{ "type": "Domain", "indicator": "grabberz.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/grabberz.com", "alexa": "http://www.alexa.com/siteinfo/grabberz.com", "indicator": "grabberz.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 143000452, "indicator": "grabberz.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 11, "pulses": [ { "id": "65709c1a3462dae3a7d8714b", "name": "IOC202306052234", "description": "", "modified": "2023-12-06T16:06:50.890000", "created": "2023-12-06T16:06:50.890000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1096, "FileHash-MD5": 307, "FileHash-SHA1": 268, "domain": 265, "CVE": 6, "hostname": 246, "URL": 29 }, "indicator_count": 2217, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "647e46cde36f3b047c03f8db", "name": "IOC202306052234", "description": "", "modified": "2023-07-05T20:01:39.023000", "created": "2023-06-05T20:34:21.028000", "tags": [ "june", "seen", "track them", "all at", "chatgpt", "april", "march", "recent blog", "february", "lockbit", "smoke loader", "qbot", "predator", "emotet", "danabot", "gandcrab", "orcus rat", "icedid", "sodinokibi", "agent tesla", "ave maria", "gootkit", "cobalt strike", "dharma", "hawkeye", "trojan", "zloader", "formbook", "crimson rat", "trickbot", "nemty", "netwalker", "pony", "glupteba", "azorult", "dridex", "hancitor", "raccoon", "maze", "vidar", "ryuk ransomware", "guloader", "amadey", "adwind", "quasar rat", "troldesh", "rats", "remcos", "revenge", "ursnif", "cryptbot", "flawedammyy", "phobos", "august", "snake", "ryuk", "quasar", "netwire", "darkside", "redline", "asyncrat", "ransomware", "darkcomet", "wannacry", "nanocore", "lokibot", "orcus", "thief", "malware", "systembc", "powershell", "adwind rat", "squirrelwaffle", "redline stealer", "bitcoin", "open", "copy", "ukraine", "nanocore rat", "houdini", "revenge rat", "dyre", "first", "eternalblue", "fallout", "smokeloader", "dofoil", "macos", "predator pain", "revil", "wcry ransomware", "bladabindi", "teamviewer", "agenttesla", "belarus", "cobaltstrike", "hermes", "execution", "crimson", "crysis", "shadow", "njrat", "next", "loader", "malspam", "ransom", "mimikatz", "cloudeye", "hworm", "friendly", "napoleon", "qakbot", "click", "ammyy admin", "flawedammy", "andromut", "vawtrak", "windigo", "mailto", "kill", "desktop", "discord", "loki bot", "mars", "apart", "smokeldr", "racealer", "hunter", "psexec", "mega", "cve201711882", "maldoc", "dunihi", "jenxcus", "xtremerat", "poisonivy", "fareit", "siplog", "gozi", "egregor", "browserpassview", "mailpassview", "aggah", "virustotal", "pinkslipbot", "path", "chacha", "spelevo", "killswitch", "sockrat", "mexico", "alienspy", "chthonic", "aurora", "winrar", "bokbot", "ammyy", "servhelper", "neutrino", "angler", "chanitor", "teamspy", "axpergle", "nuclear", "cridex", "service", "scarimson", "sticky", "terdot", "zbot", "panda banker", "screen", "polish" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1220", "name": "XSL Script Processing", "display_name": "T1220 - XSL Script Processing" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 40, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlessandroFiori", "id": "91912", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 29, "FileHash-MD5": 307, "FileHash-SHA1": 268, "FileHash-SHA256": 1096, "CVE": 6, "domain": 265, "hostname": 246 }, "indicator_count": 2217, "is_author": false, "is_subscribing": null, "subscriber_count": 424, "modified_text": "1060 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63d7d288af860c678bfc6f81", "name": "Threat Intel Report - W5-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-03-01T14:04:07.986000", "created": "2023-01-30T14:22:00.775000", "tags": [], "references": [ "https://www.spamhaus.org/xbl/", "https://www.dnsbl.info/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 44, "URL": 102, "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 13, "CVE": 2, "hostname": 35 }, "indicator_count": 216, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1186 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63ce64b5608169251e3d188e", "name": "Threat Intel Report - W4-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-02-22T10:02:28.482000", "created": "2023-01-23T10:43:01.825000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 40, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 13, "CVE": 2, "URL": 101, "hostname": 34 }, "indicator_count": 208, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1193 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63b2c5a2c8f14d3f4d601df7", "name": "Threat Intel Report - W1-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-02-01T11:01:36.419000", "created": "2023-01-02T11:53:06.600000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 46, "FileHash-MD5": 8, "FileHash-SHA1": 8, "FileHash-SHA256": 13, "URL": 101, "hostname": 59 }, "indicator_count": 235, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1214 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a97161ef9053398f52717f", "name": "Threat Intel Report - W53-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-25T09:02:17.381000", "created": "2022-12-26T10:03:13.828000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://psbl.