{ "type": "Domain", "indicator": "drunk-robots.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/drunk-robots.com", "alexa": "http://www.alexa.com/siteinfo/drunk-robots.com", "indicator": "drunk-robots.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3184797417, "indicator": "drunk-robots.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6560744e6e80da52c249803d", "name": "Uptycs + Trend Micro | MacStealer macOS infostealer", "description": "", "modified": "2023-11-24T10:00:46.918000", "created": "2023-11-24T10:00:46.918000", "tags": [ "trojanspy", "macstealer", "malware", "endpoints", "cyber crime", "network", "articles", "news", "reports", "cyber threats", "trend micro", "discord", "twitter", "nuitka", "telegram", "figure", "mac malware", "fake p2e", "find", "python", "indonesia", "small", "alliance", "download", "launcher", "facebook", "cyber", "crime", "contact", "macos", "uptycs threat", "zip file", "telegram bot", "uptycs", "click", "macho file", "system", "uptycs edr", "parallax rat", "catalina" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/mac-malware-macstealer-spreads-as-fake-p2e-apps/IOCs-mac-malware-macstealer-spreads-as-fake-p2e-apps.pdf", "https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware", "https://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MacStealer", "display_name": "MacStealer", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "macOS", "display_name": "macOS", "target": null } ], "attack_ids": [ { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": "642f2d89de8e96973152bbc6", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "santravault1", "id": "217419", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_217419/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "domain": 14, "hostname": 1, "FileHash-MD5": 9, "FileHash-SHA1": 11, "FileHash-SHA256": 16 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 76, "modified_text": "921 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64c1342813abbb2db180fa24", "name": "Fake Blockchain Games Deliver RedLine Stealer & Realst Stealer - A New macOS Infostealer Malware - Malware research", "description": "", "modified": "2023-08-25T14:01:42.902000", "created": "2023-07-26T14:56:39.981000", "tags": [ "johnsmithweb", "macho", "fq4444", "execution chain", "sha256", "redline stealer", "https", "post request", "johnsmithpr", "border", "launcher", "click", "redline", "discord", "python", "open", "comment", "stealer", "chat", "steam", "false", "download", "hello", "april", "easy", "nsis", "james", "john", "code", "install", "rust", "path", "mozilla" ], "references": [ "https://iamdeadlyz.gitbook.io/malware-research/july-2023/fake-blockchain-games-deliver-redline-stealer-and-realst-stealer-a-new-macos-infostealer-malware#iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 332, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dekaRituraj", "id": "99856", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_99856/resized/80/avatar_0e93d502b7.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 40, "FileHash-MD5": 16, "FileHash-SHA1": 51, "FileHash-SHA256": 105, "domain": 18, "hostname": 11 }, "indicator_count": 241, "is_author": false, "is_subscribing": null, "subscriber_count": 436, "modified_text": "1011 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "642f2d89de8e96973152bbc6", "name": "Uptycs + Trend Micro | MacStealer macOS infostealer", "description": "The full text of the report on the latest Mac malware outbreak, published on Wednesday, 1 January 2017, at 19:00 GMT. \u00c2\u00a31.5m.. (\u20ac2.3m)\n\nhttps://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html\nhttps://www.uptycs.com/blog/macstealer-command-and-control-c2-malware", "modified": "2023-05-06T20:00:44.385000", "created": "2023-04-06T20:37:29.569000", "tags": [ "trojanspy", "macstealer", "malware", "endpoints", "cyber crime", "network", "articles", "news", "reports", "cyber threats", "trend micro", "discord", "twitter", "nuitka", "telegram", "figure", "mac malware", "fake p2e", "find", "python", "indonesia", "small", "alliance", "download", "launcher", "facebook", "cyber", "crime", "contact", "macos", "uptycs threat", "zip file", "telegram bot", "uptycs", "click", "macho file", "system", "uptycs edr", "parallax rat", "catalina" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/mac-malware-macstealer-spreads-as-fake-p2e-apps/IOCs-mac-malware-macstealer-spreads-as-fake-p2e-apps.pdf", "https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware", "https://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MacStealer", "display_name": "MacStealer", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "macOS", "display_name": "macOS", "target": null } ], "attack_ids": [ { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "porter_rockwell", "id": "96784", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "domain": 14, "hostname": 1, "FileHash-MD5": 9, "FileHash-SHA1": 11, "FileHash-SHA256": 16 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 46, "modified_text": "1122 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html", "https://iamdeadlyz.gitbook.io/malware-research/july-2023/fake-blockchain-games-deliver-redline-stealer-and-realst-stealer-a-new-macos-infostealer-malware#iocs", "https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/mac-malware-macstealer-spreads-as-fake-p2e-apps/IOCs-mac-malware-macstealer-spreads-as-fake-p2e-apps.