{ "type": "Domain", "indicator": "fendoremi.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/fendoremi.com", "alexa": "http://www.alexa.com/siteinfo/fendoremi.com", "indicator": "fendoremi.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3388382467, "indicator": "fendoremi.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 10, "pulses": [ { "id": "6820e55e7439e125fb3f99c3", "name": "XLoader 2022", "description": "", "modified": "2025-05-27T21:30:25.270000", "created": "2025-05-11T17:58:54.284000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27 }, "indicator_count": 27, "is_author": false, "is_subscribing": null, "subscriber_count": 184, "modified_text": "371 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629858ff38466d834e7d556a", "name": "XLoader Botnet: Find Me If You Can - Check Point Research", "description": "The latest version of the XLoader malware, which was discovered in the wild in August 2021, is a more sophisticated version than previous versions, according to researchers at the Centre for the Study of Cybersecurity (CPC).", "modified": "2022-07-02T00:05:39.094000", "created": "2022-06-02T06:30:23.926000", "tags": [ "xloader", "formbook", "c server", "fake hostinger", "c domain", "namecheap", "hostinger", "fake namecheap", "xloader malware", "july", "august" ], "references": [ "https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "XLoader", "display_name": "XLoader", "target": null }, { "id": "Formbook", "display_name": "Formbook", "target": null }, { "id": "Xloader", "display_name": "Xloader", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1561", "name": "Disk Wipe", "display_name": "T1561 - Disk Wipe" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 9, "domain": 128, "hostname": 2 }, "indicator_count": 147, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1432 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6297fb7b95fd61b3212c922b", "name": "XLoader Botnet: Find Me If You Can - Check Point Research", "description": "", "modified": "2022-07-01T23:01:21.802000", "created": "2022-06-01T23:51:23.988000", "tags": [ "CheckPoint", "Malware", "Botnet", "Formbook", "XLoader" ], "references": [ "https://community.riskiq.com/article/04fb7dc4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 8, "domain": 127, "FileHash-MD5": 3 }, "indicator_count": 138, "is_author": false, "is_subscribing": null, "subscriber_count": 1625, "modified_text": "1432 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629712cda09b6f6b3024bc0e", "name": "XLoader Botnet: Find Me If You Can - Check Point Research", "description": "The latest version of the XLoader malware, which was discovered in the wild in August 2021, is a more sophisticated version than previous versions, according to researchers at the Centre for the Study of Cybersecurity (CPC).", "modified": "2022-07-01T00:00:49.767000", "created": "2022-06-01T07:18:37.583000", "tags": [ "xloader", "formbook", "c server", "fake hostinger", "c domain", "namecheap", "hostinger", "fake namecheap", "xloader malware", "july", "august" ], "references": [ "https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "XLoader", "display_name": "XLoader", "target": null }, { "id": "Formbook", "display_name": "Formbook", "target": null }, { "id": "Xloader", "display_name": "Xloader", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1561", "name": "Disk Wipe", "display_name": "T1561 - Disk Wipe" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Santosh.elumalai", "id": "113904", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 9, "domain": 128, "hostname": 2 }, "indicator_count": 147, "is_author": false, "is_subscribing": null, "subscriber_count": 35, "modified_text": "1433 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62973e1eb21ca572d65b9d2a", "name": "Latest Version of XLoader Botnet Malware Uses Probability Theory to Hide Its C&C Servers", "description": "Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its C&C servers. This helps the malware operators continue using the same infrastructure without the risk of losing nodes due to blocks on identified IP addresses while also reducing the chances of being tracked and identified.\n\nThe botnet\nXLoader is an information-stealer that was originally based on Formbook, targeting Windows and macOS operating systems. It first entered widespread deployment in January 2021. The latest XLoader versions are 2.5 and 2.6", "modified": "2022-07-01T00:00:49.767000", "created": "2022-06-01T10:23:26.424000", "tags": [ "additional info", "sha256", "ip address", "Malware", "XLoader Botnet" ], "references": [ "https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/" ], "public": 1, "adversary": "Malware Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SVThreatIntel", "id": "148120", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_148120/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 8, "domain": 127 }, "indicator_count": 139, "is_author": false, "is_subscribing": null, "subscriber_count": 191, "modified_text": "1433 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629764e7d481e65ee2496483", "name": "Xloader IOCs", "description": "The following is a guide to the most common types of X-Ray, which can be used to access data from a single server, and how the data is stored in a different server..", "modified": "2022-07-01T00:00:49.767000", "created": "2022-06-01T13:08:55.878000", "tags": [ "sha256 version", "xloader c", "domain ip" ], "references": [ "https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "brazen.fox.thirteen", "id": "155136", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 8, "domain": 127 }, "indicator_count": 139, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "1433 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62624aeae772f7bd1634bbea", "name": "ASEC