{ "type": "Domain", "indicator": "globalkeystroke.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/globalkeystroke.com", "alexa": "http://www.alexa.com/siteinfo/globalkeystroke.com", "indicator": "globalkeystroke.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2267123862, "indicator": "globalkeystroke.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "66e001e55e7c69c7c2be94df", "name": "Threat Assessment: North Korean Threat Groups", "description": "This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10 malware samples across Windows, macOS, and Linux systems, providing technical insights into their functionality and Palo Alto Networks Cortex XDR's capability to detect and mitigate these threats.", "modified": "2024-10-10T08:03:36.798000", "created": "2024-09-10T08:23:01.551000", "tags": [ "comebacker", "collectionrat", "northkorea", "malware", "fullhouse", "espionage", "poolrat", "rats", "cybercrime", "odicloader", "rustbucket", "objcshellz", "kandykorn", "pondrat", "smoothoperator" ], "references": [ "https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/" ], "public": 1, "adversary": "Various North Korean groups under the Reconnaissance General Bureau", "targeted_countries": [], "malware_families": [ { "id": "RustBucket", "display_name": "RustBucket", "target": null }, { "id": "KANDYKORN", "display_name": "KANDYKORN", "target": null }, { "id": "SmoothOperator", "display_name": "SmoothOperator", "target": null }, { "id": "ObjCShellz", "display_name": "ObjCShellz", "target": null }, { "id": "Fullhouse", "display_name": "Fullhouse", "target": null }, { "id": "POOLRAT", "display_name": "POOLRAT", "target": null }, { "id": "PondRAT", "display_name": "PondRAT", "target": null }, { "id": "OdicLoader", "display_name": "OdicLoader", "target": null }, { "id": "Comebacker", "display_name": "Comebacker", "target": null }, { "id": "CollectionRAT", "display_name": "CollectionRAT", "target": null } ], "attack_ids": [ { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1009", "name": "Binary Padding", "display_name": "T1009 - Binary Padding" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 78, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 23, "FileHash-SHA1": 23, "FileHash-SHA256": 37, "URL": 2, "domain": 12, "hostname": 1 }, "indicator_count": 98, "is_author": false, "is_subscribing": null, "subscriber_count": 386607, "modified_text": "598 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "562 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66e1797e61f69c762b1dc8aa", "name": "Threat Assessment: North Korean Threat Groups", "description": "This blog presents a comprehensive assessment of North Korean threat groups, as well as the techniques Palo Alto Networks uses to protect customers from the malware they are carrying out on behalf of the Korean People's Army.", "modified": "2024-10-11T11:02:17.959000", "created": "2024-09-11T11:05:34.786000", "tags": [ "cortex xdr", "hloader", "sugarloader", "figure", "kandykorn", "pondrat", "palo alto", "discord", "smoothoperator", "objcshellz", "fullhouse", "poolrat", "comebacker", "agent", "updateagent", "lazarus", "bluenoroff", "kimsuky", "alliance", "slow", "rats", "hack", "swift", "rust", "download", "python", "shell", "february", "class", "korean", "macos", "http", "linux", "windows", "rustbucket" ], "references": [ "https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/" ], "public": 1, "adversary": "Comebacker", "targeted_countries": [], "malware_families": [ { "id": "Korean", "display_name": "Korean", "target": null }, { "id": "MacOS", "display_name": "MacOS", "target": null }, { "id": "Fullhouse", "display_name": "Fullhouse", "target": null }, { "id": "HTTP", "display_name": "HTTP", "target": null }, { "id": "POOLRAT", "display_name": "POOLRAT", "target": null }, { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "Windows", "display_name": "Windows", "target": null }, { "id": "RustBucket", "display_name": "RustBucket", "target": null }, { "id": "macOS", "display_name": "macOS", "target": null }, { "id": "Comebacker", "display_name": "Comebacker", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Cryptocurrency", "Financial", "Media", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 36, "FileHash-SHA1": 36, "FileHash-SHA256": 37, "URL": 2, "domain": 29, "hostname": 1 }, "indicator_count": 141, "is_author": false, "is_subscribing": null, "subscriber_count": 867, "modified_text": "597 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/" ], "related": { "alienvault": { "adversary": [ "Various North Korean groups under the Reconnaissance General Bureau" ], "malware_families": [ "Fullhouse", "Collectionrat", "Comebacker", "Poolrat", "Pondrat", "Odicloader", "Kandykorn", "Objcshellz", "Rustbucket", "Smoothoperator" ], "industries": [] }, "other": { "adversary": [ "Comebacker" ], "malware_families": [ "Fullhouse", "Linux", "Http", "Poolrat", "Korean", "Macos", "Rustbucket", "Windows", "Comebacker" ], "industries": [ "Financial", "Defense", "Media", "Cryptocurrency" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "66e001e55e7c69c7c2be94df", "name": "Threat Assessment: North Korean Threat Groups", "description": "This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10 malware samples across Windows, macOS, and Linux systems, providing technical insights into their functionality and Palo Alto Networks Cortex XDR's capability to detect and mitigate these threats.", "modified": "2024-10-10T08:03:36.798000", "created": "2024-09-10T08:23:01.551000", "tags": [ "comebacker", "collectionrat", "northkorea", "malware", "fullhouse", "espionage", "poolrat", "rats", "cybercrime", "odicloader", "rustbucket", "objcshellz", "kandykorn", "pondrat", "smoothoperator" ], "references": [ "https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/" ], "public": 1, "adversary": "Various North Korean groups under the Reconnaissance General Bureau", "targeted_countries": [], "malware_families": [ { "id": "RustBucket", "display_name": "RustBucket", "target": null }, { "id": "KANDYKORN", "display_name": "KANDYKORN", "target": null }, { "id": "SmoothOperator", "display_name": "SmoothOperator", "target": null }, { "id": "ObjCShellz", "display_name": "ObjCShellz", "target": null }, { "id": "Fullhouse", "display_name": "Fullhouse", "target": null }, { "id": "POOLRAT", "display_name": "POOLRAT", "target": null }, { "id": "PondRAT", "display_name": "PondRAT", "target": null }, { "id": "OdicLoader", "display_name": "OdicLoader", "target": null }, { "id": "Comebacker", "display_name": "Comebacker", "target": null }, { "id": "CollectionRAT", "display_name": "CollectionRAT", "target": null } ], "attack_ids": [ { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1009", "name": "Binary Padding", "display_name": "T1009 - Binary Padding" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 78, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 23, "FileHash-SHA1": 23, "FileHash-SHA256": 37, "URL": 2, "domain": 12, "hostname": 1 }, "indicator_count": 98, "is_author": false, "is_subscribing": null, "subscriber_count": 386607, "modified_text": "598 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "562 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66e1797e61f69c762b1dc8aa", "name": "Threat Assessment: North Korean Threat Groups", "description": "This blog presents a comprehensive assessment of North Korean threat groups, as well as the techniques Palo Alto Networks uses to protect customers from the malware they are carrying out on behalf of the Korean People's Army.", "modified": "2024-10-11T11:02:17.959000", "created": "2024-09-11T11:05:34.786000", "tags": [ "cortex xdr", "hloader", "sugarloader", "figure", "kandykorn", "pondrat", "palo alto", "discord", "smoothoperator", "objcshellz", "fullhouse", "poolrat", "comebacker", "agent", "updateagent", "lazarus", "bluenoroff", "kimsuky", "alliance", "slow", "rats", "hack", "swift", "rust", "download", "python", "shell", "february", "class", "korean", "macos", "http", "linux", "windows", "rustbucket" ], "references": [ "https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/" ], "public": 1, "adversary": "Comebacker", "targeted_countries": [], "malware_families": [ { "id": "Korean", "display_name": "Korean", "target": null }, { "id": "MacOS", "display_name": "MacOS", "target": null }, { "id": "Fullhouse", "display_name": "Fullhouse", "target": null }, { "id": "HTTP", "display_name": "HTTP", "target": null }, { "id": "POOLRAT", "display_name": "POOLRAT", "target": null }, { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "Windows", "display_name": "Windows", "target": null }, { "id": "RustBucket", "display_name": "RustBucket", "target": null }, { "id": "macOS", "display_name": "macOS", "target": null }, { "id": "Comebacker", "display_name": "Comebacker", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [ "Cryptocurrency", "Financial", "Media", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 36, "FileHash-SHA1": 36, "FileHash-SHA256": 37, "URL": 2, "domain": 29, "hostname": 1 }, "indicator_count": 141, "is_author": false, "is_subscribing": null, "subscriber_count": 867, "modified_text": "597 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "globalkeystroke.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "globalkeystroke.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780283349.1998742 }