{ "type": "Domain", "indicator": "electnum.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/electnum.com", "alexa": "http://www.alexa.com/siteinfo/electnum.com", "indicator": "electnum.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3723712629, "indicator": "electnum.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "65109e4452cd4f44ab531a03", "name": "URLHaus Malicious URL Blocklist 2023-09-24", "description": "1.4% of the world's population now lives in the UK, but that doesn't mean that it is the only one that has made a significant impact on the way we all live.\nhttps://malware-filter.gitlab.io/malware-filter/urlhaus-filter-online.txt", "modified": "2023-10-24T20:02:37.137000", "created": "2023-09-24T20:38:28.173000", "tags": [ "urlhaus", "malware" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 76, "FileHash-MD5": 65, "FileHash-SHA1": 83, "FileHash-SHA256": 50, "URL": 75, "domain": 303 }, "indicator_count": 652, "is_author": false, "is_subscribing": null, "subscriber_count": 179, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6510a2dd9c7acab85a26f978", "name": "Phishing sites 2023-09-24", "description": "https://github.com/olbat/ut1-blacklists/blob/master/blacklists/phishing/domains", "modified": "2023-10-24T20:02:37.137000", "created": "2023-09-24T20:58:05.025000", "tags": [ "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "France" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "URL": 5, "domain": 37579, "hostname": 3238 }, "indicator_count": 40832, "is_author": false, "is_subscribing": null, "subscriber_count": 190, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64c787bdcf6f10ade6ee0038", "name": "Threat Intel Report - W31-2023", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-08-30T10:04:30.756000", "created": "2023-07-31T10:06:53.509000", "tags": [ "sha1 file", "name submit", "date", "modiloader", "stealc", "guloader", "icedid", "formbook", "malware url", "tags", "coinminer", "trickbot", "stealer", "url http", "smoke loader", "week rank", "dofoil", "url https", "bladabindi", "njw0rm", "rats", "hashes", "domains", "ivanti", "vmware", "mobile", "epmm", "cvss", "cvss base", "jumpcloud hack", "opsec", "vpn performance", "microsoft", "lazarus", "zimbra", "backconnect", "stark", "asyncrat", "gameover", "anydesk", "winscp", "maximus", "cobalt strike", "blackcat", "remcos", "deploys graphicalproton", "pupy", "android", "mirai" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "Lazarus", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "IcedID", "display_name": "IcedID", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null }, { "id": "Deploys GraphicalProton", "display_name": "Deploys GraphicalProton", "target": null }, { "id": "Pupy", "display_name": "Pupy", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Android", "display_name": "Android", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Diplomatic", "Banking", "Bank" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 67, "FileHash-SHA1": 64, "FileHash-SHA256": 124, "URL": 129, "domain": 38, "hostname": 65 }, "indicator_count": 487, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "963 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64bf0c472348fb08d9aa4240", "name": "URLHaus data - 24-07-2023", "description": "", "modified": "2023-08-23T23:01:01.556000", "created": "2023-07-24T23:41:59.326000", "tags": [ "32-bit", "elf", "mips", "Mozi", "hajime", "arm", "mirai", "32", "ArkeiStealer", "exe", "remcos", "ascii", "vbs", "Formbook", "opendir", "encrypted", "RedLineStealer", "GuLoader", "rat", "RemcosRAT", "AveMariaRAT", "dropped-by-PrivateLoader", "PrivateLoader", "Vidar", "AZORult", "doc", "Amadey", "LummaStealer", "dll", "njRAT", "FakeGoogleAi", "gating", "GootLoader", "NanoCore", "hta", "NetSupport", "lnk", "PowerPC", "sparc", "motorola", "renesas", "intel", "keylogger", "Kimsuky", "powershell", "ps1", "script", "gafgyt", "CoinMiner", "dropped-by-SmokeLoader", "AgentTesla", "dofoil", "Smoke Loader", "doc.opendir", "Stealc", "zip", "RedLine" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 669, "domain": 12, "hostname": 9 }, "indicator_count": 690, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "970 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://urlhaus.abuse.ch/browse/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.spamhaus.org/xbl/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Lazarus" ], "malware_families": [ "Icedid", "Deploys graphicalproton", "Android", "Pupy", "Remcos", "Cobalt strike", "Mirai" ], "industries": [ "Diplomatic", "Banking", "Bank" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "65109e4452cd4f44ab531a03", "name": "URLHaus Malicious URL Blocklist 2023-09-24", "description": "1.4% of the world's population now lives in the UK, but that doesn't mean that it is the only one that has made a significant impact on the way we all live.