Weekly Malware Statistics ( 20220411 ~ 20220417 ) - ASEC BLOG", "description": "The ASEC analysis team uses the ASEC automatic analysis system RAPIT to classify and respond to known malicious codes. This post summarizes the statistics of malicious code collected for one week from Monday, April 11, 2022 to Sunday, April 17, 2022.", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T06:27:54.596000", "tags": [ "formbook", "agenttesla", "asec", "lokibot", "redline", "asec blog", "snake keylogger", "gmail", "rapit", "tool", "bank", "infostealer", "avemaria", "snakekeylogger" ], "references": [ "https://asec.ahnlab.com/ko/33741/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 5, "hostname": 12, "URL": 18, "email": 5 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 355, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62624b1a1f961adfc4ceeedd", "name": "ASEC Weekly Malware Statistics ( 20220411 ~ 20220417 ) - ASEC BLOG", "description": "The ASEC analysis team uses the ASEC automatic analysis system RAPIT to classify and respond to known malicious codes. This post summarizes the statistics of malicious code collected for one week from Monday, April 11, 2022 to Sunday, April 17, 2022.", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T06:28:42.262000", "tags": [ "formbook", "agenttesla", "asec", "lokibot", "redline", "asec blog", "snake keylogger", "gmail", "rapit", "tool", "bank", "infostealer", "avemaria", "snakekeylogger" ], "references": [ "https://asec.ahnlab.com/ko/33741/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 5, "hostname": 12, "URL": 18, "email": 5 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 355, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "623d60934894fb1c0ae8a9a2", "name": "ASEC Weekly Malware Statistics ( 20220314 ~ 20220320 ) - ASEC BLOG", "description": "\u00c2\u00a31.5m llywodrau ASEC - \"Formbook\" - is the most popular formbook in the world. \u00e2\u201a\u00ac", "modified": "2022-04-24T00:01:15.470000", "created": "2022-03-25T06:26:27.122000", "tags": [ "formbook", "asec", "beamwinhttp", "lokibot", "redline", "asec blog", "agenttesla", "cryptbot", "rapit", "tool", "avemaria", "muldrop", "crack" ], "references": [ "https://asec.ahnlab.com/ko/32964/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 14, "URL": 43, "FileHash-MD5": 1, "email": 4, "hostname": 23 }, "indicator_count": 85, "is_author": false, "is_subscribing": null, "subscriber_count": 355, "modified_text": "1501 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "621dd30c6081f2f323324093", "name": "NewDom-1-20220301", "description": "ICANN-Dom", "modified": "2022-04-15T00:03:47.669000", "created": "2022-03-01T08:02:20.157000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 203, "modified_text": "1510 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "references": [ "https://asec.ahnlab.com/ko/33741/", "https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/", "https://asec.ahnlab.com/ko/32964/", "https://community.riskiq.com/article/04fb7dc4" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Malware Advisory" ], "malware_families": [ "Formbook", "Xloader" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 10, "pulses": [ { "id": "6820e55e7439e125fb3f99c3", "name": "XLoader 2022", "description": "", "modified": "2025-05-27T21:30:25.270000", "created": "2025-05-11T17:58:54.284000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27 }, "indicator_count": 27, "is_author": false, "is_subscribing": null, "subscriber_count": 184, "modified_text": "371 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629858ff38466d834e7d556a", "name": "XLoader Botnet: Find Me If You Can - Check Point Research", "description": "The latest version of the XLoader malware, which was discovered in the wild in August 2021, is a more sophisticated version than previous versions, according to researchers at the Centre for the Study of Cybersecurity (CPC).", "modified": "2022-07-02T00:05:39.094000", "created": "2022-06-02T06:30:23.926000", "tags": [ "xloader", "formbook", "c server", "fake hostinger", "c domain", "namecheap", "hostinger", "fake namecheap", "xloader malware", "july", "august" ], "references": [ "https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "XLoader", "display_name": "XLoader", "target": null }, { "id": "Formbook", "display_name": "Formbook", "target": null }, { "id": "Xloader", "display_name": "Xloader", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1561", "name": "Disk Wipe", "display_name": "T1561 - Disk Wipe" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 9, "domain": 128, "hostname": 2 }, "indicator_count": 147, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1432 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6297fb7b95fd61b3212c922b", "name": "XLoader Botnet: Find Me If You Can - Check Point Research", "description": "", "modified": "2022-07-01T23:01:21.802000", "created": "2022-06-01T23:51:23.988000", "tags": [ "CheckPoint", "Malware", "Botnet", "Formbook", "XLoader" ], "references": [ "https://community.riskiq.com/article/04fb7dc4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 8, "domain": 127, "FileHash-MD5": 3 }, "indicator_count": 138, "is_author": false, "is_subscribing": null, "subscriber_count": 1625, "modified_text": "1432 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629712cda09b6f6b3024bc0e", "name": "XLoader Botnet: Find Me If You Can - Check Point Research", "description": "The latest version of the XLoader malware, which was discovered in the wild in August 2021, is a more sophisticated version than previous versions, according to researchers at the Centre for the Study of Cybersecurity (CPC).", "modified": "2022-07-01T00:00:49.767000", "created": "2022-06-01T07:18:37.583000", "tags": [ "xloader", "formbook", "c server", "fake hostinger", "c