{ "type": "URL", "indicator": "https://experiment.pw/setup294.exe", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://experiment.pw/setup294.exe", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3780837166, "indicator": "https://experiment.pw/setup294.exe", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "654e1a1b476d402970daeb88", "name": "PDF Files Weaponized to Deliver Multiple Ransomware Variants", "description": "Hackers are using PDF files to deliver ransomware variants, according to AhnLab Security Emergency Response Center (ASEC) in South Korea, which has warned that they are a prime target for malware delivery.", "modified": "2023-12-10T11:01:15.222000", "created": "2023-11-10T11:55:07.061000", "tags": [ "asec", "source", "pdfs", "watch", "storageguard", "username", "sfx file", "ahnlab security", "center", "urls", "protect", "tour", "redline" ], "references": [ "https://cybersecuritynews.com/hackers-weaponize-pdf-files/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "URL": 6, "domain": 4 }, "indicator_count": 20, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654b47b30264429d0d9efe2e", "name": "Phishing PDF Files Downloading Malicious Packages - ASEC BLOG", "description": "A study carried out by AhnLab Security Emergency Response Center (ASEC) suggests that Phishing PDF files that contain malicious URLs are being distributed under the guise of downloading certain programs or programs.", "modified": "2023-12-08T08:02:48.494000", "created": "2023-11-08T08:32:51.354000", "tags": [ "sfx file", "ahnlab", "pdf file", "username", "infostealers", "temp", "asec blog", "ahnlab security", "center", "asec", "defender", "form", "redline" ], "references": [ "https://asec.ahnlab.com/en/58660/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 8, "domain": 4, "hostname": 1 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "907 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://cybersecuritynews.com/hackers-weaponize-pdf-files/", "https://asec.ahnlab.com/en/58660/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 25 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/experiment.pw", "whois": "http://whois.domaintools.com/experiment.pw", "domain": "experiment.pw", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "654e1a1b476d402970daeb88", "name": "PDF Files Weaponized to Deliver Multiple Ransomware Variants", "description": "Hackers are using PDF files to deliver ransomware variants, according to AhnLab Security Emergency Response Center (ASEC) in South Korea, which has warned that they are a prime target for malware delivery.", "modified": "2023-12-10T11:01:15.222000", "created": "2023-11-10T11:55:07.061000", "tags": [ "asec", "source", "pdfs", "watch", "storageguard", "username", "sfx file", "ahnlab security", "center", "urls", "protect", "tour", "redline" ], "references": [ "https://cybersecuritynews.com/hackers-weaponize-pdf-files/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "URL": 6, "domain": 4 }, "indicator_count": 20, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "905 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654b47b30264429d0d9efe2e", "name": "Phishing PDF Files Downloading Malicious Packages - ASEC BLOG", "description": "A study carried out by AhnLab Security Emergency Response Center (ASEC) suggests that Phishing PDF files that contain malicious URLs are being distributed under the guise of downloading certain programs or programs.", "modified": "2023-12-08T08:02:48.494000", "created": "2023-11-08T08:32:51.354000", "tags": [ "sfx file", "ahnlab", "pdf file", "username", "infostealers", "temp", "asec blog", "ahnlab security", "center", "asec", "defender", "form", "redline" ], "references": [ "https://asec.ahnlab.com/en/58660/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 8, "domain": 4, "hostname": 1 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "907 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://experiment.pw/setup294.exe", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://experiment.pw/setup294.exe", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780471740.600153 }