\nhttps://malware-filter.gitlab.io/malware-filter/urlhaus-filter-online.txt", "modified": "2023-10-24T20:02:37.137000", "created": "2023-09-24T20:38:28.173000", "tags": [ "urlhaus", "malware" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 76, "FileHash-MD5": 65, "FileHash-SHA1": 83, "FileHash-SHA256": 50, "URL": 75, "domain": 303 }, "indicator_count": 652, "is_author": false, "is_subscribing": null, "subscriber_count": 179, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6510a2dd9c7acab85a26f978", "name": "Phishing sites 2023-09-24", "description": "https://github.com/olbat/ut1-blacklists/blob/master/blacklists/phishing/domains", "modified": "2023-10-24T20:02:37.137000", "created": "2023-09-24T20:58:05.025000", "tags": [ "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "France" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "URL": 5, "domain": 37579, "hostname": 3238 }, "indicator_count": 40832, "is_author": false, "is_subscribing": null, "subscriber_count": 190, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64c787bdcf6f10ade6ee0038", "name": "Threat Intel Report - W31-2023", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-08-30T10:04:30.756000", "created": "2023-07-31T10:06:53.509000", "tags": [ "sha1 file", "name submit", "date", "modiloader", "stealc", "guloader", "icedid", "formbook", "malware url", "tags", "coinminer", "trickbot", "stealer", "url http", "smoke loader", "week rank", "dofoil", "url https", "bladabindi", "njw0rm", "rats", "hashes", "domains", "ivanti", "vmware", "mobile", "epmm", "cvss", "cvss base", "jumpcloud hack", "opsec", "vpn performance", "microsoft", "lazarus", "zimbra", "backconnect", "stark", "asyncrat", "gameover", "anydesk", "winscp", "maximus", "cobalt strike", "blackcat", "remcos", "deploys graphicalproton", "pupy", "android", "mirai" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "Lazarus", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "IcedID", "display_name": "IcedID", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null }, { "id": "Deploys GraphicalProton", "display_name": "Deploys GraphicalProton", "target": null }, { "id": "Pupy", "display_name": "Pupy", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Android", "display_name": "Android", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Diplomatic", "Banking", "Bank" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 67, "FileHash-SHA1": 64, "FileHash-SHA256": 124, "URL": 129, "domain": 38, "hostname": 65 }, "indicator_count": 487, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "963 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64bf0c472348fb08d9aa4240", "name": "URLHaus data - 24-07-2023", "description": "", "modified": "2023-08-23T23:01:01.556000", "created": "2023-07-24T23:41:59.326000", "tags": [ "32-bit", "elf", "mips", "Mozi", "hajime", "arm", "mirai", "32", "ArkeiStealer", "exe", "remcos", "ascii", "vbs", "Formbook", "opendir", "encrypted", "RedLineStealer", "GuLoader", "rat", "RemcosRAT", "AveMariaRAT", "dropped-by-PrivateLoader", "PrivateLoader", "Vidar", "AZORult", "doc", "Amadey", "LummaStealer", "dll", "njRAT", "FakeGoogleAi", "gating", "GootLoader", "NanoCore", "hta", "NetSupport", "lnk", "PowerPC", "sparc", "motorola", "renesas", "intel", "keylogger", "Kimsuky", "powershell", "ps1", "script", "gafgyt", "CoinMiner", "dropped-by-SmokeLoader", "AgentTesla", "dofoil", "Smoke Loader", "doc.opendir", "Stealc", "zip", "RedLine" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 669, "domain": 12, "hostname": 9 }, "indicator_count": 690, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "970 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "electnum.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "electnum.com", "found": true, "verdict": "malicious", "url_count": 1, "online_count": 0, "blacklists": { "spamhaus_dbl": "not listed", "surbl": "not listed" }, "urls": [ { "url": "https://electnum.com/4.4.5/electrum-4.4.5.exe", "status": "offline", "threat": "malware_download", "date_added": "2023-07-24", "tags": [ "32", "exe" ] } ], "error": null }, "from_cache": true, "_cached_at": 1776641692.7737284 }