{ "type": "Domain", "indicator": "easy-lay.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/easy-lay.com", "alexa": "http://www.alexa.com/siteinfo/easy-lay.com", "indicator": "easy-lay.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3442443497, "indicator": "easy-lay.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "6570a59d46cd05b8ffc71d84", "name": "Racoon Stealer \u2022 Cobalt Strike", "description": "", "modified": "2023-12-06T16:47:25.409000", "created": "2023-12-06T16:47:25.409000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 509, "FileHash-MD5": 377, "FileHash-SHA1": 205, "FileHash-SHA256": 357, "URL": 1762, "domain": 595 }, "indicator_count": 3805, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a598f3d4e8c2cffd4f73", "name": "SMS SPY \u2022 Remote Access", "description": "", "modified": "2023-12-06T16:47:19.410000", "created": "2023-12-06T16:47:19.410000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1043, "hostname": 684, "domain": 639, "FileHash-MD5": 382, "FileHash-SHA1": 212, "URL": 2215 }, "indicator_count": 5175, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708d657f0895a860febf8f", "name": "SafeFrame Container", "description": "", "modified": "2023-12-06T15:04:05.932000", "created": "2023-12-06T15:04:05.932000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1416, "domain": 2979, "URL": 8250, "hostname": 2262 }, "indicator_count": 14907, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650b67e5a3ff15727eed5a06", "name": "SMS SPY \u2022 Remote Access", "description": "Malvertizing. Spyware\nMalbranding:\nTagging tool tags allows adversaries to tag targets name in malicious website. Target may be lured by salacious content featuring their own name or someone known to person, click on link infecting devices.", "modified": "2023-10-20T21:00:45.519000", "created": "2023-09-20T21:45:09.422000", "tags": [ "site", "cisco umbrella", "alexa top", "million", "alexa", "united", "engineering", "phishing", "bank", "cobalt strike", "emotet", "phishtank", "spammer", "malware site", "deepscan", "malicious", "smsspy", "bradesco", "stealer", "facebook", "download", "service", "zbot", "formbook", "coinminer", "raccoonstealer", "social engineering", "vj75", "http", "oid3", "vis1", "redirect chain", "z554903578", "slfrd1", "xpccbgarern6r", "xpcyqqhir7yvq", "xpchgxkc32lbs", "pattern match", "q0o0mahttp", "pfunction", "lkvoid", "glfunction", "befunction", "mrtk", "7jfjrw", "zzvyn6uhsb" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Trojan:MSIL/RacoonStealer", "display_name": "Trojan:MSIL/RacoonStealer", "target": "/malware/Trojan:MSIL/RacoonStealer" }, { "id": "ALF:HeraklezEval:Trojan:Win32/Zbot", "display_name": "ALF:HeraklezEval:Trojan:Win32/Zbot", "target": null }, { "id": "TrojanSpy:Win32/Bradesco", "display_name": "TrojanSpy:Win32/Bradesco", "target": "/malware/TrojanSpy:Win32/Bradesco" }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 639, "hostname": 684, "FileHash-MD5": 382, "FileHash-SHA1": 212, "FileHash-SHA256": 1043, "URL": 2215 }, "indicator_count": 5175, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "954 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650b692590e81c17c7985837", "name": "Racoon Stealer \u2022 Cobalt Strike", "description": "Malvertizing. Spyware Malbranding: Tagging tool tags allows adversaries to tag targets name in malicious website. Target may be lured by salacious content featuring their own name or someone known to person, click on link infecting devices with spyware, stealers, etc.", "modified": "2023-10-20T20:05:36.159000", "created": "2023-09-20T21:50:29.485000", "tags": [ "site", "cisco umbrella", "alexa top", "million", "alexa", "united", "engineering", "phishing", "bank", "cobalt strike", "emotet", "phishtank", "spammer", "malware site", "deepscan", "malicious", "smsspy", "bradesco", "stealer", "facebook", "download", "service", "zbot", "formbook", "coinminer", "raccoonstealer", "social engineering", "vj75", "http", "oid3", "vis1", "redirect