{ "type": "Domain", "indicator": "erwwbasmhtm.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/erwwbasmhtm.com", "alexa": "http://www.alexa.com/siteinfo/erwwbasmhtm.com", "indicator": "erwwbasmhtm.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 44089336, "indicator": "erwwbasmhtm.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "59ce67c830990c6ad9f9c452", "name": "Ramnit \u2013 in-depth analysis", "description": "If we look on Ramnit\u2019s history, it\u2019s hard to exactly pin down which malware family it actually belongs to. One thing is certain, it\u2019s not a new threat. It emerged in 2010, transferred by removable drives within infected executables and HTML files.\n\nA year later, a more dangerous version was released. It contained a part of recently leaked Zeus source code, which allowed Ramnit to become a banking trojan.\n\nThese days, it has become much more sophisticated by utilizing a number of malicious activities including:\n\nPerforming Man-in-the-Browser attacks\nStealing FTP credentials and browser cookies\nUsing DGA (Domain Generation Algorithm) to find the C&C (Command and Control) server\nUsing privilege escalation\nAdding AV exceptions\nUploading screenshots of sensitive information", "modified": "2018-02-08T13:25:20.390000", "created": "2017-09-29T15:33:28.498000", "tags": [ "malware", "Ramnit", "dga", "cert.pl" ], "references": [ "https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 72, "upvotes_count": 1.0, "downvotes_count": 0.0, "votes_count": 1.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "YARA": 1, "domain": 200, "FileHash-SHA256": 21, "CVE": 2, "hostname": 1 }, "indicator_count": 225, "is_author": false, "is_subscribing": null, "subscriber_count": 386785, "modified_text": "3035 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-06-01T00:38:49.108000", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64327, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880083, "is_author": false, "is_subscribing": null, "subscriber_count": 301, "modified_text": "17 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707a97ec86aca5a06dabe9", "name": "Ramnit \u2013 in-depth analysis", "description": "", "modified": "2023-12-06T13:43:51.434000", "created": "2023-12-06T13:43:51.434000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "YARA": 1, "domain": 200, "FileHash-SHA256": 21, "CVE": 2, "hostname": 1 }, "indicator_count": 225, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "632548fc83bbc101912f09f7", "name": "Cisco Talos Intelligence Group - Threat Roundup for September 9 to September 16", "description": "", "modified": "2022-10-17T04:06:50.809000", "created": "2022-09-17T04:11:40.643000", "tags": [ "na stealthwatch", "mitre att", "compromise iocs", "endpoint secure", "registry keys", "cloud na", "secure malware", "see json", "files", "endpoint na", "rats", "asprox", "kuluoz" ], "references": [ "https://blog.talosintelligence.com/2022/09/threat-roundup-0909-0916.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 25, "FileHash-MD5": 70, "FileHash-SHA1": 72, "FileHash-SHA256": 158, "CIDR": 1, "domain": 24 }, "indicator_count": 350, "is_author": false, "is_subscribing": null, "subscriber_count": 354, "modified_text": "1323 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6324c709cbda89494db1ae5a", "name": "Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Roundup for September 9 to September 16", "description": "", "modified": "2022-10-16T19:20:20.837000", "created": "2022-09-16T18:57:13.302000", "tags": [ "na stealthwatch", "mitre att", "compromise iocs", "endpoint secure", "registry keys", "cloud na", "secure malware", "see json", "files", "endpoint na", "rats", "asprox", "kuluoz" ], "references": [ "http://blog.talosintelligence.com/2022/09/threat-roundup-0909-0916.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cyber74Team", "id": "202637", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_202637/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 25, "hostname": 25, "FileHash-MD5": 70, "FileHash-SHA1": 72, "FileHash-SHA256": 158, "CIDR": 1 }, "indicator_count": 351, "is_author": false, "is_subscribing": null, "subscriber_count": 164, "modified_text": "1323 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62915abfa22b643b8f26adab", "name": "Cisco Talos Intelligence Group - Threat Roundup for May 20 to May 27", "description": "Talos has published its latest roundups of malware threats, highlighting the most prevalent and most common threats to the security industry, and highlighting how customers can be automatically protected from these threats and vulnerability analysis.", "modified": "2022-06-27T00:04:33.529000", "created": "2022-05-27T23:11:59.788000", "tags": [ "mitre att", "see json", "compromise iocs", "endpoint secure", "registry keys", "addresses", "file hashes", "endpoint na", "email security", "stealthwatch na", "chthonic", "azorult", "emotet", "tinba", "ursnif" ], "references": [ "https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "Azorult", "display_name": "Azorult", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 67, "FileHash-SHA1": 65, "FileHash-SHA256": 138, "domain": 14, "hostname": 8 }, "indicator_count": 292, "is_author": false, "is_subscribing": null, "subscriber_count": 356, "modified_text": "1435 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://blog.talosintelligence.com/2022/09/threat-roundup-0909-0916.html", "https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html", "https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/", "http://blog.talosintelligence.com/2022/09/threat-roundup-0909-0916.html" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Azorult", "Ursnif" ], "industries": [ "Government", "Industrial", "Defense" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "59ce67c830990c6ad9f9c452", "name": "Ramnit \u2013 in-depth analysis", "description": "If we look on Ramnit\u2019s history, it\u2019s hard to exactly pin down which malware family it actually belongs to. One thing is certain, it\u2019s not a new threat. It emerged in 2010, transferred by removable drives within infected executables and HTML files.