domain", "namecheap", "hostinger", "fake namecheap", "xloader malware", "july", "august" ], "references": [ "https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "XLoader", "display_name": "XLoader", "target": null }, { "id": "Formbook", "display_name": "Formbook", "target": null }, { "id": "Xloader", "display_name": "Xloader", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1561", "name": "Disk Wipe", "display_name": "T1561 - Disk Wipe" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Santosh.elumalai", "id": "113904", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 9, "domain": 128, "hostname": 2 }, "indicator_count": 147, "is_author": false, "is_subscribing": null, "subscriber_count": 35, "modified_text": "1433 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62973e1eb21ca572d65b9d2a", "name": "Latest Version of XLoader Botnet Malware Uses Probability Theory to Hide Its C&C Servers", "description": "Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its C&C servers. This helps the malware operators continue using the same infrastructure without the risk of losing nodes due to blocks on identified IP addresses while also reducing the chances of being tracked and identified.\n\nThe botnet\nXLoader is an information-stealer that was originally based on Formbook, targeting Windows and macOS operating systems. It first entered widespread deployment in January 2021. The latest XLoader versions are 2.5 and 2.6", "modified": "2022-07-01T00:00:49.767000", "created": "2022-06-01T10:23:26.424000", "tags": [ "additional info", "sha256", "ip address", "Malware", "XLoader Botnet" ], "references": [ "https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/" ], "public": 1, "adversary": "Malware Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SVThreatIntel", "id": "148120", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_148120/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 8, "domain": 127 }, "indicator_count": 139, "is_author": false, "is_subscribing": null, "subscriber_count": 191, "modified_text": "1433 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629764e7d481e65ee2496483", "name": "Xloader IOCs", "description": "The following is a guide to the most common types of X-Ray, which can be used to access data from a single server, and how the data is stored in a different server..", "modified": "2022-07-01T00:00:49.767000", "created": "2022-06-01T13:08:55.878000", "tags": [ "sha256 version", "xloader c", "domain ip" ], "references": [ "https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "brazen.fox.thirteen", "id": "155136", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 8, "domain": 127 }, "indicator_count": 139, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "1433 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62624aeae772f7bd1634bbea", "name": "ASEC Weekly Malware Statistics ( 20220411 ~ 20220417 ) - ASEC BLOG", "description": "The ASEC analysis team uses the ASEC automatic analysis system RAPIT to classify and respond to known malicious codes. This post summarizes the statistics of malicious code collected for one week from Monday, April 11, 2022 to Sunday, April 17, 2022.", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T06:27:54.596000", "tags": [ "formbook", "agenttesla", "asec", "lokibot", "redline", "asec blog", "snake keylogger", "gmail", "rapit", "tool", "bank", "infostealer", "avemaria", "snakekeylogger" ], "references": [ "https://asec.ahnlab.com/ko/33741/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 5, "hostname": 12, "URL": 18, "email": 5 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 355, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62624b1a1f961adfc4ceeedd", "name": "ASEC Weekly Malware Statistics ( 20220411 ~ 20220417 ) - ASEC BLOG", "description": "The ASEC analysis team uses the ASEC automatic analysis system RAPIT to classify and respond to known malicious codes. This post summarizes the statistics of malicious code collected for one week from Monday, April 11, 2022 to Sunday, April 17, 2022.", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T06:28:42.262000", "tags": [ "formbook", "agenttesla", "asec", "lokibot", "redline", "asec blog", "snake keylogger", "gmail", "rapit", "tool", "bank", "infostealer", "avemaria", "snakekeylogger" ], "references": [ "https://asec.ahnlab.com/ko/33741/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 5, "hostname": 12, "URL": 18, "email": 5 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 355, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "623d60934894fb1c0ae8a9a2", "name": "ASEC Weekly Malware Statistics ( 20220314 ~ 20220320 ) - ASEC BLOG", "description": "\u00c2\u00a31.5m llywodrau ASEC - \"Formbook\" - is the most popular formbook in the world. \u00e2\u201a\u00ac", "modified": "2022-04-24T00:01:15.470000", "created": "2022-03-25T06:26:27.122000", "tags": [ "formbook", "asec", "beamwinhttp", "lokibot", "redline", "asec blog", "agenttesla", "cryptbot", "rapit", "tool", "avemaria", "muldrop", "crack" ], "references": [ "https://asec.ahnlab.com/ko/32964/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 14, "URL": 43, "FileHash-MD5": 1, "email": 4, "hostname": 23 }, "indicator_count": 85, "is_author": false, "is_subscribing": null, "subscriber_count": 355, "modified_text": "1501 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "621dd30c6081f2f323324093", "name": "NewDom-1-20220301", "description": "ICANN-Dom", "modified": "2022-04-15T00:03:47.669000", "created": "2022-03-01T08:02:20.157000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 203, "modified_text": "1510 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "fendoremi.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "fendoremi.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780504317.5382357 }