{ "type": "URL", "indicator": "https://188.34.188.7/555/NEWOFFICIALPROGRAMCAUSEOFNEWUPDATE.exe", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://188.34.188.7/555/NEWOFFICIALPROGRAMCAUSEOFNEWUPDATE.exe", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3955684936, "indicator": "https://188.34.188.7/555/NEWOFFICIALPROGRAMCAUSEOFNEWUPDATE.exe", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "672f70d470cdbab07d3bdb8f", "name": "URLHaus Recent URLs", "description": "", "modified": "2025-05-15T13:30:30.738000", "created": "2024-11-09T14:25:24.551000", "tags": [], "references": [ "https://urlhaus.abuse.ch/downloads/csv_recent/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ameermane", "id": "77501", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 313720 }, "indicator_count": 313720, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "381 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6735410ffd6c6525ea56643e", "name": "URLHaus data - 13-11-2024", "description": "", "modified": "2024-12-14T00:00:34.965000", "created": "2024-11-14T00:15:11.173000", "tags": [ "32-bit", "elf", "mips", "Mozi", "botnetdomain", "mirai", "opendir", "hajime", "ua-wget", "sh", "arm", "64-bit", "x86-64", "BR", "trojan", "LummaStealer", "gafgyt", "ISIS", "SocGholish", "hta", "rat", "RemcosRAT", "AgentTesla", "vbs", "doc", "VIPKeylogger", "exe", "MassLogger", "Formbook", "encrypted", "GuLoader", "remcos", "Stealc", "4114", "AsyncRAT", "pw-4114" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 62, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1000, "hostname": 3, "domain": 3 }, "indicator_count": 1006, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "534 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "670ffa1c505fcc114556837f", "name": "RansomHub", "description": "RansomHub is a ransomware-as-a-service group focusing on financial gain through cyber extortion. It targets various sectors, including healthcare, government, and critical infrastructure, while explicitly avoiding attacks on certain countries like Cuba, North Korea, and China. Their methods include double extortion, where they encrypt victims' data and exfiltrate it for ransom, often demanding payment via a unique .onion URL. Victims receive a ransom note with a client ID and a deadline for payment before their data is leaked.", "modified": "2024-11-15T16:02:54.587000", "created": "2024-10-16T17:38:36.929000", "tags": [ "ransomhub", "cisa", "mimikatz", "powershell", "cobalt strike", "malware", "phishing", "psexec", "anydesk", "metasploit", "ransomware", "local", "cyclops", "lockbit", "winscp", "bits", "webdav", "qakbot", "knight", "persistence", "cirtix", "netscaler", "CVE-2023-3519", "CVE-2023-27997", "CVE-2023-46604", "CVE-2023-22515", "CVE-2023-46747", "CVE-2023-48788", "CVE-2017-0144", "CVE-2020-1472", "CVE-2020-0787", "nmap", "angryipscanner", "netlogon", "smbv1", "sql injection", "FortiClientEMS", "BIG-IP", "Confluence", "RCE", "Java OpenWire", "Apache ActiveMQ", "apache", "java", "FortiOS", "password spraying", "tor", "windows", "macOS", "Linux", "VMWare", "ESXi", "double extortion", "EDRKillShifter", "RaaS", "0day", "atera", "splashtop", "AWS", "S3", "PuTTY", "Rclone", "Curve 25519", "AA24-242A", "BITSAdmin", "PSExec", "Sliver", "SMBExec", "CrackMapExec", "Kerberoast", "kerberoasting", "RDP", "Connectwise", "N-Able", "C2", "SQL injection", "buffer overflow", "NSPPE", "Citrix ADC", "SSL-VPN", "VPN", "FortiProxy", "Fortinet", "Zerologon", "lotl", "Go", "C++", "Golang", "TDSSKiller", "LaZagne" ], "references": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a", "https://www.cve.org/CVERecord?id=CVE-2023-3519", "https://www.cve.org/CVERecord?id=CVE-2023-27997", "https://www.cve.org/CVERecord?id=CVE-2023-46604", "https://www.cve.org/CVERecord?id=CVE-2023-22515", "https://www.cve.org/CVERecord?id=CVE-2023-46747", "https://www.cve.org/CVERecord?id=CVE-2023-48788", "https://www.cve.org/CVERecord?id=CVE-2017-0144", "https://www.cve.org/CVERecord?id=CVE-2020-1472", "https://www.cve.org/CVERecord?id=CVE-2020-0787", "https://intel471.com/blog/hunting-for-ransomhub-and-antivirus-killers", "https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/", "https://www.recordedfuture.com/research/ransomhub-draws-in-affiliates-with-multi-os-capability-and-high-commission-rates", "https://socradar.io/dark-web-profile-ransomhub/", "https://www.trendmicro.com/en_us/research/24/i/how-ransomhub-ransomware-uses-edrkillshifter-to-disable-edr-and-.html", "https://www.threatdown.com/blog/new-ransomhub-attack-uses-tdskiller-and-lazagne-disables-edr/" ], "public": 1, "adversary": "RansomHub", "targeted_countries": [ "United States of America", "Brazil", "Indonesia", "Viet Nam" ], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "RansomHub", "display_name": "RansomHub", "target": null }, { "id": "MimiKatz", "display_name": "MimiKatz", "target": null }, { "id": "metasploit", "display_name": "metasploit", "target": null }, { "id": "QakBot", "display_name": "QakBot", "target": null }, { "id": "EDRKillShifter", "display_name": "EDRKillShifter", "target": null }, { "id": "Troj/KillAV-KG", "display_name": "Troj/KillAV-KG", "target": null }, { "id": "CrackMapExec", "display_name": "CrackMapExec", "target": null }, { "id": "Kerberoast", "display_name": "Kerberoast", "target": null }, { "id": "Sliver", "display_name": "Sliver", "target": null }, { "id": "TDSSKiller", "display_name": "TDSSKiller", "target": null }, { "id": "LaZagne", "display_name": "LaZagne", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1098", "name": "Account Manipulation", "display_name": "T1098 - Account Manipulation" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1537", "name": "Transfer Data to Cloud Account", "display_name": "T1537 - Transfer Data to Cloud Account" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" }, { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Critical Infrastructure", "Healthcare", "Government", "Transportation", "Finance", "Technology", "Emergency Services", "Water", "Agriculture", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 50, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "v0od0o.exe", "id": "273579", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 9, "domain": 19, "email": 2, "hostname": 20, "FileHash-SHA256": 24, "URL": 103 }, "indicator_count": 177, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "562 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22515", "https://socradar.io/dark-web-profile-ransomhub/", "https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/", "https://urlhaus.abuse.ch/browse/", "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a", "https://www.cve.org/CVERecord?id=CVE-2023-3519", "https://www.cve.org/CVERecord?id=CVE-2023-27997", "https://www.cve.org/CVERecord?id=CVE-2020-0787", "https://www.cve.org/CVERecord?id=CVE-2023-46747", "https://urlhaus.abuse.ch/downloads/csv_recent/", "https://www.cve.org/CVERecord?id=CVE-2020-1472", "https://www.threatdown.com/blog/new-ransomhub-attack-uses-tdskiller-and-lazagne-disables-edr/", "https://www.cve.org/CVERecord?id=CVE-2023-48788", "https://www.recordedfuture.com/research/ransomhub-draws-in-affiliates-with-multi-os-capability-and-high-commission-rates", "https://www.cve.org/CVERecord?id=CVE-2017-0144", "https://www.trendmicro.com/en_us/research/24/i/how-ransomhub-ransomware-uses-edrkillshifter-to-disable-edr-and-.html", "https://www.cve.org/CVERecord?id=CVE-2023-46604", "https://intel471.com/blog/hunting-for-ransomhub-and-antivirus-killers" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "RansomHub" ], "malware_families": [ "Troj/killav-kg", "Mimikatz", "Ransomhub", "Cobalt strike", "Qakbot", "Metasploit", "Crackmapexec", "Edrkillshifter", "Tdsskiller", "Lazagne", "Sliver", "Kerberoast" ], "industries": [ "Technology", "Telecommunications", "Critical infrastructure", "Finance", "Water", "Healthcare", "Emergency services", "Government", "Transportation", "Agriculture" ], "unique_indicators": 313559 } } }, "false_positive": [], "alexa": "", "whois": "http://whois.domaintools.com/188.34.188.7", "domain": "Unavailable", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "672f70d470cdbab07d3bdb8f", "name": "URLHaus Recent URLs", "description": "", "modified": "2025-05-15T13:30:30.738000", "created": "2024-11-09T14:25:24.551000", "tags": [], "references": [ "https://urlhaus.abuse.ch/downloads/csv_recent/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ameermane", "id": "77501", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 313720 }, "indicator_count": 313720, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "381 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6735410ffd6c6525ea56643e", "name": "URLHaus data - 13-11-2024", "description": "", "modified": "2024-12-14T00:00:34.965000", "created": "2024-11-14T00:15:11.173000", "tags": [ "32-bit", "elf", "mips", "Mozi", "botnetdomain", "mirai", "opendir", "hajime", "ua-wget", "sh", "arm", "64-bit", "x86-64", "BR", "trojan", "LummaStealer", "gafgyt", "ISIS", "SocGholish", "hta", "rat", "RemcosRAT", "AgentTesla", "vbs", "doc", "VIPKeylogger", "exe", "MassLogger", "Formbook", "encrypted", "GuLoader", "remcos", "Stealc", "4114", "AsyncRAT", "pw-4114" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 62, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1000, "hostname": 3, "domain": 3 }, "indicator_count": 1006, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "534 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "670ffa1c505fcc114556837f", "name": "RansomHub", "description": "RansomHub is a ransomware-as-a-service group focusing on financial gain through cyber extortion. It targets various sectors, including healthcare, government, and critical infrastructure, while explicitly avoiding attacks on certain