\n\nA year later, a more dangerous version was released. It contained a part of recently leaked Zeus source code, which allowed Ramnit to become a banking trojan.\n\nThese days, it has become much more sophisticated by utilizing a number of malicious activities including:\n\nPerforming Man-in-the-Browser attacks\nStealing FTP credentials and browser cookies\nUsing DGA (Domain Generation Algorithm) to find the C&C (Command and Control) server\nUsing privilege escalation\nAdding AV exceptions\nUploading screenshots of sensitive information", "modified": "2018-02-08T13:25:20.390000", "created": "2017-09-29T15:33:28.498000", "tags": [ "malware", "Ramnit", "dga", "cert.pl" ], "references": [ "https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 72, "upvotes_count": 1.0, "downvotes_count": 0.0, "votes_count": 1.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "YARA": 1, "domain": 200, "FileHash-SHA256": 21, "CVE": 2, "hostname": 1 }, "indicator_count": 225, "is_author": false, "is_subscribing": null, "subscriber_count": 386785, "modified_text": "3035 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-06-01T00:38:49.108000", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64327, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880083, "is_author": false, "is_subscribing": null, "subscriber_count": 301, "modified_text": "17 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707a97ec86aca5a06dabe9", "name": "Ramnit \u2013 in-depth analysis", "description": "", "modified": "2023-12-06T13:43:51.434000", "created": "2023-12-06T13:43:51.434000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "YARA": 1, "domain": 200, "FileHash-SHA256": 21, "CVE": 2, "hostname": 1 }, "indicator_count": 225, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "632548fc83bbc101912f09f7", "name": "Cisco Talos Intelligence Group - Threat Roundup for September 9 to September 16", "description": "", "modified": "2022-10-17T04:06:50.809000", "created": "2022-09-17T04:11:40.643000", "tags": [ "na stealthwatch", "mitre att", "compromise iocs", "endpoint secure", "registry keys", "cloud na", "secure malware", "see json", "files", "endpoint na", "rats", "asprox", "kuluoz" ], "references": [ "https://blog.talosintelligence.com/2022/09/threat-roundup-0909-0916.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 25, "FileHash-MD5": 70, "FileHash-SHA1": 72, "FileHash-SHA256": 158, "CIDR": 1, "domain": 24 }, "indicator_count": 350, "is_author": false, "is_subscribing": null, "subscriber_count": 354, "modified_text": "1323 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6324c709cbda89494db1ae5a", "name": "Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Roundup for September 9 to September 16", "description": "", "modified": "2022-10-16T19:20:20.837000", "created": "2022-09-16T18:57:13.302000", "tags": [ "na stealthwatch", "mitre att", "compromise iocs", "endpoint secure", "registry keys", "cloud na", "secure malware", "see json", "files", "endpoint na", "rats", "asprox", "kuluoz" ], "references": [ "http://blog.talosintelligence.com/2022/09/threat-roundup-0909-0916.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cyber74Team", "id": "202637", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_202637/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 25, "hostname": 25, "FileHash-MD5": 70, "FileHash-SHA1": 72, "FileHash-SHA256": 158, "CIDR": 1 }, "indicator_count": 351, "is_author": false, "is_subscribing": null, "subscriber_count": 164, "modified_text": "1323 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62915abfa22b643b8f26adab", "name": "Cisco Talos Intelligence Group - Threat Roundup for May 20 to May 27", "description": "Talos has published its latest roundups of malware threats, highlighting the most prevalent and most common threats to the security industry, and highlighting how customers can be automatically protected from these threats and vulnerability analysis.", "modified": "2022-06-27T00:04:33.529000", "created": "2022-05-27T23:11:59.788000", "tags": [ "mitre att", "see json", "compromise iocs", "endpoint secure", "registry keys", "addresses", "file hashes", "endpoint na", "email security", "stealthwatch na", "chthonic", "azorult", "emotet", "tinba", "ursnif" ], "references": [ "https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "Azorult", "display_name": "Azorult", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 67, "FileHash-SHA1": 65, "FileHash-SHA256": 138, "domain": 14, "hostname": 8 }, "indicator_count": 292, "is_author": false, "is_subscribing": null, "subscriber_count": 356, "modified_text": "1435 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "erwwbasmhtm.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "erwwbasmhtm.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780337161.635968 }