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 101, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 13, "CVE": 3, "domain": 50, "hostname": 36 }, "indicator_count": 217, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1221 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a01d5249897d1ce5fcc4c1", "name": "Threat Intel Report - W52-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-18T08:00:04.374000", "created": "2022-12-19T08:14:10.713000", "tags": [ "united" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 46, "domain": 106, "hostname": 53, "CVE": 2, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 12 }, "indicator_count": 233, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1228 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a01d55919d8c212243d1b3", "name": "Threat Intel Report - W52-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-18T08:00:04.374000", "created": "2022-12-19T08:14:13.536000", "tags": [ "united" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 46, "domain": 106, "hostname": 53, "CVE": 2, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 12 }, "indicator_count": 233, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1228 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "634d45d44bae594798aa34b8", "name": "Threat Intel Report - W43-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2022-11-16T12:00:12.273000", "created": "2022-10-17T12:08:52.058000", "tags": [], "references": [ "Threat Intel Report - W43-2022.pdf", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/", "https://psbl.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 37, "URL": 88, "CVE": 1, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 13, "hostname": 29 }, "indicator_count": 186, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1291 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6343d503f9104923b63227a0", "name": "Threat Intel Report - W42-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends", "modified": "2022-11-09T08:05:59.250000", "created": "2022-10-10T08:17:07.633000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.dnsbl.info/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 51, "CVE": 4, "FileHash-MD5": 11, "FileHash-SHA1": 14, "FileHash-SHA256": 13, "URL": 88, "hostname": 13 }, "indicator_count": 194, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1298 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "633aa11b724d2976b2e2b9cd", "name": "Threat Intel Report - W41-2022", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends", "modified": "2022-11-02T08:04:52.057000", "created": "2022-10-03T08:45:15.076000", "tags": [], "references": [ "h[x][x]ps://myip.ms/browse/blacklist/Blacklist_IP", "h[x][x]ps://www.dnsbl.info/", "h[x][x]ps://www.spamhaus.org/xbl/", "h[x][x]ps://psbl.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 42, "hostname": 47, "FileHash-MD5": 15, "FileHash-SHA1": 35, "FileHash-SHA256": 26, "URL": 44 }, "indicator_count": 209, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1305 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/", "h[x][x]ps://myip.ms/browse/blacklist/Blacklist_IP", "h[x][x]ps://www.spamhaus.org/xbl/", "https://psbl.org/", "h[x][x]ps://psbl.org/", "h[x][x]ps://www.dnsbl.info/", "Threat Intel Report - W43-2022.pdf", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 11, "pulses": [ { "id": "65709c1a3462dae3a7d8714b", "name": "IOC202306052234", "description": "", "modified": "2023-12-06T16:06:50.890000", "created": "2023-12-06T16:06:50.890000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1096, "FileHash-MD5": 307, "FileHash-SHA1": 268, "domain": 265, "CVE": 6, "hostname": 246, "URL": 29 }, "indicator_count": 2217, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "647e46cde36f3b047c03f8db", "name": "IOC202306052234", "description": "", "modified": "2023-07-05T20:01:39.023000", "created": "2023-06-05T20:34:21.028000", "tags": [ "june", "seen", "track them", "all at", "chatgpt", "april", "march", "recent blog", "february", "lockbit", "smoke loader", "qbot", "predator", "emotet", "danabot", "gandcrab", "orcus rat", "icedid", "sodinokibi", "agent tesla", "ave maria", "gootkit", "cobalt strike", "dharma", "hawkeye", "trojan", "zloader", "formbook", "crimson rat", "trickbot", "nemty", "netwalker", "pony", "glupteba", "azorult", "dridex", "hancitor", "raccoon", "maze", "vidar", "ryuk ransomware", "guloader", "amadey", "adwind", "quasar rat", "troldesh", "rats", "remcos", "revenge", "ursnif", "cryptbot", "flawedammyy", "phobos", "august", "snake", "ryuk", "quasar", "netwire", "darkside", "redline", "asyncrat", "ransomware", "darkcomet", "wannacry", "nanocore", "lokibot", "orcus", "thief", "malware", "systembc", "powershell", "adwind rat", "squirrelwaffle", "redline stealer", "bitcoin", "open", "copy", "ukraine", "nanocore rat", "houdini", "revenge rat", "dyre", "first", "eternalblue", "fallout", "smokeloader", "dofoil", "macos", "predator pain", "revil", "wcry ransomware", "bladabindi", "teamviewer", "agenttesla", "belarus", "cobaltstrike", "hermes", "execution", "crimson", "crysis", "shadow", "njrat", "next", "loader", "malspam", "ransom", "mimikatz", "cloudeye", "hworm", "friendly", "napoleon", "qakbot", "click", "ammyy admin", "flawedammy", "andromut", "vawtrak", "windigo", "mailto", "kill", "desktop", "discord", "loki