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Macstealer", "Macos", "Trojanspy" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6560744e6e80da52c249803d", "name": "Uptycs + Trend Micro | MacStealer macOS infostealer", "description": "", "modified": "2023-11-24T10:00:46.918000", "created": "2023-11-24T10:00:46.918000", "tags": [ "trojanspy", "macstealer", "malware", "endpoints", "cyber crime", "network", "articles", "news", "reports", "cyber threats", "trend micro", "discord", "twitter", "nuitka", "telegram", "figure", "mac malware", "fake p2e", "find", "python", "indonesia", "small", "alliance", "download", "launcher", "facebook", "cyber", "crime", "contact", "macos", "uptycs threat", "zip file", "telegram bot", "uptycs", "click", "macho file", "system", "uptycs edr", "parallax rat", "catalina" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/mac-malware-macstealer-spreads-as-fake-p2e-apps/IOCs-mac-malware-macstealer-spreads-as-fake-p2e-apps.pdf", "https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware", "https://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MacStealer", "display_name": "MacStealer", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "macOS", "display_name": "macOS", "target": null } ], "attack_ids": [ { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": "642f2d89de8e96973152bbc6", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "santravault1", "id": "217419", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_217419/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "domain": 14, "hostname": 1, "FileHash-MD5": 9, "FileHash-SHA1": 11, "FileHash-SHA256": 16 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 76, "modified_text": "921 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64c1342813abbb2db180fa24", "name": "Fake Blockchain Games Deliver RedLine Stealer & Realst Stealer - A New macOS Infostealer Malware - Malware research", "description": "", "modified": "2023-08-25T14:01:42.902000", "created": "2023-07-26T14:56:39.981000", "tags": [ "johnsmithweb", "macho", "fq4444", "execution chain", "sha256", "redline stealer", "https", "post request", "johnsmithpr", "border", "launcher", "click", "redline", "discord", "python", "open", "comment", "stealer", "chat", "steam", "false", "download", "hello", "april", "easy", "nsis", "james", "john", "code", "install", "rust", "path", "mozilla" ], "references": [ "https://iamdeadlyz.gitbook.io/malware-research/july-2023/fake-blockchain-games-deliver-redline-stealer-and-realst-stealer-a-new-macos-infostealer-malware#iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 332, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dekaRituraj", "id": "99856", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_99856/resized/80/avatar_0e93d502b7.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 40, "FileHash-MD5": 16, "FileHash-SHA1": 51, "FileHash-SHA256": 105, "domain": 18, "hostname": 11 }, "indicator_count": 241, "is_author": false, "is_subscribing": null, "subscriber_count": 436, "modified_text": "1011 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "642f2d89de8e96973152bbc6", "name": "Uptycs + Trend Micro | MacStealer macOS infostealer", "description": "The full text of the report on the latest Mac malware outbreak, published on Wednesday, 1 January 2017, at 19:00 GMT. \u00c2\u00a31.5m.. (\u20ac2.3m)\n\nhttps://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html\nhttps://www.uptycs.com/blog/macstealer-command-and-control-c2-malware", "modified": "2023-05-06T20:00:44.385000", "created": "2023-04-06T20:37:29.569000", "tags": [ "trojanspy", "macstealer", "malware", "endpoints", "cyber crime", "network", "articles", "news", "reports", "cyber threats", "trend micro", "discord", "twitter", "nuitka", "telegram", "figure", "mac malware", "fake p2e", "find", "python", "indonesia", "small", "alliance", "download", "launcher", "facebook", "cyber", "crime", "contact", "macos", "uptycs threat", "zip file", "telegram bot", "uptycs", "click", "macho file", "system", "uptycs edr", "parallax rat", "catalina" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/mac-malware-macstealer-spreads-as-fake-p2e-apps/IOCs-mac-malware-macstealer-spreads-as-fake-p2e-apps.pdf", "https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware", "https://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MacStealer", "display_name": "MacStealer", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "macOS", "display_name": "macOS", "target": null } ], "attack_ids": [ { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "porter_rockwell", "id": "96784", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "domain": 14, "hostname": 1, "FileHash-MD5": 9, "FileHash-SHA1": 11, "FileHash-SHA256": 16 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 46, "modified_text": "1122 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "drunk-robots.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "drunk-robots.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780403289.1831808 }