{ "type": "Domain", "indicator": "finalstepgo.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/finalstepgo.com", "alexa": "http://www.alexa.com/siteinfo/finalstepgo.com", "indicator": "finalstepgo.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3983743929, "indicator": "finalstepgo.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "66fc82db30a39aa7895f55ea", "name": "URLHaus data - 01-10-2024", "description": "", "modified": "2024-10-31T23:03:07.473000", "created": "2024-10-01T23:16:43.309000", "tags": [ "32-bit", "elf", "mips", "Mozi", "arm", "SocGholish", "dropped-by-PrivateLoader", "Vidar", "Smoke Loader", "mirai", "MarsStealer", "64-bit", "x86-64", "sh", "shellscript", "ua-wget", "exe", "Stealc", "ddos", "x86-32", "dll", "ascii", "Encoded", "GuLoader", "Loki", "AgentTesla", "encrypted", "rat", "RemcosRAT", "hta", "AsyncRAT", "js", "opendir", "vbs", "Metasploit", "MetaStealer", "exer", "zip", "LummaStealer", "powershell", "txt", "downloader", "Sliver", "base64-loader" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 71, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1000, "hostname": 3, "domain": 3 }, "indicator_count": 1006, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "576 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66f9aeff2d03baeab048999c", "name": "ACTIVIDAD MALICIOSA | Relacionada con Lumma Stealer 29-09-2024", "description": "Lumma Stealer es un tipo de software malicioso dise\u00f1ado para robar informaci\u00f3n confidencial de los dispositivos infectados. Este malware se infiltra en los sistemas y extrae datos personales, como nombres de usuario, contrase\u00f1as, informaci\u00f3n bancaria y detalles de tarjetas de cr\u00e9dito. LummaStealer puede afectar varias cuentas, incluidas redes sociales, correos electr\u00f3nicos y monederos de criptomonedas. Los delincuentes pueden usar la informaci\u00f3n robada para chantaje, suplantaci\u00f3n de identidad, y realizar transacciones fraudulentas, lo que puede causar serios problemas de privacidad y p\u00e9rdidas econ\u00f3micas significativas para las v\u00edctimas.", "modified": "2024-10-29T19:03:15.889000", "created": "2024-09-29T19:48:15.170000", "tags": [ "access", "discovery", "ta0001 initial", "t1003 data", "local system", "t1033 system", "t1057 process", "t1082 system", "t1087 account" ], "references": [ "https://www.virustotal.com/graph/embed/g7d7074ccf4734ca7b2f24ee7f2c4b7c6a06b0a63e14c4010b93967adb2fae722?theme=light", "https://darfe.es/ciberwiki/index.php?title=Lumma", "https://www.alertasyseguridad.net/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 242, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "domain": 262 }, "indicator_count": 522, "is_author": false, "is_subscribing": null, "subscriber_count": 269, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66f73b88e06072665c019d97", "name": "URLHaus data - 27-09-2024", "description": "", "modified": "2024-10-27T23:01:22.375000", "created": "2024-09-27T23:11:04.524000", "tags": [ "32-bit", "elf", "mips", "Mozi", "arm", "mirai", "exe", "MassLogger", "VIPKeylogger", "Socks5Systemz", "doc", "ddos", "Lumma", "lummac2", "LummaStealer", "stealer", "squadware", "dropped-by-PrivateLoader", "Stealc", "ascii", "config", "GorillaBotnet", "sh", "Encoded", "SmartApeSG", "encrypted", "GuLoader", "njRAT", "rat", "MarsStealer", "ua-wget", "cmd", "BRA", "geofenced", "zip", "AgentTesla", "vdf", "PureLogStealer", "RedLineStealer", "opendir", "SnakeKeylogger", "txt", "Formbook", "RemcosRAT", "rev-base64-loader", "vbs", "related_to_mallox_ransomware", "hta", "CobaltStrike", "fastproxy", "multiverze", "shell", "ConnectBack", "dll", "gafgyt", "js", "vbmalware", "nitol", "Gh0stRAT", "shellscript", "SocGholish" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 59, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 951, "domain": 18, "hostname": 6 }, "indicator_count": 975, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "580 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.alertasyseguridad.net/repositorio-ioc/", "https://www.virustotal.com/graph/embed/g7d7074ccf4734ca7b2f24ee7f2c4b7c6a06b0a63e14c4010b93967adb2fae722?theme=light", "https://urlhaus.abuse.ch/browse/", "https://darfe.es/ciberwiki/index.php?title=Lumma" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Lumma stealer" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "66fc82db30a39aa7895f55ea", "name": "URLHaus data - 01-10-2024", "description": "", "modified": "2024-10-31T23:03:07.473000", "created": "2024-10-01T23:16:43.309000", "tags": [ "32-bit", "elf", "mips", "Mozi", "arm", "SocGholish", "dropped-by-PrivateLoader", "Vidar", "Smoke Loader", "mirai", "MarsStealer", "64-bit", "x86-64", "sh", "shellscript", "ua-wget", "exe", "Stealc", "ddos", "x86-32", "dll", "ascii", "Encoded", "GuLoader", "Loki", "AgentTesla", "encrypted", "rat", "RemcosRAT", "hta", "AsyncRAT", "js", "opendir", "vbs", "Metasploit", "MetaStealer", "exer", "zip", "LummaStealer", "powershell", "txt", "downloader", "Sliver", "base64-loader" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 71, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1000, "hostname": 3, "domain": 3 }, "indicator_count": 1006, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "576 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66f9aeff2d03baeab048999c", "name": "ACTIVIDAD MALICIOSA | Relacionada con Lumma Stealer 29-09-2024", "description": "Lumma Stealer es un tipo de software malicioso dise\u00f1ado para robar informaci\u00f3n confidencial de los dispositivos infectados. Este malware se infiltra en los sistemas y extrae datos personales, como nombres de usuario, contrase\u00f1as, informaci\u00f3n bancaria y detalles de tarjetas de cr\u00e9dito. LummaStealer puede afectar varias cuentas, incluidas redes sociales, correos electr\u00f3nicos y monederos de criptomonedas. Los delincuentes pueden usar la informaci\u00f3n robada para chantaje, suplantaci\u00f3n de identidad, y realizar transacciones fraudulentas, lo que puede causar serios problemas de privacidad y p\u00e9rdidas econ\u00f3micas significativas para las v\u00edctimas.", "modified": "2024-10-29T19:03:15.889000", "created": "2024-09-29T19:48:15.170000", "tags": [ "access", "discovery", "ta0001 initial", "t1003 data", "local system", "t1033 system", "t1057 process", "t1082 system", "t1087 account" ], "references": [ "https://www.virustotal.com/graph/embed/g7d7074ccf4734ca7b2f24ee7f2c4b7c6a06b0a63e14c4010b93967adb2fae722?theme=light", "https://darfe.es/ciberwiki/index.php?title=Lumma", "https://www.alertasyseguridad.net/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 242, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "domain": 262 }, "indicator_count": 522, "is_author": false, "is_subscribing": null, "subscriber_count": 269, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66f73b88e06072665c019d97", "name": "URLHaus data - 27-09-2024", "description": "", "modified": "2024-10-27T23:01:22.375000", "created": "2024-09-27T23:11:04.524000", "tags": [ "32-bit", "elf", "mips", "Mozi", "arm", "mirai", "exe", "MassLogger", "VIPKeylogger", "Socks5Systemz", "doc", "ddos", "Lumma", "lummac2", "LummaStealer", "stealer", "squadware", "dropped-by-PrivateLoader", "Stealc", "ascii", "config", "GorillaBotnet", "sh", "Encoded", "SmartApeSG", "encrypted", "GuLoader", "njRAT", "rat", "MarsStealer", "ua-wget", "cmd", "BRA", "geofenced", "zip", "AgentTesla", "vdf", "PureLogStealer", "RedLineStealer", "opendir", "SnakeKeylogger", "txt", "Formbook", "RemcosRAT", "rev-base64-loader", "vbs", "related_to_mallox_ransomware", "hta", "CobaltStrike", "fastproxy", "multiverze", "shell", "ConnectBack", "dll", "gafgyt", "js", "vbmalware", "nitol", "Gh0stRAT", "shellscript", "SocGholish" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 59, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 951, "domain": 18, "hostname": 6 }, "indicator_count": 975, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "580 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "finalstepgo.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "finalstepgo.com", "found": true, "verdict": "malicious", "url_count": 55, "online_count": 0, "blacklists": { "spamhaus_dbl": "not listed", "surbl": "not listed" }, "urls": [ { "url": "https://finalstepgo.com/uploads/il33.zip", "status": "offline", "threat": "malware_download", "date_added": "2024-10-01", "tags": [ "LummaStealer", "opendir", "zip" ] }, { "url": "https://finalstepgo.com/uploads/il44.zip", "status": "offline", "threat": "malware_download", "date_added": "2024-10-01", "tags": [ "LummaStealer" ] }, { "url": "https://finalstepgo.com/uploads/pnk33.zip", "status": "offline", "threat": "malware_download", "date_added": "2024-10-01", "tags": [ "opendir", "zip" ] }, { "url": "https://finalstepgo.com/uploads/il11.zip", "status": "offline", "threat": "malware_download", "date_added": "2024-10-01", "tags": [ "opendir", "zip" ] }, { "url": "https://finalstepgo.com/uploads/il22.zip", "status": "offline", "threat": "malware_download", "date_added": "2024-10-01", "tags": [ "opendir", "zip" ] }, { "url": "https://finalstepgo.com/uploads/pnk11.txt", "status": "offline", "threat": "malware_download", "date_added": "2024-10-01", "tags": [ "opendir", "powershell", "txt" ] }, { "url": "https://finalstepgo.com/uploads/trr10.txt", "status": "offline", "threat": "malware_download", "date_added": "2024-10-01", "tags": [ "opendir", "powershell", "txt" ] }, { "url": "https://finalstepgo.com/uploads/pnk33.txt", "status": "offline", "threat": "malware_download", "date_added": "2024-10-01", "tags": [ "downloader", "opendir", "powershell" ] }, { "url": "https://finalstepgo.com/uploads/trr3.txt", "status": "offline", "threat": "malware_download", "date_added": "2024-10-01", "tags": [ "opendir", "powershell", "txt" ] }, { "url": "https://finalstepgo.com/uploads/trr14.txt", "status": "offline", "threat": "malware_download", "date_added": "2024-10-01", "tags": [ "opendir", "powershell", "txt" ] } ], "error": null }, "from_cache": true, "_cached_at": 1780263753.2652082 }