{ "type": "Domain", "indicator": "dopearos.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/dopearos.com", "alexa": "http://www.alexa.com/siteinfo/dopearos.com", "indicator": "dopearos.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2014282426, "indicator": "dopearos.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "5de672a960a698b92dca4793", "name": "Meet PyXie: A Nefarious New Python RAT", "description": "BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT we\u2019re calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry.", "modified": "2019-12-03T14:35:20.869000", "created": "2019-12-03T14:35:20.869000", "tags": [ "python" ], "references": [ "https://threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html" ], "public": 1, "adversary": "PyXie", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 64, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 61, "YARA": 1, "domain": 14 }, "indicator_count": 76, "is_author": false, "is_subscribing": null, "subscriber_count": 386621, "modified_text": "2371 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5cd40988f07de2a2d0907c4c", "name": "Severe Ransomware Attacks Against Swiss SMEs", "description": "As we have seen an ever-increasing number of ransomware cases that show a rather sophisticated modus operandi, we are publishing a warning via MELANI Newsletter along with this blog post, documenting technical details about the recent ransomware attacks against Swiss small and medium enterprises (SMEs). The goal of this blog post is to give you a better understanding of the various modus operandi of the most common ransomware families we have encountered hitting Swiss targets in the past months.", "modified": "2019-05-09T11:05:44.782000", "created": "2019-05-09T11:05:44.782000", "tags": [ "ransomware" ], "references": [ "https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes" ], "public": 1, "adversary": "", "targeted_countries": [ "Switzerland" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 64, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "domain": 1, "URL": 5 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 386662, "modified_text": "2579 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes", "https://threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html" ], "related": { "alienvault": { "adversary": [ "PyXie" ], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "5de672a960a698b92dca4793", "name": "Meet PyXie: A Nefarious New Python RAT", "description": "BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT we\u2019re calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry.", "modified": "2019-12-03T14:35:20.869000", "created": "2019-12-03T14:35:20.869000", "tags": [ "python" ], "references": [ "https://threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html" ], "public": 1, "adversary": "PyXie", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 64, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 61, "YARA": 1, "domain": 14 }, "indicator_count": 76, "is_author": false, "is_subscribing": null, "subscriber_count": 386621, "modified_text": "2371 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5cd40988f07de2a2d0907c4c", "name": "Severe Ransomware Attacks Against Swiss SMEs", "description": "As we have seen an ever-increasing number of ransomware cases that show a rather sophisticated modus operandi, we are publishing a warning via MELANI Newsletter along with this blog post, documenting technical details about the recent ransomware attacks against Swiss small and medium enterprises (SMEs). The goal of this blog post is to give you a better understanding of the various modus operandi of the most common ransomware families we have encountered hitting Swiss targets in the past months.", "modified": "2019-05-09T11:05:44.782000", "created": "2019-05-09T11:05:44.782000", "tags": [ "ransomware" ], "references": [ "https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes" ], "public": 1, "adversary": "", "targeted_countries": [ "Switzerland" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 64, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "domain": 1, "URL": 5 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 386662, "modified_text": "2579 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "dopearos.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "dopearos.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780289128.710972 }