{ "type": "Domain", "indicator": "endpointup.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/endpointup.com", "alexa": "http://www.alexa.com/siteinfo/endpointup.com", "indicator": "endpointup.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2518927, "indicator": "endpointup.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "58a5ec2b40e674790e306046", "name": "Breaking The Weakest Link Of The Strongest Chain", "description": "Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers\u2019 command and control server. In addition, the compromised devices were pushed Trojan updates, which allowed the attackers to extend their capabilities. The operation remains active at the time of writing this post, with attacks reported as recently as February 2017.\n\nThe campaign, which experts believe is still in its early stages, targets Android OS devices. Once the device is compromised, a process of sophisticated intelligence gathering starts, exploiting the ability to access the phone\u2019s video and audio capabilities, SMS functions, and location.", "modified": "2017-06-14T18:04:17.290000", "created": "2017-02-16T18:15:07.227000", "tags": [ "idf", "sms", "apk", "israeli", "trojan", "gaza", "android", "kaspersky" ], "references": [ "https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-strongest-chain/" ], "public": 1, "adversary": "Kasper", "targeted_countries": [ "Israel" ], "malware_families": [], "attack_ids": [], "industries": [ "military" ], "TLP": "green", "cloned_from": null, "export_count": 45, "upvotes_count": 1.0, "downvotes_count": 1.0, "votes_count": 0.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 5, "FileHash-SHA1": 7 }, "indicator_count": 12, "is_author": false, "is_subscribing": null, "subscriber_count": 386726, "modified_text": "3273 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-06-01T00:38:49.108000", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64327, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880083, "is_author": false, "is_subscribing": null, "subscriber_count": 301, "modified_text": "15 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-strongest-chain/" ], "related": { "alienvault": { "adversary": [ "Kasper" ], "malware_families": [], "industries": [ "Military" ] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Defense", "Industrial", "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "58a5ec2b40e674790e306046", "name": "Breaking The Weakest Link Of The Strongest Chain", "description": "Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers\u2019 command and control server. In addition, the compromised devices were pushed Trojan updates, which allowed the attackers to extend their capabilities. The operation remains active at the time of writing this post, with attacks reported as recently as February 2017.\n\nThe campaign, which experts believe is still in its early stages, targets Android OS devices. Once the device is compromised, a process of sophisticated intelligence gathering starts, exploiting the ability to access the phone\u2019s video and audio capabilities, SMS functions, and location.", "modified": "2017-06-14T18:04:17.290000", "created": "2017-02-16T18:15:07.227000", "tags": [ "idf", "sms", "apk", "israeli", "trojan", "gaza", "android", "kaspersky" ], "references": [ "https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-strongest-chain/" ], "public": 1, "adversary": "Kasper", "targeted_countries": [ "Israel" ], "malware_families": [], "attack_ids": [], "industries": [ "military" ], "TLP": "green", "cloned_from": null, "export_count": 45, "upvotes_count": 1.0, "downvotes_count": 1.0, "votes_count": 0.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 5, "FileHash-SHA1": 7 }, "indicator_count": 12, "is_author": false, "is_subscribing": null, "subscriber_count": 386726, "modified_text": "3273 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-06-01T00:38:49.108000", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64327, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880083, "is_author": false, "is_subscribing": null, "subscriber_count": 301, "modified_text": "15 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "endpointup.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "endpointup.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780331877.779004 }