chain", "z554903578", "slfrd1", "xpccbgarern6r", "xpcyqqhir7yvq", "xpchgxkc32lbs" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Trojan:MSIL/RacoonStealer", "display_name": "Trojan:MSIL/RacoonStealer", "target": "/malware/Trojan:MSIL/RacoonStealer" }, { "id": "ALF:HeraklezEval:Trojan:Win32/Zbot", "display_name": "ALF:HeraklezEval:Trojan:Win32/Zbot", "target": null }, { "id": "TrojanSpy:Win32/Bradesco", "display_name": "TrojanSpy:Win32/Bradesco", "target": "/malware/TrojanSpy:Win32/Bradesco" }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 595, "hostname": 509, "FileHash-MD5": 377, "FileHash-SHA1": 205, "FileHash-SHA256": 357, "URL": 1762 }, "indicator_count": 3805, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "954 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62752a3d78ce35783bfc85cc", "name": "SafeFrame Container", "description": "If you want to know what is going to happen when you create a non-iterable object, try these three pieces of code in the form of a new \"word\" or \"phrase\".", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T14:01:33.267000", "tags": [ "public", "typeof", "typeof define", "array", "typeerror", "typeof symbol", "error", "typeof enulle", "sdkversion", "internal", "date", "cnzzdata", "czuuid", "umdistinctid", "typeof e", "typeof t", "version", "swiper", "most", "copyright", "mit license", "april", "trident", "win32", "class", "lh", "vd", "function", "overlaylevel", "zdhxiong", "customevent", "symbol", "object", "string", "number", "null", "uint8array", "typeof b", "iframe", "android", "embed", "meta", "0x14a", "0x104", "0x97", "0xe1", "0x228", "0x12b", "0x14e", "0xf5", "0x11a", "0xc6", "sxa0", "typeof d", "closure library", "array int8array", "b1342177279", "regexp", "typeof r", "pseudo", "child", "typeof n", "template", "void", "this", "ienew ca", "quota", "aafunction", "dafunction", "gc", "trackpageview", "trackevent", "gtmmdcvhgd", "node", "element", "path", "reduceright", "p420", "gc3w7t6h5qw", "kafunction", "fafafa", "xlfunction", "kkfunction", "nkfunction", "qkfunction", "rkfunction", "skfunction", "span", "edge", "bad idp", "bad event", "crios", "invalid attempt", "afunction", "ufunction", "kfunction" ], "references": [ "xfe-URL-himado.com-stix2-2.1-export.json", "xfe-IP-146.148.236.187-stix2-2.1-export.json", "xfe-URL-Psychz.net-stix2-2.1-export.json", "https://cdn.ampproject.org/rtv/012204221712000/amp4ads-host-v0.js", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022050201.js", "https://www.googletagmanager.com/gtag/js?id=G-C3W7T6H5QW&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-MDCVHGD", "https://www.googletagmanager.com/gtag/js?id=UA-122335014-2", "https://himado.com/heihei/layui/layui.all.js", "https://securepubads.g.doubleclick.net/tag/js/gpt.js", "https://himado.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1651842000", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050201.js", "https://himado.com/heihei/node_modules/mdui/dist/js/mdui.min.js", "https://himado.com/heihei/js/swiper.min.js", "https://cdn.onesignal.com/sdks/OneSignalSDK.js", "https://c.cnzz.com/core.php?web_id=1280305902&t=z", "https://s4.cnzz.com/z_stat.php?id=1280305902&web_id=1280305902", "https://www.gstatic.com/firebasejs/8.1.2/firebase-app.js", "https://281cecd8ae73dff542e13679e60d5fb9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html", "xfe-URL-Cnzz.com-stix2-2.1-export.json", "xfe-URL-Aliyun.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lh", "display_name": "Lh", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2262, "URL": 8251, "FileHash-SHA256": 1416, "domain": 2979 }, "indicator_count": 14908, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.googletagmanager.com/gtag/js?id=UA-122335014-2", "https://cdn.onesignal.com/sdks/OneSignalSDK.js", "xfe-URL-himado.com-stix2-2.1-export.json", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050201.js", "xfe-URL-Cnzz.com-stix2-2.1-export.json", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022050201.js", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs", "https://c.cnzz.com/core.php?web_id=1280305902&t=z", "https://himado.com/heihei/js/swiper.min.js", "xfe-IP-146.148.236.187-stix2-2.1-export.json", "https://himado.com/heihei/node_modules/mdui/dist/js/mdui.min.js", "https://himado.com/heihei/layui/layui.all.js", "https://www.googletagmanager.com/gtm.js?id=GTM-MDCVHGD", "https://www.gstatic.com/firebasejs/8.1.2/firebase-app.js", "xfe-URL-Aliyun.com-stix2-2.1-export.json", "https://281cecd8ae73dff542e13679e60d5fb9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html", "https://s4.cnzz.com/z_stat.php?id=1280305902&web_id=1280305902", "https://www.googletagmanager.com/gtag/js?id=G-C3W7T6H5QW&l=dataLayer&cx=c", "https://securepubads.g.doubleclick.net/tag/js/gpt.js", "https://himado.