969000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 27, "domain": 15, "hostname": 22 }, "indicator_count": 82, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "732 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66320d47fbc73ba632844202", "name": "Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks", "description": "A guide to the most commonly used passwords for computers, smartphones, tablets and smart phones, as compiled by the Institute for Strategic Studies (ISTS) and published in the journal Open Source.", "modified": "2024-05-31T09:02:56.598000", "created": "2024-05-01T09:37:11.048000", "tags": [ "ngioweb c", "sshdoor", "pawn storm", "old c", "historic c", "new c", "sshdoor mipsii", "edgerouter", "fixed port", "description", "storm", "ngioweb" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/d/cybercriminals-and-nation-states-sharing-compromised-networks/ioc-router-roulette-cybercriminals-and-nation-states-sharing-compromised-networks.txt", "https://www.trendmicro.com/en_us/research/24/e/router-roulette.html" ], "public": 1, "adversary": "Pawn Storm", "targeted_countries": [], "malware_families": [ { "id": "Ngioweb", "display_name": "Ngioweb", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 27, "domain": 15, "hostname": 22 }, "indicator_count": 82, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "732 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663c3edfdfb7353b19346f71", "name": "Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks", "description": "", "modified": "2024-05-31T09:02:56.598000", "created": "2024-05-09T03:11:27.622000", "tags": [ "ngioweb c", "sshdoor", "pawn storm", "old c", "historic c", "new c", "sshdoor mipsii", "edgerouter", "fixed port", "description", "storm", "ngioweb" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/d/cybercriminals-and-nation-states-sharing-compromised-networks/ioc-router-roulette-cybercriminals-and-nation-states-sharing-compromised-networks.txt", "https://www.trendmicro.com/en_us/research/24/e/router-roulette.html" ], "public": 1, "adversary": "Pawn Storm", "targeted_countries": [], "malware_families": [ { "id": "Ngioweb", "display_name": "Ngioweb", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "66320d47fbc73ba632844202", "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 27, "domain": 15, "hostname": 22 }, "indicator_count": 82, "is_author": false, "is_subscribing": null, "subscriber_count": 188, "modified_text": "732 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663f43c06ac04d73098438a6", "name": "Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks", "description": "", "modified": "2024-05-31T09:02:56.598000", "created": "2024-05-11T10:09:04.327000", "tags": [ "ngioweb c", "sshdoor", "pawn storm", "old c", "historic c", "new c", "sshdoor mipsii", "edgerouter", "fixed port", "description", "storm", "ngioweb" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/d/cybercriminals-and-nation-states-sharing-compromised-networks/ioc-router-roulette-cybercriminals-and-nation-states-sharing-compromised-networks.txt", "https://www.trendmicro.com/en_us/research/24/e/router-roulette.html" ], "public": 1, "adversary": "Pawn Storm", "targeted_countries": [], "malware_families": [ { "id": "Ngioweb", "display_name": "Ngioweb", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "663c3edfdfb7353b19346f71", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 27, "domain": 15, "hostname": 22 }, "indicator_count": 82, "is_author": false, "is_subscribing": null, "subscriber_count": 279, "modified_text": "732 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt", "https://www.trendmicro.com/en_us/research/24/e/router-roulette.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/d/cybercriminals-and-nation-states-sharing-compromised-networks/ioc-router-roulette-cybercriminals-and-nation-states-sharing-compromised-networks.txt" ], "related": { "alienvault": { "adversary": [ "APT28" ], "malware_families": [ "Ngioweb (elf)", "Ngioweb", "Sshdoor", "Ngioweb (windows)" ], "industries": [] }, "other": { "adversary": [ "Pawn Storm" ], "malware_families": [ "Ngioweb" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 10, "pulses": [ { "id": "66c5add7ed904b891e4b73b6", "name": "Ngioweb Proxy", "description": "This pulse contains IOCs related to Ngioweb Infrastructure. Additions are automatically added based on OTX sandboxed samples.", "modified": "2024-11-04T09:05:45.588000", "created": "2024-08-21T09:05:27.850000", "tags": [ "Ngioweb", "NSOCKS" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Ngioweb (ELF)", "display_name": "Ngioweb (ELF)", "target": null }, { "id": "Ngioweb (Windows)", "display_name": "Ngioweb (Windows)", "target": null } ], "attack_ids": [ { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": "66c5aceea74b8dd28a7d16ff", "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 103, "hostname": 36, "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 3 }, "indicator_count": 146, "is_author": false, "is_subscribing": null, "subscriber_count": 386896, "modified_text": "575 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66b39de921cdfe8b6ebcc220", "name": "Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks", "description": "TrendMicro highlights the dangers of internet-facing routers and elaborates on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024. Cybercriminals and nation-state actors share an interest in compromised routers used as an anonymization layer, with cybercriminals renting out compromised routers and nation-state threat actors like Pawn Storm and Sandworm using dedicated proxy botnets. The analysis focuses on a criminal botnet of Ubiquiti EdgeRouters, disrupted by the FBI in January 2024, which Pawn Storm accessed in April 2022 for persistent espionage campaigns.", "modified": "2024-09-06T16:05:06.391000", "created": "2024-08-07T16:16:41.356000", "tags": [ "botnet", "routers", "espionage", "cybercrime", "ngioweb", "sshdoor", "proxy" ], "references": [], "public": 1, "adversary": "APT28", "targeted_countries": [], "malware_families": [ { "id": "SSHDoor", "display_name": "SSHDoor", "target": null }, { "id": "Ngioweb", "display_name": "Ngioweb", "target": null } ], "attack_ids": [ { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1567", "name": "Exfiltration Over Web Service", "display_name": "T1567 - Exfiltration Over Web Service" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1609", "name": "Container Administration Command", "display_name": "T1609 - Container Administration Command" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1556", "name": "Modify Authentication Process", "display_name": "T1556 - Modify Authentication Process" }, { "id": "T1211", "name": "Exploitation for Defense Evasion", "display_name": "T1211 - Exploitation for Defense Evasion" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 229, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 27, "domain": 11, "hostname": 17 }, "indicator_count": 73, "is_author": false, "is_subscribing": null, "subscriber_count": 386902, "modified_text": "633 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6783308fc0b6e2bd8dfb209c", "name": "TTC-CERT_blocklist_recommended", "description": "", "modified": "2026-02-14T00:03:07.406000", "created": "2025-01-12T03:01:35.075000", "tags": [], "references": [ "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 606, "URL": 4, "domain": 25122, "hostname": 25306 }, "indicator_count": 51038, "is_author": false, "is_subscribing": null, "subscriber_count": 187, "modified_text": "108 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "555 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "555 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "564 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66323404dfcfb588281ff377", "name": "Cybercriminals and Nation-States Sharing Compromised Networks", "description": "", "modified": "2024-05-31T12:03:52.896000", "created": "2024-05-01T12:22:28.969000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 27, "domain": 15, "hostname": 22 }, "indicator_count": 82, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "732 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66320d47fbc73ba632844202", "name": "Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks", "description": "A guide to the most commonly used passwords for computers, smartphones, tablets and smart phones, as compiled by the Institute for Strategic Studies (ISTS) and published in the journal Open Source.", "modified": "2024-05-31T09:02:56.598000", "created": "2024-05-01T09:37:11.048000", "tags": [ "ngioweb c", "sshdoor", "pawn storm", "old c", "historic c", "new c", "sshdoor mipsii", "edgerouter", "fixed port", "description", "storm", "ngioweb" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/d/cybercriminals-and-nation-states-sharing-compromised-networks/ioc-router-roulette-cybercriminals-and-nation-states-sharing-compromised-networks.txt", "https://www.trendmicro.com/en_us/research/24/e/router-roulette.html" ], "public": 1, "adversary": "Pawn Storm", "targeted_countries": [], "malware_families": [ { "id": "Ngioweb", "display_name": "Ngioweb", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 27, "domain": 15, "hostname": 22 }, "indicator_count": 82, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "732 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663c3edfdfb7353b19346f71", "name": "Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks", "description": "", "modified": "2024-05-31T09:02:56.598000", "created": "2024-05-09T03:11:27.622000", "tags": [ "ngioweb c", "sshdoor", "pawn storm", "old c", "historic c", "new c", "sshdoor mipsii", "edgerouter", "fixed port", "description", "storm", "ngioweb" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/d/cybercriminals-and-nation-states-sharing-compromised-networks/ioc-router-roulette-cybercriminals-and-nation-states-sharing-compromised-networks.txt", "https://www.trendmicro.com/en_us/research/24/e/router-roulette.html" ], "public": 1, "adversary": "Pawn Storm", "targeted_countries": [], "malware_families": [ { "id": "Ngioweb", "display_name": "Ngioweb", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "66320d47fbc73ba632844202", "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 27, "domain": 15, "hostname": 22 }, "indicator_count": 82, "is_author": false, "is_subscribing": null, "subscriber_count": 188, "modified_text": "732 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663f43c06ac04d73098438a6", "name": "Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks", "description": "", "modified": "2024-05-31T09:02:56.598000", "created": "2024-05-11T10:09:04.327000", "tags": [ "ngioweb c", "sshdoor", "pawn storm", "old c", "historic c", "new c", "sshdoor mipsii", "edgerouter", "fixed port", "description", "storm", "ngioweb" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/d/cybercriminals-and-nation-states-sharing-compromised-networks/ioc-router-roulette-cybercriminals-and-nation-states-sharing-compromised-networks.txt", "https://www.trendmicro.com/en_us/research/24/e/router-roulette.html" ], "public": 1, "adversary": "Pawn Storm", "targeted_countries": [], "malware_families": [ { "id": "Ngioweb", "display_name": "Ngioweb", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "663c3edfdfb7353b19346f71", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 27, "domain": 15, "hostname": 22 }, "indicator_count": 82, "is_author": false, "is_subscribing": null, "subscriber_count": 279, "modified_text": "732 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "decumify.net", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "decumify.net", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780411745.2853408 }