{ "type": "Domain", "indicator": "electronexec.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/electronexec.com", "alexa": "http://www.alexa.com/siteinfo/electronexec.com", "indicator": "electronexec.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3989914254, "indicator": "electronexec.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "6706a3233a53473645b5a526", "name": "Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines", "description": "Over the past year, the delivery of Lua malware appears to have undergone simplification, possibly to reduce exposure to detection mechanisms. The malware is frequently delivered using obfuscated Lua scripts instead of compiled Lua bytecode, as the latter can trigger suspicion more easily.", "modified": "2024-11-08T09:02:06.888000", "created": "2024-10-09T15:37:07.309000", "tags": [ "morphisec", "lua malware", "lua loader", "lua script", "c2 lua", "windows servers", "linux server", "redline", "compiler", "prometheus", "crypter", "powershell", "redline stealer", "ransomware" ], "references": [ "https://blog.morphisec.com/threat-analysis-lua-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lua", "display_name": "Lua", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": "67064d7f332a0eb0d46822ed", "export_count": 65, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 9, "domain": 3 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 386552, "modified_text": "569 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670d150169ad6ecc7b41b241", "name": "The Everyman Threat Feed", "description": "", "modified": "2024-11-22T17:02:43.253000", "created": "2024-10-14T12:56:33.350000", "tags": [ "Malware", "Phishing", "Threat Feed", "IOCs" ], "references": [ "https://github.com/df4u1t/The-Everyman-Threat-Feed/raw/refs/heads/main/domain-threats.txt", "https://github.com/df4u1t/The-Everyman-Threat-Feed/raw/refs/heads/main/ipv4-threats.txt", "https://github.com/df4u1t/The-Everyman-Threat-Feed/raw/refs/heads/main/url-threats.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jrussell183", "id": "134208", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 72, "hostname": 54, "URL": 88, "FileHash-MD5": 1 }, "indicator_count": 215, "is_author": false, "is_subscribing": null, "subscriber_count": 3, "modified_text": "555 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "562 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6708d33a231e595324d2aa78", "name": "Lua Malware Targets via Fake Cheating Script Engines", "description": "Lua Malware Targets via Fake Cheating Script Engines tricked in to downloading for gamers.", "modified": "2024-11-10T06:02:22.354000", "created": "2024-10-11T07:26:50.292000", "tags": [], "references": [ "October 11th, 2024 - CryptoGen Cyber Threat Intelligence Advisory #5331 - Lua Malware Targets via Fake Cheating Script Engines.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 6, "domain": 2 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "567 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67064d7f332a0eb0d46822ed", "name": "Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines", "description": "A detailed analysis of Lua malware targeting the gaming community and educational sector, as well as other types of malware, has been published by Morphisec Threat Labs and OALabs and McAfee.", "modified": "2024-11-08T09:02:06.888000", "created": "2024-10-09T09:31:43.684000", "tags": [ "strong", "morphisec", "lua malware", "lua loader", "lua script", "target defense", "c2 lua", "windows servers", "linux server", "response", "redline", "compiler", "sector", "attack", "defender", "path", "defense", "team", "april", "malicious", "prometheus", "crypter", "powershell", "redline stealer", "ransomware", "loader", "lua" ], "references": [ "https://blog.morphisec.com/threat-analysis-lua-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lua", "display_name": "Lua", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": null, "export_count": 30, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 9, "domain": 3 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "569 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6705f4a051d75072646b7fa7", "name": "Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines", "description": "A detailed analysis of Lua malware targeting the gaming community and educational sector, as well as other types of malware, has been published by Morphisec Threat Labs and OALabs and McAfee.", "modified": "2024-11-08T03:02:23.857000", "created": "2024-10-09T03:12:32.301000", "tags": [ "strong", "morphisec", "lua malware", "lua loader", "lua script", "target defense", "c2 lua", "windows servers", "linux server", "response", "redline", "compiler", "sector", "attack", "defender", "path", "defense", "team", "april", "malicious", "prometheus", "crypter", "powershell", "redline stealer", "ransomware", "loader", "lua" ], "references": [ "https://blog.morphisec.com/threat-analysis-lua-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lua", "display_name": "Lua", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ChrisTan0", "id": "262536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 9, "domain": 3 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 43, "modified_text": "569 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67079837306c847ba348144d", "name": "Lua Malware", "description": "Lua Malware", "modified": "2024-10-10T09:04:18.689000", "created": "2024-10-10T09:02:46.722000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IndoOpenThreatXchange", "id": "286483", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_286483/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 10, "IPv4": 6, "domain": 1 }, "indicator_count": 23, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "598 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://blog.morphisec.com/threat-analysis-lua-malware", "https://github.com/df4u1t/The-Everyman-Threat-Feed/raw/refs/heads/main/ipv4-threats.txt", "https://github.com/df4u1t/The-Everyman-Threat-Feed/raw/refs/heads/main/domain-threats.txt", "https://github.com/df4u1t/The-Everyman-Threat-Feed/raw/refs/heads/main/url-threats.txt", "October 11th, 2024 - CryptoGen Cyber Threat Intelligence Advisory #5331 - Lua Malware Targets via Fake Cheating Script Engines.