{ "type": "URL", "indicator": "https://funcaptcha.ru/atomic/app.asar", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://funcaptcha.ru/atomic/app.asar", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3864361486, "indicator": "https://funcaptcha.ru/atomic/app.asar", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6606aa5dbfee4c789a593b5a", "name": "PyPI Inundated by Malicious Typosquatting Campaign", "description": "Check Point CloudGuard identified a typosquatting campaign on PyPI, comprising over 500 malicious packages.\nInstallation of these packages exposed users to potential theft of their personally identifiable information (PII) and the installation of malware on their systems. Upon detection, we promptly notified PyPI about these packages, leading to their swift removal by the PyPI administrative team.", "modified": "2024-03-29T11:49:50.349000", "created": "2024-03-29T11:47:41.402000", "tags": [ "pypi", "gdpr cookie", "appsec", "python" ], "references": [ "https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "white", "cloned_from": "660681f6e8b1cf8843a63866", "export_count": 318, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 2, "domain": 1 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 386959, "modified_text": "795 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "660bfb75e35090db1bd21e07", "name": "Typosquatting Campaign Targets Python Developers", "description": "As part of Phylum\u2019s annual security review, we take a look at the latest typosquat attacks targeting Python developers and how they might be used to target their own code.", "modified": "2024-04-02T12:35:01.061000", "created": "2024-04-02T12:35:01.061000", "tags": [ "research", "pypi", "march", "python", "phylum", "pytorch", "backgroundfirst", "insanepackage", "insane", "publication", "beautifulsoup26", "virustotal", "typosquatting", "zgrat" ], "references": [ "https://blog.phylum.io/typosquatting-campaign-targets-python-developers/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Typosquatting", "display_name": "Typosquatting", "target": null }, { "id": "zgRAT", "display_name": "zgRAT", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 4, "email": 1 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "791 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "660681f6e8b1cf8843a63866", "name": "PyPi Is Under Attack: Project Creation and User Registration Suspended", "description": "Checkmarx is a leading developer and developer in the application security market, with a global presence of more than 1.5 million developers working on its platform and a worldwide network of secure networks.", "modified": "2024-03-29T08:55:18.200000", "created": "2024-03-29T08:55:18.200000", "tags": [ "checkmarx", "infrastructure", "pypi", "march", "strong", "gdpr cookie", "research team", "consent plugin", "appsec", "experience", "find", "attack", "python", "code", "already", "chat", "never", "contact", "facebook" ], "references": [ "https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "URL": 2, "domain": 1 }, "indicator_count": 5, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "795 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/", "https://blog.phylum.io/typosquatting-campaign-targets-python-developers/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 3 }, "other": { "adversary": [], "malware_families": [ "Zgrat", "Typosquatting" ], "industries": [], "unique_indicators": 13 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/funcaptcha.ru", "whois": "http://whois.domaintools.com/funcaptcha.ru", "domain": "funcaptcha.ru", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6606aa5dbfee4c789a593b5a", "name": "PyPI Inundated by Malicious Typosquatting Campaign", "description": "Check Point CloudGuard identified a typosquatting campaign on PyPI, comprising over 500 malicious packages.\nInstallation of these packages exposed users to potential theft of their personally identifiable information (PII) and the installation of malware on their systems. Upon detection, we promptly notified PyPI about these packages, leading to their swift removal by the PyPI administrative team.", "modified": "2024-03-29T11:49:50.349000", "created": "2024-03-29T11:47:41.402000", "tags": [ "pypi", "gdpr cookie", "appsec", "python" ], "references": [ "https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "white", "cloned_from": "660681f6e8b1cf8843a63866", "export_count": 318, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 2, "domain": 1 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 386959, "modified_text": "795 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "660bfb75e35090db1bd21e07", "name": "Typosquatting Campaign Targets Python Developers", "description": "As part of Phylum\u2019s annual security review, we take a look at the latest typosquat attacks targeting Python developers and how they might be used to target their own code.", "modified": "2024-04-02T12:35:01.061000", "created": "2024-04-02T12:35:01.061000", "tags": [ "research", "pypi", "march", "python", "phylum", "pytorch", "backgroundfirst", "insanepackage", "insane", "publication", "beautifulsoup26", "virustotal", "typosquatting", "zgrat" ], "references": [ "https://blog.phylum.io/typosquatting-campaign-targets-python-developers/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Typosquatting", "display_name": "Typosquatting", "target": null }, { "id": "zgRAT", "display_name": "zgRAT", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 4, "email": 1 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "791 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "660681f6e8b1cf8843a63866", "name": "PyPi Is Under Attack: Project Creation and User Registration Suspended", "description": "Checkmarx is a leading developer and developer in the application security market, with a global presence of more than 1.5 million developers working on its platform and a worldwide network of secure networks.", "modified": "2024-03-29T08:55:18.200000", "created": "2024-03-29T08:55:18.200000", "tags": [ "checkmarx", "infrastructure", "pypi", "march", "strong", "gdpr cookie", "research team", "consent plugin", "appsec", "experience", "find", "attack", "python", "code", "already", "chat", "never", "contact", "facebook" ], "references": [ "https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "URL": 2, "domain": 1 }, "indicator_count": 5, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "795 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://funcaptcha.ru/atomic/app.asar", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://funcaptcha.ru/atomic/app.asar", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780434214.485177 }