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1651842000", "xfe-URL-Psychz.net-stix2-2.1-export.json", "https://cdn.ampproject.org/rtv/012204221712000/amp4ads-host-v0.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Vd", "Lh", "Trojan:msil/racoonstealer", "Gc", "Reduceright", "Formbook", "Trojanspy:win32/bradesco", "Cobalt strike", "Alf:heraklezeval:trojan:win32/zbot" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "6570a59d46cd05b8ffc71d84", "name": "Racoon Stealer \u2022 Cobalt Strike", "description": "", "modified": "2023-12-06T16:47:25.409000", "created": "2023-12-06T16:47:25.409000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 509, "FileHash-MD5": 377, "FileHash-SHA1": 205, "FileHash-SHA256": 357, "URL": 1762, "domain": 595 }, "indicator_count": 3805, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a598f3d4e8c2cffd4f73", "name": "SMS SPY \u2022 Remote Access", "description": "", "modified": "2023-12-06T16:47:19.410000", "created": "2023-12-06T16:47:19.410000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1043, "hostname": 684, "domain": 639, "FileHash-MD5": 382, "FileHash-SHA1": 212, "URL": 2215 }, "indicator_count": 5175, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708d657f0895a860febf8f", "name": "SafeFrame Container", "description": "", "modified": "2023-12-06T15:04:05.932000", "created": "2023-12-06T15:04:05.932000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1416, "domain": 2979, "URL": 8250, "hostname": 2262 }, "indicator_count": 14907, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650b67e5a3ff15727eed5a06", "name": "SMS SPY \u2022 Remote Access", "description": "Malvertizing. Spyware\nMalbranding:\nTagging tool tags allows adversaries to tag targets name in malicious website. Target may be lured by salacious content featuring their own name or someone known to person, click on link infecting devices.", "modified": "2023-10-20T21:00:45.519000", "created": "2023-09-20T21:45:09.422000", "tags": [ "site", "cisco umbrella", "alexa top", "million", "alexa", "united", "engineering", "phishing", "bank", "cobalt strike", "emotet", "phishtank", "spammer", "malware site", "deepscan", "malicious", "smsspy", "bradesco", "stealer", "facebook", "download", "service", "zbot", "formbook", "coinminer", "raccoonstealer", "social engineering", "vj75", "http", "oid3", "vis1", "redirect chain", "z554903578", "slfrd1", "xpccbgarern6r", "xpcyqqhir7yvq", "xpchgxkc32lbs", "pattern match", "q0o0mahttp", "pfunction", "lkvoid", "glfunction", "befunction", "mrtk", "7jfjrw", "zzvyn6uhsb" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Trojan:MSIL/RacoonStealer", "display_name": "Trojan:MSIL/RacoonStealer", "target": "/malware/Trojan:MSIL/RacoonStealer" }, { "id": "ALF:HeraklezEval:Trojan:Win32/Zbot", "display_name": "ALF:HeraklezEval:Trojan:Win32/Zbot", "target": null }, { "id": "TrojanSpy:Win32/Bradesco", "display_name": "TrojanSpy:Win32/Bradesco", "target": "/malware/TrojanSpy:Win32/Bradesco" }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 639, "hostname": 684, "FileHash-MD5": 382, "FileHash-SHA1": 212, "FileHash-SHA256": 1043, "URL": 2215 }, "indicator_count": 5175, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "954 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650b692590e81c17c7985837", "name": "Racoon Stealer \u2022 Cobalt Strike", "description": "Malvertizing. Spyware Malbranding: Tagging tool tags allows adversaries to tag targets name in malicious website. Target may be lured by salacious content featuring their own name or someone known to person, click on link infecting devices with spyware, stealers, etc.", "modified": "2023-10-20T20:05:36.159000", "created": "2023-09-20T21:50:29.485000", "tags": [ "site", "cisco umbrella", "alexa