{ "type": "Domain", "indicator": "gopackapp.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/gopackapp.com", "alexa": "http://www.alexa.com/siteinfo/gopackapp.com", "indicator": "gopackapp.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2236821641, "indicator": "gopackapp.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "617af11f370d993aeff26e71", "name": "Kaseya VSA REvil Indicators", "description": "", "modified": "2025-08-25T16:22:33.668000", "created": "2021-10-28T18:51:11.197000", "tags": [ "REvil", "Kaseya", "VSA Server", "ransomware" ], "references": [ "https://www.virustotal.com/gui/file/d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e/details", "https://community.sophos.com/b/security-blog/posts/active-ransomware-attack-on-kaseya-customers", "https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/", "https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b", "https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/", "https://gist.github.com/fwosar/a63e1249bfccb8395b961d3d780c0354", "https://docs.google.com/spreadsheets/d/11AFPdK5A-7g484lfc0HmXdBrZpYI-Jhx4N1VwFXrcrQ/edit#gid=1201846661", "https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident?utm_campaign=CY21-Q3-RapidResponse-KaseyaVSA&utm_medium=email&_hsmi=138021297&_hsenc=p2ANqtz--HvqdKyS4A0PNoXQXXy44zns31VXVSOFaz97KXwFQMvl-wiRhktYL4l036tl-r5zmeY3RRVzgz2GqtktDCLPLQ8gB8vg&utm_content=138021297&utm_source=hs_email", "https://github.com/Neo23x0/signature-base/blob/master/yara/crime_revil_general.yar" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "REvil", "display_name": "REvil", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "60df80a7a665c1dd6baf7753", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "VertekLabs", "id": "168455", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_168455/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 16, "URL": 1, "domain": 1177, "hostname": 5, "YARA": 4 }, "indicator_count": 1233, "is_author": false, "is_subscribing": null, "subscriber_count": 564, "modified_text": "279 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707c3be05f3a7ea9e654d4", "name": "Kaseya VSA REvil Indicators", "description": "", "modified": "2023-12-06T13:50:51.719000", "created": "2023-12-06T13:50:51.719000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 16, "URL": 1, "domain": 1178, "hostname": 5, "YARA": 4 }, "indicator_count": 1234, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707bedc2fbc934427f325c", "name": "Kaseya VSA REvil Indicators", "description": "", "modified": "2023-12-06T13:49:33.291000", "created": "2023-12-06T13:49:33.291000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 16, "URL": 1, "domain": 1179, "hostname": 5, "YARA": 4 }, "indicator_count": 1235, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64a2b494ee43089072971691", "name": "TechM-Threat Intel Report - W26-2023", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-08-02T11:00:08.290000", "created": "2023-07-03T11:44:20.960000", "tags": [ "sha1 file", "name submit", "date", "qakbot", "opendir", "redline", "malware url", "tags", "formbook", "japan", "ip address", "blacklist host", "ip country", "latest spambot", "visit", "activity", "hong kong", "vietnam", "poland", "albania", "hashes domains", "week rank", "vidar", "amadey", "remcos", "rats", "ddos", "december", "arkei", "youtube", "cvss", "cvss base", "server", "asus", "fortinet", "bumblebee", "multi", "grafana", "camaro dragon", "woocommerce", "june", "icedid", "storm", "malware", "service", "scarcruft", "attack", "exploit", "cybercrime", "multi#storm", "azure ad", "condi", "javascript" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "Cybercrime", "targeted_countries": [ "India", "United States of America" ], "malware_families": [ { "id": "IcedID", "display_name": "IcedID", "target": null }, { "id": "MULTI#STORM", "display_name": "MULTI#STORM", "target": null }, { "id": "Azure AD", "display_name": "Azure AD", "target": null }, { "id": "Condi", "display_name": "Condi", "target": null }, { "id": "JavaScript", "display_name": "JavaScript", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" } ], "industries": [ "Foreign Affairs" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 67, "FileHash-SHA1": 64, "FileHash-SHA256": 150, "URL": 142, "domain": 116, "hostname": 52 }, "indicator_count": 591, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1034 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63e9eb920f6717de0882232d", "name": "Threat Intel Report - W7-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-03-15T07:01:21.082000", "created": "2023-02-13T07:49:38.950000", "tags": [], "references": [ "Threat Intel Report - W7-2023.pdf", "https://www.dnsbl.info/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://valkyrie.comodo.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 80, "FileHash-MD5": 27, "FileHash-SHA1": 27, "FileHash-SHA256": 42, "CVE": 2, "URL": 151, "domain": 102 }, "indicator_count": 431, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "1174 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a97161ef9053398f52717f", "name": "Threat Intel Report - W53-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-25T09:02:17.381000", "created": "2022-12-26T10:03:13.828000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://psbl.