{ "type": "URL", "indicator": "https://bleu.rfc.zitoprohealth.com/editContent", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://bleu.rfc.zitoprohealth.com/editContent", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3711776927, "indicator": "https://bleu.rfc.zitoprohealth.com/editContent", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "64abc28989225e6ac40e536c", "name": "TechM-Threat Intel Report - W28-2023", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-08-09T08:02:06.570000", "created": "2023-07-10T08:34:17.345000", "tags": [ "sha1 file", "name submit", "date", "malware url", "ip address", "blacklist host", "hashes url", "cvss", "cvss base", "moveit transfer", "windows", "linux kernel", "mastodon social", "network patches", "critical flaws", "allowing server", "google releases", "june", "energy", "beware", "plugx", "winscp", "ransomware", "redenergy", "blackcat", "truebot" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Brazil", "Philippines" ], "malware_families": [ { "id": "RedEnergy", "display_name": "RedEnergy", "target": null }, { "id": "BlackCat", "display_name": "BlackCat", "target": null }, { "id": "TrueBot", "display_name": "TrueBot", "target": null } ], "attack_ids": [ { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [ "Energy", "Telecom", "Oil", "Gas", "Foreign Affairs" ], "TLP": "white", "cloned_from": null, "export_count": 40, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 42, "FileHash-SHA1": 40, "FileHash-SHA256": 122, "URL": 76, "domain": 31, "hostname": 85, "CVE": 2 }, "indicator_count": 398, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1027 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64a8a1292b3826553cf94e95", "name": "URLHaus data - 07-07-2023", "description": "", "modified": "2023-08-06T23:03:09.840000", "created": "2023-07-07T23:35:05.316000", "tags": [ "32-bit", "elf", "mips", "Mozi", "hajime", "arm", "mirai", "32", "exe", "RedLineStealer", "SocGholish", "123", "Password-protected", "rar", "1231", "bashlite", "gafgyt", "PowerPC", "intel", "shellscript", "renesas", "sparc", "64", "motorola", "1234", "zip", "dropped-by-SmokeLoader", "dropped-by-amadey", "SystemBC", "AgentTesla", "RTF", "2023", "QuasarRAT", "dll", "Stealc", "Rhadamanthys", "opendir", "CoinMiner", "Amadey", "macOS", "RealstStealer", "4747", "discord", "infostealer", "dropped-by-PrivateLoader", "encrypted", "Lumma", "LummaStealer", "Loki", "RaccoonStealer", "Formbook", "remcos" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 573, "hostname": 9, "domain": 13 }, "indicator_count": 595, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "1029 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://urlhaus.abuse.ch/browse/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.spamhaus.org/xbl/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Redenergy", "Truebot", "Blackcat" ], "industries": [ "Oil", "Telecom", "Gas", "Foreign affairs", "Energy" ], "unique_indicators": 1340 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/zitoprohealth.com", "whois": "http://whois.domaintools.com/zitoprohealth.com", "domain": "zitoprohealth.com", "hostname": "bleu.rfc.zitoprohealth.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "64abc28989225e6ac40e536c", "name": "TechM-Threat Intel Report - W28-2023", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-08-09T08:02:06.570000", "created": "2023-07-10T08:34:17.345000", "tags": [ "sha1 file", "name submit", "date", "malware url", "ip address", "blacklist host", "hashes url", "cvss", "cvss base", "moveit transfer", "windows", "linux kernel", "mastodon social", "network patches", "critical flaws", "allowing server", "google releases", "june", "energy", "beware", "plugx", "winscp", "ransomware", "redenergy", "blackcat", "truebot" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Brazil", "Philippines" ], "malware_families": [ { "id": "RedEnergy", "display_name": "RedEnergy", "target": null }, { "id": "BlackCat", "display_name": "BlackCat", "target": null }, { "id": "TrueBot", "display_name": "TrueBot", "target": null } ], "attack_ids": [ { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [ "Energy", "Telecom", "Oil", "Gas", "Foreign Affairs" ], "TLP": "white", "cloned_from": null, "export_count": 40, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 42, "FileHash-SHA1": 40, "FileHash-SHA256": 122, "URL": 76, "domain": 31, "hostname": 85, "CVE": 2 }, "indicator_count": 398, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1027 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64a8a1292b3826553cf94e95", "name": "URLHaus data - 07-07-2023", "description": "", "modified": "2023-08-06T23:03:09.840000", "created": "2023-07-07T23:35:05.316000", "tags": [ "32-bit", "elf", "mips", "Mozi", "hajime", "arm", "mirai", "32", "exe", "RedLineStealer", "SocGholish", "123", "Password-protected", "rar", "1231", "bashlite", "gafgyt", "PowerPC", "intel", "shellscript", "renesas", "sparc", "64", "motorola", "1234", "zip", "dropped-by-SmokeLoader", "dropped-by-amadey", "SystemBC", "AgentTesla", "RTF", "2023", "QuasarRAT", "dll", "Stealc", "Rhadamanthys", "opendir", "CoinMiner", "Amadey", "macOS", "RealstStealer", "4747", "discord", "infostealer", "dropped-by-PrivateLoader", "encrypted", "Lumma", "LummaStealer", "Loki", "RaccoonStealer", "Formbook", "remcos" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 573, "hostname": 9, "domain": 13 }, "indicator_count": 595, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "1029 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://bleu.rfc.zitoprohealth.com/editContent", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://bleu.rfc.zitoprohealth.com/editContent", "type": "URL", "found": true, "verdict": "malicious", "url_status": "offline", "threat": "malware_download", "tags": [ "SocGholish" ], "date_added": "2023-07-07", "last_online": "", "reporter": "Cryptolaemus1", "host": "bleu.rfc.zitoprohealth.com", "payloads": [], "error": null }, "from_cache": true, "_cached_at": 1780322913.9812458 }