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Lua" ], "industries": [ "Gaming" ] }, "other": { "adversary": [], "malware_families": [ "Lua" ], "industries": [ "Gaming" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "6706a3233a53473645b5a526", "name": "Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines", "description": "Over the past year, the delivery of Lua malware appears to have undergone simplification, possibly to reduce exposure to detection mechanisms. The malware is frequently delivered using obfuscated Lua scripts instead of compiled Lua bytecode, as the latter can trigger suspicion more easily.", "modified": "2024-11-08T09:02:06.888000", "created": "2024-10-09T15:37:07.309000", "tags": [ "morphisec", "lua malware", "lua loader", "lua script", "c2 lua", "windows servers", "linux server", "redline", "compiler", "prometheus", "crypter", "powershell", "redline stealer", "ransomware" ], "references": [ "https://blog.morphisec.com/threat-analysis-lua-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lua", "display_name": "Lua", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": "67064d7f332a0eb0d46822ed", "export_count": 65, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 9, "domain": 3 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 386552, "modified_text": "569 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670d150169ad6ecc7b41b241", "name": "The Everyman Threat Feed", "description": "", "modified": "2024-11-22T17:02:43.253000", "created": "2024-10-14T12:56:33.350000", "tags": [ "Malware", "Phishing", "Threat Feed", "IOCs" ], "references": [ "https://github.com/df4u1t/The-Everyman-Threat-Feed/raw/refs/heads/main/domain-threats.txt", "https://github.com/df4u1t/The-Everyman-Threat-Feed/raw/refs/heads/main/ipv4-threats.txt", "https://github.com/df4u1t/The-Everyman-Threat-Feed/raw/refs/heads/main/url-threats.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jrussell183", "id": "134208", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 72, "hostname": 54, "URL": 88, "FileHash-MD5": 1 }, "indicator_count": 215, "is_author": false, "is_subscribing": null, "subscriber_count": 3, "modified_text": "555 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "562 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6708d33a231e595324d2aa78", "name": "Lua Malware Targets via Fake Cheating Script Engines", "description": "Lua Malware Targets via Fake Cheating Script Engines tricked in to downloading for gamers.", "modified": "2024-11-10T06:02:22.354000", "created": "2024-10-11T07:26:50.292000", "tags": [], "references": [ "October 11th, 2024 - CryptoGen Cyber Threat Intelligence Advisory #5331 - Lua Malware Targets via Fake Cheating Script Engines.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 6, "domain": 2 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "567 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67064d7f332a0eb0d46822ed", "name": "Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines", "description": "A detailed analysis of Lua malware targeting the gaming community and educational sector, as well as other types of malware, has been published by Morphisec Threat Labs and OALabs and McAfee.", "modified": "2024-11-08T09:02:06.888000", "created": "2024-10-09T09:31:43.684000", "tags": [ "strong", "morphisec", "lua malware", "lua loader", "lua script", "target defense", "c2 lua", "windows servers", "linux server", "response", "redline", "compiler", "sector", "attack", "defender", "path", "defense", "team", "april", "malicious", "prometheus", "crypter", "powershell", "redline stealer", "ransomware", "loader", "lua" ], "references": [ "https://blog.morphisec.com/threat-analysis-lua-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lua", "display_name": "Lua", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": null, "export_count": 30, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 9, "domain": 3 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "569 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6705f4a051d75072646b7fa7", "name": "Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines", "description": "A detailed analysis of Lua malware targeting the gaming community and educational sector, as well as other types of malware, has been published by Morphisec Threat Labs and OALabs and McAfee.", "modified": "2024-11-08T03:02:23.857000", "created": "2024-10-09T03:12:32.301000", "tags": [ "strong", "morphisec", "lua malware", "lua loader", "lua script", "target defense", "c2 lua", "windows servers", "linux server", "response", "redline", "compiler", "sector", "attack", "defender", "path", "defense", "team", "april", "malicious", "prometheus", "crypter", "powershell", "redline stealer", "ransomware", "loader", "lua" ], "references": [ "https://blog.morphisec.com/threat-analysis-lua-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lua", "display_name": "Lua", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ChrisTan0", "id": "262536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 9, "domain": 3 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 43, "modified_text": "569 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67079837306c847ba348144d", "name": "Lua Malware", "description": "Lua Malware", "modified": "2024-10-10T09:04:18.689000", "created": "2024-10-10T09:02:46.722000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IndoOpenThreatXchange", "id": "286483", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_286483/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 10, "IPv4": 6, "domain": 1 }, "indicator_count": 23, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "598 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "electronexec.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "electronexec.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780248356.81965 }