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 101, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 13, "CVE": 3, "domain": 50, "hostname": 36 }, "indicator_count": 217, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1223 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "60df80a7a665c1dd6baf7753", "name": "Kaseya VSA REvil Indicators", "description": "", "modified": "2022-02-18T14:52:05.251000", "created": "2021-07-02T21:09:59.361000", "tags": [ "REvil", "Kaseya", "VSA Server", "ransomware" ], "references": [ "https://www.virustotal.com/gui/file/d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e/details", "https://community.sophos.com/b/security-blog/posts/active-ransomware-attack-on-kaseya-customers", "https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/", "https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b", "https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/", "https://gist.github.com/fwosar/a63e1249bfccb8395b961d3d780c0354", "https://docs.google.com/spreadsheets/d/11AFPdK5A-7g484lfc0HmXdBrZpYI-Jhx4N1VwFXrcrQ/edit#gid=1201846661", "https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident?utm_campaign=CY21-Q3-RapidResponse-KaseyaVSA&utm_medium=email&_hsmi=138021297&_hsenc=p2ANqtz--HvqdKyS4A0PNoXQXXy44zns31VXVSOFaz97KXwFQMvl-wiRhktYL4l036tl-r5zmeY3RRVzgz2GqtktDCLPLQ8gB8vg&utm_content=138021297&utm_source=hs_email", "https://github.com/Neo23x0/signature-base/blob/master/yara/crime_revil_general.yar" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "REvil", "display_name": "REvil", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 63, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "vthelpdesk", "id": "1766", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_1766/resized/80/avatar_0be7a35fab.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 16, "URL": 1, "domain": 1179, "hostname": 5, "YARA": 4 }, "indicator_count": 1235, "is_author": false, "is_subscribing": null, "subscriber_count": 624, "modified_text": "1563 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/", "https://docs.google.com/spreadsheets/d/11AFPdK5A-7g484lfc0HmXdBrZpYI-Jhx4N1VwFXrcrQ/edit#gid=1201846661", "https://www.dnsbl.info/", "https://github.com/Neo23x0/signature-base/blob/master/yara/crime_revil_general.yar", "https://psbl.org/", "https://community.sophos.com/b/security-blog/posts/active-ransomware-attack-on-kaseya-customers", "https://www.virustotal.com/gui/file/d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e/details", "https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/", "https://gist.github.com/fwosar/a63e1249bfccb8395b961d3d780c0354", "https://valkyrie.comodo.com/", "https://www.spamhaus.org/xbl/", "Threat Intel Report - W7-2023.pdf", "https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident?utm_campaign=CY21-Q3-RapidResponse-KaseyaVSA&utm_medium=email&_hsmi=138021297&_hsenc=p2ANqtz--HvqdKyS4A0PNoXQXXy44zns31VXVSOFaz97KXwFQMvl-wiRhktYL4l036tl-r5zmeY3RRVzgz2GqtktDCLPLQ8gB8vg&utm_content=138021297&utm_source=hs_email", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Cybercrime" ], "malware_families": [ "Condi", "Javascript", "Multi#storm", "Azure ad", "Revil", "Icedid" ], "industries": [ "Foreign affairs" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "617af11f370d993aeff26e71", "name": "Kaseya VSA REvil Indicators", "description": "", "modified": "2025-08-25T16:22:33.668000", "created": "2021-10-28T18:51:11.197000", "tags": [ "REvil", "Kaseya", "VSA Server", "ransomware" ], "references": [ "https://www.virustotal.com/gui/file/d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e/details", "https://community.sophos.com/b/security-blog/posts/active-ransomware-attack-on-kaseya-customers", "https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/", "https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b", "https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/", "https://gist.github.com/fwosar/a63e1249bfccb8395b961d3d780c0354", "https://docs.google.com/spreadsheets/d/11AFPdK5A-7g484lfc0HmXdBrZpYI-Jhx4N1VwFXrcrQ/edit#gid=1201846661", "https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident?utm_campaign=CY21-Q3-RapidResponse-KaseyaVSA&utm_medium=email&_hsmi=138021297&_hsenc=p2ANqtz--HvqdKyS4A0PNoXQXXy44zns31VXVSOFaz97KXwFQMvl-wiRhktYL4l036tl-r5zmeY3RRVzgz2GqtktDCLPLQ8gB8vg&utm_content=138021297&utm_source=hs_email", "https://github.com/Neo23x0/signature-base/blob/master/yara/crime_revil_general.yar" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "REvil", "display_name": "REvil", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "60df80a7a665c1dd6baf7753", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "VertekLabs", "id": "168455", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_168455/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 16, "URL": 1, "domain": 1177, "hostname": 5, "YARA": 4 }, "indicator_count": 1233, "is_author": false, "is_subscribing": null, "subscriber_count": 564, "modified_text": "279 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707c3be05f3a7ea9e654d4", "name": "Kaseya VSA REvil Indicators", "description": "", "modified": "2023-12-06T13:50:51.719000", "created": "2023-12-06T13:50:51.719000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 