countries like Cuba, North Korea, and China. Their methods include double extortion, where they encrypt victims' data and exfiltrate it for ransom, often demanding payment via a unique .onion URL. Victims receive a ransom note with a client ID and a deadline for payment before their data is leaked.", "modified": "2024-11-15T16:02:54.587000", "created": "2024-10-16T17:38:36.929000", "tags": [ "ransomhub", "cisa", "mimikatz", "powershell", "cobalt strike", "malware", "phishing", "psexec", "anydesk", "metasploit", "ransomware", "local", "cyclops", "lockbit", "winscp", "bits", "webdav", "qakbot", "knight", "persistence", "cirtix", "netscaler", "CVE-2023-3519", "CVE-2023-27997", "CVE-2023-46604", "CVE-2023-22515", "CVE-2023-46747", "CVE-2023-48788", "CVE-2017-0144", "CVE-2020-1472", "CVE-2020-0787", "nmap", "angryipscanner", "netlogon", "smbv1", "sql injection", "FortiClientEMS", "BIG-IP", "Confluence", "RCE", "Java OpenWire", "Apache ActiveMQ", "apache", "java", "FortiOS", "password spraying", "tor", "windows", "macOS", "Linux", "VMWare", "ESXi", "double extortion", "EDRKillShifter", "RaaS", "0day", "atera", "splashtop", "AWS", "S3", "PuTTY", "Rclone", "Curve 25519", "AA24-242A", "BITSAdmin", "PSExec", "Sliver", "SMBExec", "CrackMapExec", "Kerberoast", "kerberoasting", "RDP", "Connectwise", "N-Able", "C2", "SQL injection", "buffer overflow", "NSPPE", "Citrix ADC", "SSL-VPN", "VPN", "FortiProxy", "Fortinet", "Zerologon", "lotl", "Go", "C++", "Golang", "TDSSKiller", "LaZagne" ], "references": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a", "https://www.cve.org/CVERecord?id=CVE-2023-3519", "https://www.cve.org/CVERecord?id=CVE-2023-27997", "https://www.cve.org/CVERecord?id=CVE-2023-46604", "https://www.cve.org/CVERecord?id=CVE-2023-22515", "https://www.cve.org/CVERecord?id=CVE-2023-46747", "https://www.cve.org/CVERecord?id=CVE-2023-48788", "https://www.cve.org/CVERecord?id=CVE-2017-0144", "https://www.cve.org/CVERecord?id=CVE-2020-1472", "https://www.cve.org/CVERecord?id=CVE-2020-0787", "https://intel471.com/blog/hunting-for-ransomhub-and-antivirus-killers", "https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/", "https://www.recordedfuture.com/research/ransomhub-draws-in-affiliates-with-multi-os-capability-and-high-commission-rates", "https://socradar.io/dark-web-profile-ransomhub/", "https://www.trendmicro.com/en_us/research/24/i/how-ransomhub-ransomware-uses-edrkillshifter-to-disable-edr-and-.html", "https://www.threatdown.com/blog/new-ransomhub-attack-uses-tdskiller-and-lazagne-disables-edr/" ], "public": 1, "adversary": "RansomHub", "targeted_countries": [ "United States of America", "Brazil", "Indonesia", "Viet Nam" ], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "RansomHub", "display_name": "RansomHub", "target": null }, { "id": "MimiKatz", "display_name": "MimiKatz", "target": null }, { "id": "metasploit", "display_name": "metasploit", "target": null }, { "id": "QakBot", "display_name": "QakBot", "target": null }, { "id": "EDRKillShifter", "display_name": "EDRKillShifter", "target": null }, { "id": "Troj/KillAV-KG", "display_name": "Troj/KillAV-KG", "target": null }, { "id": "CrackMapExec", "display_name": "CrackMapExec", "target": null }, { "id": "Kerberoast", "display_name": "Kerberoast", "target": null }, { "id": "Sliver", "display_name": "Sliver", "target": null }, { "id": "TDSSKiller", "display_name": "TDSSKiller", "target": null }, { "id": "LaZagne", "display_name": "LaZagne", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1098", "name": "Account Manipulation", "display_name": "T1098 - Account Manipulation" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1537", "name": "Transfer Data to Cloud Account", "display_name": "T1537 - Transfer Data to Cloud Account" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" }, { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Critical Infrastructure", "Healthcare", "Government", "Transportation", "Finance", "Technology", "Emergency Services", "Water", "Agriculture", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 50, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "v0od0o.exe", "id": "273579", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 9, "domain": 19, "email": 2, "hostname": 20, "FileHash-SHA256": 24, "URL": 103 }, "indicator_count": 177, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "562 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://188.34.188.7/555/NEWOFFICIALPROGRAMCAUSEOFNEWUPDATE.exe", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://188.34.188.7/555/NEWOFFICIALPROGRAMCAUSEOFNEWUPDATE.exe", "type": "URL", "found": true, "verdict": "malicious", "url_status": "offline", "threat": "malware_download", "tags": [ "remcos" ], "date_added": "2024-11-13", "last_online": "", "reporter": "lontze7", "host": "188.34.188.7", "payloads": [], "error": null }, "from_cache": true, "_cached_at": 1780280817.089283 }