{ "type": "URL", "indicator": "http://houusha33.icu/jquery/jquery.php", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "http://houusha33.icu/jquery/jquery.php", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2001911987, "indicator": "http://houusha33.icu/jquery/jquery.php", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "5d00f923684ce2bac6dd094c", "name": "Breaking Down TA505 Groups Use of HTML and RATs", "description": "TA505 is a prolific cybercriminal group known for its attacks against multiple financial institutions and retail companies using malicious spam campaigns and different malware. We have been following TA505 closely and detected various related activities for the past two months. In the group\u2019s latest campaign, they started using HTML attachments to deliver malicious .XLS files that lead to downloader and backdoor FlawedAmmyy, mostly to target users in South Korea.", "modified": "2019-06-12T13:07:46.893000", "created": "2019-06-12T13:07:46.893000", "tags": [], "references": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/" ], "public": 1, "adversary": "TA505", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 72, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 139, "domain": 11, "URL": 72 }, "indicator_count": 222, "is_author": false, "is_subscribing": null, "subscriber_count": 386497, "modified_text": "2544 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/" ], "related": { "alienvault": { "adversary": [ "TA505" ], "malware_families": [], "industries": [], "unique_indicators": 222 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/houusha33.icu", "whois": "http://whois.domaintools.com/houusha33.icu", "domain": "houusha33.icu", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "5d00f923684ce2bac6dd094c", "name": "Breaking Down TA505 Groups Use of HTML and RATs", "description": "TA505 is a prolific cybercriminal group known for its attacks against multiple financial institutions and retail companies using malicious spam campaigns and different malware. We have been following TA505 closely and detected various related activities for the past two months. In the group\u2019s latest campaign, they started using HTML attachments to deliver malicious .XLS files that lead to downloader and backdoor FlawedAmmyy, mostly to target users in South Korea.", "modified": "2019-06-12T13:07:46.893000", "created": "2019-06-12T13:07:46.893000", "tags": [], "references": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/" ], "public": 1, "adversary": "TA505", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 72, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 139, "domain": 11, "URL": 72 }, "indicator_count": 222, "is_author": false, "is_subscribing": null, "subscriber_count": 386497, "modified_text": "2544 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "http://houusha33.icu/jquery/jquery.php", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "http://houusha33.icu/jquery/jquery.php", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780173621.5633516 }