16, "URL": 1, "domain": 1178, "hostname": 5, "YARA": 4 }, "indicator_count": 1234, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707bedc2fbc934427f325c", "name": "Kaseya VSA REvil Indicators", "description": "", "modified": "2023-12-06T13:49:33.291000", "created": "2023-12-06T13:49:33.291000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 16, "URL": 1, "domain": 1179, "hostname": 5, "YARA": 4 }, "indicator_count": 1235, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64a2b494ee43089072971691", "name": "TechM-Threat Intel Report - W26-2023", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-08-02T11:00:08.290000", "created": "2023-07-03T11:44:20.960000", "tags": [ "sha1 file", "name submit", "date", "qakbot", "opendir", "redline", "malware url", "tags", "formbook", "japan", "ip address", "blacklist host", "ip country", "latest spambot", "visit", "activity", "hong kong", "vietnam", "poland", "albania", "hashes domains", "week rank", "vidar", "amadey", "remcos", "rats", "ddos", "december", "arkei", "youtube", "cvss", "cvss base", "server", "asus", "fortinet", "bumblebee", "multi", "grafana", "camaro dragon", "woocommerce", "june", "icedid", "storm", "malware", "service", "scarcruft", "attack", "exploit", "cybercrime", "multi#storm", "azure ad", "condi", "javascript" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "Cybercrime", "targeted_countries": [ "India", "United States of America" ], "malware_families": [ { "id": "IcedID", "display_name": "IcedID", "target": null }, { "id": "MULTI#STORM", "display_name": "MULTI#STORM", "target": null }, { "id": "Azure AD", "display_name": "Azure AD", "target": null }, { "id": "Condi", "display_name": "Condi", "target": null }, { "id": "JavaScript", "display_name": "JavaScript", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" } ], "industries": [ "Foreign Affairs" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 67, "FileHash-SHA1": 64, "FileHash-SHA256": 150, "URL": 142, "domain": 116, "hostname": 52 }, "indicator_count": 591, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1034 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63e9eb920f6717de0882232d", "name": "Threat Intel Report - W7-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-03-15T07:01:21.082000", "created": "2023-02-13T07:49:38.950000", "tags": [], "references": [ "Threat Intel Report - W7-2023.pdf", "https://www.dnsbl.info/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://valkyrie.comodo.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 80, "FileHash-MD5": 27, "FileHash-SHA1": 27, "FileHash-SHA256": 42, "CVE": 2, "URL": 151, "domain": 102 }, "indicator_count": 431, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "1174 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a97161ef9053398f52717f", "name": "Threat Intel Report - W53-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-25T09:02:17.381000", "created": "2022-12-26T10:03:13.828000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://psbl.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 101, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 13, "CVE": 3, "domain": 50, "hostname": 36 }, "indicator_count": 217, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1223 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "60df80a7a665c1dd6baf7753", "name": "Kaseya VSA REvil Indicators", "description": "", "modified": "2022-02-18T14:52:05.251000", "created": "2021-07-02T21:09:59.361000", "tags": [ "REvil", "Kaseya", "VSA Server", "ransomware" ], "references": [ "https://www.virustotal.com/gui/file/d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e/details", "https://community.sophos.com/b/security-blog/posts/active-ransomware-attack-on-kaseya-customers", "https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/", "https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b", "https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/", "https://gist.github.com/fwosar/a63e1249bfccb8395b961d3d780c0354", "https://docs.google.com/spreadsheets/d/11AFPdK5A-7g484lfc0HmXdBrZpYI-Jhx4N1VwFXrcrQ/edit#gid=1201846661", "https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident?utm_campaign=CY21-Q3-RapidResponse-KaseyaVSA&utm_medium=email&_hsmi=138021297&_hsenc=p2ANqtz--HvqdKyS4A0PNoXQXXy44zns31VXVSOFaz97KXwFQMvl-wiRhktYL4l036tl-r5zmeY3RRVzgz2GqtktDCLPLQ8gB8vg&utm_content=138021297&utm_source=hs_email", "https://github.com/Neo23x0/signature-base/blob/master/yara/crime_revil_general.yar" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "REvil", "display_name": "REvil", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 63, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "vthelpdesk", "id": "1766", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_1766/resized/80/avatar_0be7a35fab.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 16, "URL": 1, "domain": 1179, "hostname": 5, "YARA": 4 }, "indicator_count": 1235, "is_author": false, "is_subscribing": null, "subscriber_count": 624, "modified_text": "1563 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "gopackapp.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "gopackapp.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780319817.7242494 }