top", "million", "alexa", "united", "engineering", "phishing", "bank", "cobalt strike", "emotet", "phishtank", "spammer", "malware site", "deepscan", "malicious", "smsspy", "bradesco", "stealer", "facebook", "download", "service", "zbot", "formbook", "coinminer", "raccoonstealer", "social engineering", "vj75", "http", "oid3", "vis1", "redirect chain", "z554903578", "slfrd1", "xpccbgarern6r", "xpcyqqhir7yvq", "xpchgxkc32lbs" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Trojan:MSIL/RacoonStealer", "display_name": "Trojan:MSIL/RacoonStealer", "target": "/malware/Trojan:MSIL/RacoonStealer" }, { "id": "ALF:HeraklezEval:Trojan:Win32/Zbot", "display_name": "ALF:HeraklezEval:Trojan:Win32/Zbot", "target": null }, { "id": "TrojanSpy:Win32/Bradesco", "display_name": "TrojanSpy:Win32/Bradesco", "target": "/malware/TrojanSpy:Win32/Bradesco" }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 595, "hostname": 509, "FileHash-MD5": 377, "FileHash-SHA1": 205, "FileHash-SHA256": 357, "URL": 1762 }, "indicator_count": 3805, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "954 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62752a3d78ce35783bfc85cc", "name": "SafeFrame Container", "description": "If you want to know what is going to happen when you create a non-iterable object, try these three pieces of code in the form of a new \"word\" or \"phrase\".", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T14:01:33.267000", "tags": [ "public", "typeof", "typeof define", "array", "typeerror", "typeof symbol", "error", "typeof enulle", "sdkversion", "internal", "date", "cnzzdata", "czuuid", "umdistinctid", "typeof e", "typeof t", "version", "swiper", "most", "copyright", "mit license", "april", "trident", "win32", "class", "lh", "vd", "function", "overlaylevel", "zdhxiong", "customevent", "symbol", "object", "string", "number", "null", "uint8array", "typeof b", "iframe", "android", "embed", "meta", "0x14a", "0x104", "0x97", "0xe1", "0x228", "0x12b", "0x14e", "0xf5", "0x11a", "0xc6", "sxa0", "typeof d", "closure library", "array int8array", "b1342177279", "regexp", "typeof r", "pseudo", "child", "typeof n", "template", "void", "this", "ienew ca", "quota", "aafunction", "dafunction", "gc", "trackpageview", "trackevent", "gtmmdcvhgd", "node", "element", "path", "reduceright", "p420", "gc3w7t6h5qw", "kafunction", "fafafa", "xlfunction", "kkfunction", "nkfunction", "qkfunction", "rkfunction", "skfunction", "span", "edge", "bad idp", "bad event", "crios", "invalid attempt", "afunction", "ufunction", "kfunction" ], "references": [ "xfe-URL-himado.com-stix2-2.1-export.json", "xfe-IP-146.148.236.187-stix2-2.1-export.json", "xfe-URL-Psychz.net-stix2-2.1-export.json", "https://cdn.ampproject.org/rtv/012204221712000/amp4ads-host-v0.js", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022050201.js", "https://www.googletagmanager.com/gtag/js?id=G-C3W7T6H5QW&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-MDCVHGD", "https://www.googletagmanager.com/gtag/js?id=UA-122335014-2", "https://himado.com/heihei/layui/layui.all.js", "https://securepubads.g.doubleclick.net/tag/js/gpt.js", "https://himado.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1651842000", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050201.js", "https://himado.com/heihei/node_modules/mdui/dist/js/mdui.min.js", "https://himado.com/heihei/js/swiper.min.js", "https://cdn.onesignal.com/sdks/OneSignalSDK.js", "https://c.cnzz.com/core.php?web_id=1280305902&t=z", "https://s4.cnzz.com/z_stat.php?id=1280305902&web_id=1280305902", "https://www.gstatic.com/firebasejs/8.1.2/firebase-app.js", "https://281cecd8ae73dff542e13679e60d5fb9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html", "xfe-URL-Cnzz.com-stix2-2.1-export.json", "xfe-URL-Aliyun.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lh", "display_name": "Lh", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2262, "URL": 8251, "FileHash-SHA256": 1416, "domain": 2979 }, "indicator_count": 14908, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "easy-lay.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "easy-lay.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780273989.0516486 }