bot", "mars", "apart", "smokeldr", "racealer", "hunter", "psexec", "mega", "cve201711882", "maldoc", "dunihi", "jenxcus", "xtremerat", "poisonivy", "fareit", "siplog", "gozi", "egregor", "browserpassview", "mailpassview", "aggah", "virustotal", "pinkslipbot", "path", "chacha", "spelevo", "killswitch", "sockrat", "mexico", "alienspy", "chthonic", "aurora", "winrar", "bokbot", "ammyy", "servhelper", "neutrino", "angler", "chanitor", "teamspy", "axpergle", "nuclear", "cridex", "service", "scarimson", "sticky", "terdot", "zbot", "panda banker", "screen", "polish" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1220", "name": "XSL Script Processing", "display_name": "T1220 - XSL Script Processing" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 40, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlessandroFiori", "id": "91912", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 29, "FileHash-MD5": 307, "FileHash-SHA1": 268, "FileHash-SHA256": 1096, "CVE": 6, "domain": 265, "hostname": 246 }, "indicator_count": 2217, "is_author": false, "is_subscribing": null, "subscriber_count": 424, "modified_text": "1060 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63d7d288af860c678bfc6f81", "name": "Threat Intel Report - W5-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-03-01T14:04:07.986000", "created": "2023-01-30T14:22:00.775000", "tags": [], "references": [ "https://www.spamhaus.org/xbl/", "https://www.dnsbl.info/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 44, "URL": 102, "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 13, "CVE": 2, "hostname": 35 }, "indicator_count": 216, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1186 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63ce64b5608169251e3d188e", "name": "Threat Intel Report - W4-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-02-22T10:02:28.482000", "created": "2023-01-23T10:43:01.825000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 40, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 13, "CVE": 2, "URL": 101, "hostname": 34 }, "indicator_count": 208, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1193 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63b2c5a2c8f14d3f4d601df7", "name": "Threat Intel Report - W1-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-02-01T11:01:36.419000", "created": "2023-01-02T11:53:06.600000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 46, "FileHash-MD5": 8, "FileHash-SHA1": 8, "FileHash-SHA256": 13, "URL": 101, "hostname": 59 }, "indicator_count": 235, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1214 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a97161ef9053398f52717f", "name": "Threat Intel Report - W53-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-25T09:02:17.381000", "created": "2022-12-26T10:03:13.828000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://psbl.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 101, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 13, "CVE": 3, "domain": 50, "hostname": 36 }, "indicator_count": 217, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1221 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a01d5249897d1ce5fcc4c1", "name": "Threat Intel Report - W52-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-18T08:00:04.374000", "created": "2022-12-19T08:14:10.713000", "tags": [ "united" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 46, "domain": 106, "hostname": 53, "CVE": 2, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 12 }, "indicator_count": 233, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1228 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a01d55919d8c212243d1b3", "name": "Threat Intel Report - W52-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-18T08:00:04.374000", "created": "2022-12-19T08:14:13.536000", "tags": [ "united" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 46, "domain": 106, "hostname": 53, "CVE": 2, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 12 }, "indicator_count": 233, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1228 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "634d45d44bae594798aa34b8", "name": "Threat Intel Report - W43-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2022-11-16T12:00:12.273000", "created": "2022-10-17T12:08:52.058000", "tags": [], "references": [ "Threat Intel Report - W43-2022.pdf", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/", "https://psbl.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 37, "URL": 88, "CVE": 1, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 13, "hostname": 29 }, "indicator_count": 186, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1291 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6343d503f9104923b63227a0", "name": "Threat Intel Report - W42-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends", "modified": "2022-11-09T08:05:59.250000", "created": "2022-10-10T08:17:07.633000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.dnsbl.info/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 51, "CVE": 4, "FileHash-MD5": 11, "FileHash-SHA1": 14, "FileHash-SHA256": 13, "URL": 88, "hostname": 13 }, "indicator_count": 194, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1298 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "grabberz.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "grabberz.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780185357.2558014 }