{ "type": "Domain", "indicator": "greatzip.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/greatzip.com", "alexa": "http://www.alexa.com/siteinfo/greatzip.com", "indicator": "greatzip.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 143001185, "indicator": "greatzip.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "65a413205bf6d1e2d2bc1165", "name": "Shadow Z118 Malware Kit", "description": "Private Information:\nWhat is being coined Z118 Malware kit distributed by \"Shadow Z118\" is a type of financial phishing attack that involves uploading spoofed financial login pages to unsuspecting legitimate websites. This in turn can lead to the website hosting true malicious financial phishing appliances. As of the time of the initial Pulse creation the financial institutions seen being utilized by this type attack are: (USAA, Citizen's Bank, DeltaCU, and RBFCU.\n\nAs additional samples are discovered more IOCs will be uploaded in this pulse.", "modified": "2024-07-12T02:03:19.538000", "created": "2024-01-14T17:00:16.088000", "tags": [ "z118 associated", "email", "value", "type", "description", "tags", "z118 malware", "telegram bot", "full path" ], "references": [], "public": 1, "adversary": "Shadow Z118", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Z118 Malware", "display_name": "Z118 Malware", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" } ], "industries": [ "Technology" ], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "DrOdyssey", "id": "242384", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_242384/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 319, "hostname": 11 }, "indicator_count": 330, "is_author": false, "is_subscribing": null, "subscriber_count": 23, "modified_text": "688 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Shadow Z118" ], "malware_families": [ "Z118 malware" ], "industries": [ "Technology" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "65a413205bf6d1e2d2bc1165", "name": "Shadow Z118 Malware Kit", "description": "Private Information:\nWhat is being coined Z118 Malware kit distributed by \"Shadow Z118\" is a type of financial phishing attack that involves uploading spoofed financial login pages to unsuspecting legitimate websites. This in turn can lead to the website hosting true malicious financial phishing appliances. As of the time of the initial Pulse creation the financial institutions seen being utilized by this type attack are: (USAA, Citizen's Bank, DeltaCU, and RBFCU.\n\nAs additional samples are discovered more IOCs will be uploaded in this pulse.", "modified": "2024-07-12T02:03:19.538000", "created": "2024-01-14T17:00:16.088000", "tags": [ "z118 associated", "email", "value", "type", "description", "tags", "z118 malware", "telegram bot", "full path" ], "references": [], "public": 1, "adversary": "Shadow Z118", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Z118 Malware", "display_name": "Z118 Malware", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" } ], "industries": [ "Technology" ], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "DrOdyssey", "id": "242384", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_242384/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 319, "hostname": 11 }, "indicator_count": 330, "is_author": false, "is_subscribing": null, "subscriber_count": 23, "modified_text": "688 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "greatzip.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "greatzip.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780222139.2941153 }